Privacy Policy

Last updated: February 10, 2026

Overview

Lumbergh is an email-based service. You interact with it by sending and receiving email. This means the data we collect and process is primarily email content — your messages, the people you CC, subject lines, and attachments. This policy explains what we collect, how we store it, who we share it with, and how long we keep it.

Email is not end-to-end encrypted and can pass through multiple servers. We use encryption in transit where supported by email providers, but you should not use Lumbergh for highly sensitive or confidential information.

Lumbergh is operated by Aisatsu LLC.

What we collect

When you email Lumbergh, we receive and process:

Email content: Message body, subject line, and headers (sender, recipients, CC list, timestamps, message IDs, and routing metadata)
Attachments: Files you attach to emails sent to Lumbergh
Email address: Your email address, which serves as your account identifier
Project membership: Which projects you belong to, your role (owner or member), and participation status

When you log in to the web dashboard, we also process:

Magic link tokens: One-time authentication tokens sent to your email. No passwords are stored.
API keys: If you provide your own Anthropic API key, it is stored encrypted at rest.

When you receive emails from Lumbergh, we may also process:

Email open events: We include a small tracking pixel in some emails to measure opens and diagnose deliverability. This records the time of open, a hashed recipient identifier, message ID, IP address, and user agent.

Website analytics: We use Google Analytics on the website for basic usage metrics. It may set cookies or use similar technologies. We do not use advertising pixels or sell personal data.

How we use your data

Your email content is used to:

Process your instructions and coordinate your project
Generate tasks, summaries, reports, drafts, and experimental follow-up behavior
Send emails to you and other project participants on your behalf
Validate emails for spam, viruses, and content safety
Enforce rate limits and prevent abuse
Measure deliverability and open rates for service emails

AI processing and Anthropic

Your email content is sent to Anthropic via their API. This includes message text, subject lines, and context from prior messages in the same project thread. Attachment file contents may also be sent for processing.

Per Anthropic's API policy, API inputs are not used to train their models. See Anthropic's Privacy Policy for details on how they handle API data.

We use Claude models for processing and safety checks.

Data storage and retention

We currently store data on encrypted cloud infrastructure in US regions. Specifically:

Data type	Storage	Retention
Raw inbound emails	Encrypted object storage	Short retention, then auto-deleted
Attachments (inbound and outbound copies)	Encrypted object storage	Short retention
Queued processing copies	Encrypted object storage	Short retention
Generated artifacts	Encrypted object storage	Limited retention
Project state & metadata	Database (encrypted)	Until account deletion
User account data	Database (encrypted)	Until account deletion
Rate limit records	Database (encrypted)	Auto-expire via TTL

Storage uses encryption at rest on managed cloud services. Emails are transmitted over TLS where supported. Server logs are retained for a limited time with sensitive data redacted.

Email security

Since Lumbergh operates over email, we take email-specific security seriously:

TLS in transit: We use TLS for email delivery whenever supported by sending and receiving providers. Email is not end-to-end encrypted.
Authentication checks: Inbound emails are checked against industry standards (SPF, DKIM, and DMARC). Emails that fail validation may be rejected.
Spam and malware scanning: Inbound emails are scanned before processing.
Content safety: Email content is checked for safety compliance before being processed.
Abuse prevention: We use automated controls to prevent spam and misuse.

Third-party services

We use the following third-party services to operate Lumbergh:

Anthropic — AI processing via Claude API. Your email content is sent to Anthropic for processing. Anthropic does not train on API inputs.
AWS — Cloud infrastructure for email delivery, data storage, database, and compute. Infrastructure currently runs in US regions.
Google Analytics — Website usage analytics. This may set cookies.

We do not use advertising networks or sell personal data.

Project membership and consent

Participation is opt-in. If someone CCs you on a Lumbergh project, you will receive an initial notification. You can opt in by replying to that email or by joining in your dashboard. If you do not respond, you will receive no further emails for that project.

You can opt out at any time. Every email from Lumbergh includes an opt-out link. You can permanently opt out of all Lumbergh emails with a single click. This is immediate and irreversible unless you explicitly opt back in.

Project isolation. Each project is isolated. Only the project owner and confirmed members can send messages to a project. Members of one project cannot see or access other projects.

Your rights

You can:

Opt out of all emails instantly via the link in any Lumbergh email
Request account deletion by emailing support@lumbergh.io. We will delete your account data and remove you from all projects.
Request your data by emailing support. We will provide a copy of your account data and project membership records.

Note that raw email content is automatically deleted after a short retention period.

Children

Lumbergh is not intended for use by anyone under 13 years of age. We do not knowingly collect data from children. If you believe a child has used Lumbergh, please contact us and we will delete their data.

Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email. The “last updated” date at the top of this page reflects the most recent revision.

Contact

Questions about this policy? Email us at support@lumbergh.io.