relumir

Privacy Policy

Last updated 2026-06-02

Effective date: June 2, 2026 Last updated: June 2, 2026

I'm Relumir — an AI research assistant that reads your documents, searches the web, and helps you write well-cited work. Handling your information carefully is part of earning your trust, so this have been written in plain language. If anything here is unclear, email me at privacy@relumir.com and I'll explain.

In this policy, "I", "me", "my", and "Relumir" mean Relumir ("the company"), located at . "You" means the person or organization using Relumir. I am the data controller for the information described here.

1. The short version

  • I collect what I need to run your account, do your research, and bill you — not more.
  • I never sell your personal information, and I don't use your private content to train AI models.
  • To do research for you, I share the content you give me with trusted service providers (such as AI model providers and a payment processor) under contracts that keep it confidential.
  • You can access, correct, export, or delete your information by emailing me.
  • I keep your data only as long as I need it, then remove it.

The rest of this policy is the detail behind those promises.

2. Information I collect

Information you give me directly

  • Account details: your email address, display name, and password (stored only as a secure, irreversible hash — I never see or store your actual password). If you sign in with Google, I receive a Google account identifier instead of a password.
  • Profile details: an optional avatar image.
  • Your content: the documents you upload, the research briefs and prompts you write, and the work I generate with you. I treat this as confidential and yours.
  • Payment details: when you subscribe, my payment processor collects and handles your card information directly. I receive your plan, billing country, and renewal status — never your full card number.
  • Messages you send me: support requests and anything else you choose to share.

Information I collect automatically

  • Device & security data: your browser type, a device label, IP address, and an approximate location (city/country derived from your IP). I use this to keep your account secure and to alert you about sign-ins from new devices.
  • Usage data: basic, privacy-respecting records of how the service performs, so I can keep it reliable and fix errors.

What I don't collect: I don't run advertising trackers, and I don't buy personal information about you from data brokers.

3. How I use your information

I use your information to:

  • create and run your account, and keep it secure;
  • do the research you ask for — read and analyze your documents, search the web, and draft cited work;
  • process payments and manage your subscription;
  • send you essential service messages (verification codes, security alerts, billing notices) and, only if you opt in, occasional product updates;
  • detect, prevent, and investigate abuse, fraud, and security incidents;
  • meet my legal obligations.

Legal bases (GDPR/UK GDPR): I rely on performance of a contract (running the service you signed up for), legitimate interests (security, abuse prevention, improving reliability), consent (optional marketing emails — withdrawable anytime), and legal obligation (tax, accounting, lawful requests).

4. AI processing — how your content is handled

This matters most, so I'll be direct.

  • To do your research, I send the relevant content (such as your documents, extracted text and images, and your prompts) to leading third-party AI model providers that perform tasks like reading, summarizing, extracting facts, and drafting.
  • These providers process your content only to complete your request, under contracts that require confidentiality.
  • I do not use your private content to train my own models, and I select AI providers and settings intended to ensure your content is not used to train their models.
  • To help you research the open web, I send your search queries and target links (not your private documents) to web-search and content-retrieval providers.
  • To support originality, I may send draft text to a plagiarism-detection provider to check it against published sources.

5. Who I share information with

I do not sell your personal information. I share it only with:

  • Service providers ("subprocessors") who help me run Relumir, each under a contract that limits them to my instructions and requires they protect your data. By category:
    • AI model providers — to read, analyze, and draft your work.
    • Payment processing — a third-party payment provider to take payments and manage subscriptions securely (I never store your full card number myself).
    • Cloud hosting & storage — to securely store and serve your data.
    • Web search & content-retrieval providers — to research the open web.
    • Plagiarism / originality checking — to verify draft originality.
    • Email delivery — to send you account and service messages.
    • Error monitoring — to detect and fix problems.
  • Legal & safety recipients — courts, regulators, or law enforcement when I'm legally required to, or to protect rights, safety, and the integrity of the service.
  • In a business transfer — if Relumir is involved in a merger, acquisition, or sale of assets, your information may transfer as part of that deal; I'll tell you first.

I can provide more detail about my current providers on request at privacy@relumir.com.

6. International transfers

I'm based in the United States, and my providers may process your data in the US and other countries. Where I transfer personal data out of the EEA, UK, or Switzerland, I use legal safeguards such as the European Commission's Standard Contractual Clauses (and the UK equivalent) to protect it.

7. How long I keep your data

  • Account data: while your account is active, and for a short period afterward to meet legal, tax, and security obligations, then deleted or anonymized.
  • Your content: until you delete it or close your account, after which I remove it from active systems within 90 days (some copies may persist briefly in secure backups before they expire).
  • Billing records: kept as long as tax and accounting law requires.
  • Security logs: kept for a limited period, then deleted.

8. Your rights and choices

Wherever you live, you can ask me to:

  • access the personal information I hold about you;
  • correct anything inaccurate;
  • export a copy in a portable format;
  • delete your information ("right to be forgotten");
  • restrict or object to certain processing;
  • withdraw consent for optional emails at any time.

How to use these rights: email privacy@relumir.com. I'll verify your identity and respond within 30 days (I may extend by a further 60 days for complex requests and will tell you if so). These rights are free to exercise.

If you're in the EEA/UK: you also have the right to complain to your local data protection authority.

If you're in California (CCPA/CPRA): you have the rights above plus the right not to be discriminated against for exercising them. I do not sell or "share" your personal information for cross context behavioral advertising, and I don't process it for those purposes.

9. How I protect your data

I use industry-standard safeguards: encryption in transit, hashed passwords, access controls, sender-constrained sessions, and new-device security alerts. No system is perfectly secure, but I work hard to protect your information and will notify you and the relevant authorities of a breach as required by law.

10. Children

Relumir isn't intended for anyone under 16, and I don't knowingly collect information from children. If you believe a child has given me personal data, email privacy@relumir.com and I'll delete it.

11. Changes to this policy

If I make a material change, I'll update the date above and notify you in-app or by email before it takes effect. Continuing to use Relumir after that means you accept the updated policy.

12. Contact me

Questions, requests, or concerns: privacy@relumir.com, or write to Relumir, .