Privacy Policy

Effective Date: September 2022

I. Corporate Commitment to Privacy

Luminar Technologies, Inc. and its subsidiaries and affiliates (collectively “Luminar”) are committed to respecting your privacy. This privacy policy describes how we collect, use, disclose, store and otherwise process information when you use our websites and other online products and services.

We urge you to read this Privacy Statement so that you understand our commitment to you and your privacy, and how you can participate in that commitment.

II. Consent

Luminar collects personal information about you in connection with some of our services. On some of our sites, we may request that you voluntarily supply us with information, including your name, e-mail address or other information so that we may enhance your site visit or follow up with you after your visit. If you have voluntarily provided information, you consented to the collection and use of your personally identifiable information as described in this Privacy Policy. In addition, by visiting our website or using our services, you consent to Luminar’s collection, use, disclosure, transfer and storage of information relating to you as set forth in this privacy Policy. You can revoke consent by emailing privacy@luminartech.com and we will cease using and processing your personal information. 

III. Information Collected Automatically

Luminar may also collect Technical Information about you when you visit our websites, which your web browser automatically sends whenever you visit a website on the Internet. “Technical Information” is information that does not, by itself, identify a specific individual but which could be used to indirectly identify you. Our servers automatically record this information, which may include your Internet Protocol (“IP”) address, browser type, browser language, and the date and time of your request. Gathering your information helps us ensure our websites and other services work correctly and support out customer analytic efforts. 

We may use these technologies to collect information about the ways visitors use our websites, to support the features and functionality of our websites, and to personalize your experience when you use our websites. 

We also collect information about your use of the websites through cookies and similar technology. A “cookie” is a unique numeric code that we transfer to your computer so that we can keep track of your interests and/or preferences and recognize you as a return visitor to the websites. We use a tool called “Google Analytics” to collect information about use of our site. Google Analytics collects information such as how often users visit our site and what pages they visit when they do. Information about how Google collects and uses data can be found here: www.google.com\policies\privacy\partners. If you would prefer, you can usually choose to set your browser to remove or reject browser cookies. 

Our websites may include social media features, such as the Facebook Like button and other widgets that run on our site. These features may collect your IP address and which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with these features are governed by the privacy policy of the organization providing it.

IV. Information Collected from Other Sources

Luminar may also collect information about you from other sources to help us correct or supplement our records, improve the quality or personalization of our services to you, and reduce exposure or aid in the detection of fraud. We may also use website and application analytics services provided by third parties to collect information about our website or application use and to report trends, without identifying individual visitors. The third parties that provide us with these services may also collect information about your use of third-party websites. We also may receive information about you from other sources, such as public databases, joint marketing partners and social media platforms. Some company websites or services may be co-branded and offered in conjunction with another company. If you use such websites or services, both Luminar and the other company may receive the Personal Information that’s collected via that co-branded website or service. 

V. Use of Personal Information

Luminar uses your personal information to provide you products and services. We also use your personal information to support our business functions, such as security protocols, marketing, and legal functions, data analysis; audits; identifying usage trends; determining the effectiveness of our operating procedures and expanding our business activities. 

We may also use your personal information to enhance the security and integrity of our websites, mobile services, and our business; to fulfill your requests for products and services and communicate with you about those requests; to respond to reviews, comments, or other feedback you provide us; to better understand customer behavior so that we may improve our marketing and advertising efforts and to improve the distribution of our products and services; to comply with legal and/or regulatory requirements; for industry benchmarking and analysis consistent with our legitimate business purpose; in connection with a job application or inquiry, you may provide us with data about yourself, including your educational background or resume and other information, including your ethnicity where required or permitted by law. We may use this information throughout Luminar, its subsidiaries and affiliates, and its joint ventures for the purpose of employment consideration. To do this, we combine personal and non-personal information, collected online and offline, including information from third party sources. 

VI. Disclosure of Personal Information to Third Parties

Luminar will not rent or sell your personal information to others but may disclose personal information with third-party vendors and service providers that work with Luminar. We will only share personal information to these vendors and service providers to help us provide a product or service to you.

Luminar may disclose personal information for our business purposes, such as: except as described above and below, Luminar may use or share information that does not personally identify you for any purpose, such as for operational or research purposes, for industry analysis, to improve or modify our products and services, to better tailor our products and services to your needs, and where legally required. 

Luminar may transfer and disclose information, including information that may or may not personally identify you, to third parties, such as authorities, law enforcement agencies, government agencies, or legal entities, to comply with a legal obligation (including, but not limited to, subpoenas); when we believe in good faith that the law requires it; in response to a lawful request by governmental authorities conducting an investigation, including subpoenas, court orders or search warrants, and as otherwise authorized by law to comply with law enforcement requirements; to verify or enforce our policies and procedures; to respond to an emergency; to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, unethical or legally actionable; or to protect the rights, property, safety, or security of the services, Luminar, third parties, visitors to our services, or the public, as determined by us in our sole discretion. 

Using our website or services may link to third party web websites, services, and applications. Luminar is not responsible for any personal information collected through these means. Information collected is governed through the third party’s website’s Privacy Policy. Any interactions you have with these web websites, services, or applications are beyond the control of Luminar. 

Information from or about you or your use of our website may be stored and processed in any country where we have facilities or in which we engage service providers. Those countries may not have the same data protection laws as the country in which you initially provided that information. When we transfer information from or about you or your use of our products or services to other countries, we will protect it as described in this Privacy Policy. By use of our website or otherwise providing information to us, you consent to the transfer of information from or about you or your use of our products or services to countries outside of your country of residence, including the United States.

VII. Data Retention and Storage

Luminar retains your information for business purposes, for as long as your account is active, and/or as long as is reasonably necessary to provide you with our products and services. Luminar will also retain your information as reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements. We may also retain cached or archived copies of your information for a reasonable time. 

VIII. Security Measures Taken to Protect Personal Information by Company

Security of information is of the utmost importance for Luminar. Luminar uses technical and physical safeguards to protect the security of your personal information from unauthorized disclosure. We use industry standard security measures to encrypt traffic, manage access to systems and services, and to keep information secure. We also make all attempts to ensure that only necessary people and third parties have access to Personal Information. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of personal information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. Luminar will notify users of a data breach when Luminar determines that is reasonably necessary, and will notify relevant regulatory bodies, in accordance with applicable law. Any transmission is at your own risk and Luminar expects that you will use appropriate security measures to protect your information.

IX. Collection, Access, Correction, Deletion and Portability of Personal Information

Under certain privacy laws and regulations, you may choose what contact and personal information is collected and stored in your account and preferences. If at any point in time you wish know what data we process about you, or correct or delete such information, you can request such information by contacting privacy@luminartech.com. If you desire to obtain or transfer your information, we may provide you with your personal data in a structured and commonly used electronic format. We will respond to your request for access, correction, deletion or portability within 30 days. In some cases we may limit or deny your request if the law permits or requires us to do so, your request infringes on the privacy of other individuals or internal procedures, we have no personally-identifiable data related to you, or if we are unable to verify your identity. 

X. Inquiry, Compliant, and Dispute Process

Customers may contact Luminar with any questions, concern, or inquiries about this Privacy Policy or company data. If you would like to make a formal complaint, please contact privacy@luminartech.com. All complaints will be evaluated, and a reply will be sent as soon as appropriate. In some instances, Luminar may have to cease services to you if necessary to satisfy your request.

XI. Questions/Updates to Policy

Luminar may review and update this Privacy Policy periodically without any prior notice. 

Responsible Security Disclosure Program

Luminar values the work done by security researchers in improving the security of our website, systems, and products. We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community to participate in Luminar’s Responsible Security Disclosure Program. 

In Scope

As you explore Luminar, report vulnerabilities at CSIRT@luminartech.com. We request disclosing issues found on Luminar-owned products, services, and systems at the following domains:

.luminartech.com

.freedomphotonics.com

.bfe.com

.optogration.com

Out of Scope

The following vulnerabilities fall outside the scope of Luminar’s Responsible Security Disclosure Program:

  • Domains/subdomains outside the approved testing scope
  • Denial of Service (DoS) attack related vulnerabilities
  • Vulnerabilities discovered through automated tools or scans
  • Vulnerabilities requiring physical access to a user’s computer or device
  • Vulnerabilities in any Luminar partner sites
  • Spam or social engineering techniques
  • Physical attacks against Luminar facilities or products

Third-Party Issues

If issues reported through Luminar’s Responsible Security Disclosure Program affect a third-party library, external project, or another vendor, Luminar reserves the right to forward details of the issue to that party without further approval from the researcher. We will do our best to coordinate and communicate with researchers through this process.

General Researcher Guidelines

Please follow the guidelines below when disclosing vulnerabilities:

  • Report any potential security issue as soon as possible. Luminar will investigate legitimate reports and make every effort to quickly correct any vulnerability. To encourage responsible reporting, we will not take legal action against those who comply with requirements set forth in Luminar’s Responsible Security Disclosure Program.
  • Provide sufficient detail to reproduce the vulnerability, including proof of concept.
  • Please do not disclose an issue to the public or a third party until Luminar has resolved it.
  • Avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or accounts for which you have the explicit permission of the account holder.
  • Redact any language or images that may identify the program or Luminar customers from information about a fixed vulnerability.
  • Do not engage in disruptive testing (such as DoS) or any action that could impact the confidentiality, integrity, or availability of information and systems.
  • Do not engage in testing that could result in physical injury or property damage.
  • Do not engage in social engineering or phishing of customers or employees.

Hall of Fame

We will share our appreciation of those researchers who have discovered vulnerabilities in our systems, with their permission.