LumpSum+

Privacy Policy

Effective Date: February 2026 | Last Updated: February 6, 2026

LumpSum Plus, Inc. ("LumpSum Plus," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, and services (collectively, the "Services").

This policy applies to users in the United States, European Economic Area (EEA), United Kingdom, and other jurisdictions. We comply with applicable data protection laws including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA) as amended by the CPRA, and the EU-US Data Privacy Framework.

1. Data Controller & Contact Information

LumpSum Plus, Inc. is the data controller responsible for your personal data. If you have questions about this policy or wish to exercise your privacy rights, contact us:

LumpSum Plus, Inc.

456 Relocation Boulevard, San Francisco, CA 94107, USA

Email: privacy@lumpsumplus.com

Support: support@lumpsumplus.com

Phone: 1-800-LUMPSUM

Data Protection Officer (DPO):

Email: dpo@lumpsumplus.com

For users in the EEA or UK, you may also lodge a complaint with your local data protection supervisory authority if you believe we have not adequately addressed your concerns.

2. Information We Collect

We collect the following categories of personal information:

2.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, password, and profile details when you create an account.
  • Relocation Profile Information: Origin and destination cities/states, family size, moving timeline, employment details, household inventory, and special requirements or accommodations for your relocation.
  • Budget and Financial Information: Budget allocation, spending limits, preferred payment methods, and lump sum program enrollment details. Note: Full payment card details are processed and stored by our PCI-compliant payment processor (Stripe), not directly by LumpSum Plus.
  • Vendor and Supplier Preferences: Preferred moving companies, housing preferences, budget tracking settings, and supplier service bookings.
  • Identity Verification: Government ID or other verification documents when required for program enrollment, fraud prevention, or employer verification.
  • Communications: Messages, emails, chat transcripts, and call recordings when you contact our support team.
  • Employer Program Data: If you participate in an employer-sponsored relocation program, your program status, eligibility information, and employer-provided relocation benefits details.

2.2 Information Collected Automatically

  • Device Information: IP address, browser type and version, operating system, device identifiers, and mobile network information.
  • Usage Data: Pages visited, features used, search queries, click patterns, budget planning activities, time spent on our Services, and AI move planning interactions.
  • Location Data: Approximate location based on IP address; precise location only with your explicit consent for features like relocation planning and supplier matching.
  • Cookies and Similar Technologies: See Section 10 for details.

2.3 Information from Third Parties

  • Supplier and Service Partners: Service confirmations, completion status, and service quality data from our supplier network partners (moving companies, housing providers, relocation consultants).
  • Payment Processors: Transaction confirmation and fraud screening results from Stripe.
  • Identity Verification Services: Verification results from identity verification providers.
  • Employers (B2B): If your employer uses LumpSum Plus for relocation programs, they may provide your name, email, relocation eligibility, program enrollment status, and benefit entitlements.
  • AI and Analytics Partners: Usage patterns and behavioral insights from our AI move planning service providers.

4. How We Use Your Information

We use the information we collect to:

  • Provide Services: Process relocation plans, manage your moving budget, configure employer program settings, connect you with vetted suppliers, provide AI-powered move planning, and facilitate your relocation experience.
  • Process Payments: Charge for services, manage lump sum funds, process refunds, and prevent payment fraud.
  • Communicate: Send order confirmations, relocation updates, supplier connection notifications, budget alerts, customer support responses, and important service announcements.
  • Improve Services: Analyze relocation patterns, refine AI planning algorithms, conduct research, test new features, and improve user experience.
  • Personalize Experience: Remember your preferences, provide tailored supplier recommendations, customize move planning, and create personalized budget tracking.
  • Marketing: Send promotional communications about our services, relocation tips, and supplier partnerships, but only with your consent where required by law.
  • Security: Detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activities.
  • Legal Compliance: Comply with applicable laws, regulations, legal processes, and government requests.

5. Information Sharing

We share your personal information only as described below:

5.1 Service Providers

We share data with third-party vendors who perform services on our behalf:

  • Payment Processors: Stripe for payment processing and managed purchasing power wallet operations.
  • Cloud Infrastructure: Amazon Web Services (AWS) for hosting and data storage.
  • Customer Support: Zendesk for support ticket management.
  • Analytics: Google Analytics, Mixpanel for usage analytics (with IP anonymization enabled).
  • Email Services: SendGrid for transactional and marketing emails.
  • AI and Machine Learning: Third-party AI providers for move planning algorithms and budget optimization.

All service providers are contractually bound to protect your data and may only use it to provide services to us.

5.2 Business Partners

  • Suppliers and Service Providers: Moving companies, housing providers, relocation consultants, and other vendors in our supplier marketplace receive the information necessary to provide their services to you. This may include your relocation profile, budget parameters, destination, timeline, and contact information.
  • Employers (B2B): If your employer sponsors your relocation through our platform, we share your relocation status, budget utilization, completion milestones, and program enrollment information with their designated administrators.

5.3 Legal and Safety Disclosures

We may disclose information when we believe it is necessary to:

  • Comply with applicable law, regulation, legal process, or government request
  • Enforce our Terms of Service or other agreements
  • Protect the rights, property, or safety of LumpSum Plus, our users, or the public
  • Detect, prevent, or address fraud, security, or technical issues

5.4 Business Transfers

If LumpSum Plus is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your personal information.

5.5 No Sale of Personal Information

We do not sell your personal information. We do not share your personal information with third parties for their direct marketing purposes without your explicit consent.

6. International Data Transfers

LumpSum Plus is based in the United States, and your information will be processed and stored in the US. If you are located outside the US, including in the EEA or UK, your data will be transferred to the US.

6.1 EU-US Data Privacy Framework

LumpSum Plus complies with the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework as set forth by the US Department of Commerce. We have certified to the Department of Commerce that we adhere to the EU-US Data Privacy Framework Principles with regard to the processing of personal data received from the European Union, the United Kingdom, and Switzerland.

If there is any conflict between the terms of this Privacy Policy and the EU-US DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework program and to view our certification, visit https://www.dataprivacyframework.gov/.

6.2 Safeguards for International Transfers

For transfers not covered by the DPF, we use the following safeguards:

  • Standard Contractual Clauses (SCCs): We enter into EU-approved SCCs with service providers outside the EEA/UK.
  • Supplementary Measures: Where required, we implement additional technical and organizational measures such as encryption and access controls.

You may request a copy of the safeguards we use by contacting our DPO at dpo@lumpsumplus.com.

6.3 DPF Recourse Mechanisms

In compliance with the EU-US DPF, LumpSum Plus commits to resolve complaints about your privacy and our collection or use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints should first contact us at privacy@lumpsumplus.com.

LumpSum Plus has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit BBB National Programs for more information and to file a complaint. This service is provided free of charge.

If your DPF complaint cannot be resolved through the above channels, under certain conditions you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See DPF Arbitration.

7. Data Retention

We retain your personal information only as long as necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law. Our retention practices are designed to balance your privacy rights with our legitimate business and legal obligations.

7.1 Retention Periods by Data Type

Data CategoryRetention PeriodReason
Account informationDuration of account + 3 yearsService provision; statute of limitations for disputes
Transaction and budget records7 years from transactionTax and accounting legal requirements (IRS, state laws)
Relocation records and supplier transactions7 years from completionInsurance claims; legal disputes; supplier requirements
Payment card detailsNot stored by LumpSum PlusProcessed by Stripe; we retain only last 4 digits
Customer support communications3 years from resolutionQuality assurance; dispute resolution
Relocation profile dataDuration of account + 2 yearsService improvement; follow-up support
Marketing preferencesUntil consent withdrawnHonoring your communication preferences
Analytics and usage data26 months (aggregated thereafter)Service improvement

7.2 Retention After Account Deletion

When you request account deletion, we will delete or anonymize your personal information within 30 days, except for data we are legally required or permitted to retain. Specifically:

  • Transaction and Financial Records: We must retain records of completed transactions for tax, accounting, and legal compliance purposes for up to 7 years. This data will be archived securely with restricted access.
  • Relocation and Service Records: We retain records necessary to defend against potential insurance claims, relocation disputes, or legal proceedings. Under GDPR Article 17(3)(e), the right to erasure does not apply when processing is necessary for the establishment, exercise, or defense of legal claims.
  • Fraud Prevention Data: Limited information may be retained to prevent fraud and enforce our Terms of Service.

Data retained for legal compliance will be minimized to only what is strictly necessary and will be permanently deleted when the legal retention period expires.

7.3 Anonymization Alternative

Where full deletion is not possible due to legal retention requirements, we will anonymize your data so it can no longer be associated with you. Anonymized data may be retained indefinitely for statistical and analytical purposes.

8. Your Rights (EEA, UK, and Global Users)

Depending on your location, you have certain rights regarding your personal data. We honor these rights regardless of where you are located, to the extent practicable.

8.1 Rights Under GDPR (EEA/UK)

  • Right of Access: Request a copy of the personal data we hold about you and information about how we process it.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data in certain circumstances. Note: This right is not absolute; see Section 7.2 for limitations.
  • Right to Restriction: Request that we limit how we use your data while a complaint is being resolved.
  • Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV).
  • Right to Object: Object to processing based on legitimate interests, including profiling and direct marketing.
  • Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing that significantly affect you, and to request human review of AI-generated relocation recommendations.
  • Right to Withdraw Consent: Withdraw consent at any time for processing based on consent, without affecting the lawfulness of prior processing.

8.2 How to Exercise Your Rights

To exercise any of these rights:

We will respond to your request within 30 days (or 45 days for complex requests, with notice). We may need to verify your identity before processing your request. There is no fee for most requests, but we may charge a reasonable fee for manifestly unfounded or excessive requests.

8.3 Right to Lodge a Complaint

If you are in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority:

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

9.1 Your California Rights

  • Right to Know: Request disclosure of what personal information we collect, use, disclose, and sell.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Information: Direct us to limit use of sensitive personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

9.2 Categories of Personal Information

In the past 12 months, we have collected the following categories of personal information as defined by the CCPA:

  • Identifiers (name, email, phone, IP address)
  • Customer records (billing address, payment information)
  • Commercial information (transaction history, relocation records, budget data)
  • Internet activity (browsing history on our site, usage data)
  • Geolocation data (approximate location from IP; precise location with consent)
  • Professional information (employer name for B2B users)
  • Inferences (relocation preferences and characteristics derived from above)

9.3 How to Submit a Request

California residents may submit requests by:

You may designate an authorized agent to submit a request on your behalf. We will verify your identity and, if applicable, your agent's authority before processing the request.

9.4 Financial Incentives

We may offer promotions or discounts in exchange for your personal information (e.g., email for a discount code or relocation bonus). Participation is voluntary, and you may withdraw at any time. The value of these incentives is reasonably related to the value of the data provided.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver relevant content. You can manage your cookie preferences at any time.

10.1 Types of Cookies We Use

CategoryPurposeExamples
EssentialRequired for site functionalitySession cookies, authentication, security
FunctionalRemember preferencesLanguage, saved relocation preferences
AnalyticsUnderstand how you use our siteGoogle Analytics, Mixpanel
MarketingDeliver relevant contentMeta Pixel (only with consent)

10.2 Managing Cookies

  • Cookie Banner: When you first visit our site, you can choose which cookie categories to accept.
  • Browser Settings: Most browsers allow you to block or delete cookies.
  • Opt-Out Links: Google Analytics opt-out: Google Analytics Opt-out

Note: Blocking essential cookies may prevent you from using certain features of our Services.

10.3 Do Not Track

Some browsers have a "Do Not Track" feature. We currently do not respond to DNT signals, but you can manage tracking through our cookie consent tool.

11. Data Security

We implement industry-standard technical and organizational measures to protect your personal data, including:

  • Encryption: All data in transit is encrypted using TLS 1.3. Sensitive data at rest is encrypted using AES-256.
  • Access Controls: Role-based access controls limit employee access to personal data on a need-to-know basis.
  • Infrastructure: We use AWS with enterprise-grade data centers.
  • Monitoring: Continuous security monitoring and intrusion detection.
  • Vendor Management: We assess security practices of third-party vendors before engagement.
  • Incident Response: We maintain an incident response plan and will notify affected users and authorities of breaches as required by law.

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

12. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn we have collected information from a child under 18, we will delete it promptly. If you believe we have information about a child, please contact us at privacy@lumpsumplus.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes:

  • We will update the "Last Updated" date at the top of this page
  • We will notify you by email (if you have an account) at least 30 days before material changes take effect
  • We may also provide notice through our Services

Your continued use of our Services after changes take effect constitutes acceptance of the revised policy. We encourage you to review this policy periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

General Privacy Inquiries:

Email: privacy@lumpsumplus.com

Data Protection Officer:

Email: dpo@lumpsumplus.com

Mailing Address:

LumpSum Plus, Inc.
Attn: Privacy Team
456 Relocation Boulevard
San Francisco, CA 94107, USA

Phone: 1-800-LUMPSUM

← Back to HomeTerms of Service →