OrcaLumiBack to Home

Privacy Policy

Last Updated: December 20, 2025

OrcaLumi ("we", "us", "our") operates orcalumi.ai and provides AI presentation generation Services. We are based in Australia.

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) where applicable, and we apply this Privacy Policy to users globally as a matter of good practice.

1. What this policy covers

This policy explains how we collect, use, store, and disclose personal information when you use our Services.

2. Personal information we collect

2.1 Information you provide

  • Account data: name, email address, authentication details (via Clerk)
  • Content you upload/input: text, documents, images, brand assets (logos/colours), instructions
  • Support communications: messages you send to us (hello@orcalumi.ai)
  • Purchases: billing and payment-related information (processed via Stripe; we do not store full card details)

2.2 Information we collect automatically

  • Usage data: features used, generation requests, edits, exports, session details
  • Device/log data: IP address, browser type, device identifiers, timestamps, referring pages
  • Cookies: essential cookies for login/session functionality (see Section 10)

3. How we use personal information

We use personal information to:

  • provide and operate the Services (including generating presentations),
  • manage accounts, credits, and transactions,
  • respond to support requests and communicate service updates,
  • secure the platform and prevent fraud/abuse,
  • comply with legal obligations and enforce our Terms.

4. AI processing and your content

4.1 How processing works

When you use the Services, your content may be transmitted to our subprocessors (including Google Cloud/Gemini) to generate slides and images, and stored in our infrastructure (e.g., Supabase, hosted application services) to deliver the Services.

4.2 Ownership and training

  • You own your uploaded content and Generated Presentations.
  • We do not use Your Content or Generated Presentations to train or improve AI models (ours or third parties).

4.3 Access to content

We treat your content as confidential. We do not access it except to:

  • provide the Services,
  • troubleshoot/support you,
  • maintain security, or
  • comply with law.

5. When we disclose personal information

We do not sell personal information.

We disclose personal information to trusted service providers who help us run the Services, such as:

  • Clerk (authentication)
  • Stripe (payments)
  • Google Cloud / Gemini (AI processing)
  • Supabase (database/storage)
  • Vercel (hosting/content delivery)

We may also disclose information:

  • where required by law or to respond to lawful requests,
  • to protect rights/safety and prevent fraud/abuse,
  • as part of a business transaction (e.g., acquisition), with appropriate notice where required.

6. Overseas disclosures and international users

Because we use global providers, personal information may be stored or processed outside Australia (for example, in locations where our providers operate, which may include the United States and other regions).

Where we disclose personal information to overseas recipients, we take reasonable steps to ensure handling is consistent with the APPs, and we may remain accountable for overseas handling in certain circumstances.

7. EEA/UK users (GDPR/UK GDPR)

If our processing of personal data is subject to the GDPR/UK GDPR (for example, where we offer goods or services to individuals in the EEA/UK), we will process personal data in accordance with applicable requirements, including using appropriate safeguards for international transfers where required.

8. Security and data breaches

We use reasonable security safeguards (encryption in transit, access controls, managed infrastructure). No system is perfectly secure.

If the Privacy Act covers our handling of the relevant information and we suspect an eligible data breach is likely to result in serious harm, we will respond in line with the Notifiable Data Breaches scheme where applicable.

9. Data retention

We retain personal information only as long as needed to provide the Services and meet legal/operational obligations.

Typical periods:

  • Account data: while active, then a reasonable period after closure
  • User content/presentations: until you delete them or close your account (subject to backups)
  • Logs/usage: retained for security/analytics purposes for a limited period
  • Payment records: retained as required for tax/accounting

Backups may persist for up to 90 days.

10. Cookies

We use cookies necessary for authentication, session management, and core functionality. Disabling essential cookies may break the Services.

11. Your rights

Depending on where you live, you may have rights to:

  • access and correct personal information,
  • request deletion (subject to legal requirements),
  • object or restrict certain processing, and
  • withdraw consent where processing is based on consent.

To exercise rights, email hello@orcalumi.ai. We may need to verify your identity and will respond within the time required by applicable law.

12. Complaints

If you have a privacy complaint, contact hello@orcalumi.ai with details. We will review and respond within a reasonable timeframe.

13. Changes to this policy

We may update this Privacy Policy. We will post updates on our website and update the "Last Updated" date. For material changes, we may also notify you via email or prominent notice in the Services.

14. Contact

Email: hello@orcalumi.ai

Terms of ServiceHome