Privacy Policy
Your script stays yours.
Last updated · 1 June 2026
The short version: when you upload a screenplay, its text is sent — encrypted in transit — to our AI analysis provider to produce your breakdown. It is not used to train any model and is not retained after the analysis. A local fallback parser runs only if the AI provider is unavailable. Your script stays your property, always.
1. Who we are
Lumen is a product of MindMade® (“MindMade”, “we”, “our”). This Privacy Policy explains what personal information we collect when you use lumen.film (the “Service”), how we use it, and the rights you have over it.
2. What we collect
We collect only the minimum needed to operate the Service and stay in touch with you about it:
- Waitlist email — when you join the waitlist, we store the email address you provided and the role you selected (director, producer, etc.) so we can send you access invitations and product updates.
- Account details— once the product is out of beta, we'll store the minimum account metadata required to authenticate you (email, hashed password if you sign in directly, or federated identity tokens if you sign in with Apple / Google).
- Billing information — for paid subscriptions, payment processing is handled by our payment provider. We receive confirmation of payment and a last-four-digits reference; we never receive or store your full card details.
- Technical logs — standard server access logs (IP, user agent, timestamps) kept for 30 days for security and abuse prevention.
3. How we handle your script
When you upload or paste a screenplay, the document text is sent to our server and forwarded to a third-party AI provider (xAI / “Grok”) to produce the deep breakdown — scenes, characters, elements, and the derived schedule. PDF text extraction happens in your browser first; the extracted text is what is transmitted. If the AI provider is unavailable, a local regex-based fallback parser runs instead, and in that case the text is not sent off your device.
Script text is encrypted in transit (TLS). It is processed only to generate your breakdown, is not retained by us or the AI provider beyond the duration of that request, and is notused to train any model — ours or anyone else's. We do not keep analytics on the content of what you upload, and the screenplay remains your intellectual property at all times.
4. How we use what we collect
- To invite you from the waitlist and send product announcements.
- To operate your account, authenticate you, and remember your preferences (including your light/dark theme choice).
- To fulfil billing, provide receipts, and manage your subscription.
- To investigate abuse, bugs, and security incidents.
- To comply with applicable law.
We do not sell your data. We do not share it with advertisers. We do not use it to build advertising profiles.
5. Third-party services
Lumen uses a small number of third-party services to run:
- Vercel — hosting and delivery of the web app.
- xAI (Grok) — the AI provider that analyzes uploaded screenplay text to generate breakdowns. Script text is sent to xAI over an encrypted connection, used only to return the analysis, and not retained by xAI beyond the request or used to train its models.
- Neon — Postgres database for the waitlist, account records, and cloud production sync.
- Clerk — authentication provider.
- Stripe — payment processing for paid subscriptions. Stripe collects and processes your card details directly; we receive only confirmation of payment and a last-four-digits reference, never your full card number.
- ClickSend — delivery of SMS messages that you choose to send to your cast and crew from within Lumen.
- Meta WhatsApp Business Platform — delivery of WhatsApp messages that you choose to send to your cast and crew from within Lumen, when WhatsApp is enabled.
- An email delivery provider — to send transactional emails (waitlist confirmations, receipts) and any call sheets or updates you explicitly dispatch by email.
Each of these is used only for the purpose listed, and each has its own privacy practices. Apart from xAI — which receives screenplay text solely to generate your breakdown, as described in section 3 — we do not pass script content to any of them.
When you use Lumen to send messages — call sheets, schedules, or updates — to your cast and crew, the recipient contact details you enter (names, email addresses, phone numbers) are shared with the relevant delivery provider above for the sole purpose of delivering the specific messages you send. You are responsible for ensuring you have a lawful basis to contact those recipients. We do not use your cast and crew contact details for our own marketing.
6. Cookies and local storage
We use strictly-necessary cookies and browser local storage for session authentication and to remember preferences such as your theme choice. We do not use tracking cookies, advertising pixels, or cross-site profiling.
7. Data retention
- Script text: not retained after the breakdown is generated — neither by us nor by the AI provider — beyond the duration of the request.
- Waitlist emails: until you ask us to remove them or the waitlist is retired.
- Account data: for the lifetime of the account, plus 30 days after deletion for backup rotation.
- Server access logs: 30 days.
- Billing records: seven years, or as required by applicable tax law.
8. Your rights
Depending on where you live, you may have the right to access, correct, or delete your personal data; to object to or restrict its processing; to data portability; and to lodge a complaint with a supervisory authority. To exercise any of these rights, email us at the address below and we will respond within 30 days.
9. Security
We use TLS in transit, encryption at rest for database contents, and principle-of-least-privilege access for staff. No system is perfect — if we learn of a material security incident affecting your personal data, we will notify you without undue delay.
10. Changes to this policy
We'll update the “last updated” date at the top of this page whenever we revise the policy, and we'll highlight material changes in-app before they take effect.
11. Contact
Questions, requests, or complaints: write to privacy@mindmade.co.