lumiris
Create account

Privacy Policy

Last updated: May 26, 2026

Who we are

Lumiris is an electronic health record for occupational therapists. This policy explains how we handle personal data — yours, as a professional, and your patients', recorded by you on the platform.

Controller and processor

Regarding your patients' data, you are the controller: you decide what to record and for what purpose. Lumiris acts as the processor, handling that data on your behalf and following your instructions. Regarding your account and billing data, Lumiris is the controller.

Data we handle

From your account: name, email, CREFITO number and subscription data. From your patients, as you record it: identification, guardian contact, clinical history, intake, progress notes, treatment plan, reports and attachments. Some of this is considered sensitive health data under the LGPD.

How we use it

To operate the chart: store and organize records, generate PDF documents, structure notes and reports with AI assistance and process your subscription. We do not use your patients' data for advertising, nor do we sell it.

Legal basis

Processing of your account data relies on performance of the contract. Processing of patients' health data is done by you, the controller, under the appropriate legal basis — typically health care provision or the consent of the patient or guardian. Ensuring this basis is your responsibility.

Use of artificial intelligence

Session audio and text may be sent to an AI provider for transcription and structuring. Generated content is always a draft, reviewed by you before saving. Clinical responsibility stays with the therapist.

Sharing

We share data only with providers essential to operation — authentication, hosting, payment processing and AI — under confidentiality and security obligations. We do not share with third parties for other purposes.

How long we keep it

We keep records while your account is active. After cancellation you can export everything; afterwards, data is deleted respecting the legal record-retention periods applicable to the profession.

Security

Data travels encrypted (TLS) and is encrypted at rest. Access is restricted to your account. We apply technical and organizational measures to protect the information.

Data subject rights

Data subjects may request confirmation of processing, access, correction, anonymization, portability and deletion of data, among other LGPD rights. Patient requests should be directed to you, the controller; we assist as needed.

Data protection officer and contact

For privacy questions or to exercise rights regarding data under our responsibility, reach us at privacidade@lumiris.com.br.

Changes

We may update this policy. We will communicate relevant changes, and the update date will always appear at the top.