Orchet by Lumo Rentals

Privacy Notice

Last updated: May 16, 2026

Orchet is a chat-based super-agent operated by Lumo Rentals Pvt. Ltd. (“Orchet”, “we”, “us”). This notice explains what data we collect when you use Orchet, what we do with it, who we share it with, and the rights you have over it. We've tried to write it plainly. If something is unclear, email privacy@lumo.rentals.

1. What data we collect

We collect three categories of data:

  • Account data. Your email address (via Google or GitHub SSO), display name, profile photo if provided. We never receive your SSO provider password.
  • Conversation data. The messages you send, the responses Orchet returns, the agent tool calls Orchet makes on your behalf, and the parameters / results of those tool calls. We retain conversations so you can scroll back and so the assistant can remember context across sessions.
  • Connector data. When you connect a third-party service (Gmail, Atlassian, Uber, Linear, etc.), we receive an OAuth access token from that service. We use the token to call the service on your behalf when you ask Orchet to do something that needs it (read your inbox, file a ticket, request a ride). We never see your password for those services.

2. How third-party connectors work

This is the part most people care about, so we're going to be specific.

  • OAuth tokens are encrypted at rest. When you authorize a third-party service, the access token (and refresh token, if the service issues one) is encrypted with AES-GCM before being written to our database. The decryption key never leaves our server-side auth service.
  • Agent code never sees raw tokens — by design. Per our internal architecture (ADR-015), the orchestrator resolves your OAuth header server-side and attaches a ready-to-use Bearer header to each individual tool call. Agents in the Orchet Store receive a token only for the specific call they are making, not your token wholesale.
  • Disconnect is one click. Open /connections, find the service, click Disconnect. We delete our copy of the tokens within 30 seconds. If the third-party service supports token revocation (RFC 7009), we also tell them to invalidate the token server-side.
  • Orchet Store agents. When a third-party developer publishes an agent in the Orchet Store, they only receive tool inputs and outputs you would expect a tool to receive — not your full chat history, not other integrations' tokens, not metadata about other users. See our Developer Terms for the binding rules developers agree to.

3. What we use the data for

  • To run Orchet for you. Account data is used to identify you. Conversation data is used to render the chat, maintain context, and let you scroll back. Connector tokens are used to call the services you've authorized.
  • To improve quality. We analyze aggregate usage patterns (which agents are called, which paths fail) to fix bugs and prioritize improvements. We do not train any foundation model on your conversations.
  • To detect abuse. If our automated systems flag activity as fraudulent, malicious, or in violation of our terms, we may review the specific conversation to decide whether to take action.
  • To meet legal obligations. If we receive a valid legal request (subpoena, court order), we may have to disclose data. We push back on overbroad requests where we can.

4. Who we share data with

We share data with:

  • Foundation model providers (currently Anthropic and OpenAI) — to generate Orchet's responses to your messages. They process your conversations under their own privacy policies but contractually do not retain prompts beyond the operational window needed to serve the response.
  • Third-party services you've connected — when you ask Orchet to do something that needs them. The data shared is whatever your request requires (e.g., the prompt for an email draft when you ask Orchet to send an email).
  • Infrastructure providers we rely on: Supabase (database), Vercel (web hosting), Render (backend hosting), Fly.io (voice service), Honeycomb (telemetry). These vendors process data on our behalf under data processing agreements.
  • No advertisers, no data brokers. We do not sell your data. We do not allow advertisers to target you through Orchet.

5. How long we keep your data

  • Conversations: kept until you delete them or close your account. You can delete individual conversations from the chat history view.
  • Account data: kept while your account is active. We delete account records within 30 days of account closure, except where retention is required by law.
  • Connector tokens: kept until you disconnect the service or the token is revoked. Refresh tokens are re-encrypted on each successful refresh; we keep no plaintext copy at any point.
  • Operational logs: retained 90 days for fault diagnosis, then aggregated and stripped of identifying fields. PII is redacted via Presidio before logs leave the voice service.

6. Your rights

You can ask us to:

  • Show you a copy of the data we hold about you.
  • Correct anything that's wrong.
  • Delete your account and the associated data (subject to the 30-day retention window above for legal-hold purposes).
  • Port your data — we'll provide it in a structured machine-readable format.
  • Object to specific uses of your data.
  • Withdraw any consent you've previously given.

Email privacy@lumo.rentals with your request. We respond within 30 days.

7. International transfers

Orchet's operations span multiple regions (we run backend services in the US, Europe, and India to keep latency low). Your data may be transferred across these regions in the course of providing the service. For EU and UK users, we rely on the European Commission's Standard Contractual Clauses (2021) plus supplementary measures for data leaving the EEA/UK. We do not transfer data to jurisdictions whose laws would force us to disclose it inconsistently with EEA/UK standards without legal challenge.

8. Children

Orchet is not directed at children under 13 (or 16 in EU/UK). We don't knowingly collect data from anyone under those ages. If you believe we have, email us and we'll delete it.

9. Security

  • TLS 1.2+ for everything client-to-server and server-to-server.
  • OAuth tokens encrypted at rest with AES-GCM.
  • Database row-level security on per-user tables.
  • Internal credential boundary: orchet-marketplace, the service that processes developer submissions, is architecturally prevented from accepting OAuth secret values — only env-variable names per ADR-015.
  • Vulnerability reports: security@lumo.rentals. We acknowledge within 24 hours and aim to fix within 5 business days.

10. Changes to this notice

When we change this notice, we update the “Last updated” date at the top, and for material changes we'll surface a one-time banner in chat the next time you open Orchet. The changelog at the bottom of this page records material changes.

11. Contact

Lumo Rentals Pvt. Ltd., Bengaluru, Karnataka, India.
General: hello@lumo.rentals
Privacy / data requests: privacy@lumo.rentals
Security: security@lumo.rentals

Changelog

  • 2026-05-16 — Initial publication. Covers account / conversation / connector data, foundation-model processing, third-party developer Orchet Store handling, retention, rights, security, international transfers.