Elumen
ProductTrustCompany
Sign inRequest a demo

Elumen Privacy Policy

Effective date: July 18, 2026 (replaces the version dated February 8, 2026; prior version available on request)

Elumen is operated by Elumenate, LLC, a Delaware limited liability company, d/b/a Elumen AI ("Elumen," "we"). Elumen analyzes organizational communication under consulting engagements, and is currently in an invitation-only private beta.

This policy covers two different situations, and the difference matters:

  • Our website and beta accounts — where Elumen decides how data is handled. Sections 2–7 below govern this.
  • Organizational communications analyzed under a consulting engagement ("Engagement Data") — where the client organization decides, and Elumen processes on instructions. Section 1 below summarizes how that works; the binding commitments live in the data processing agreement for the engagement.

1) Engagement Data — how client communications are handled

When a consulting firm uses Elumen in an engagement with its client, the client organization remains the data controller, the consulting firm acts as its processor, and Elumen processes Engagement Data as an authorized subprocessor, only on documented instructions and only for the engagement's diagnostic purpose.

The protections here are architectural, and they are described in detail on our Trust page:

  • Identity is separated from content before anything reaches us: a staging step on the consulting side pseudonymizes names — in message text and metadata — and the name-to-pseudonym mapping never leaves the consulting team.
  • Findings are reported at the group level only, with a minimum group size. No analysis of a named, non-consenting employee is ever persisted or reported.
  • Everything is engagement-scoped: the corpus and all derived analysis are deleted or returned when the engagement ends, with deletion attested in writing.
  • Nothing from an engagement is pooled across clients, and nothing is used to train models — ours or anyone's.
  • Elumen processes Engagement Data as a bounded corpus supplied for the engagement. We do not connect to, scan, or continuously monitor any organization's live mailboxes, chat systems, or files.

Employee rights. If your employer's organization is analyzed in an engagement, you remain a data subject of that organization. Access, correction, and deletion requests route through your organization as data controller (typically via its consulting firm, which holds the only name-to-pseudonym mapping). Any employee can be excluded from ingestion on request. You can also write to privacy@elumen.ai and we will route your request to the responsible controller.

The rest of this policy (Sections 2–7) governs our website and beta accounts — not Engagement Data.

2) Information we collect

Account information. Email address and the basic identifiers needed to provide access and authenticate you.

Content you submit. Content you choose to submit through the product's beta evaluation surfaces.

Usage and technical data. Product interaction events, timestamps, limited device/browser metadata, error logs and performance diagnostics, and security/abuse-prevention signals.

We do not sell personal data, and we do not use it for advertising.

3) How we use information

To provide and operate the Service; to secure it and prevent abuse; to debug and improve reliability during beta; and to communicate with you about access, updates, and feedback. Service improvement uses de-identified, aggregated service data — never Engagement Data, and never to train models on customer content.

4) AI processing

Elumen uses AI systems (via a commercial model API) to generate analysis. Outputs may be inaccurate or incomplete and are intended to be reviewed by the professionals who use them. Analysis is text-only and does not use biometric data, and the Service does not generate outputs that purport to identify or infer an individual's emotional state.

5) Sharing, subprocessors, and international processing

We share information only with the service providers needed to operate the Service — hosting, authentication, database, cache, error monitoring, and AI model inference — bound to use it solely to provide services to Elumen. Our model provider is contractually prohibited from training on customer content. The full subprocessor list — roles, regions, and safeguards — is published on our Trust page and updated before any new subprocessor touches Engagement Data. We may also disclose information where required by law.

Elumen operates from the United States and our subprocessors are US-based; if you use the Service from outside the United States, your information is processed in the United States. For Engagement Data, cross-border transfer terms (including standard contractual clauses where required) are addressed in the engagement's data processing agreement.

6) Retention and security

Engagement Data is engagement-scoped, as described in Section 1. Account and usage data are retained while your account is active and as needed for security, legal compliance, and service operation. We use administrative, technical, and organizational measures designed to protect information — including encryption in transit and at rest, row-level access controls, and least-privilege credentials — and no system is perfectly secure.

7) Your choices, changes, contact

Beta account holders may request access to, or deletion of, their account and associated data at privacy@elumen.ai (subject to legal and operational constraints). If we make material changes to this policy, we will notify account holders before the changes take effect. Questions: privacy@elumen.ai.

© 2026 Elumenate, LLC
ProductTrustCompanyPrivacyTerms