Luminas AI — Privacy Policy

Effective Date: _[EFFECTIVE DATE]_

Luminas AI ("Luminas", "we", "us") respects your privacy. This Privacy

Policy explains what personal information we collect, how we use it, with

whom we share it, and your choices.

This policy covers the Luminas public website, booking page, lead forms,

client dashboard, and communication channels (email, Telegram). Data

processed on behalf of a paying Client is governed by the Data Processing

Addendum (Exhibit C to the Master Services Agreement).

1. What we collect

1.1 Information you give us directly

• Lead form: name, email, business name, business phone, website,

state / country, monthly revenue range, ad-budget range, main problem /

goal, timezone.

• Booking form: name, email, business name, timezone, chosen slot,

monthly revenue range, ad-budget range, main problem / goal.

• Telegram messages: any text or media you send our Telegram bot, plus

the Telegram user id and chat id.

• Contract signing (Documenso): full legal name, email, signature

image, company name and tax info you enter, IP address of signature

event.

• Billing (Stripe): billing address, last four digits of card, and

Stripe customer id. We do not receive full card numbers.

1.2 Information collected automatically

• Server logs: IP address, timestamp, user-agent, referrer, path, and

response status.

• Light analytics: page view counts and booking-funnel conversion

events, stored without third-party marketing cookies.

1.3 Information from third parties

• Stripe returns payment status, subscription status, and metered

usage.

• Documenso returns contract status and signature events.
• Meta / Google ad platforms (only for paying Clients) return

aggregate campaign metrics under Client's own account.

2. How we use it

• to respond to your inquiry and schedule a call;
• to run the scheduled call (Jitsi meeting, LiveKit AI closer);
• to bill you if you become a paying Client;
• to run Services on your behalf if you are a Client;
• to improve our own product, with personal identifiers removed where

reasonable;

• to detect and prevent fraud and abuse;
• to comply with legal obligations.

We do not sell your personal information, and we do not use your

personal information to train third-party models.

3. Who we share it with

We share personal information with:

• Infrastructure sub-processors under contractual confidentiality and

security obligations: OVH / VPS provider (hosting), dominios.pt and the

current dnscpanel-backed DNS/hosting layer where applicable, nginx on our

VPS for TLS termination, our own Documenso instance, our own Jitsi

instance, our own MinIO instance.

• Operational sub-processors: Stripe (payments), Telegram Messenger

(messaging), LiveKit (voice infrastructure and voice model runtime),

KiloCode / OpenRouter (LLM gateways), an SMTP provider (email delivery).

• Professional advisers (lawyers, accountants) under confidentiality.
• Authorities when we believe in good faith that disclosure is

required by law.

4. International data transfers

Luminas is hosted on a European VPS and may transfer data internationally

when necessary (e.g. Stripe payment routing, Telegram message delivery).

Where required, we rely on Standard Contractual Clauses or equivalent

transfer mechanisms.

5. Data retention

• Leads that do not become Clients: retained up to 24 months, then

deleted or anonymized.

• Client data: retained for the life of the engagement plus 24

months, then deleted or anonymized except for records we must keep for

legal, accounting, or tax reasons.

• Log data: rolled / deleted after 90 days.
• Contracts and tax records: retained for 7 years from the end of

the engagement.

6. Your rights

Depending on where you live you may have the right to:

• access the personal information we hold about you,
• correct or update inaccurate data,
• request deletion ("right to be forgotten"),
• object to or restrict certain processing,
• withdraw consent where processing is based on consent,
• lodge a complaint with your local data-protection authority.

To exercise these rights, email privacy@luminasai.me. We will verify

your identity before acting.

7. Cookies

The public Luminas site uses no third-party marketing cookies. We may

set a minimal first-party session cookie for form state. You can clear

cookies in your browser settings at any time.

8. Security

We use TLS in transit, encrypted storage at rest on the VPS, role-based

access control, audit logging, and least-privilege integrations. No

system is perfectly secure; if you believe your account has been

compromised, email security@luminasai.me.

9. Children

The Services are not directed to children under 16, and we do not

knowingly collect personal information from them.

10. Changes to this policy

We may update this policy from time to time. The Effective Date at the

top will reflect the latest version. Material changes will be announced

on the Site.

11. Contact

Luminas AI

• Privacy: privacy@luminasai.me
• Security: security@luminasai.me
• General: hello@luminasai.me