Effective as of November 7, 2013.
Luum™ is an online platform for commuters and travelers to help them get motivated to choose sustainable modes of transportation. Luum members take part in the community by recording their trips and taking part in friendly competition.
This policy describes how your data is recorded on Luum, how others may be able to view you activity, and your role in keeping your data secure.
November 2013 Update: Luum has new features that use Google Maps and Places functionality. By using these services, the data that transmits between Luum and Google will be subject to Google's policies.
- Personal information
- Non-personal information
- Information provided to Luum
- Who sees my information?
- Uses of personal information
- Sharing with third parties
- Third party links
- Age requirement
- International considerations
- Business evolution
What does Luum consider my personal information?
Luum wants to provide you with control over how your personal information ("Personal Information") is used in the platform. To that end, we consider the following to be Personal Information:
- Your name: We ask that you provide your real name, to enhance the community spirit and trust in the platform, but if you would like to use a pseudonym, we ask that it appear to be a real name.
- Your email address: We require a working email address in order to confirm your account and send you notifications, system status updates and password reset instructions.
- Your email address and password: These are the keys to your access to the platform. Keep your password strong and secret to protect your account.
- Your Platform Activity: When you join challenges, comment, record trip logs, join teams, and invite friends, the activity is tied to your user account. Be aware that the sum of your platform activity can be seen as a profile of your movements throughout your community.
What does Luum consider non-personal information?
When your computer talks to Luum's web servers, your computer information is stored but not directly associated with your platform activity. This non-personal information is used to help us improve the functionality and performance of the system.
- IP address: The number identifying your connection to the rest of the Internet. This information is only stored in web server logs and encrypted cookies regarding account log-in and management activities. It is not directly associated with any record of your Personal Information. Cookies are small text files stored in your web browser that are sent back and forth when communicating with a web server (learn more). Encryption helps to ensure that only Luum's servers can decode your user account information.
- Web browser: The brand and version number of your browser.
- Device: Information such as the operating system, screen resolution, pixel density of the device used to access the platform.
- Other technical details: Whether you have Flash enabled, system language, and other technical information.
- Important Note: While a combination of the above information can possibly form a uniquely identifying "fingerprint", Luum does not associate this with your personal information.
When do I provide information to Luum? What do I provide?
- Registration: When you sign up with us, you voluntarily provide us with some basic Personal Information. Your name and email address are required.
- Logging in and submitting forms: Each time you log into Luum, an encrypted cookie is stored in your web browser that lets our servers know that you are logged in. When you submit a form, a different encrypted cookie is used to validate the form submission. These cookies contain your username and IP address.
- Platform activities: Every time you complete a Platform Activity, we store a record of the specific activity you did, and the time when you did it. Your user account is associated with this information.
- Facebook Integration: Whenever you log into Luum through Facebook, share something from Luum onto Facebook or invite Facebook friends to join Luum, Facebook's Terms of Service, Data Use Policy, and your Facebook privacy settings govern the particular information we receive. Note that if you are logged in via Facebook, a third-party cookie operated by Facebook will be loaded each time you visit a different page on Luum, enabling Facebook to track your activity.
- General site usage: When you visit different pages, we store a record of these activities using server logs. These data contain non-personal information, which is in no way associated with your user account.
Who sees the information I provide to Luum? What control do I have?
Certain activities you perform using Luum can be visible to others, though you have control over the degree to which it is made visible to others:
Registration: The information you provided during registration can be visible on your
user profile. Your name is also visible alongside records of your Platform Activity throughout the Platform.
- Who can see it? By default, everyone can see your profile.
- What control do I have? We are developing a privacy setting that allows you to change who has access to your profile.
- Can I delete this information? Yes. If you desire to delete any information you provided to Luum, including your user profile, please contact Luum at email@example.com and we will take measures to delete all requested information in a reasonable time.
Platform Activities: Records of your Platform Activities are visible on your user profile.
A record of you doing an activity can also be visible in feeds displayed on relevant pages.
- Who can see it? By default, your membership in organizations and teams, acceptance of challenges, and trip logs are visible to the public. Authorized Luum and/or third party service provider personnel who have agreed to abide by this policy can also see this information.
- What control do I have? You can control the visibility of your Trip Log Details in your privacy settings. This will allow you to select the audience for the text and media that you attach to each Activity Log.
General site usage: The non-personal information we collect is visible in
internal Luum reports that let us identify areas of improvement for the site.
- Who can see it? Authorized Luum and/or third party service provider personnel who have agreed to abide by this policy.
- What control do I have? You may modify cookie settings or disable them altogether by adjusting your web browser settings. Disabling third party cookies may reduce the functionality of the platform; disabling cookies entirely will eliminate your ability to log into the site.
How does Luum use my personal information?
Sending you email: Luum can send you email about system status, policy updates, new features, and notifications.
- What control do I have? We reserve the right to send you emails about system status (for example, you need to reset your password). We may also send you general news and notifications. You can opt-out of receiving these general emails by managing your notifications settings or clicking the unsubscribe link at the bottom of each email.
- Building a community: Your Platform Activity can be displayed in activity feeds throughout the Platform. Your name and a link to your profile can be displayed in these feeds. This helps other users see that people like them are participating. Your platform activities can also be aggregated with others' activities to display action counts or other metrics to demonstrate engagement with a challenge. This aggregation eliminates any direct link to your Personal information on the platform.
Other uses of your Personal Information:
- Improve upon our existing services to you;
- Develop new services.
- Perform internal market research, project planning, troubleshooting, and to detect and protect against errors, or other activities to ensure the services run properly.
Will my personal information ever be shared outside of Luum?
Before joining a challenge or logging a trip, be aware that much of your Platform Activity may be visible to others who visit Luum. With that in mind, there are also circumstances where we may deliberately provide personal information to third parties:
Legal and justified government requests: Luum will provide your personal information as lawfully required
by appropriate legal means such as a subpoena, court order, or other valid legal process. Luum will only respond to United States requests.
- Non-U.S. law enforcement requests: As outlined in United States law, Luum will respond to user information requests from non-U.S. law enforcement entities that are issued via U.S. court order by way of a mutual legal assistance treaty or a letter rogatory.
- What control do I have? Luum will notify a user if it receives a request for his/her information unless legally prohibited from doing so. This notification will be performed before the information is disclosed.
- Organizational Partners: Challenges may be created by or on behalf of organizational partners who may be provided with anonymized records of participation in their challenges upon request. No Personal Information will be disclosed to these partners without your express consent.
- With your express consent: If we wish to use any of your Platform Activity for our own publicity efforts like blogs or media campaigns, we will contact you in advance to ask for your permission.
Other situations: Luum may withhold or disclose your information if we believe it is reasonably necessary
in the following cases:
- To protect the safety of the user or anyone else
- To investigate fraud or security issues
- To protect Luum's rights or property
- Enforce our Terms of Service;
- To work with strategic partners to provide improved or additional services to you.
- In the event of an acquisition, reorganization, merger, or sale of all, or substantially all of Luum's capital stock or assets to a third-party.
Links to Third Party Content
Luum and its users may sometimes provide links to third-party websites:
- These links are for informational purposes only, and Luum does not endorse them and is not responsible for their practices in any way.
Can I use Luum if I'm under 13 years old?
Currently, we are not able to offer Luum to you if you are less than 13 years old. This is because of restrictions placed on the collection of personal information by the United States Children's Online Privacy Protection Act. We do not knowingly collect data from individuals less than 13 years old.
- What if my child has created an account? If you become aware that your child has provided Luum with personal information without your consent, please notify us at . If we become aware of such information, we will take steps to remove it and deactivate the child's account, where applicable.
As a Luum member outside of the United States, what do I need to be aware of?
Luum's servers are based in the Unites States. By using Luum, you acknowledge and consent that:
- Your data will be transferred to the United States, whose laws about data protection may not offer the same amount of protection that your country does.
- Your data will be subject to United States law (including the PATRIOT Act, FISA, and the Digital Millennium Copyright Act).
What control do I have? You should do your best to ensure your Platform Activity complies with both your local laws and U.S. laws.
What happens to my data if Luum merges with another company or ceases to exist?
If Luum is involved in a merger, bankruptcy, acquisition, reorganization or sale of assets, your information may be sold or transferred as part of that action.
Can Luum guarantee my data is secure?
While Luum employs reasonable technical and procedural safeguards and best practices to ensure the security of our servers and the data stored therein, no security system is flawless. As such, we cannot guarantee that your data or Personal Information will be completely secure.
- What control do I have? Remember to keep your password secret, change it regularly, and make it complicated. Do not provide any sensitive information that you feel would be damaging to you if it were publicly revealed.
- What happens if there is unauthorized access to my data?In the event of a data breach, Luum will notify any user whose data has been accessed and/or compromised. We will also perform internal security evaluations to help prevent future breaches.
Will this policy ever change?