Effective Date: September 2022
I. Corporate Commitment to Privacy
We urge you to read this Privacy Statement so that you understand our commitment to you and your privacy, and how you can participate in that commitment.
III. Information Collected Automatically
Luminar may also collect Technical Information about you when you visit our websites, which your web browser automatically sends whenever you visit a website on the Internet. “Technical Information” is information that does not, by itself, identify a specific individual but which could be used to indirectly identify you. Our servers automatically record this information, which may include your Internet Protocol (“IP”) address, browser type, browser language, and the date and time of your request. Gathering your information helps us ensure our websites and other services work correctly and support out customer analytic efforts.
We may use these technologies to collect information about the ways visitors use our websites, to support the features and functionality of our websites, and to personalize your experience when you use our websites.
We also collect information about your use of the websites through cookies and similar technology. A “cookie” is a unique numeric code that we transfer to your computer so that we can keep track of your interests and/or preferences and recognize you as a return visitor to the websites. We use a tool called “Google Analytics” to collect information about use of our site. Google Analytics collects information such as how often users visit our site and what pages they visit when they do. Information about how Google collects and uses data can be found here: www.google.com\policies\privacy\partners. If you would prefer, you can usually choose to set your browser to remove or reject browser cookies.
IV. Information Collected from Other Sources
Luminar may also collect information about you from other sources to help us correct or supplement our records, improve the quality or personalization of our services to you, and reduce exposure or aid in the detection of fraud. We may also use website and application analytics services provided by third parties to collect information about our website or application use and to report trends, without identifying individual visitors. The third parties that provide us with these services may also collect information about your use of third-party websites. We also may receive information about you from other sources, such as public databases, joint marketing partners and social media platforms. Some company websites or services may be co-branded and offered in conjunction with another company. If you use such websites or services, both Luminar and the other company may receive the Personal Information that’s collected via that co-branded website or service.
V. Use of Personal Information
Luminar uses your personal information to provide you products and services. We also use your personal information to support our business functions, such as security protocols, marketing, and legal functions, data analysis; audits; identifying usage trends; determining the effectiveness of our operating procedures and expanding our business activities.
We may also use your personal information to enhance the security and integrity of our websites, mobile services, and our business; to fulfill your requests for products and services and communicate with you about those requests; to respond to reviews, comments, or other feedback you provide us; to better understand customer behavior so that we may improve our marketing and advertising efforts and to improve the distribution of our products and services; to comply with legal and/or regulatory requirements; for industry benchmarking and analysis consistent with our legitimate business purpose; in connection with a job application or inquiry, you may provide us with data about yourself, including your educational background or resume and other information, including your ethnicity where required or permitted by law. We may use this information throughout Luminar, its subsidiaries and affiliates, and its joint ventures for the purpose of employment consideration. To do this, we combine personal and non-personal information, collected online and offline, including information from third party sources.
VI. Disclosure of Personal Information to Third Parties
Luminar will not rent or sell your personal information to others but may disclose personal information with third-party vendors and service providers that work with Luminar. We will only share personal information to these vendors and service providers to help us provide a product or service to you.
Luminar may disclose personal information for our business purposes, such as: except as described above and below, Luminar may use or share information that does not personally identify you for any purpose, such as for operational or research purposes, for industry analysis, to improve or modify our products and services, to better tailor our products and services to your needs, and where legally required.
Luminar may transfer and disclose information, including information that may or may not personally identify you, to third parties, such as authorities, law enforcement agencies, government agencies, or legal entities, to comply with a legal obligation (including, but not limited to, subpoenas); when we believe in good faith that the law requires it; in response to a lawful request by governmental authorities conducting an investigation, including subpoenas, court orders or search warrants, and as otherwise authorized by law to comply with law enforcement requirements; to verify or enforce our policies and procedures; to respond to an emergency; to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, unethical or legally actionable; or to protect the rights, property, safety, or security of the services, Luminar, third parties, visitors to our services, or the public, as determined by us in our sole discretion.
VII. Data Retention and Storage
Luminar retains your information for business purposes, for as long as your account is active, and/or as long as is reasonably necessary to provide you with our products and services. Luminar will also retain your information as reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements. We may also retain cached or archived copies of your information for a reasonable time.
VIII. Security Measures Taken to Protect Personal Information by Company
Security of information is of the utmost importance for Luminar. Luminar uses technical and physical safeguards to protect the security of your personal information from unauthorized disclosure. We use industry standard security measures to encrypt traffic, manage access to systems and services, and to keep information secure. We also make all attempts to ensure that only necessary people and third parties have access to Personal Information. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of personal information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. Luminar will notify users of a data breach when Luminar determines that is reasonably necessary, and will notify relevant regulatory bodies, in accordance with applicable law. Any transmission is at your own risk and Luminar expects that you will use appropriate security measures to protect your information.
IX. Collection, Access, Correction, Deletion and Portability of Personal Information
Under certain privacy laws and regulations, you may choose what contact and personal information is collected and stored in your account and preferences. If at any point in time you wish know what data we process about you, or correct or delete such information, you can request such information by contacting firstname.lastname@example.org. If you desire to obtain or transfer your information, we may provide you with your personal data in a structured and commonly used electronic format. We will respond to your request for access, correction, deletion or portability within 30 days. In some cases we may limit or deny your request if the law permits or requires us to do so, your request infringes on the privacy of other individuals or internal procedures, we have no personally-identifiable data related to you, or if we are unable to verify your identity.
X. Inquiry, Compliant, and Dispute Process
XI. Questions/Updates to Policy
Responsible Security Disclosure Program
Luminar values the work done by security researchers in improving the security of our website, systems, and products. We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community to participate in Luminar’s Responsible Security Disclosure Program.
As you explore Luminar, report vulnerabilities at CSIRT@luminartech.com. We request disclosing issues found on Luminar-owned products, services, and systems at the following domains:
Out of Scope
The following vulnerabilities fall outside the scope of Luminar’s Responsible Security Disclosure Program:
- Domains/subdomains outside the approved testing scope
- Denial of Service (DoS) attack related vulnerabilities
- Vulnerabilities discovered through automated tools or scans
- Vulnerabilities requiring physical access to a user’s computer or device
- Vulnerabilities in any Luminar partner sites
- Spam or social engineering techniques
- Physical attacks against Luminar facilities or products
If issues reported through Luminar’s Responsible Security Disclosure Program affect a third-party library, external project, or another vendor, Luminar reserves the right to forward details of the issue to that party without further approval from the researcher. We will do our best to coordinate and communicate with researchers through this process.
General Researcher Guidelines
Please follow the guidelines below when disclosing vulnerabilities:
- Report any potential security issue as soon as possible. Luminar will investigate legitimate reports and make every effort to quickly correct any vulnerability. To encourage responsible reporting, we will not take legal action against those who comply with requirements set forth in Luminar’s Responsible Security Disclosure Program.
- Provide sufficient detail to reproduce the vulnerability, including proof of concept.
- Please do not disclose an issue to the public or a third party until Luminar has resolved it.
- Avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or accounts for which you have the explicit permission of the account holder.
- Redact any language or images that may identify the program or Luminar customers from information about a fixed vulnerability.
- Do not engage in disruptive testing (such as DoS) or any action that could impact the confidentiality, integrity, or availability of information and systems.
- Do not engage in testing that could result in physical injury or property damage.
- Do not engage in social engineering or phishing of customers or employees.
Hall of Fame
We will share our appreciation of those researchers who have discovered vulnerabilities in our systems, with their permission.