Last updated: May 1, 2026
Datafew Inc. ("Lumos", "we", "our", or "us") operates the Lumos ABM outreach automation platform at lumos.datafew.com. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to it. By using our services you agree to the practices described here.
Account information: name, email address, and hashed password when you register.
Mission and prospect data: information about the companies and individuals you target through outreach missions, including names, email addresses, company names, and publicly available professional details. This data is sourced via public web search providers and Firecrawl strictly on your behalf and at your direction.
Usage data: pages visited, features used, session activity, and error logs collected via Sentry to help us diagnose issues and improve the platform.
Billing data: subscription status, plan tier, credit balance, and transaction history. Payment card details are processed exclusively by Stripe and are never stored on our servers.
We use the information we collect to:
Operate and deliver the Service, including executing outbound missions on your behalf.
Process billing, subscriptions, and credit transactions.
Send service-related communications such as account notices, invoices, and security alerts.
Monitor, debug, and improve platform reliability via error and usage analytics.
We do not sell your personal information to third parties, and we do not use your prospect data to train AI models.
We share information with the following sub-processors as necessary to operate the platform:
Stripe — payment processing. Your payment data is governed by Stripe's Privacy Policy.
Supabase — authentication and database, hosted on AWS us-east-1. Row-level security ensures each user accesses only their own data.
Vercel — frontend hosting and CDN.
Railway — backend API and worker hosting.
Sentry — error and performance monitoring.
Public web search providers and Firecrawl — prospect discovery services. These are invoked only for missions you explicitly initiate.
Resend / SMTP — transactional email delivery. Used to send outreach on your behalf to prospects you have authorised.
Account data is retained while your account is active and for 30 days following a verified deletion request, after which it is permanently removed.
Mission and prospect data is retained for the lifetime of your account unless you delete it earlier via the platform.
Billing records are retained as required by Stripe's data retention policy and applicable tax and accounting law.
All data is encrypted in transit via TLS 1.2+ and at rest using AES-256. Our database enforces row-level security policies so that each user can only access their own data. Access to production systems is restricted to authorised personnel, requires multi-factor authentication, and is logged for audit purposes.
Despite these measures, no system is perfectly secure. If you believe your account has been compromised, contact us immediately at privacy@datafew.com.
Depending on your location, you may have rights under the GDPR, CCPA, or other applicable privacy laws, including the right to access, correct, port, or delete your personal data, and the right to object to or restrict certain processing.
To exercise any of these rights, or to submit a privacy-related enquiry, contact us at privacy@datafew.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.
For privacy questions, data requests, or concerns:
Email: privacy@datafew.com
Datafew Inc. — lumos.datafew.com