Lumyst Logo

Lumyst - Privacy Policy

(v0.0.2 - Beta)

Last Updated: August 24, 2025

Effective For: All users of the Lumyst VS Code extension and associated cloud services

Status: This product is currently in public beta. Features, data practices, and policies may evolve before general availability.

1. Introduction

Welcome to Lumyst ("we", "us", or "our"). We are building an AI-powered code analysis extension for VS Code that helps developers understand complex codebases through intelligent visualizations and guided "Code Tours".

This Privacy Policy explains how we handle your information when you use:

  • The Lumyst VS Code Extension
  • The Lumyst Cloud Service (for authentication, LLM processing, and analytics)

We respect your privacy and are committed to protecting your personal and code-related data. This policy applies to all users, whether in beta or after general release.

2. Our Beta Status

Lumyst is currently in public beta. While we take data protection seriously, some systems - including encryption at rest and full automated data controls - are still under development.

We will not use your code or data to train AI models, and we do not store your source code. However, we may update this policy as the product matures. Continued use constitutes acceptance of changes.

3. What Data We Collect

We only collect data necessary to provide and improve Lumyst. There are three categories:

A. User Account & Authentication Data

Collected via Clerk (OAuth provider):

  • Email address
  • Full name
  • Profile picture (optional)
  • External authentication ID (e.g., Google/GitHub ID)

This data is used to:

  • Authenticate you securely
  • Manage your account and plan (e.g., beta access)
  • Communicate with you (e.g., support, updates)

B. Usage & Performance Data

We collect non-personal, aggregated metrics to monitor performance and improve reliability:

  • Number of files and lines analyzed
  • Language breakdown (e.g., 60% TypeScript, 40% Python)
  • Node and edge count in generated graphs
  • Analysis duration (total, per phase)
  • LLM pipeline stats: tokens used, cost estimate, run ID
  • Anonymized error reports, which may include stack traces but are stripped of any source code, file paths, or personally identifiable information

This data helps us:

  • Optimize performance
  • Debug issues
  • Prevent abuse (e.g., token limits)
  • Plan infrastructure

C. Optional Feedback & Logs (Beta Only)

During the beta phase, you may choose to submit diagnostic logs. These include:

  • Application logs from the extension backend
  • Metadata about analysis steps
  • No source files are ever included

You can opt out of submitting feedback at any time. Feedback is stored in AWS S3 and retained only as long as needed for debugging.

4. How We Handle Your Source Code

We do not store your source code.

When analyzing your codebase:

  1. The extension runs static analysis locally on your machine using tree-sitter parsers.
  2. We generate a graph of nodes (functions, classes, methods, etc.) and their relationships.
  3. For LLM-powered features (e.g., Code Tours), we send only specific function/method snippets — never entire files — to Google Vertex AI.
  4. These snippets are:
    • Transmitted securely over HTTPS
    • Processed in-memory only
    • Immediately discarded after analysis
  5. The resulting output (e.g., tour descriptions) is sent back and displayed in your IDE.

You retain full ownership of your code at all times.

5. LLM Processing & Third Parties

We use Google Vertex AI (Gemini 2.5 Flash) for AI-powered analysis. Key facts:

  • Google does not use API data for model training
  • Data is processed in a secure, compliant environment

For more, see: Google Cloud – Responsible AI

6. Where & How Long We Store Data

Storage Locations

  • PostgreSQL Database: Hosted on Railway (US region)
  • Logs & Feedback: Stored in AWS S3 (US region)
  • Authentication: Managed by Clerk (US region)

Retention

  • All user data is retained until you delete your account
  • After deletion, your data is removed from all systems within 7 days
  • Residual backups are purged within 30 days
  • We plan to offer an automated, in-app account deletion feature in a future release. Until then, please contact us directly via email

You can delete your account with all data by emailing support@lumystai.com.

7. Security

We take reasonable measures to protect your data, but acknowledge our current limitations:

MeasureStatus
Encryption in transit (TLS)Yes (via Clerk, Railway, HTTPS)
Encryption at restNot yet implemented (planned for v1.0)
Internal access to codeNone — team cannot view your code
Access controlsRole-limited; audit logs in development

We are actively working to enhance security and will update this policy when new protections are live.

8. Your Rights

You have the right to:

  • Access your account data
  • Correct inaccurate information
  • Delete your account and data
  • Withdraw consent (e.g., stop submitting feedback)

To exercise these rights, contact us at support@lumystai.com.

If you're in the EU or California, you may also:

  • Request data portability
  • Object to processing
  • Ask whether your data has been shared

Children's Privacy:

Lumyst is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have, we will take steps to delete such information.

We respond to all requests within 30 days.

9. Third-Party Services

We use the following trusted providers:

These services act as data processors and are contractually obligated to protect your data.

We do not use third-party analytics, ads, or tracking pixels.

10. Changes to This Policy

We may update this Privacy Policy as Lumyst evolves. When we do:

  • We will notify beta users via email or in-app banner
  • The "Last Updated" date will change
  • The beta disclaimer will remain until general availability

Your continued use means you accept the changes.

11. Contact Us

For questions about this Privacy Policy or your data rights, email us at:

support@lumystai.com

We are based in the United States. If you're located in the EU, UK, or elsewhere, you may have additional rights under local law.

12. Final Note

Thank you for trying Lumyst in beta. We're building a tool we wish existed when we started coding — one that respects your time, your code, and your privacy.

— The Lumyst Team