The short version
Lutin uses the information needed to run your account, connect your lights, share presses with your household, let approved agents help you, and handle subscriptions. We do not sell personal information, use it for targeted advertising, or run third-party advertising in Lutin. Your home data is not used to train general-purpose AI models.
1. Who we are and what this policy covers
Lutin is operated by Streamliner One LLC (“Lutin,” “we,” “us,” or “our”), 30 N Gould St, STE R, Sheridan, WY 82801, USA. Streamliner One LLC is responsible for the personal information covered by this policy.
This policy primarily covers the Lutin application at app.lutin.one, including its household, smart-light, billing, and MCP agent features. It also covers related interactions with Lutin, such as visiting lutin.one or contacting us.
2. Information the app collects
Information you give us
- Account and contact information, such as your email address, one-time sign-in requests, and messages you send to support. Lutin uses passwordless sign-in and does not ask you to create a password.
- Household information, such as house names, member and invitation details, roles, room and light names, saved presses, icons, light assignments, sharing choices, and membership status.
- Billing information, such as subscription status, plan, transaction identifiers, and limited payment details supplied by Stripe. Stripe receives and processes your full card details; Lutin does not store them.
- Agent connection information, such as the agent name, requested access level, approval or denial, connected member, token metadata, and actions requested through MCP. Secret agent tokens are credentials and should not be pasted into chats.
Information from connected services
- Smart-home information. When a house owner connects Philips Hue or another supported provider, Lutin receives authorization credentials and the device, bridge, room, zone, reachability, and light-state information needed to show and control that home. Lutin does not receive your vendor password.
- Household invitations. If another member invites you, we receive your email address and the house and role associated with the invitation.
Information collected automatically
- Device and network information, which may include IP address, browser and device type, operating system, timestamps, requested pages or API methods, referring page, and error or security logs.
- Local browser storage, used for settings and session information such as theme preference and sign-in state. The public website uses your browser’s timezone to make its automatic day/night theme roughly follow local daylight.
- Service activity, such as account access, house changes, press activations, light-control requests, agent pairing and revocation events, and other records needed to operate, secure, and troubleshoot Lutin.
3. How we use information
We use personal information to:
- create and authenticate accounts, send one-time sign-in codes, and provide support;
- show houses, rooms, lights, members, and presses, and send requested commands to connected lights;
- invite household members and enforce owner, member, paused-member, and agent permissions;
- pair, authenticate, scope, monitor, and revoke connected agents;
- start trials, process subscriptions, maintain billing records, and prevent fraud;
- keep Lutin reliable and secure, diagnose errors, protect users and the service, and enforce our agreements;
- understand and improve Lutin using operational and aggregated information; and
- comply with law and respond to lawful requests.
Legal bases for users in the EEA, UK, and Switzerland
We process information when it is necessary to provide Lutin or take steps at your request before entering a contract; when we have a legitimate interest in securing, maintaining, and improving Lutin that is not overridden by your rights; when necessary to comply with law; and, where required, with your consent. You may withdraw consent at any time, without affecting earlier processing.
We do not use personal information for decisions that produce legal or similarly significant effects based solely on automated processing.
4. Household and agent visibility
A house is a shared space. House owners and members may see information associated with that house, including member identity, roles, shared presses, room and light names, and relevant availability. Personal presses remain visible according to the sharing controls shown in Lutin.
An agent can access only the account and permissions of the member who approved it. A Use agent can inspect the home and activate existing visible presses. A Manage agent can also directly control lights and change setup. Members can review and revoke their connected agents; house owners may have additional administrative visibility and controls.
When you ask a third-party AI assistant to connect, that assistant’s provider may separately process your conversation and information its agent retrieves. Its privacy policy applies to that processing. Only approve agents you trust, choose the least access they need, and revoke access when it is no longer needed.
6. How long we keep information
We keep personal information only as long as reasonably necessary for the purposes described here. The period depends on the type of information and why we hold it. For example, we generally keep account and household data while the account or house is active; short-lived authentication codes expire quickly; and security, transaction, tax, dispute, and backup records may remain longer where reasonably necessary or required by law.
When information is no longer needed, we delete or de-identify it. Deletion from encrypted backups and distributed systems may take additional time. We may retain limited information where required to meet legal obligations, resolve disputes, prevent fraud or abuse, or enforce agreements.
7. Security
We use administrative, technical, and organizational safeguards designed to protect personal information. These include scoped access controls and revocable credentials for connected agents. No method of storage or transmission is completely secure, so we cannot guarantee absolute security.
Keep access to your email account and devices secure, never share one-time codes or agent tokens in chat, and revoke unfamiliar household or agent access promptly. If you believe your account or information is at risk, contact us at hello@lutin.one.
8. International data transfers
Lutin is operated from the United States and uses providers that may process information in the United States and other countries. Those countries may have different privacy laws from where you live. Where required, we use recognized safeguards for international transfers, such as adequacy decisions or contractual protections.
9. Your choices and privacy rights
Depending on where you live, you may have the right to request access to, correction of, deletion of, or a portable copy of personal information; restrict or object to certain processing; withdraw consent; or appeal a decision on a privacy request. You may also have the right not to receive discriminatory treatment for exercising a privacy right.
You can manage many choices directly in Lutin, including house membership, press sharing, smart-home connections, and agent access. You can also request account deletion or exercise a privacy right by emailing hello@lutin.one. Tell us what you are requesting and the email address associated with Lutin. We may need to verify your identity and authority before acting. An authorized agent may submit a request where local law permits.
Because Lutin does not sell personal information or share it for targeted advertising, there is no separate sale or targeted-advertising opt-out. Where applicable, we will treat a recognized browser-based opt-out preference signal as a request for the browser or device that sends it.
If you are in the EEA, UK, or Switzerland, you may complain to your local data protection authority. We would appreciate the chance to address your concern first.
10. Children
Lutin is a general-audience service and is not directed to children under 13. We do not knowingly collect personal information directly from children under 13. A parent or legal guardian who believes a child has provided personal information without appropriate permission should contact us so we can investigate and delete it where required.
11. Other services
Lutin may link to or connect with services we do not control, including a smart-home provider, payment processor, or AI assistant. This policy does not cover those services’ independent practices. Review their privacy notices and settings before using them.
12. Changes to this policy
We may update this policy as Lutin changes. We will post the new version here, change the effective or “last updated” date, and provide additional notice when required by law. If a change materially affects how we use information already collected, we will take any additional steps required by applicable law.
13. Contact us
Questions or privacy requests can be sent to:
Streamliner One LLCAttn: Lutin Privacy
30 N Gould St, STE R
Sheridan, WY 82801, USA
hello@lutin.one