Privacy Policy

Lumen is a Shopify app that helps merchants answer post-purchase support questions, including order status, shipment status, tracking information, return questions, and support escalations.

This Privacy Policy explains how Lumen, operated by Manikandan under the trade name Mani Labs ("Lumen," "we," "us," or "our"), collects, uses, shares, and protects information when Shopify merchants install Lumen and when shoppers interact with the Lumen storefront chat widget.

Operator location: Coimbatore, Tamil Nadu, India.

If you are a shopper using a merchant's store, the Shopify merchant remains responsible for its relationship with you and for its own privacy notices. Lumen processes store and order information on behalf of the merchant to provide the app.

Information We Collect

Merchant and Store Information

When a merchant installs or uses Lumen, we may collect and process:

• Shopify store domain and shop identifier

• Merchant account details made available through Shopify, such as store owner/admin email where provided

• App installation, authentication, and session information needed to operate the app

• Lumen configuration settings, such as bot name, tone, widget settings, support/escalation settings, policies entered by the merchant, and plan tier

• Billing and usage information needed to manage plan limits and Shopify app billing

• Support requests or other messages a merchant sends to us

Shopper Chat Information

When a shopper interacts with the Lumen chat widget, we may process:

• Chat messages typed by the shopper

• Order number or tracking number provided by the shopper

• Conversation state, message count, ticket number, ticket status, sentiment, feedback, and short conversation summaries

• Whether an order was verified during the active chat flow

• Basic technical metadata needed to operate and secure the service, such as timestamps, request status, and diagnostic events

Shoppers should avoid entering sensitive information that is not needed for order support.

Shopify Order and Fulfillment Information

To answer order and tracking questions, Lumen may access order and fulfillment information from Shopify, including:

• Order number/name

• Order status, payment status, fulfillment status, and shipment status

• Product titles, quantities, total amount, and currency

• Fulfillment, carrier, and tracking information

• Customer email address for server-side order verification

• Limited shipping location information where needed to understand fulfillment context

Lumen uses Shopify order data only to provide post-purchase support functionality to the merchant and shopper.

Information We Do Not Collect or Store

Lumen does not collect or store payment card numbers.

Lumen does not sell personal information and does not use shopper data for advertising.

Lumen is designed to avoid storing customer email addresses as part of the order-verification record. Customer email may be checked server-side against Shopify order data to verify access to an order, but it is not stored as a chat-session field for verification.

Lumen does not intentionally store full street addresses in chat analytics. If a shopper types personal information into the chat, that text may be processed as part of the conversation.

How We Use Information

We use information to:

• Provide, operate, and secure the Lumen Shopify app

• Display and configure the storefront chat widget

• Answer order status, shipment, tracking, return, and policy questions

• Verify that a shopper is allowed to receive order-specific information

• Create support tickets and conversation summaries for merchants

• Detect sentiment and identify conversations that may need human support

• Send escalation notifications and app emails where configured

• Provide usage analytics, plan limits, and billing-related usage counts

• Debug errors, prevent abuse, and improve reliability

• Comply with legal, security, and Shopify platform obligations

We limit our processing of Shopify merchant and customer data to the purposes needed to provide Lumen.

AI Processing

Lumen uses AI services to generate support responses, summarize conversations, and analyze sentiment.

Depending on the feature, Lumen may use Anthropic and OpenAI. The information sent to AI providers is limited to the context needed for the support task, such as the shopper's message, conversation state, order/tracking context after verification, and merchant-provided configuration or policies.

Lumen is designed so customer email verification happens server-side. Customer email addresses are not intentionally sent to AI providers for order verification.

AI-generated responses may be incomplete or inaccurate. Lumen includes safeguards to keep responses scoped to post-purchase support, but merchants remain responsible for configuring the app appropriately and handling escalations when human support is needed.

Third-Party Service Providers

We use trusted service providers to operate Lumen. These providers may process limited information on our behalf:

• Shopify: app installation, authentication, billing, Admin API access, app proxy requests, and privacy webhooks

• Vercel: application hosting, deployment, logs, and infrastructure

• Supabase/PostgreSQL: database hosting and storage

• Anthropic: AI response generation for supported chat flows

• OpenAI: AI features such as sentiment analysis, summaries, or fallback response generation

• Resend: transactional emails, welcome emails, escalation emails, and reports

These providers process information according to their own terms, privacy policies, and data processing commitments.

Cookies and Similar Technologies

Lumen does not use advertising cookies in the storefront widget.

Lumen may use session identifiers or local browser state that are necessary for chat continuity, app operation, security, and diagnostics. These are used to provide the service, not to track shoppers across unrelated websites for advertising.

Merchants are responsible for ensuring their own storefront privacy notices and cookie banners accurately describe all technologies used on their store.

Data Retention

We keep information only for as long as needed to provide Lumen, meet legal or security obligations, resolve disputes, and enforce agreements.

Current retention practices include:

• Merchant settings are retained while the app remains installed.

• Chat sessions for Free stores are automatically deleted after 90 days.

• Chat sessions for paid stores are automatically deleted after 180 days.

• Widget event records are deleted after the same 180-day hard limit.

• Cached order data expires quickly and is automatically removed after it is no longer needed for the support flow.

• When a merchant uninstalls Lumen, we delete the merchant's Lumen app data, including merchant settings, chat sessions, cached order data, widget events, and Shopify app session records.

Some information may remain for a limited period in backups, security logs, or provider logs where deletion is technically limited, but we minimize logged personal information and use it only for security, troubleshooting, and compliance.

Security

We use reasonable administrative, technical, and organizational safeguards to protect information processed by Lumen, including:

• HTTPS/TLS for data in transit

• Shopify authentication for embedded app access

• Shopify app proxy authentication for storefront widget requests

• Secure database connections

• Access controls for production systems

• Data minimization and retention limits

• Diagnostic logging designed to avoid unnecessary personal information

No method of transmission or storage is completely secure, but we work to protect Lumen and the data it processes.

Shopify Privacy Webhooks and Data Rights

Lumen supports Shopify's required privacy webhook flows, including:

• Customer data requests

• Customer redaction requests

• Shop redaction requests

If you are a shopper and want to access, correct, or delete personal information related to an order, please contact the Shopify merchant where you made the purchase. The merchant can handle your request through Shopify and related privacy workflows.

If you are a merchant and need help with Lumen data, contact us at support@manilabs.co.

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to processing of personal information. We will help merchants respond to valid requests as required by applicable law.

International Transfers

Lumen and its service providers may process information in countries other than where the merchant or shopper is located. Where required, we rely on appropriate contractual or legal safeguards for international transfers.

Children's Privacy

Lumen is intended for use by Shopify merchants and their shoppers in a commerce context. It is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and, where appropriate, provide notice through the app or website.

Contact

For privacy questions or support requests, contact:

support@manilabs.co