← Home
Legal

Policies & agreements

Lumaa AI FZ-LLC, Dubai, UAE UAE PDPL · TDRA Consumer Protection · DIFC Courts jurisdiction

Below are the documents that govern your relationship with Lumaa — whether you visit lumaa.ai, sign up as a Client, or are a call recipient. All are in force as of 8 May 2026.

Master agreement

Terms of Service

Plans, payment, SLA, liability, governing law (DIFC). The contract you accept when you sign up.

Effective 8 May 2026 · v1.0 Privacy

Privacy Policy

What personal data we collect, why, how long we keep it, and your rights under UAE PDPL.

Effective 8 May 2026 · v1.0 Cookies

Cookie Policy

Which cookies we set, why each is necessary, and how to control them.

Effective 8 May 2026 · v1.0 Rules

Acceptable Use Policy

What you may and may not do with the Service. UAE TDRA-aligned. Incorporated into the Terms.

Effective 8 May 2026 · v1.0 Disclosure

Recording & AI Disclosure

How call recipients are informed of automated calling and recording, and how opt-outs work.

Effective 8 May 2026 · v1.0 B2B

Data Processing Agreement

Controller / processor obligations for the personal data Clients process via the Service. Includes sub-processor list.

Effective 8 May 2026 · v1.0

Sub-processors

The current sub-processor list is published as Annex A of the DPA. We commit to 30 days' written notice before adding or replacing a sub-processor that handles personal data.

Responsible disclosure

If you believe you've found a security vulnerability in Lumaa, please email security@lumaa.ai with reproduction steps. We will acknowledge within 5 business days and ask for a 90-day disclosure window before any public discussion. Please do not run automated scanners against tenants you do not own; CTF-style testing against your own tenant is welcome. A machine-readable contact is also at /security.txt per RFC 9116.

Contacting us

Postal: Lumaa AI FZ-LLC, Dubai, United Arab Emirates.

Regulatory references