ilumniz — Privacy Policy
Version: 2.0 Effective as of: June 4, 2026 Last updated: June 4, 2026
Convenience translation. This is a translation of the original Brazilian Portuguese version. In case of any divergence between versions, the Brazilian Portuguese version prevails.
1. Introduction
This Privacy Policy describes how ilumniz collects, uses, shares, stores, and protects the personal data of persons who access or use the platform, in compliance with the General Personal Data Protection Law — LGPD (Law No. 13,709/2018) and other applicable rules.
This Policy is an integral part of the Terms of Service and must be read together with them. By using ilumniz, you acknowledge that you are aware of the practices described herein.
ilumniz currently offers three major functional areas — Classroom (academic organization and study, both individual and collaborative within a class), Learning (artificial-intelligence-assisted learning, including the Lux assistant, study tools, quiz generation, and image generation), and Networking (public profile, feed, connections, chat, voice/video calls, events, university communities, and project spaces). This Policy covers the processing of personal data related to all of them.
Notice regarding artificial intelligence. Several ilumniz features are assisted by artificial intelligence and, in order to work, send User Content to third-party AI providers (for example, language models, image generation, text-to-speech, and real-time search) and store vector representations of documents in a third-party vector store. The purposes, legal bases, safeguards, and the list of vendors are described in sections 4, 6, 10, and 11. The AI providers currently used by ilumniz operate under contractual conditions of non-use of content to train their models and of zero or limited retention (see section 10).
2. Who is the controller
For the purposes of the LGPD, the controller of the personal data processed within ilumniz is the individual (natural person) who operates the platform under the "ilumniz" brand.
- Single contact channel (privacy, LGPD, support, and exercise of rights): support@ilumniz.com
ilumniz does not have a formally appointed Data Protection Officer (DPO). The channel above fully serves the purposes set out in art. 41 of the LGPD insofar as applicable.
3. To whom this Policy applies
This Policy applies to anyone who:
- Creates or maintains an account on ilumniz;
- Accesses features that require authentication or identification, even in a testing phase;
- Interacts with the institutional website, waitlists, or forms related to the service;
- Has personal data processed as a result of interaction with other users of the platform (for example, by being mentioned, quoted, invited to an event, a message recipient, or a call participant).
ilumniz is intended for persons over 18 years of age. We do not intentionally collect data of children or adolescents. Should we become aware that we have collected data of minors, we will take measures to delete it.
4. Data we process
ilumniz may process the following categories of personal data, depending on the features used:
4.1. Registration and account data
- Email address;
- Password (stored in a protected form, by hash, never in plain text);
- User identifiers, profile identifiers, and session tokens;
- Data received from federated login providers (for example, Google OAuth): account identifier, name, public profile picture, and email, as authorized by you at the provider;
- Pending registration data provided during onboarding (for example, intended username, date of birth, gender, and country), kept temporarily until the account is finalized.
4.2. Profile and onboarding data
- Display name, username, biography, profile picture, cover picture;
- Visual customizations of the profile card (theme, style, custom footer, text effects);
- Role on the platform (for example, student or teacher/faculty member), university affiliation(s) — including the possibility of multiple enrollments — with institution, course, semester/quarter, progress status, year of admission, and, for faculty members, the institution where they teach;
- Interests, appearance preferences, accent color, language, time zone, accessibility settings, cursor preferences.
4.3. "Active university student" verification data
- Institutional email submitted for validation, the corresponding domain, the associated audience (student, alumnus/alumni, or technical/teaching staff), records of the verification attempt and result, and the link to the validated institution. The verified academic email is unique per account on the platform (see section 12).
4.4. User Content — study and learning (Classroom / Learning)
- Notes, documents, uploaded files, tasks, calendar events, disciplines, materials, classes, study annotations;
- Interactions with artificial intelligence (the Lux assistant and study tools): questions, commands (prompts), conversation history, attached documents and images, class materials, and other content you submit to the assistive features. This content is sent to third-party AI providers to generate answers, summaries, flashcards, mind maps, study plans, glossaries, quizzes, image analysis, audio (text-to-speech), and answers with web search (see sections 6, 10, and 11);
- Vectorized documents (RAG): documents uploaded for context-based questions and answers are fragmented (chunking) and converted into vector representations (embeddings), stored in a third-party vector store (Pinecone), under per-user isolation, to enable semantic search;
- AI-generated content: images generated from your prompts, including the original command, any revised command, the model used, and the resulting file. The generated images are stored in a publicly accessible repository and may be accessed via a public URL (see section 8). Other generated materials (summaries, quizzes, audio, etc.) result from the interactions above.
4.5. User Content — social area (Networking)
- Feed publications: posts (text, images, videos), polls and poll votes, reposts (with or without quote), comments and threaded replies, audience settings (public, followers, private), reply permissions;
- Engagement: likes, reposts, bookmarks, poll votes, views, and event engagement signals (opens and views) used for personalization and ranking;
- Events: attendance status (going / interested / not going — RSVP), guest lists ("who's going"), event invitations sent and received (with status), personalized event relevance scoring (heat score) calculated from engagement, interests, and connections, and event cards shared on the feed;
- Tagging: hashtags used, @mentions of other users;
- Lists and bookmarks: curated lists (public/private), bookmark folders (public/private), followers and collaborators of folders;
- Messages exchanged in direct conversations (1-1) and in group rooms, attachments (images, videos, PDFs, notes, documents), reactions (emojis), pinned messages, read receipts, "typing" status, and membership and role in rooms (member/admin);
- Voice and video calls: session and participation records (initiator, room, call type, status, start/end times, duration, participants, invitation/ringing/join/leave/declined/missed states, display identification, and avatar). Calls are neither recorded nor transcribed by ilumniz; we process only metadata (see sections 8 and 13);
- Connections: follower/following relationships, accepted connections (bidirectional), connection requests sent and received (pending, accepted, declined);
- Communities and project spaces (Spaces/Projetos): membership in institution communities and in collaborative spaces, role within the space (admin/moderator/member), space visibility settings (public, by request, invite-only), member lists, joins and departures;
- Notifications: records of events that generated a notification (likes, comments, mentions, new followers, messages, connection requests, event invitations, calls), read/unread status, dates;
- Reports and blocks: content of reports submitted (post, comment, message, reported profile, reason, reporter's message) and block records between users.
4.6. User Content — class collaboration (Classroom)
- Class forum: publications (discussion, question, announcement), comments, votes, and solution marking, which may be visible to students of the same institution (see section 8);
- Class notices and announcements;
- Materials shared with enrolled classmates;
- Class chat (group rooms with attachments and read receipts);
- Time blocks that, when customized, may feed a catalog shared at the institution level, visible to other students.
4.7. Derived social interaction data
- Aggregate counters (number of followers, following, posts, likes received);
- Trending hashtags over the most recent time windows;
- Contact and event suggestions calculated from the network, interests, and filters such as university and course;
- Personalized relevance scores (for example, event heat score).
4.8. Usage, telemetry, and AI billing data
- Usage events, pages accessed, features used, clicks, interaction time, preferences and settings, collected by analytics tools (currently PostHog and Google Analytics) and error monitoring (currently Sentry);
- AI usage record: per request to AI features, we record the endpoint, provider, and model used, an estimate of tokens and cost, and the plan/quota classification, for usage control, billing, and per-plan limits.
4.9. Technical and security data
- IP address, browser type and version, operating system, device identifiers, language, time zone, access logs, authentication events, error records, OTP events (one-time codes sent by email), security indicators, rate limiting per IP and email, and anti-fraud.
4.10. Data from communication with ilumniz
- The content of messages sent to ilumniz via support@ilumniz.com or through other official channels (including the feedback module within the platform), including attachments.
4.11. Payment data
- ilumniz offers free and paid plans. When you subscribe to a paid plan, payments are processed directly by the payment processor (currently Stripe). ilumniz does not store full card data; it may receive only limited information, such as transaction status, internal subscription identifier, the subscribed plan, currency, billing interval, the last digits of the card, and billing history. Prices, currencies, and intervals are displayed at the time of subscription.
ilumniz, as a rule, does not process sensitive personal data (art. 5, II, of the LGPD). We ask that you do not send or publish sensitive information (such as health data, biometrics, religious convictions, sexual orientation) through User Content, messages, profile, or commands to the AI features.
5. How we collect data
We collect personal data:
- Directly from you, when you create an account, fill out forms, send content, publish posts, send messages, participate in calls, interact with the Lux assistant and the AI tools, set up your profile, contact us, or subscribe to plans;
- Automatically, through your use of the service (telemetry, logs, cookies, error monitoring, and similar technologies);
- From authorized third parties, such as authentication providers (for example, Google) and the payment processor, in accordance with the authorizations you grant;
- From other users, when they mention, quote, repost, message, call, invite to events, add to lists or spaces, follow, block, or report you or your content.
6. Purposes and legal bases (art. 7 and art. 11 of the LGPD)
We process personal data only for legitimate, specific, and informed purposes, in accordance with the following legal bases:
| Purpose | Data involved | Legal basis |
|---|---|---|
| Create, authenticate, and maintain the user account | Registration, federated login, credentials | Performance of a contract (art. 7, V) |
| Provide, operate, and maintain the service and its features (Classroom, Learning, Networking) | User Content, profile, usage | Performance of a contract (art. 7, V) |
| Operate the AI-assisted features (Lux assistant, study tools, quiz generation, context-based questions and answers/RAG, image analysis, image generation, text-to-speech, and real-time search), sending User Content to third-party AI providers and storing vector representations of documents | Prompts, conversation history, attached documents and images, materials, embeddings | Performance of a contract (art. 7, V), as to the features you request |
| Verify "active university student" status and administer communities and spaces | Institutional email, verification records, membership | Performance of a contract / preliminary procedures (art. 7, V) |
| Operate social features (feed, public profile, connections, lists, bookmarks, communities, project spaces, events) and display content to other users according to the configured audience | Posts, comments, public profile, connections, hashtags, mentions, RSVP, event attendance | Performance of a contract (art. 7, V) |
| Operate direct messages, group rooms, and voice/video calls (metadata only), including attachments, reactions, and read receipts | Message content, attachments, chat and call metadata | Performance of a contract (art. 7, V) |
| Operate class collaboration features (forum, notices, shared materials, class chat, schedule catalog) | Publications, comments, votes, materials, time blocks | Performance of a contract (art. 7, V) |
| Generate notifications arising from interactions (mentions, likes, comments, new followers, messages, connection requests, event invitations, calls) | Interaction events, user identifiers | Performance of a contract (art. 7, V) |
| Recommend contacts, events, trending hashtags, and content discovery, including personalization and relevance scoring (heat score) | Connections, public profile data, interests, engagement | Legitimate interest (art. 7, IX) |
| Control the use, quotas, and costs of the AI features and apply per-plan limits | AI usage record (endpoint, provider, model, tokens, cost), plan | Performance of a contract (art. 7, V) and legitimate interest (art. 7, IX) |
| Moderate the service, analyze reports, investigate violations, and apply measures | Reported content, profile, logs, messages (when necessary) | Legitimate interest (art. 7, IX), compliance with a legal obligation (art. 7, II), and the regular exercise of rights (art. 7, VI) |
| Ensure security, fraud prevention, and integrity of the service | Logs, IP, device, authentication events, rate limiting | Legitimate interest (art. 7, IX) and compliance with a legal obligation (art. 7, II) |
| User support and handling of requests | Contact data and the content of messages | Performance of a contract and preliminary procedures (art. 7, V) |
| Usage analysis, error monitoring, and service improvement (analytics and telemetry) | Events, telemetry, identifiers, error records | Legitimate interest (art. 7, IX), observing the data subject's rights |
| Operational communications (registration, security, contractual changes, billing, social interaction notifications) | Email, user identifier, events | Performance of a contract (art. 7, V) and compliance with a legal obligation (art. 7, II) |
| Marketing communications | Email, preferences | Consent (art. 7, I), revocable at any time |
| Billing, subscriptions, and payment processing | Subscription and billing data | Performance of a contract (art. 7, V) |
| Compliance with legal and regulatory obligations and defense in proceedings | As necessary | Legal obligation (art. 7, II) and the regular exercise of rights (art. 7, VI) |
Automated decisions and personalization. ilumniz does not carry out automated decisions that produce legal effects on the data subject or that significantly affect them within the meaning of art. 20 of the LGPD. The platform does, however, carry out automated personalization processing (for example, contact and event recommendations, relevance scoring, and content ranking) and automated management of AI quotas (which may, upon reaching the plan limit, route the request to a lower-cost model). These processing activities do not produce relevant legal effects. You may request information about them through the channel in section 19.
7. Cookies and similar technologies
ilumniz and its vendors may use cookies, local storage, pixels, and similar identifiers to:
- Essential: keep your session authenticated, remember basic preferences, and ensure the service functions (these cannot be disabled without compromising use).
- Analytics and performance: understand how the service is used, measure engagement, identify errors, and improve the experience, through tools such as, currently, PostHog, Google Analytics, and Sentry (error monitoring).
- Functional: personalize parts of the experience, where applicable.
Cookie banner (CMP). Currently, ilumniz does not display a cookie management banner. For transparency, we inform you that, until a management tool is implemented, you can control the use of cookies and similar technologies through your browser settings (including deleting cookies and blocking trackers) and/or privacy extensions and blockers of your choice. Such adjustments may affect the functioning of parts of the service.
8. Content visibility and audience
Different types of content on ilumniz have different visibility. The following table describes the default visibility of each type. Where the Configurable column shows "Yes," you can change the visibility in the publication or account settings.
| Content type | Default visibility | Configurable? |
|---|---|---|
| Feed post (audience "everyone") | All authenticated users; appears in search and discovery | Yes |
| Feed post (audience "followers") | Only your followers | Yes |
| Private post / draft | Only you | Yes |
| Comments, reposts, likes | Same audience as the original post | In part |
| Profile (name, username, picture, cover, bio, university, course, card customizations) | Public within the platform | Not at this time |
| Private profile | Posts visible only to accepted connections (following alone is not enough) | Yes |
| Connections (followers and following) | Public within the platform | Not at this time |
| Curated lists | According to the list's setting (public/private) | Yes |
| Private bookmark folder | Only you | Yes |
| Public bookmark folder | Any authenticated user, with follower adherence | Yes |
| Bookmark folder with collaborators | You and the collaborators | Yes |
| Direct message (DM 1-1) | You and the recipient | No |
| Group room | Members of the room | No, remains as long as the room exists |
| Voice/video call (metadata) | Call participants | No |
| Events — attendance status and "who's going" list | Visible to other users, prioritizing your connections | In part |
| Events — invitations | The inviter and the invitee | No |
| Project space (Spaces) and member list | According to the space's visibility (public / by request / invite-only) | Yes |
| Class forum (publications and comments) | Visible to students of the institution | No |
| Class notices/announcements | Students of the class/institution | No |
| Shared class materials | Classmates enrolled in the class | In part |
| Shared schedule catalog | Students (current and future) of the institution | No |
| AI-generated images (Lux) | Stored in a public repository, accessible via a public URL with no expiration | Not at this time |
| Private Classroom/Learning content (notes, files, tasks, calendar, conversations with AI) | Only you (sent to AI providers solely to process the features you request; see sections 4.4, 6, 10) | Yes |
| Notifications | Only you | No |
| Search queries performed | Only you (internal use to deliver the result) | No |
Important notice. The ilumniz audience setting is a reasonable effort to limit the visibility of content, but it does not prevent persons legitimately authorized to see it from copying, quoting, taking screenshots of, reposting, or sharing it outside the platform. After you delete content, copies legitimately obtained by other users may remain.
AI-generated images. At this time, the images you generate with the Lux assistant are stored in a publicly accessible repository and can be accessed by anyone who has the URL, with no expiration period. Avoid generating images with information you do not wish to make publicly accessible.
9. Data sharing
ilumniz does not sell personal data. Data may be shared or made accessible in the following situations:
9.1. With other users (operation of the social service). Public content (posts with audience "everyone", profile, connections, public lists and folders, messages in group rooms, event attendance lists, space members, class forum, etc.) is, by its nature, displayed to other users of the platform, according to your own settings. This sharing results from the operation of the service chosen by you and is not a transfer to "third parties" in the traditional sense.
9.2. With operators (vendors/subprocessors) that process data on behalf of ilumniz to enable the service, within the limits of the instructions provided — including the artificial intelligence providers, vector store, text-to-speech, and call infrastructure described in section 10.
9.3. With authentication providers chosen by you (for example, Google), in accordance with the respective federated login process.
9.4. With the payment processor, to enable the subscription to and billing of paid plans.
9.5. With public and judicial authorities, when required by law, court order, legitimate administrative request, or for the regular exercise of rights.
9.6. In corporate or succession transactions, such as a potential reorganization, assignment, or transfer of assets, in which case data subjects will be informed by reasonable means and the protection of data will be preserved.
9.7. With your consent, in the other specific situations.
10. Operators and subprocessors (reference)
ilumniz uses, currently and among others, the following types of vendors to operate the service. This list is for reference and may be changed at any time, as described in the "Updates to this Policy" section and in the changes clause of the Terms of Service. Whenever necessary, an updated list of subprocessors may be requested at support@ilumniz.com:
| Category | Vendor(s) currently in use | Purpose |
|---|---|---|
| Database, authentication, and backend | Supabase (infrastructure in the us-east-1 region, USA) | Storage, authentication, realtime, and backend services |
| File storage (chat attachments, post media, profile pictures, AI-generated images in a public repository) | Supabase Storage | Hosting of uploaded and generated files |
| Federated login | Google (OAuth) | Optional authentication via a Google account |
| Sending of transactional emails and one-time codes (OTP) | Resend | Verification, OTP, password recovery, and operational notifications |
| Product analytics | PostHog | Usage analysis, events, and product metrics |
| Web analytics | Google Analytics | Usage and performance statistics |
| Error and performance monitoring | Sentry | Error logging and technical telemetry (with an effort to minimize personal data) |
| Hosting / CDN | Hosting and content delivery network provider(s) (for example, Vercel) | Delivery of the website and the application |
| Payment processing | Stripe | Billing, subscriptions, and transactions for paid plans |
| Language models (generative AI) | Google (Gemini), Anthropic (Claude), OpenAI (GPT), xAI (Grok), with routing via OpenRouter | Generation of answers, summaries, quizzes, and other features of the Lux assistant and study tools |
| Embeddings and semantic search (RAG) | Google (Gemini, embedding generation) and Pinecone (vector store) | Vectorization and semantic search of documents |
| Image generation and analysis | Google (Gemini) | Generation of images from commands and analysis of uploaded images |
| Real-time search (web grounding) | Google (Google Search via Gemini) | Answers with up-to-date web sources, when you select "external sources" |
| Text-to-speech (TTS) | ElevenLabs | Audio synthesis from study content |
| Voice and video calls (WebRTC) | LiveKit (media server/SFU; possibly other providers) | Transport of real-time calls |
Each vendor processes data in accordance with its own privacy policies and terms, which we recommend you read. ilumniz may add, replace, or remove vendors at any time for purposes of operation, cost, compliance, security, or service continuity.
AI providers — training and retention. The artificial intelligence providers currently used by ilumniz operate, under the plan/conditions we have contracted, under a commitment to not use User Content to train their own models and to zero or limited retention of the submitted content (kept, where applicable, only for as long as necessary for processing and for the vendor's own operational obligations). These commitments derive from the commercial terms and may vary by vendor; should they cease to be in force, this Policy will be updated.
11. International transfer of data
A significant part of the personal data is stored and processed outside Brazil, especially in the United States and in other regions. The main database and storage infrastructure (Supabase) operates in the us-east-1 (USA) region, and the data of all users (including those from Brazil, the United States, Canada, Spain, and Portugal) is processed in that infrastructure, with no segmentation by region at this time. Other global vendors — Resend, PostHog, Google, Sentry, Stripe, the AI providers (Google/Gemini, Anthropic, OpenAI, xAI, OpenRouter), Pinecone, ElevenLabs, and the call provider (LiveKit) — also process data outside Brazil.
ilumniz adopts, to the extent reasonable, contractual, technical, and organizational safeguards so that these transfers occur in compliance with the LGPD, including the choice of recognized vendors, the contractual requirement of security measures, and, where available, the data protection clauses and commitments offered by the vendors themselves. At this time, we do not declare the existence of a specific formal mechanism (such as standard contractual clauses recognized by the ANPD or a formal international transfer impact report); as such instruments are formalized, this Policy will be updated. We recommend reading the privacy policies of the respective providers for additional details on the protections applied by them.
12. Retention and deletion
ilumniz retains personal data for the time necessary to fulfill the purposes for which it was collected, observing the following principles:
- While your account is active: registration, profile, User Content, connections, messages, AI content, and other records are kept to enable the service.
- Account deactivation and deletion: when you request the deletion/deactivation of the account, there is a grace period of approximately 30 (thirty) days, during which you may reactivate the account. Once that period ends, the data associated with your account is deleted in cascade, except in the cases of: (i) compliance with a legal or regulatory obligation; (ii) the regular exercise of rights in proceedings; (iii) retention in security logs for a limited period; (iv) data already anonymized, which ceases to be considered personal data; (v) report and moderation records kept for defense in proceedings and prevention of repeat offenses.
- Data at AI providers: the vector representations (embeddings) of documents in the vector store are deleted when the source document is removed. The content submitted to AI providers is kept by them under zero or limited retention (see section 10). AI-generated images remain in the repository until they are deleted by you or by the deletion of the account. We do not maintain persistence of the audio generated by text-to-speech.
- Call metadata: the call history (participants, times, duration, result) is retained as part of your communications history, observing the same principles of this section. There is no audio/video recording.
- Academic email: because it is unique per account on the platform, the verified institutional email may remain associated with records even after the account is closed, and, due to this uniqueness, may not be immediately available for linking by another account.
- Copies held by other users: messages already received, posts already viewed, reposts, quotes, screenshots, and shared event/space content may remain in the possession of other users, even after you delete the source content or close your account. ilumniz does not control and is not responsible for these copies.
- Group rooms and spaces: the history of your messages in group rooms and the content published in shared spaces remain visible to the other members for as long as they exist, even if you leave or close your account.
- Beta and migrations: due to the beta phase, data may be deleted or migrated as a result of updates, as warned in the Terms of Service.
- Backups: security copies may be kept for an additional technical period, being deleted or overwritten in accordance with the retention cycles.
Specific time periods may vary depending on the nature of the data and applicable obligations, with the need being reassessed periodically.
13. Information security
ilumniz adopts reasonable technical and administrative measures, compatible with the beta stage of the service, to protect personal data against unauthorized access, destruction, loss, alteration, or improper communication or dissemination. Among them:
- Storage of passwords in a protected form (hash);
- Transmission of data over encrypted connections (HTTPS/TLS);
- Access controls, authentication, and Row-Level Security (RLS) in the database, including for the application of blocks between users and of private profiles;
- Authentication by email and password, by one-time code (OTP) sent by email (via Resend), and/or by federated login (Google);
- Rate limiting per IP and email to mitigate abuse and brute-force attacks;
- Monitoring of logs, errors, and security events;
- Engagement of vendors with recognized security practices.
Private messages and calls. Private messages (DMs and group rooms) and voice/video calls are protected in transit by TLS and stored/transported by the providers' infrastructure (Supabase and the call provider). They are not end-to-end encrypted, and calls are neither recorded nor transcribed by ilumniz (we process only metadata). In exceptional scenarios (court order, defense in proceedings, incident investigation, investigation of a breach of the Terms), the technical team may access the content of messages, in accordance with applicable law.
No system is 100% secure. In the event of a security incident that may result in relevant risk or harm to data subjects, ilumniz will take the measures required by the LGPD, including notifying the data subjects and the ANPD, where appropriate.
14. Moderation and reports
Within the platform, you may report posts, comments, messages, profiles, lists, events, spaces, and other content published by other users that you believe violates these Terms, applicable law, or your rights or those of third parties, as well as block other users. By submitting a report, you agree to the processing of the following personal data:
- The identifier of your account as the reporter;
- The identifier of the reported content or profile;
- The reason, message, and supporting materials provided by you;
- Any content of the reported material, preserved for analysis purposes.
Blocking is, as a rule, bidirectional (both parties stop seeing each other's content) and may remove existing connections between the parties.
ilumniz practices reactive moderation: content is not reviewed in advance. Upon a report, or on its own initiative in urgent cases, ilumniz may remove content, restrict reach, suspend or terminate accounts, as set out in the Terms of Service.
Records of reports and moderation measures are kept for defense in proceedings, to prevent repeat offenses, and to comply with legal obligations, and may be shared with authorities when required by law.
15. Rights of the data subject (art. 18 of the LGPD)
You, as a data subject, have the right to, upon request:
- Confirm the existence of processing;
- Access your data;
- Correct incomplete, inaccurate, or outdated data;
- Anonymize, block, or delete data that is unnecessary, excessive, or processed in non-compliance with the LGPD;
- Request portability to another vendor, observing legal requirements and commercial and industrial secrets;
- Delete data processed on the basis of consent, except in cases of legal retention;
- Obtain information about public and private entities with which ilumniz has shared data;
- Be informed of the possibility of not providing consent and its consequences;
- Revoke consent, when it is the legal basis for the processing;
- File a petition with the ANPD (National Data Protection Authority).
Specific limitations on social and AI features. Deletion and portability rights will be honored with respect to your own data. They do not reach legitimate copies held by other users (e.g., messages already received, posts already reposted or quoted, screenshots). Mentions of your username (@mentions) made by third parties in others' publications remain personal data of the person who published them. As to the AI providers, deletion reaches the data that ilumniz controls (for example, conversations, documents, and embeddings stored within our scope); residual retention on the providers' side observes the zero or limited retention conditions described in section 10.
How to exercise your rights. Send a request to support@ilumniz.com from the email registered in your account or by providing sufficient data for identity validation. We may request additional information to confirm your identity before fulfilling the request, in protection of the data subject themselves.
We will respond to requests within the periods and terms provided for in the LGPD. Some requests may be partially denied when they conflict with a legal obligation, the regular exercise of rights, the rights of third parties, or technical characteristics of the service, in which case the justification will be provided.
16. Marketing and communications
Marketing communications (for example, news, tips, promotions) are sent only with your prior consent. You may revoke consent at any time through the unsubscribe link present in the messages, through the account settings, where available, or through support@ilumniz.com.
Operational communications (registration, security, billing, contractual changes, service notices, social interaction notifications such as mentions, comments, new followers, messages, event invitations, and calls) are necessary for the performance of the contract and/or of legal obligations and do not depend on consent to be sent. You may, within the notification settings, adjust the channels and categories of social notifications you wish to receive.
17. Updates to this Policy
ilumniz may update this Policy periodically, to reflect changes in the service, in features, in vendors/subprocessors, in security practices, or in applicable law.
- The version and the date of the last update will always be indicated at the top of this document.
- Relevant changes may be communicated by reasonable means, such as a notice on the platform or by email.
- We recommend that you review this Policy periodically.
- Continued use of the service after the publication of a new version means awareness of the changes; where the applicable legal basis requires, new consent will be requested.
18. Prevailing language
This Policy may be made available in other languages for convenience. In case of divergence between versions, the Brazilian Portuguese version prevails.
19. Contact
For questions, requests, complaints, or the exercise of rights related to personal data and privacy, use the channel: