Lumence
Lumence

Privacy Policy

Effective date: March 2026

This Privacy Policy describes how Lumence (“we”, “us”, “our”) collects, uses, and shares information when you use the Lumence service (“Service”). We are committed to protecting your personal data and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) where applicable.

1. Data Controller

Lumence is the data controller for personal data processed through the Service. If you have questions or requests regarding your personal data, contact us at: legal@lumence.io.

2. Data We Collect

We collect only the data necessary to operate the Service:

  • Account data: Your email address, optionally a display name, and hashed password (if you use email/password login). If you sign in with Google, we receive your email address and name from Google.
  • Uploaded thumbnails: Image files you upload to the Service for analysis. These are stored in secure cloud storage and processed by our ML pipeline. Thumbnails are retained for 90 days after upload.
  • Usage data: Analyses you have run, scores and recommendations generated, credits consumed, and feature usage patterns. This data is retained for the lifetime of your account.
  • Payment data: Payment processing is handled entirely by Stripe. We do not store your full card number, CVV, or bank account details. We store your Stripe customer ID to facilitate future purchases and the amount of credits your purchases have granted.
  • Log data: Server logs may contain IP addresses, browser type, and request timestamps for security and debugging purposes. These are retained for up to 30 days.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contract performance: Processing your account data, uploaded thumbnails, and usage data is necessary to provide the Service to you.
  • Legitimate interests: Log data processing for security, fraud prevention, and platform stability.
  • Consent: Any optional features (such as marketing emails or using your data to improve ML models) are based on your explicit, opt-in consent, which you can withdraw at any time.

4. Third-Party Processors

We share data with the following third-party service providers solely to operate the Service. Each processor is contractually bound to process your data only for the purposes we specify:

Supabase

Provides database, authentication, and file storage infrastructure. Your account data, thumbnails, and analyses are stored in Supabase. EU-region servers are available.

Stripe

Handles all payment processing. Stripe stores your payment method details. We share your email address with Stripe to create a customer record for your purchases. Stripe is PCI DSS Level 1 certified.

Vercel

Hosts the Lumence frontend application. Request data (including IP addresses) passes through Vercel's edge network.

Google Cloud (GCP)

Our ML analysis pipeline runs on GCP virtual machines. Thumbnail images are transmitted to these servers for processing. Images are not persistently stored on GCP infrastructure; they are processed in memory and results are returned to Supabase.

Sentry (sentry.io)

We use Sentry to monitor application errors and performance. Sentry may collect technical data including error stack traces, browser and device information, and anonymised request metadata. No personally identifiable information is deliberately sent to Sentry. This processing is based on our legitimate interest in maintaining service reliability and diagnosing technical issues promptly.

5. Data Retention

  • Thumbnails: Deleted 90 days after upload.
  • Analysis results: Retained for the lifetime of your account.
  • Account data: Retained until you delete your account.
  • All data: Permanently deleted within 30 days of account deletion, except as required by law (e.g., financial records may be retained for statutory periods).

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate data via account settings or by contacting us.
  • Erasure: Delete your account and all associated data via Settings → Delete Account. You may also contact us at legal@lumence.io.
  • Portability: Request an export of your data in a machine-readable format.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at legal@lumence.io. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

7. Cookies

Lumence uses session cookies to maintain your logged-in state. These cookies are strictly necessary for the Service to function. We do not use:

  • Tracking or analytics cookies
  • Third-party advertising cookies
  • Cross-site tracking pixels

Session cookies are automatically removed when you sign out or close your browser.

8. International Data Transfers

Your data may be processed outside the European Economic Area by our third-party processors (Vercel, Google Cloud). Where such transfers occur, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure your data receives equivalent protection. You may request a copy of the applicable safeguards by contacting legal@lumence.io.

9. Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS), access controls, and regular security reviews. However, no system is perfectly secure. If you discover a security vulnerability, please report it to legal@lumence.io.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the Service. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

11. Contact

For any privacy-related questions, requests, or concerns:

Email: legal@lumence.io

Terms of ServiceBack to Lumence