Luma owns all data derived from analyzing how users interact with and use its services, including any anonymized or aggregated data derived from user activity.
This analysis describes what Luma AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Even if your individual personal data is deleted, Luma retains ownership of the aggregated and usage data derived from your activity and the analytical insights generated from it, which can be used to develop new products and services.
Interpretive note: Whether the aggregation process adequately anonymizes personal data to remove GDPR and CCPA applicability depends on Luma's specific technical methodology, which is not described in the agreement.
Luma retains full ownership of usage patterns and aggregated behavioral data derived from your interactions with the platform, and this data can be used to build new products and services, even after you close your account.
How other platforms handle this
We create aggregated or anonymized datasets or statistics based on usage and operational data related to your use of the Mistral AI Products (such as product usage events, performance metrics, billing metrics, and Feedback) (collectively, "Usage Data"). We may use the Usage Data for our business pur...
As between Egnyte and Customer, Customer shall own all right, title and interest in and to the Customer Data. Customer hereby grants to Egnyte a limited, non-exclusive, royalty-free, worldwide license to use, copy, store, transmit, display and modify the Customer Data solely to the extent necessary ...
"Aggregated Data" means data and information related to or derived from Customer Data or Customer's use of the Services that is used by Supabase in an aggregate and anonymized manner, including to compile statistical and performance information related to the Services. [...] "Supabase IP" means the ...
Monitoring
Luma AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"As between the parties, Luma owns and retains all right, title, and interest, including all related intellectual property and proprietary rights, in and to the Aggregated Data and Usage Data (including any improvements, modifications, and enhancements thereto), the know-how and analytical results generated in the Processing and use thereof, and any and all new products, services, and developments, modifications, customizations, or improvements to the Services made based on the Aggregated Data or Usage Data.— Excerpt from Luma AI's Luma AI Terms of Service
(1) REGULATORY LANDSCAPE: This provision engages GDPR's treatment of anonymized and aggregated data. If the data is genuinely anonymized to GDPR standards, it falls outside GDPR's scope and Luma's ownership assertion is generally consistent with applicable law. However, if aggregated data can be re-identified or if the aggregation process itself involves personal data processing, GDPR obligations apply. The California Consumer Privacy Act similarly does not apply to genuinely aggregated data but does govern the processing steps used to create it. The FTC's guidance on data minimization and purpose limitation is relevant context. (2) GOVERNANCE EXPOSURE: Medium. The breadth of the ownership assertion, which includes all know-how and analytical results generated from usage data and all new products developed based on such data, is standard in SaaS agreements but should be noted by enterprise customers who may seek to negotiate limitations. The key legal question is whether the aggregation process adequately anonymizes personal data such that GDPR and CCPA frameworks no longer apply. (3) JURISDICTION FLAGS: EU/EEA deployment requires careful assessment of whether Luma's aggregation methodology meets GDPR anonymization standards as interpreted by the European Data Protection Board. The standard for genuine anonymization under GDPR is high, and pseudonymization is not equivalent to anonymization. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should request transparency about the specific data categories included in Usage Data and Aggregated Data and the anonymization methodology applied. This provision effectively means Luma can use behavioral insights derived from enterprise customer deployments to improve its products and develop competitive offerings, which may be a commercial concern in some contexts. (5) COMPLIANCE CONSIDERATIONS: Data mapping exercises should distinguish between personal data processing steps involved in creating Aggregated Data and the Aggregated Data itself. If the aggregation process involves personal data, a lawful basis and appropriate safeguards must be identified. Privacy notices should disclose that usage and aggregated data are used for product improvement purposes.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Even if your individual personal data is deleted, Luma retains ownership of the aggregated and usage data derived from your activity and the analytical insights generated from it, which can be used to develop new products and services.
Luma retains full ownership of usage patterns and aggregated behavioral data derived from your interactions with the platform, and this data can be used to build new products and services, even after you close your account.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Luma AI.