Lumenbase is a new CRM for the AI age that helps you prioritize your day and engage with the right people in your network.
Full-funnel CRM with lists, leads, deals, and accounts; Lumo AI for daily priorities and outreach; automations, lead scoring, forecasting, and integrations with Gmail, Outlook, Slack, LinkedIn, and more.
Last updated: June 2026
Lumenbase ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our customer relationship management (CRM) platform and related services.
We act in two distinct capacities:
Where we act as processor, we do not use your CRM data for our own purposes except as necessary to provide, secure, and improve the service.
You are responsible for ensuring that you have a lawful basis to collect and process any personal data you upload or sync into the platform (including contact and company data). You must comply with applicable data protection and privacy laws (e.g. GDPR, CCPA) when collecting and using such data. We process CRM data on your behalf as your processor and in accordance with our Data Processing Agreement (DPA) where applicable.
Our Data Processing Agreement (DPA) is available to customers upon request and sets out the terms under which we process personal data on your behalf. You may request a copy at privacy@lumenbase.io.
We will notify you without undue delay if we become aware of a personal data breach affecting your data, in line with our processor obligations and the DPA.
We collect information you provide directly (e.g. account, profile, payment, and CRM data) and information we obtain automatically (e.g. logs, device and usage data). The table below summarizes, for transparency and GDPR purposes, the main categories of personal data we process as controller, the purposes, and the legal bases we rely on (where the GDPR applies).
| Data category | Purpose | Legal basis (GDPR) |
|---|---|---|
| Account data (name, email, password) | Account creation, authentication, account management | Contract performance |
| Profile / workspace data (company name, job title) | Providing the service, support, billing | Contract performance |
| Payment / billing data | Processing payments, invoicing, fraud prevention | Contract performance; legal obligation |
| Marketing preferences and communications | Newsletters, product updates, marketing (where consented) | Consent; legitimate interest (where applicable) |
| Logs, device and usage data | Security, availability, analytics, product improvement | Legitimate interest |
| Marketing site visitor data (anonymous ID, pages visited, links clicked, approximate location from IP, device/OS/browser/language) | Understanding use of our marketing site, product improvement; if you create an account, we may link this history to your account for support and analytics | Legitimate interest; consent where required by law (e.g. EU/EEA) via cookie consent |
| CRM data (contacts, companies, etc.) | Processed on your behalf as processor; we do not use for our own purposes | N/A (you determine legal basis as controller) |
Providing data and consequences of refusal. Where processing is necessary for the performance of our contract with you (e.g. account and billing data), provision of that data is a contractual requirement. If you do not provide it, we may not be able to create or maintain your account or provide the service. For optional data (e.g. marketing preferences), you may refuse or withdraw consent without affecting the core service.
Automated decision-making. We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significantly affects you.
The Lumenbase Capture Chrome extension connects LinkedIn pages you visit to your Lumenbase workspace when you choose to link your account. This section describes how the extension handles data in addition to the CRM platform practices above.
Extension data is used only to display CRM status on LinkedIn, sync contacts and conversations to your Lumenbase workspace at your direction, and operate the integration you enabled. We do not sell extension or LinkedIn-derived data, and we do not use it for advertising. LinkedIn contact data synced into your workspace is processed as CRM data on your behalf (see Section 1.1).
You can disconnect the extension at any time from Lumenbase Integrations or by uninstalling the extension from your browser. Uninstalling removes locally stored extension data from your device. Data already synced to your workspace remains subject to your account retention settings and our CRM data policies; you may request deletion via privacy requests or privacy@lumenbase.io.
We use the information we collect to provide, maintain, and improve the service; process transactions; send technical and support messages; respond to requests; and ensure security. We do not sell your personal data. We may share data with service providers (subprocessors) who assist in operating our platform, subject to appropriate contracts. We may also disclose data where required by law or to protect our rights and safety. See Section 10 for subprocessor information.
We retain personal data only as long as necessary for the purposes set out in this policy or as required by law.
You may request deletion of your account and associated personal data (subject to legal retention obligations). For CRM data, deletion is handled in accordance with your instructions and our DPA.
Depending on your location, you may have rights regarding your personal data, including: access; rectification (correction); erasure ("right to be forgotten"); restriction of processing; data portability; objection to processing; and, where processing is based on consent, the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
To exercise these rights, contact us at privacy@lumenbase.io. You also have the right to lodge a complaint with a supervisory authority in your country.
If we have designated an EEA representative under Article 27 GDPR, their contact details are available on request at privacy@lumenbase.io. For any GDPR-related requests you may contact us at that address.
Your data may be processed in countries outside your country of residence, including the United States and the region where our main hosting and subprocessors are located. We ensure appropriate safeguards are in place where required by law, such as Standard Contractual Clauses (SCCs) approved by the European Commission (and, where relevant, UK international data transfer agreements or the UK IDTA). Transfer Impact Assessments are performed where required. Copies of relevant safeguards (e.g. SCCs) are available upon request at privacy@lumenbase.io.
If you are a California resident, the following applies in addition to the rest of this policy.
Categories of personal information we collect (in the preceding 12 months): Identifiers (e.g. name, email, IP address, anonymous visitor ID); account and profile information; commercial information (e.g. subscription, usage); internet or network activity (e.g. pages visited, links clicked on our marketing site); approximate geolocation derived from IP; and, where relevant, payment and billing information.
Sources: Directly from you; automatically from your use of the service; and from third parties (e.g. payment processors) where relevant.
Categories of third parties we disclose to: Service providers (hosting, analytics, payment, support); and, where required, legal or regulatory authorities.
We do not sell personal information as defined under the CCPA. We do not share personal information for cross-context behavioral advertising in a way that qualifies as a "sale" or "share" under the CCPA.
If we process sensitive personal information (as defined under the CPRA), we use it only for purposes permitted under the CPRA and do not use or disclose it for purposes that would require a right to limit under the CPRA.
You may submit requests to know, correct, or delete your personal information, or to exercise other CCPA/CPRA rights, by contacting us at privacy@lumenbase.io. We will verify your identity and respond within the timeframes required by law. You may also have the right to opt out of the sale or sharing of personal information; as stated above, we do not sell or share in that sense.
We use subprocessors (e.g. hosting, infrastructure, analytics, payment, and support providers) to provide the service. We maintain a list of subprocessors that process personal data on our behalf. The list is available upon request at privacy@lumenbase.io or via a link we publish in our service or documentation. We enter into appropriate contracts with subprocessors to ensure the protection of your data. We will notify you of any intended changes to our subprocessors (e.g. addition or replacement) in a reasonable manner, and you may object to such changes where your contract or the DPA provides for it.
We implement appropriate technical and organizational measures to protect your personal information, including encryption of data in transit and at rest where appropriate, access controls, and regular review of our security practices. Despite these measures, no method of transmission or storage is completely secure; we encourage you to use strong credentials and protect your account.
For questions about this Privacy Policy or our privacy practices, or to exercise your rights, contact us at privacy@lumenbase.io.
Request copies: Request our Data Processing Agreement (DPA) · Request our subprocessor list
We use cookies for essential operation and, with your consent, for analytics. Cookie Policy
