LumenAudit Pro
Start Free
Legal

Privacy Policy

Last updated: May 18, 2026

1. Information We Collect

We collect information you provide directly when using LumenAudit Pro:

  • Account Information: Name, email address, organization name, and role when you create an account.
  • Project Data: Lighting audit records, fixture details, photos, measurements, energy calculations, and retrofit proposals you create.
  • Client Information: Names, email addresses, and company details for clients you add to proposals and the client portal.
  • Payment Information: Billing details are processed and stored by Stripe; we never see or store full card numbers ourselves.
  • Usage Data: Log data including IP addresses, browser type, pages visited, and timestamps for security and service improvement.
  • Device Information: When using offline mode, we collect device identifiers to manage data synchronization.

2. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process and store your audit data and project records
  • Generate energy savings calculations and financial analyses
  • Enable client portal access for proposal review and approval
  • Synchronize offline data with our servers
  • Process subscription payments through Stripe
  • Send service-related communications (account verification, sync status, proposal notifications, billing receipts)
  • Detect and prevent security incidents and unauthorized access
  • Comply with legal obligations

3. Data Storage and Security

Your data is stored in PostgreSQL databases with tenant isolation enforced at the application layer (with database-level row-level security policies installed as defense in depth). All data in transit is encrypted using TLS. Authentication tokens are stored in httpOnly cookies with secure flags in production. Offline data stored on your device is encrypted at rest using AES-256-GCM. Uploaded photos and generated reports are stored in encrypted cloud object storage (Cloudflare R2).

We implement role-based access controls (RBAC) to ensure users can only access data appropriate to their role within their organization.

4. Multi-Tenant Data Isolation

LumenAudit Pro is a multi-tenant application. Your organization's data is logically isolated from other tenants. Each query is scoped to your tenant, and cross-tenant data access is prevented by application-level controls.

5. Data Sharing

We do not sell your data. We share your information only in these circumstances:

  • Client Portal: When you share proposals via the client portal, designated clients can view the shared project data.
  • Shared Reports: Reports you explicitly share via token-based links are accessible to anyone with the link.
  • Payment Processing: Subscription billing data is shared with Stripe to process payments.
  • Legal Requirements: When required by law, subpoena, or legal process.
  • Service Providers: With third-party service providers who assist in operating the Service (hosting, cloud storage, email delivery, error tracking), bound by confidentiality obligations.

6. Photos and Media

Photos captured during audits may contain GPS metadata and timestamps. This data is used for audit documentation purposes. Photos stored offline are kept in your device's local storage until synchronized. You are responsible for obtaining necessary permissions before photographing client facilities.

7. Data Retention

We retain your project data for as long as your account is active. Deleted projects are soft-deleted and retained for 90 days before permanent removal. Upon account termination, you may request a data export within 30 days. After the export window, data is permanently deleted within 60 days.

8. Your Rights

You have the right to:

  • Access your personal data and project records
  • Export your data in standard formats (CSV, Excel, PDF, JSON)
  • Correct inaccurate information
  • Request deletion of your account and data
  • Object to processing of your data for purposes beyond service delivery

9. Cookies and Local Storage

We use httpOnly cookies for authentication. The Service uses browser local storage and IndexedDB for offline functionality, caching, and user preferences. These are essential for the Service to function and cannot be disabled without losing offline capabilities.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.

11. Contact

For privacy-related questions or to exercise your data rights, email sales@lumenauditpro.com or contact your account administrator.

Read Terms of Service → Contact support