Plain-language summary
Lumicura collects only the family-directory information a parent organization needs to run — contact details, who's signed up for which volunteer shift, that sort of thing. That's it.
- We don't sell your data, and we don't share it for advertising.
- We don't train machine-learning models on it.
- We don't touch student grades, attendance, or health information — those stay in your school's student information system (SIS), where they belong.
The rest of this page is the detailed version of those promises.
What we collect
To run a parent organization, we collect:
- Family contact information — names, email addresses, phone numbers, and the relationships within a family unit.
- Opt-in mobile push tokens — only if you choose to enable push notifications on your device.
- Announcements you've read — so we can show you what's new without re-notifying you about old news.
- Volunteer shifts you sign up for — what you committed to, and when.
- Commitment-point activity tied to your family — the volunteer-hour and participation records your parent organization tracks.
- Messages you send — the announcements, class and committee chats, and direct messages you post through the service.
- Operational and diagnostic data — device and browser type, app version, and error and performance logs, plus first-party product-usage metrics (which features get used, and how often) recorded at the school level. We use these to keep the service secure and reliable.
Nothing else is pulled from the school's data. We never touch student grades, attendance, or health records.
What we do NOT collect
- No advertising trackers. None, anywhere.
- No third-party analytics or advertising pixels. No Google Analytics, no ad networks — inside the app or on our marketing pages.
- No data brokers. We don't buy, enrich, or sell profiles.
We do collect first-party operational telemetry and product-usage analytics — both on our marketing pages and inside the signed-in product — using Microsoft Application Insights and our own platform metrics. We use it only to keep the service reliable and secure and to see which features earn their place; we never sell it, share it with advertisers, or use it to build cross-site profiles. See Cookies & analytics for the details.
How we use information
We use the information above solely to operate the service for your parent organization:
- Maintaining the family directory and keeping it accurate.
- Delivering announcements, reminders, and (if you opt in) push notifications.
- Coordinating volunteer shifts and tracking commitment-point activity.
- Securing accounts, preventing abuse, and keeping an audit trail of state-changing actions.
- Monitoring reliability, performance, and security, and diagnosing errors.
- Screening messages for safety through automated content moderation (see Automated processing & AI).
- Providing support when you or your administrators ask for it.
We do not use your information for advertising, profiling, resale, or model training.
Legal basis & our role
Lumicura is the processor. Your school or parent organization is the controller — it decides what data goes into the system and why, and we process that data on its documented instructions.
Our processing obligations, sub-processor terms, and cross-border safeguards are set out in our data processing addendum. See the DPA for the full text.
Sharing & subprocessors
We never sell or share data for advertising — full stop.
We use a deliberately short list of subprocessors to run the service (cloud hosting, transactional email and SMS, payment processing, AI content moderation and knowledge-base search, and operational telemetry). The current list, with the 30-day notice we give before adding any new one, lives on our trust page.
Data residency
Customer data is stored in the United States by default. We run on mainstream US-region infrastructure (Microsoft Azure), with strict per-school isolation. Cross-border transfer only comes up for district- or diocese-level customers with affiliated international schools, and is governed by the standard contractual clauses in the DPA.
Retention
We keep family-directory information for as long as your organization maintains an active account and the data is needed to run it. When a family or an organization leaves, the controlling organization can export or delete the relevant data, and we remove it from active systems on request.
On cancellation or wind-down, the data-handling, read-only access window, and export commitments described in the DPA apply.
Your rights
You can access, correct, delete, and export your data — within 30 days, at no charge.
- Tenant administrators can self-serve most of these directly in the app.
- For anything that can't be self-served, email privacy@lumicura.org and we'll handle it.
Because your organization is the controller, requests about its records may be routed through it — but we'll always help.
Children's data & FERPA alignment
Lumicura holds family-directory information, not student academic records. Where any field touches student-adjacent data, Lumicura is configured to act as a "school official" with a "legitimate educational interest" under FERPA — a tool the school uses to coordinate its parent community.
We are never the parent-facing record system. Grades, attendance, and health records stay in the school's SIS. We support a BAA on District / Diocese plans for organizations that prefer the stricter posture.
Cookies & analytics
Inside the signed-in product we use only the cookies required to keep you logged in and secure — no advertising or cross-site tracking cookies.
For analytics we use Microsoft Application Insights and our own first-party platform metrics, both on our public marketing pages and within the product. This tells us the app is up, where it's slow, and which features are actually used — measured at the level of the school, not used to profile individuals for advertising. There are no Google Analytics tags, no advertising pixels, and no third-party trackers anywhere.
Automated processing & AI
Two features rely on an AI subprocessor (Anthropic):
- Content moderation. Messages may be screened by an automated classifier to catch harassment, unsafe content, and spam before they reach other families. Some messages are screened as they're sent; others are sampled afterward.
- Knowledge-base search. When a parent asks a question in plain language, the question and the relevant excerpts from your school's own documents are processed to generate a cited answer.
Content sent to Anthropic for these purposes is not used to train AI models. Automated moderation supports human review; we do not use it on its own to make legal or similarly significant decisions about a person.
Changes to this policy
We may update this policy as the product evolves. For material changes, we announce them to super-admins 30 days in advance so there are no surprises. The version and effective date at the top of this page always reflect the current release.
Contact
Questions, requests, or concerns about privacy? Email privacy@lumicura.org.
Related documents: Terms of service · Data processing addendum · Trust & subprocessors · Security overview.