ISO 27001 Book demo
HireWithLumi

Legal

Privacy policy.

How HireWithLumi collects, uses, and protects personal data. Last updated May 2026.

HireWithLumi ("we", "us", or "our") is operated by Lumina Innovations Holdings Limited, a company registered in England and Wales. This policy explains how we collect, use, disclose, retain, and protect personal data when you visit hirewithlumi.com or interact with our services. For questions, email hello@hirewithlumi.com.

1. Who we are

Data controller: Lumina Innovations Holdings Limited
Email: hello@hirewithlumi.com
Our Data Protection Officer can be contacted at the same address.

If we process data on behalf of a customer using our platform to assess candidates, the customer may also be an independent controller for that recruitment activity, depending on the configuration and agreement in place.

2. What we collect

Website and sales enquiries

When you request a demo, contact us, or use our website forms, we may collect:

  • Name
  • Work email address
  • Company name
  • Job title, if provided
  • Company size, if provided
  • Monthly hiring volume, if provided
  • Phone number, if provided
  • Any information you include in a free-text message

Analytics and cookies

If you accept analytics cookies, we may collect standard web analytics data, including:

  • Pages viewed
  • Referrer
  • Approximate location at country level
  • Device type
  • Interaction events such as clicks, scrolls, and video plays

We do not use analytics data for advertising or share it with ad networks.

Candidate data for assessments

When a customer invites a candidate to use Lumi, we may process:

  • Identity and contact details supplied by the candidate or customer
  • CV and application information
  • Screening responses, transcripts, and assessment outputs
  • Video, audio, and metadata from live or recorded assessment sessions
  • Digital Footprint inputs and outputs, if enabled and consented to
  • Notes, scores, recommendations, flags, and audit logs generated during the assessment

Digital Footprint data

If the Digital Footprint feature is enabled, we may process:

  • Candidate-provided social media handles, profile links, and similar identifiers
  • Publicly accessible information from LinkedIn, X, Instagram, Facebook, TikTok, professional blogs, and other public web sources supplied or identified through those handles
  • Analysis outputs such as sentiment, role-match indicators, red flags, and summary reports

We do not intentionally access private accounts, private groups, locked content, or content behind login-only access that is not publicly available.

Video and audio assessment data

If the video screening feature is enabled, we may process:

  • Live or recorded video and audio
  • Transcripts
  • Facial, speech, timing, and interaction metadata
  • Assessment outputs derived from the candidate's responses and visible or audible session characteristics
  • Integrity flags such as likely reading from another source, second-voice indicators, or unusual timing patterns

We do not use this feature to infer protected characteristics such as race, religion, health, sexual orientation, or union membership.

3. Why we use it

We use personal data for the following purposes:

  • To respond to demo requests and sales enquiries
  • To provide, operate, and improve our platform
  • To administer candidate assessments
  • To generate structured reports for hiring teams
  • To support fraud prevention, account security, and abuse monitoring
  • To comply with legal obligations
  • To investigate complaints, disputes, and misuse

Digital Footprint purpose

We use Digital Footprint data to support CV review and candidate screening by surfacing public information relevant to a candidate's role fit, communication style, reputation, consistency, and public professional activity. The feature is designed to assist human review, not to make final hiring decisions on its own.

Video screening purpose

We use video and audio assessment data to conduct an AI-assisted structured screening, generate competency-based scoring, detect possible integrity issues, and create an evidence pack for human review. The feature is designed to support, not replace, the hiring team's decision-making.

4. Lawful bases

We rely on different lawful bases depending on the context.

Website enquiries

We process enquiry data on the basis of legitimate interests, so we can respond to the request you made and manage our relationship with you.

Newsletter

We process newsletter sign-up data on the basis of consent. You can withdraw consent at any time using the unsubscribe link in every email.

Analytics

We process analytics cookies and related data on the basis of consent, collected through our cookie banner. We default analytics to off until you accept.

Security and site operation

We process data for security, fraud prevention, debugging, and service integrity on the basis of legitimate interests.

Candidate assessments

For candidate assessment workflows, the lawful basis may depend on the customer's role, the country, the type of assessment, and the legal framework that applies. Where required, we rely on explicit consent, and in some cases we may process data to take steps at the request of the candidate or customer before entering into an employment or engagement process, or to support legitimate interests in recruitment screening, subject to balancing tests and local law.

Digital Footprint

For Digital Footprint processing, we rely on explicit candidate consent as required by law. The candidate must be told what platforms and sources are included, what data is analysed, and that they may withdraw consent at any time. We only analyse publicly accessible content and only where the candidate has provided the relevant handle or link.

Video assessment

For video and audio assessment processing, we rely on the lawful basis applicable to the recruitment context and jurisdiction, including explicit consent where required, legitimate interests where appropriate, and any other lawful basis permitted by law. We only use the assessment in a way that is proportionate, transparent, and compatible with applicable employment and data protection rules.

5. How we use AI

Lumi uses automated systems to help analyse candidate responses, public content, and session data. These systems may generate:

  • Sentiment or tone analysis
  • Role-match or competency scores
  • Summary reports
  • Red flags or integrity flags
  • Suggested follow-up questions
  • Audit logs of what was analysed and why

We use these outputs to support human review, not to make a solely automated decision with legal or similarly significant effects unless the law and the customer's workflow allow it and appropriate safeguards are in place. Where required by law, we provide meaningful information about the logic involved, the significance of the processing, and the likely consequences for the candidate.

6. Digital Footprint

If enabled by the customer and accepted by the candidate, the Digital Footprint feature may analyse publicly accessible content across candidate-provided handles on:

  • LinkedIn
  • X
  • Instagram
  • Facebook
  • TikTok
  • Professional blogs and other public web content

What it looks for

The feature may surface:

  • Communication style
  • Professional reputation indicators
  • Public interests relevant to the role
  • Consistency between claimed expertise and public content
  • Sentiment and tone
  • Role alignment signals
  • Potentially concerning public content, including discriminatory language, unprofessional behaviour, conflicts of interest, or material inconsistencies

Important safeguards

  • We only review public content and candidate-provided handles
  • We do not scrape private accounts
  • We do not analyse platforms the candidate did not provide
  • We do not use Digital Footprint as a standalone rejection mechanism
  • All flagged items are shown for human review
  • The assessment is logged in an audit trail
  • Candidates can withdraw consent at any time

Retention

We retain Digital Footprint outputs only for as long as necessary for the recruitment process, dispute handling, audit needs, or legal obligations, after which they are deleted or anonymised in line with our retention policy.

7. Video screening

If the customer uses the live video assessment feature, candidates may complete a 15 to 20 minute AI-assisted screening on a secure link.

What it analyses

The system may analyse:

  • Spoken answers and transcripts
  • Pace, fluency, specificity, and completeness of responses
  • Timing patterns
  • Video characteristics visible during the session
  • Possible integrity signals such as repeated off-screen glances, a second voice, or signs that an answer may be read from another source

What it does not do

  • It does not use generic nervousness, fidgeting, or camera style to reject candidates
  • It does not infer sensitive traits such as health, ethnicity, religion, or sexual orientation
  • It does not auto-reject a candidate solely on the basis of one signal
  • It does not replace the hiring manager's review or final interview process

Human review and transparency

The output is presented as an evidence pack, including reasoning, timestamps, and flagged items, so a human reviewer can assess context. Where required by law, candidates are told that AI is used in the process and what role the system plays.

Recordings

Where recording is enabled, we may store the recording, transcript, scoring outputs, and associated metadata for audit, compliance, and dispute-resolution purposes. Retention periods should be configured in the applicable customer contract and internal policy.

8. Who we share with

We do not sell personal data. We may share data with the following categories of processor or recipient:

  • Hosting and content delivery providers
  • Analytics providers, such as Google Analytics and Google Tag Manager, when enabled
  • Email delivery providers, such as Resend or Amazon SES
  • CRM and support tools used to manage enquiries and customer relationships
  • Video or media infrastructure providers, if used for assessments
  • Other subcontractors needed to provide the service

Each processor is bound by contractual obligations and may only use the data for the specific purpose we instruct. We may also disclose data if required by law, to enforce our terms, to protect rights and safety, or in connection with a merger, acquisition, restructuring, or sale of assets.

9. International transfers

Where personal data is transferred outside the UK or EEA, we rely on appropriate safeguards such as:

  • The UK International Data Transfer Agreement
  • EU Standard Contractual Clauses
  • Adequacy decisions where available
  • Additional transfer assessments and supplementary measures where needed

Where data is transferred from India or other jurisdictions, we use lawful transfer mechanisms required by applicable law and our contractual arrangements.

10. How long we keep data

We keep personal data only as long as necessary for the purpose for which it was collected, unless a longer period is required by law.

  • Demo and enquiry data: up to 24 months after the last interaction if no business relationship is established, or for the duration of the relationship if one exists.
  • Newsletter data: until you unsubscribe.
  • Website analytics: according to the configuration of the analytics tool, currently up to 14 months.
  • Candidate assessment data: as configured under the customer contract and retention policy, typically long enough to complete the hiring process, handle appeals, audit requirements, and defend legal claims.
  • Digital Footprint data and outputs: retained only for the recruitment process and associated compliance or dispute purposes, then deleted or anonymised.
  • Video and audio recordings, where used: retained only as long as necessary for assessment, audit, and legal purposes.

We may retain limited records longer where necessary to comply with legal obligations or to establish, exercise, or defend legal claims.

11. Your rights

Your rights may vary depending on where you live and which legal basis applies. Under UK GDPR, and similarly under many other privacy laws, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request erasure
  • Restrict or object to processing
  • Request portability
  • Withdraw consent at any time where consent is the basis used
  • Object to processing based on legitimate interests
  • Request human review or challenge an assessment where automated processing is used in a way that materially affects you, if applicable
  • Lodge a complaint with the UK Information Commissioner's Office

For Digital Footprint and video assessment processing, you may also have the right to ask for:

  • A copy of the main information used in the assessment
  • An explanation of the purpose of the assessment
  • Information about human review and appeal routes, where required by law

To exercise your rights, email hello@hirewithlumi.com. We aim to respond within 30 days, or faster where required by law.

12. Cookies

We use a small number of cookies. Essential cookies are required for the site to function and cannot be disabled. Analytics cookies only fire if you accept them in the cookie banner. You can change your cookie preferences at any time using the "Cookie Preferences" link in the footer.

13. Security

We use TLS encryption for data in transit. Personal data is stored in systems with access controls, audit logging, and regular security reviews. Access is limited to people who need it for their work. For more detail, see the Security page.

14. Children

Our services are not intended for children, and we do not knowingly collect personal data from children unless a customer is using the service in a lawful recruitment or safeguarding context and has implemented the necessary legal basis and safeguards.

15. Changes to this policy

We may update this policy from time to time. Material changes will be posted on this page with a revised review date. Continued use of the site after changes indicates acceptance of the updated policy.

16. Jurisdiction notes

This policy is intended to support compliance in the UK, US, and India, but actual legal obligations depend on the specific customer workflow, the candidate's location, the hiring location, and the applicable contract terms. Recruitment screening with AI, public-profile analysis, and video/audio assessment can trigger additional legal requirements in specific jurisdictions, including notice, consent, fairness, retention, bias testing, and human oversight obligations.