← Back to home

Privacy Policy

Last updated: April 5, 2026

1. Introduction

LumenFi ("we", "us", "our") is a personal finance intelligence service operating on the Virtuals Protocol ACP marketplace. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

2. Information We Collect

We collect the following types of information:

  • Account information: Email address, display name, and avatar from Google OAuth; wallet address if you choose to link one.
  • Email data: When you grant Gmail access, we scan your inbox for financial statement emails (bank statements, credit card statements). We read email subjects, senders, and attachments (PDF statements) to identify financial documents.
  • Financial data: Transaction details extracted from your bank and credit card statements, including amounts, dates, descriptions, and merchant names.
  • Email body content: We scan email bodies for financial events such as payment receipts, subscription renewals, and price change notifications.
  • Telegram information: If you connect Telegram, your Telegram username and chat ID for delivering notifications.

3. How We Use Your Information

  • Parse and categorize your financial transactions from bank/credit card statements
  • Detect anomalous transactions and spending patterns
  • Generate financial health reports, cashflow summaries, and spending insights
  • Identify recurring subscriptions and track subscription changes
  • Deliver proactive notifications about your financial activity via in-app notifications, Telegram, or email
  • Provide your personal financial dashboard

4. Third-Party Services

We use the following third-party services to operate LumenFi:

  • Google Gmail API: To access your email inbox and download financial statement attachments, with your explicit OAuth consent.
  • Anthropic Claude API: We send extracted transaction data to Anthropic's Claude language model for categorization and analysis. Transaction descriptions are sent without personally identifiable information where possible.
  • Virtuals Protocol ACP: For subscription management and agent marketplace functionality. Your wallet address is shared with the ACP platform.
  • Telegram Bot API: If you opt in, we use Telegram's API to deliver notifications.

5. Data Storage and Security

  • Your data is stored in a PostgreSQL database with encrypted connections
  • OAuth tokens are stored securely and used only for their intended purpose
  • We do not store the raw content of your emails — only the extracted financial data
  • PDF statement files are processed in memory and not permanently stored after extraction
  • All API communications use HTTPS/TLS encryption

6. Data Retention

We retain your financial data for as long as your account is active. You may request deletion of your data at any time by contacting us. Upon account deletion, all associated financial data, OAuth tokens, and personal information will be permanently removed within 30 days.

7. Your Rights

You have the right to:

  • Access all financial data we have stored about you via the dashboard
  • Request a complete export of your data
  • Request deletion of your account and all associated data
  • Revoke Gmail access at any time through your Google Account permissions
  • Disconnect Telegram notifications at any time
  • Remove linked email accounts from your settings

8. Data Sharing

We do not sell, rent, or trade your personal or financial data to any third party. Data is only shared with the third-party services listed in Section 4 as necessary to operate the service. We may disclose information if required by law or to protect our rights.

9. Cookies and Local Storage

We use browser local storage to store your authentication tokens (JWT) for session management. We do not use tracking cookies or third-party analytics.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at [email protected].