Privacy Policy

Last updated: April 24, 2026

This page explains what data flows through LumaBrowser and lumabyte.com, where it goes, and what you can do about it. Our Telemetry & Privacy page has the detailed, per-event view for the app itself; this page is the umbrella policy that covers the app, the website, billing, and licensing together.

1. Who we are

Lumabyte, LLC is the data controller for information processed in connection with LumaBrowser and lumabyte.com. We're a US limited liability company. When this policy says "we," "us," or "Lumabyte," it means Lumabyte, LLC.

You can reach us at the address in Section 12.

2. Summary at a glance

LumaBrowser runs on your machine. Your prompts, credentials, API keys, browsing data, webhook payloads, and LLM responses never leave your computer. We can't see them.

What does leave your machine is narrow and documented: product-usage events (PostHog), crash reports (Sentry), sanitized page-template data (Community tier only), billing email through Stripe, and license-key activation through Keygen.sh.

Paid tiers sever the template-telemetry channel and — with the NO_TELEMETRY entitlement — the PostHog usage channel too. Pro and Enterprise keep your templates strictly local; Enterprise deployments additionally skip PostHog entirely.

3. What we collect

We group the data we touch into buckets. The Telemetry & Privacy page has the granular event-by-event breakdown for the app; this is the full picture across both the app and the site.

Bucket	What it contains	Who sees it
Billing data	Your email address, subscription tier, billing cycle, and subscription status. Your card number and payment details are handled directly by Stripe — we never receive or store them.	Lumabyte, Stripe
License data (Pro and Enterprise)	Your license key, issuance and expiration timestamps, and an activated machine fingerprint. The fingerprint is the OS-level machine identifier (on Windows, the `MachineGuid` registry value under `HKLM\SOFTWARE\Microsoft\Cryptography`; on macOS, the `IOPlatformUUID` from IOKit; on Linux, the contents of `/var/lib/dbus/machine-id`). It is not a one-way hash and is stored against your Keygen.sh account record alongside your email, so it is identifiable data, not anonymous. The fingerprint is sent to Keygen so a license can be activated, validated, moved between devices, and revoked. No fingerprint is collected for Community users — they have no license to bind.	Lumabyte, Keygen.sh
App telemetry — product analytics (Community tier; Pro unless `NO_TELEMETRY` is set; disabled on Enterprise)	Sent to PostHog (US cloud). Fields: the `distinctId` is the raw OS machine identifier described above (same source as the license fingerprint — stable across installs on the same machine, not a hash); platform, architecture, app version, Electron version; the event `app_started` at launch; `ipc_action` events for a fixed allow-list of user actions (AI chat completions and streaming, template-builder preference saves, notification-interceptor webhook save / forward / test, network-watcher add/remove/update/toggle/test, timed-task create/update/delete/trigger, extension test-harness runs); `api_request` events for non-GET REST calls (method + path only, no bodies); `extension_toggled`, `setting_changed`, `setup_wizard_completed`, and `llm_provider_configured` events. Never: prompt bodies, LLM responses, URLs, page content, API keys, credentials, webhook payloads, or request/response bodies. PostHog is initialized with `person_profiles: 'identified_only'`.	Lumabyte (via PostHog)
App telemetry — crash reports (Community tier; Pro unless `NO_TELEMETRY` is set; disabled on Enterprise)	Sent to Sentry. Uncaught exceptions and native crashes with stack traces, error messages, Electron/Node versions, and platform metadata. No prompts, page content, credentials, or user-authored data.	Sentry
Template telemetry (Community tier only)	The target domain and URL path (no query strings, no fragments) paired with the extracted generalized CSS-selector template. See Section 4.	Lumabyte (public template repository)
Website analytics	Basic Go server logs (IP address, user agent, request path, timestamp) kept for operational and abuse-prevention purposes. Every page on `lumabyte.com` also loads PostHog (US cloud) for pageviews and interaction events (for example, a `hero_install_copy` event when you click to copy the install command, and `download_modal_npx_copy` when you copy the npx download command on the pricing page) and Sentry for JavaScript error reports. PostHog may record an IP address and user agent along with the event; configuration uses `person_profiles: 'identified_only'`. We do not run Google Analytics or advertising trackers, and we do not enable PostHog session replay.	Lumabyte (via PostHog), Sentry

If you join a waitlist (for example on /pricing or /telemetry), we also collect the email address and optional comments, name, company, and role you submit. That data is stored in our database for product-planning outreach only.

Turning app telemetry off

The Community tier currently does not expose a UI toggle to disable PostHog product analytics or Sentry crash reporting — they are on by default for Community users who run a packaged (non-development) build. Analytics and crash reporting are switched off automatically when:

A license is activated that carries the NO_TELEMETRY entitlement (standard on Pro and Enterprise policies).
You run LumaBrowser in development mode (unpackaged, or launched with --dev).
You block the outbound endpoints us.i.posthog.com and o4511128142675968.ingest.us.sentry.io at the network layer.

If a user-facing opt-out toggle matters to you, tell us — we're planning one, and the number of requests directly shapes the priority.

4. Template telemetry, in detail

This is the one genuinely novel privacy surface in LumaBrowser, so it deserves a full explanation.

What it is

When you use the Template Builder on Community tier, LumaBrowser extracts generalized CSS selectors from the page you're looking at (selectors that identify structural elements like "the primary navigation" or "the product price," not the actual text or values on the page). That selector template is sent to lumabyte.com and stored in a public, shared repository — the same repository that other Community users query when they land on the same kind of page.

Exactly what is transmitted

URL host — e.g. example.com
URL path — e.g. /products/item
The selector template — a JSON structure of CSS selectors

What is stripped before transmission

Query strings and URL fragments (so no ?token=, no #user-123)
Page content, form values, and any user-typed input
Cookies, local storage, session tokens
Your IP address and any personal identifiers

Why this matters and why we still do it

Domain + path is usually not sensitive for public web pages (e.g., amazon.com/gp/your-account). It can be sensitive for private or intranet URLs. If you work with URLs that reveal proprietary paths, internal tooling hostnames, or anything you wouldn't want in a public database, do not use Community tier for those sessions — use Pro or Enterprise, which keep all templates strictly on your machine.

We do it because crowdsourced templates are what make automation against the modern, randomized-CSS web tractable for everyone. The tradeoff is explicit and opt-out-able by upgrading.

How to see or remove your templates

Templates are keyed by domain + path, not by user. Because there's no user identifier attached, we can't locate "your" templates on request. You can, however, request that templates for a specific host + path combination be removed from the public repository — email us at the address in Section 12 with the exact URL pattern.

5. How we use your data

We use the data in Section 3 for a short and specific list of purposes:

Delivering the service — issuing license keys, processing subscription payments, serving installer downloads and updates, operating the template repository.
Keeping the software working — diagnosing crashes, understanding which features are used so we can prioritize bug fixes and improvements.
Billing and receipts — sending payment confirmations and renewal notices.
Abuse prevention and security — detecting attempts to overwhelm our infrastructure or misuse the template repository.
Product outreach — contacting waitlist signups when the tier they asked about becomes available (only if they opted in).
Legal compliance — responding to lawful requests and enforcing our Terms of Service.

We do not sell your personal data, and we do not share it with advertisers.

6. Third parties we rely on

A handful of service providers process data on our behalf. We pick them specifically because their privacy posture matches ours.

Provider	What they handle	Link
Stripe	Payment processing, subscription management, customer portal. Your card details go directly to Stripe; we never see or store them.	stripe.com/privacy
Keygen.sh	License-key issuance, activation, and revocation. Account slug `lumabyte-com`. Stores your email, license metadata, and the activated machine fingerprint (see Section 3). The fingerprint is linked to your account inside Keygen — it is not anonymous.	keygen.sh/legal/privacy
PostHog (US cloud)	Product analytics for both the LumaBrowser application and the `lumabyte.com` website. In-app events use the OS machine identifier as the PostHog `distinctId` (see Section 3) — stable across installs on the same machine. Website events use PostHog's default cookie-based distinct ID and may include the visitor's IP address and user agent as captured by the PostHog SDK. Configured with `person_profiles: 'identified_only'`; session replay is not enabled.	posthog.com/privacy
Sentry	Error and crash reporting for both the LumaBrowser application (via `@sentry/electron`) and the `lumabyte.com` website. Receives stack traces, error messages, release/version metadata, and — for browser errors — the page URL and user agent. No user-authored content, prompts, credentials, or intercepted traffic.	sentry.io/privacy

LLM providers you configure (Anthropic, OpenAI, local models, etc.) are not our processors — they are your processors. You bring your own API keys and your prompts go directly from your LumaBrowser instance to them. Their privacy terms govern that relationship.

7. Data retention

Billing records — kept as long as your subscription is active plus the time needed for accounting, tax, and legal obligations (typically 7 years).
License data — kept for the lifetime of the license plus a short buffer for customer-support continuity.
App telemetry — retained in PostHog and Sentry per their default retention policies; we don't extend retention beyond what's needed for trend analysis and debugging.
Template repository — retained indefinitely, since it's a shared resource. Entries can be removed on request.
Server logs — rotated and purged on a short timeline (typically 30 days) except where retained for security investigation.
Waitlist submissions — kept until the tier launches and outreach is complete, or on request for removal.

8. Your rights

Depending on where you live, you may have some or all of the following rights over the personal data we hold about you:

Access — ask what we have.
Correction — ask us to fix inaccuracies.
Deletion — ask us to erase your data (subject to legal retention obligations).
Portability — get a copy in a portable format.
Objection / restriction — object to or restrict certain processing.
Withdraw consent — where processing is based on consent.

To exercise any of these, email us (see Section 12). We'll respond within a reasonable time — typically 30 days. If you're in the European Economic Area, the UK, or a US state with a comprehensive privacy law (e.g., CCPA/CPRA in California, VCDPA in Virginia, CPA in Colorado), you also have the right to lodge a complaint with your local supervisory authority.

Do Not Sell / Do Not Share (California): We do not sell personal information and do not share it for cross-context behavioral advertising. There is nothing to opt out of on that front.

9. Children's data

LumaBrowser is built for developers and is not directed at children under 13 (or under 16 in jurisdictions where that's the applicable age). We do not knowingly collect personal data from children. If you believe a child has submitted information to us, contact us and we'll delete it.

10. International transfers

Lumabyte, LLC operates from the United States. Our service providers are also primarily US-based. If you use LumaBrowser or lumabyte.com from outside the US, your data will be transferred to, processed in, and stored in the United States. Where applicable, we rely on Standard Contractual Clauses or equivalent safeguards for transfers from the EEA, UK, or Switzerland.

11. Changes to this policy

We'll update this page when our practices change. The "Last updated" date at the top always reflects the most recent revision. For material changes, we'll post a notice on the site and — for active paid subscribers — email you before the change takes effect.

12. Contact

For any privacy question, data-rights request, or template-removal request:

Lumabyte, LLC
Email: [email protected]
Web: lumabyte.com

For app-specific telemetry detail, see /telemetry. For contractual terms, see /terms.