FlowAPIFlowAPI

Last updated: April 7, 2026

Privacy Policy

Lumi Robotics, Inc. ("Lumi Robotics," "we," "us," or "our") operates the Site, available at flowapi.net (the "Site" and, together with our APIs and related services, the "Services"). This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use the Services.

If you do not agree with this Policy, please do not use the Services. Where we process data on behalf of your organization, your administrator may have additional agreements with us.

1. Who we are

The data controller for personal data described in this Policy is Lumi Robotics, Inc.. For privacy inquiries: contact@flowapi.net.

2. Personal data we collect

Account and identity. When you register, we collect information such as email address, display name, and hashed password. If you sign in with a third-party identity provider (for example, Google or GitHub), we receive profile identifiers and basic profile details as permitted by that provider and your settings.

Billing. When you purchase credits, subscriptions, or paid plans, our payment processors (for example, card payment partners) collect payment method details and billing address. We receive transaction references, subscription status, and limited billing metadata—not full card numbers stored on our servers where processing is delegated to the processor.

Usage and technical data. We collect logs and metadata needed to operate the Services securely: API requests (including model identifiers and token counts where applicable), timestamps, IP addresses, device and browser type, error and performance diagnostics, and anti-abuse signals.

Support. If you contact us, we retain correspondence and related account details to resolve your request.

Content you submit. Prompts, files, or other inputs you send to the API may contain personal data. We process such data to provide inference and related features and as described in our agreements with you. Do not send special categories of data unless you have a lawful basis and appropriate safeguards.

3. How we use personal data

We use personal data to: provide, secure, and improve the Services; authenticate users and manage API keys; meter usage and bill accounts; communicate about the Services, security, and policy changes; detect and prevent fraud, abuse, and illegal activity; comply with legal obligations; and analyze aggregated or de-identified usage to improve reliability and user experience.

4. Legal bases (where applicable)

Depending on your location, we rely on: performance of a contract with you; legitimate interests in operating and securing the Services (balanced against your rights); consent where required (for example, certain cookies or marketing); and legal obligations.

5. Cookies and similar technologies

We use cookies and similar technologies for session management, preferences, security, and analytics. You can control cookies through your browser settings; disabling some cookies may affect functionality.

6. How we share personal data

We share data with: service providers who assist hosting, infrastructure, payments, analytics, email delivery, and security, under contractual obligations; model and cloud partners that process API traffic to deliver inference; professional advisers where required; and authorities when required by law or to protect rights and safety. If we sell or merge a business, personal data may transfer as part of that transaction with notice as required by law.

7. International transfers

We may process data in Hong Kong, the United States, the European Economic Area, and other countries where we or our providers operate. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

8. Retention

We retain personal data for as long as your account is active and as needed to provide the Services, comply with law, resolve disputes, and enforce agreements. Usage and log data may be retained for shorter operational periods unless a longer period is required for security or compliance.

9. Security

We implement administrative, technical, and organizational measures designed to protect personal data. No method of transmission over the Internet is completely secure; we encourage strong passwords and safeguarding API keys.

10. Your rights

Subject to applicable law (including the Personal Data (Privacy) Ordinance (Cap. 486) in Hong Kong where relevant, and the GDPR where applicable), you may request access, correction, deletion, restriction, or portability of your personal data, and object to certain processing. You may withdraw consent where processing is consent-based. To exercise rights, contact contact@flowapi.net. You may lodge a complaint with a supervisory authority in your jurisdiction where applicable.

11. Children

The Services are not directed to children under 16 (or the age required in your jurisdiction). We do not knowingly collect personal data from children. Contact us if you believe we have done so in error.

12. Third-party links

The Site may link to third-party websites or services. Their privacy practices are governed by their own policies. We are not responsible for third-party sites or for inference providers you route traffic to beyond our role as described here.

13. Changes to this Policy

We may update this Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may be communicated through the Site or by email where appropriate.

14. Contact

Lumi Robotics, Inc. — privacy: contact@flowapi.net.