PRIVACY POLICY

Privacy Policy

Effective Date: August 14, 2025 · Last Updated: September 10, 2025

This Privacy Policy (“Policy”) describes how Pocket AI, Inc. (“Pocket AI,” “we,” “us,” or “our”) collects, uses, processes, stores, and discloses information, including personal information, in connection with the Lumtric AI agent platform (“Lumtric” or the “Service”).

This Policy is intended to comply with applicable data protection laws and industry standards, including, where applicable, the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the California Consumer Privacy Act of 2018 (“CCPA”), the California Privacy Rights Act (“CPRA”), and similar global privacy frameworks.

By accessing or using Lumtric, you acknowledge and agree that you have read, understood, and consent to the terms of this Policy.

1. Scope of Application

This Policy applies to all users of Lumtric, including visitors to our website, registered account holders, and recipients of communications transmitted via our platform. It governs all data collected by us, whether directly from you, automatically through the Service, or from third-party sources lawfully providing such data.

2. Categories of Information Collected

We may collect and process the following categories of information:

Account Information – Name, email address, phone number, business name, billing address, authentication credentials, and any other identifiers you provide upon registration or profile updates.

Service Interaction Data – Text, audio, voice recordings, transcripts, prompts, outputs generated by AI systems, and associated logs (collectively “AI Logs”).

Technical and Usage Data – Device identifiers, IP address, browser type, operating system, time zone settings, pages visited, features used, session duration, and diagnostic data.

Financial Information – Payment method details, transaction history, and tax-related information where applicable.

Third-Party Integration Data – Information obtained from connected third-party services (e.g., communications platforms, CRMs, cloud providers) in accordance with their respective privacy policies.

We may combine information collected from multiple sources to enhance the Service.

3. Lawful Bases for Processing

Where GDPR or similar frameworks apply, our processing is based on:

  • Contractual Necessity – To perform the Service under our Terms of Service.
  • Legitimate Interests – To operate, maintain, improve, and secure Lumtric, provided such interests are not overridden by your rights.
  • Consent – For certain processing activities, including AI training, marketing communications, and sensitive data processing, where required.
  • Legal Obligation – To comply with applicable law, regulatory requests, or enforceable governmental orders.

4. Purpose of Collection and Use

We use collected information to:

  • Deliver, operate, and maintain the Lumtric platform.
  • Authenticate users and authorize access to the Service.
  • Process transactions, issue invoices, and manage subscriptions.
  • Provide technical and customer support.
  • Improve the Lumtric platform and services.
  • Monitor for abuse, fraud, or security incidents, including detection and prevention of malicious activity.
  • Comply with applicable laws, regulations, and contractual obligations.
  • Enforce our Terms of Service and other agreements.
  • User data collection for 3rd party integrations (e.g. Google Calendar, Google Tasks, Google Docs, etc.) is never collected or used for any other purpose than to provide the Service you request. This data will never be sold, used for marketing, used to target ads, or any other act prohibited by their respective privacy policies.

We expressly reserve the right to retain, store, and process anonymized and aggregated data indefinitely for the purposes of improving the Lumtric platform and services.

5. Data Ownership and Rights

User Inputs & Outputs – You retain ownership of your inputs and AI-generated outputs. By submitting content to Lumtric, you grant Pocket AI a worldwide, royalty-free, irrevocable, sublicensable license to store, process, transmit, and otherwise use such content for the purposes set forth in this Policy.

Anonymized Data – We exclusively own all rights to anonymized, aggregated, or de-identified data 1st party data, which may be used for any lawful business purpose without further notice or consent, unless this is prohibited by law. 3rd party data (e.g. Google Calendar, Google Tasks, Google Docs, etc.) is never used or collected except for the express purpose of providing the Service you requested.

6. Data Retention

We retain personal information only as long as necessary for:

  • Providing the Service.
  • Complying with legal, tax, and accounting obligations.
  • Enforcing our agreements and resolving disputes.

Retention periods may extend beyond account termination where legally required or where necessary for legitimate business interests, including fraud prevention and abuse detection.

7. Data Security

We maintain commercially reasonable administrative, technical, and physical safeguards to protect information from unauthorized access, alteration, disclosure, or destruction. Measures include, but are not limited to:

  • Encryption in transit and at rest.
  • Access controls with least privilege principles.
  • Network segmentation and intrusion detection.
  • Regular security assessments and audits.

No method of transmission or storage is 100% secure, and we disclaim all liability for unauthorized access outside our reasonable control.

8. International Data Transfers

Where data is transferred outside your country of residence:

  • You consent to the transfer, storage, and processing of your information in jurisdictions that may have different privacy protections than your home country.

9. Disclosure to Third Parties

We may disclose your aggregated and anonymized 1st party information to:

  • Vendors and Service Providers – To provide the Service you request (e.g., hosting, analytics, payment processing, communications platforms).
  • Affiliates and Corporate Transactions – In connection with mergers, acquisitions, reorganizations, or sales of assets.
  • Legal and Regulatory Authorities – As required by law, court order, or lawful governmental request.
  • Third Parties with Consent – Where you authorize disclosure (e.g., integrations) unless prohibited by law or the policies of any given 3rd party.
  • 3rd party data (e.g. Google Calendar, Google Tasks, Google Docs, etc.) will never be used to target ads, used for marketing, sold, trained on, or any other act prohibited by their respective privacy policies.

We do not sell personal information in the meaning of “sale” under the CCPA.

10. Your Rights

You may have the right to:

  • Access, correct, or delete your personal information.
  • Restrict or object to processing.
  • Receive a portable copy of your data.
  • Withdraw consent at any time (withdrawal will not affect prior lawful processing).

Requests must be submitted in writing to founders@lumetric.ai and may require verification of identity.

11. Limitation of Liability

To the fullest extent permitted by law, Pocket AI, Inc. shall not be liable for any indirect, incidental, consequential, punitive, or special damages, whether arising in contract, tort, or otherwise, related to unauthorized access, data loss, or breach, except where such exclusion is prohibited by law.

12. Changes to This Policy

We reserve the right to amend this Policy at any time. Updates will be posted with a revised “Last Updated” date. Material changes will be communicated via the Service or email before they take effect.

13. Contact Information

Pocket AI, Inc.
Attn: Privacy Officer
505 N Angier unit 326 · Atlanta, GA 30308
Email: founders@lumetric.ai

14. Messaging & Communications (SMS/Text and Email)

As part of the Service, we may send you communications via email or SMS/text messages. Messaging may include account notices, security alerts, and communication with your AI agents. By providing your email address or mobile phone number, you consent to receive such communications as described below, subject to your rights to opt out.

  • Transactional vs. Marketing – As part of the Service, we may send you communications via email or SMS/text messages. Most messages will be related to communication with your AI agents. These are fully opt-in and opt-out. Before you can give your agent an phone number, you must opt-in to receive messages from us. This can be revoked at any time.
  • Messaging Frequency – Message frequency varies. Message and data rates may apply based on your carrier plan. Carriers are not liable for delayed or undelivered messages.
  • Service Providers – We may use third-party email and SMS providers to deliver messages on our behalf. These providers process limited personal data to facilitate delivery and maintain logs in accordance with this Policy.
  • Compliance – We endeavor to comply with applicable communications laws and industry guidelines, including the Telephone Consumer Protection Act (TCPA), CAN-SPAM, and CTIA best practices, as applicable.

Opt-Out Instructions

  • SMS/Text – You can opt out of marketing texts at any time by replying STOP to any message. For assistance, reply HELP or contact us at founders@lumetric.ai.
  • Email – Use the “Unsubscribe” link included in our marketing emails or contact us at founders@lumetric.ai.

15. Google User Data

In addition, this Policy comprehensively discloses how our app accesses, uses, stores, and shares Google user data. If you authorize a connection to your Google account, we will access Google user data solely as permitted by you and only to provide the Service you request.

  • Access – We use Google OAuth to request your explicit consent before accessing Google user data. With your permission, Lumtric may read your Google Calendar events, Google Tasks data (including task lists), and Google Drive files such as Google Docs, Google Sheets, and Google Slides (including related metadata like titles, descriptions) and manage them on your behalf where you direct (create, update). We request the minimum scopes necessary to perform these functions.
  • Use – Google data (e.g. Google Calendar, Google Tasks, Google Docs, Google Sheets, Google Slides) is only ever used at the express request of the user and only in order to provide user facing features of the Service. (e.g. keeping you up to date on your day, adding or editing calendar events and tasks at your direction, sending or scheduling reminders you request, managing task lists and to‑dos, creating, editing, and summarizing content in your Google Docs, Sheets, and Slides when requested)
  • Storage – By default, we do not store the full contents of your Google Calendar events, Google Tasks, or the contents of Google Docs/Sheets/Slides. We may breifly store minimal metadata (for example, IDs, timestamps, etc.) strictly as needed to deliver user facing features of the Service. Where necessary to provide the Service, OAuth access and refresh tokens are stored encrypted at rest, access‑restricted to least‑privileged systems and personnel, and used only to fulfill your requests. Tokens are revoked upon disconnection and may be rotated periodically for security.
  • Sharing – We do not sell Google user data, use it for marketing, advertise with it, use it to target ads, or share it with third parties. It will never be used to create training data, train on, or any other act prohibited by their respective privacy policies. Google API Services User Data Policy.
  • Retention and Deletion – We will retain Google user data only as long as necessary to provide the user facing features of the Service to the user. You may revoke our access at any time from your Google Account settings (Google Account → Security → Third‑party access). You may also request deletion as described in Section 10 (Your Rights).
  • User Control – You can disconnect Google Calendar, Google Tasks, and Google Drive (including Docs/Sheets/Slides) from your account settings within the Service (where available) and from your Google Account. Disconnecting will stop further data access; previously stored data will be handled per this Policy.
  • Policy Commitments – Our access to and use of Google user data is limited to providing or improving user‑facing features of Lumtric and complies with the Google API Services User Data Policy (including the Limited Use requirements). For details, see Google API Services User Data Policy.

Notice of Changes – If we materially change how we access, use, store, or share Google user data, we will update this Policy and provide notice via in‑product communication or email prior to the change where required.