Human Dynamics AI for Aligned Organizations

Elumen Privacy Policy (Beta)

Effective date: February 8, 2026

Elumen is currently an invitation-only private beta. We take privacy seriously and aim to be transparent about how data is handled during this early phase.

1) Summary of core privacy posture

Explicit invoke only: We process only the content you intentionally submit to Elumen.

No passive monitoring: We do not scan mailboxes, inboxes, or chat logs in the background.

Basic usage data (such as feature interactions, timestamps, and error logs)

Manager-blind by default: We do not provide administrators access to individual users’ submitted content, individual outputs, or individual-level metadata by any means by default.

Not for evaluation: Elumen is designed for sender coaching and governance—not employee evaluation, surveillance, or workplace decision-making.

No emotion recognition outputs: We do not use biometric data and do not produce outputs that claim to infer a person’s emotional state.

2) Definitions

For clarity in this policy:

“End User” means the individual who uses Elumen to submit content and receive outputs.

“Customer” means the organization (if any) on whose behalf Elumen is used.

“Administrator” means a person designated by a Customer to manage billing, provisioning, or account administration.

“User Content” means content an End User explicitly submits to the Service (including text and any attachments submitted through Elumen).

“Outputs” means the results generated in response to an End User’s submission.

“Explicit Invoke” means an End User intentionally submitting User Content for processing (e.g., pasting text, uploading an attachment, or initiating analysis in-product).

“Individual Data” means any User Content, Outputs, or metadata attributable to a specific End User.

“Derived Risk Event” means a de-identified event indicating a policy/risk trigger occurred (without revealing User Content or identifying a specific End User).

3) Information we collect

During beta, we may collect:

A) Account information

Email address

Basic account identifiers needed to provide access and authenticate users

B) User-submitted content (you control what you submit)

User Content you explicitly submit for analysis or coaching

Attachments only if you choose to upload them through Elumen

We do not intentionally collect sensitive personal information. Please avoid submitting sensitive personal data unless necessary for your use case.

C) Usage and technical data (service operation only)

Basic product interaction events (e.g., feature usage)

Timestamps related to Service operations (e.g., when analysis was requested)

Device/browser metadata (limited)

Error logs and performance diagnostics

Security and abuse-prevention signals (e.g., rate limiting triggers)

No productivity telemetry: We do not collect or provide “work monitoring” telemetry intended to measure employee productivity (e.g., per-user message volume from an inbox, response-time tracking across communications, or passive activity timelines), because we do not passively ingest those sources.

We do not sell your data.

4) Explicit invoke only; no passive monitoring

Elumen processes content only when an End User initiates an Explicit Invoke. We do not read or scan inboxes, mailboxes, chat logs, or files in the background. We do not run silently or continuously monitor communications.

You may not use automations or workflows that submit content to Elumen without the End User’s knowledge and intentional action.

5) How we use information

We use collected information to:

Provide the Service (generate Outputs in response to Explicit Invokes)

Operate, maintain, and secure the Service

Debug, improve reliability, and improve quality during beta

Prevent abuse and enforce applicable terms/policies

Understand usage patterns at a service level (e.g., feature adoption and stability)

Communicate with you about access, updates, and feedback

We do not use your data for advertising, and we do not sell your data.

6) AI processing

Some User Content you submit is processed by AI systems to generate Outputs. This processing is part of how Elumen functions.

Outputs may be inaccurate or incomplete.

Outputs are intended to relate to the submitted content and applicable risk/policy triggers.

The Service is not designed to produce employee evaluation outputs (e.g., individual performance scoring or rankings).

7) Sharing and service providers

We may share limited information with trusted service providers (e.g., hosting, authentication, error monitoring, analytics, and AI processing) solely to operate, secure, and improve the Service.

These providers are required to protect information and use it only to provide services to Elumen, consistent with this Privacy Policy.

We do not share personal data for advertising purposes.

8) Administrator access; manager-blind by default

Manager-blind by default. By default, Customer Administrators are not provided access to Individual Data (including individual User Content, individual Outputs, or individual-level metadata) by any means, including administrative interfaces, exports, logs, reports, or APIs.

We may provide Customer-level administration features needed for basic provisioning and billing. Those features are intended to avoid revealing Individual Data.

If we introduce enterprise features in the future that materially change this posture (for example, deployment-specific configurations), we will update this Privacy Policy and the applicable terms before the change takes effect.

9) Logging and audit trails (allowed boundaries)

The Service may generate logs necessary for security, abuse prevention, reliability, and billing.

No per-user productivity reporting: We do not provide Customers with logs or reporting that can be used to monitor employee behavior or productivity (including per-user volume metrics, response-time monitoring, presence/activity timelines, or similar).

Derived risk events only: If the Service provides risk or governance reporting, it is limited to Derived Risk Events and may be available only in aggregated form (e.g., team-level trends), not attributable to an individual End User.

10) Data retention

We retain data only as long as reasonably necessary to:

operate the beta and provide the Service,

maintain security and prevent misuse,

debug and improve reliability/quality, and/or

comply with legal obligations.

Retention practices may evolve as the product matures. If they materially change, we will update this policy.

11) Security

We use reasonable administrative, technical, and organizational measures designed to protect information. No system is perfectly secure, and we cannot guarantee absolute security.

12) Your choices and rights

You may request:

Access to your account information

Deletion of your account and associated data (subject to legal and operational constraints)

Requests: privacy@elumen.ai

13) International users (including DACH)

Elumen is designed for sender-controlled coaching and governance and is not intended for employee evaluation or monitoring.

If you use Elumen within an organization in jurisdictions with employee representation or co-determination requirements (including Germany, Austria, and Switzerland), you are responsible for ensuring your use complies with applicable local laws and workplace requirements.

DACH-ready posture: Elumen’s default posture is manager-blind and explicit-invoke. If future deployments require additional restrictions (e.g., disabling or restricting certain access paths), we may provide deployment-specific configurations and update this policy accordingly.

14) Changes

Because Elumen is evolving, this Privacy Policy may change. If we make material updates, we will notify you.

15) Contact

Questions or concerns: privacy@elumen.ai