This Privacy Policy describes how Lumireel ("Lumireel," "we," "us," or "our") collects, uses, and shares information about you when you use our Shopify application and website at lumireel.twinecom.com (collectively, the "Services"). By installing or using Lumireel, you agree to the practices described in this policy.
1. Information We Collect
1.1 Information You Provide
When you install and use Lumireel, we collect information you provide directly, including:
- Shopify store data: Your store name, URL, and contact email address provided by Shopify at the time of installation.
- Video content: Videos you upload directly, and URLs of public TikTok and Instagram Reels you submit for import.
- Widget configuration: Layout preferences, widget names, and product tagging data you configure within the app.
- Support communications: Any messages, attachments, or other information you send when contacting our support team.
1.2 Information Collected Automatically
We automatically collect certain information when you or your storefront visitors interact with our Services:
- Usage analytics: Widget view counts, video play events, product tag click events, and add-to-cart events generated by your shoppable video widgets.
- Log data: IP addresses, browser type, operating system, referring URLs, and timestamps associated with requests to our servers.
- App usage data: Pages visited within the Lumireel app, features used, and session duration, collected to improve the product.
- Device information: Device type and screen resolution, used to serve appropriately formatted widgets to your storefront visitors.
1.3 Information from Third Parties
We receive information from the following third parties:
- Shopify: Merchant account details, billing status, and store permissions granted to Lumireel through the Shopify Partner API.
- TikTok / Instagram: When you paste a public video URL, we retrieve publicly available metadata (thumbnail image, video duration, caption) from those platforms. We do not access your private TikTok or Instagram accounts.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Lumireel Services.
- Process and display your shoppable video widgets on your Shopify storefront.
- Generate and display analytics about widget performance within your app dashboard.
- Send transactional emails related to your account (e.g., billing notifications, installation confirmations).
- Respond to support requests and troubleshoot issues.
- Improve and develop new features for the Services, using aggregated and anonymised data.
- Comply with legal obligations and enforce our Terms of Service.
- Detect and prevent fraud, abuse, or other harmful activity.
We do not sell your personal data to third parties. We do not use your data to serve you advertising.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:
- Performance of a contract: Processing necessary to deliver the Services you have subscribed to.
- Legitimate interests: Improving our product, preventing fraud, and ensuring security — where these interests are not overridden by your rights.
- Legal obligation: Where processing is required to comply with applicable law.
- Consent: Where we have obtained your explicit consent, which you may withdraw at any time.
4. How We Share Your Information
We do not sell, rent, or trade your personal information. We may share information in the following limited circumstances:
4.1 Service Providers
We engage trusted third-party companies to help us operate and deliver the Services. These providers process data only on our behalf and are bound by confidentiality obligations:
- Hosting & infrastructure: Railway (application hosting), Supabase (database and storage).
- Analytics: Anonymised, aggregated event data may be processed by internal analytics tools.
- Email delivery: Transactional email providers for system notifications.
4.2 Shopify
Lumireel operates as a Shopify app and is subject to the Shopify Privacy Policy with respect to data shared through the Shopify platform.
4.3 Legal Requirements
We may disclose your information if required to do so by law, court order, or government authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of Lumireel, our users, or the public.
4.4 Business Transfers
If Lumireel is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
5. Data Retention
We retain your data for as long as your Lumireel account is active and as necessary to provide you with the Services. Specifically:
- Active accounts: All account data, widget configurations, and analytics are retained for the duration of your subscription.
- After uninstallation: All merchant data — including widget configurations, video metadata, and analytics — is automatically and permanently deleted from our servers within 48 hours of app uninstallation.
- Log data: Server logs are retained for up to 90 days for security and debugging purposes, then automatically purged.
- Legal holds: We may retain certain data for longer periods if required to comply with a legal obligation or to resolve disputes.
6. Cookies and Tracking Technologies
Our storefront widgets use a small, first-party script to track widget performance events (views, clicks, add-to-carts) on behalf of the merchant. This script:
- Does not set any persistent cookies on your storefront visitors' browsers.
- Does not track visitors across other websites.
- Collects only anonymised, aggregate interaction events tied to the widget, not to individual users.
The Lumireel app admin panel may use session cookies to maintain your logged-in state. These are strictly necessary for the app to function and are deleted when you close your browser session.
7. Data Security
We implement industry-standard technical and organisational measures to protect your information, including:
- TLS/HTTPS encryption for all data in transit.
- Encryption at rest for sensitive database fields.
- Role-based access controls limiting employee access to merchant data.
- Regular security reviews and dependency audits.
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you and the relevant authorities as required by applicable law.
8. International Data Transfers
Lumireel operates from and stores data in facilities located in the United States. If you are accessing the Services from outside the United States, your information may be transferred to and processed in the United States or other countries. Where such transfers occur from the EEA, UK, or Switzerland, we rely on standard contractual clauses or other lawful transfer mechanisms approved by the relevant authorities.
9. Your Rights
Depending on your location, you may have the following rights with respect to your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request that we correct inaccurate or incomplete data.
- Deletion: Request that we delete your personal data. Note that uninstalling the app automatically triggers deletion within 48 hours.
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Portability: Request a machine-readable export of your data.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at support@lumireel.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
10. California Privacy Rights (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
- Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to Correct: You may request correction of inaccurate personal information.
- Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioural advertising purposes.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
To submit a CCPA request, contact us at support@lumireel.com.
11. Children's Privacy
The Lumireel Services are intended for use by merchants operating Shopify stores and are not directed at children under the age of 13 (or 16 where applicable under local law). We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately at support@lumireel.com and we will take prompt steps to delete it.
12. Third-Party Links and Services
Our Services may contain links to third-party websites (such as TikTok, Instagram, and the Shopify App Store). We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal information.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Notify active merchants via the Lumireel app admin panel or by email at least 14 days before the changes take effect.
Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: support@lumireel.com
- Website: lumireel.twinecom.com
We aim to respond to all privacy-related inquiries within 5 business days.