Back to Luminas

Privacy Policy

Effective date: February 18, 2026

Luminas ("we," "us," or "our") operates the website at luminas.cc and the Luminas mobile app (bundle ID: cc.luminas.app). This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have over it.

We believe in transparency. We wrote this policy in plain language so you can actually understand it. If anything is unclear, reach out to us at support@luminas.cc.

Our Principles

  • No selling your data. We never sell your personal information to third parties. Period.
  • No ads or ad tracking. Luminas has no advertising. We do not share your data with ad networks or data brokers.
  • Minimal collection. We only collect what we need to make the app work for you.
  • You own your data. You can delete your account and all associated data at any time.

What We Collect and Why

Account Information

When you create an account, we collect your email address (required for authentication) and an optional display name. If you sign in with Google or Apple, we receive basic profile information from those providers (your name and email) but never your password.

Birth Information

To calculate your natal chart, we collect your birth date, birth time (optional), and birth location (city name, latitude, longitude, and timezone). This is the core of how Luminas works — we use this data to generate your natal chart placements and to personalize your daily readings and AI-generated content.

Natal Chart Data

We calculate and store your natal chart (planet positions, house placements, and aspects) based on your birth information. This pre-calculated data lets us generate your personalized readings without recalculating each time.

AI-Generated Content

When you use features like Daily Readings, Ask the Stars (questions to AI), or Compatibility readings, we store the generated content and your questions so you can access them again later. Your question credits balance is also tracked.

Compatibility Partner Profiles

If you use the compatibility feature, you can enter a partner's name, birth date, birth time, and birth location. This information is stored in your account to generate compatibility readings.

Journal Entries

If you use the journal feature, we store your journal entries (your written reflections) along with the moon phase and planetary transits at the time of writing. These are private to your account and only accessible by you.

Payment Information

We store your Stripe customer ID and RevenueCat app user ID to manage subscriptions and one-time purchases. We do not store your credit card number, bank account details, or other payment credentials — those are handled entirely by Stripe and Apple.

Push Notification Tokens

If you enable notifications, we store your push notification token (Expo Push token for iOS, web-push subscription for web) so we can send you daily reading alerts, transit notifications, and weekly forecasts.

What We Do Not Collect

  • We do not collect precise real-time geolocation or GPS data. Birth location is provided manually by you during onboarding.
  • We do not use behavioral analytics or event-tracking SDKs (e.g., Mixpanel, Amplitude, Facebook SDK) in the mobile app.
  • We do not sell your personal information to third parties.
  • We do not use advertising trackers or display ads.

How We Use Your Data

  • Natal chart calculation and personalized readings — your birth data powers everything in the app.
  • AI content generation — your chart data is sent to our AI provider to create personalized readings and answer your questions.
  • Notifications — to deliver your daily readings, transit alerts, and weekly forecasts (only if you opt in).
  • Payment processing — to manage your subscription status and purchase history.
  • Account management — to authenticate you and maintain your session.

Third-Party Services

We rely on the following third-party services to operate Luminas. Each has its own privacy policy governing how it handles data:

Supabase — Database hosting and authentication. Your account data and chart information are stored in a Supabase cloud database with row-level security policies.
Anthropic (Claude API) — AI-generated content. Your natal chart positions (planet signs, degrees, houses), first name, and timezone are sent to generate readings. For Q&A, your question text is also included. We do not send your email, exact birth date/time/location, payment info, or journal entries to the AI. We use Anthropic's commercial API, which means your data is not used to train their models. See Anthropic's Privacy Policy.
Stripe — Payment processing for web subscriptions and purchases. Stripe handles all payment credentials directly. See Stripe's Privacy Policy.
RevenueCat — In-app purchase and subscription management for the iOS app. See RevenueCat's Privacy Policy.
Vercel — Web hosting and serverless functions. See Vercel's Privacy Policy.
Expo Push Notifications — Delivers push notifications to iOS devices. Your Expo push token is sent to Expo's servers to deliver notifications. See Expo's Privacy Policy.
Resend — Transactional email delivery. We use Resend to send authentication emails (signup confirmation, password reset, email change, and security notifications). Your email address and first name are shared. See Resend's Privacy Policy.
OpenStreetMap Nominatim — Location search during onboarding. When you type a city name to set your birth location, the query is sent to the Nominatim geocoding service to convert it into coordinates. See OSM Foundation's Privacy Policy.
Google OAuth / Apple Sign In — Optional authentication methods. If you choose to sign in with Google or Apple, their respective privacy policies apply to the authentication flow.

Data Storage and Security

We implement the following security measures to protect your data:

  • Encryption in transit: All data transmitted between the app and our servers uses HTTPS/TLS encryption
  • Encryption at rest: Database content is encrypted at rest by our database provider
  • Session security: Authentication sessions are encrypted with AES-256 and stored in secure device storage
  • Row-Level Security (RLS): Database policies ensure you can only access your own data
  • Webhook verification: Payment webhooks are verified using cryptographic signatures
  • Input sanitization: User inputs are sanitized to prevent injection attacks
  • Rate limiting: API endpoints are rate-limited to prevent abuse

While no system is 100% secure, we take reasonable measures to protect your personal information from unauthorized access, alteration, or destruction.

Data Retention

We retain your data for as long as your account is active. Your daily readings, AI responses, and compatibility readings are stored so you can revisit them. If you delete your account, all of your personal data is permanently deleted from our systems.

Data that may persist after deletion: Payment processor records maintained by Stripe, RevenueCat, and Apple are subject to their respective retention policies. Backup copies may persist for a limited time in accordance with our database provider's backup schedule.

Your Rights

Regardless of where you live, we provide the following rights to all Luminas users:

  • Access — You can view all the data we store about you within the app (your profile, chart, readings, and purchase history).
  • Correction — You can update your profile information at any time through the app.
  • Deletion — You can delete your account and all associated data from the Profile settings screen. This action is permanent and cannot be undone.
  • Portability — You can request a copy of your data by contacting us at support@luminas.cc.
  • Opt out of notifications — You can disable push notifications at any time through your device settings or within the app.

California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information. Specifically:

  • We do not sell your personal information. We have not sold personal information in the preceding 12 months and have no plans to do so.
  • We do not share your personal information for cross-context behavioral advertising.
  • You have the right to know what personal information we collect, request its deletion, and not be discriminated against for exercising your rights.

To exercise any of these rights, email us at support@luminas.cc.

European Residents (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) grants you additional rights. Our legal basis for processing your personal data is:

  • Contract performance — Processing your birth data and generating readings is necessary to provide the service you signed up for.
  • Consent — For optional features like push notifications, you can opt in or out at any time.
  • Legitimate interest — For basic operations like fraud prevention and service security.

You have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to processing and to lodge a complaint with your local data protection authority. To exercise your rights, contact us at support@luminas.cc.

Children's Privacy

Luminas is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@luminas.cc.

Cookies and Local Storage

We use essential cookies and local storage for authentication (keeping you signed in) and remembering your theme preference. We do not use third-party tracking cookies or analytics cookies that identify you personally. Vercel Analytics collects anonymous, aggregated usage data (page views, performance metrics) with no personally identifiable information.

Push Notifications

If you opt in to push notifications, we may send you:

  • Daily reading notifications — a brief summary of your daily astrology reading
  • Weekly forecast notifications — weekly astrological forecast alerts
  • Transit alerts — notifications about significant planetary transits affecting your chart
  • Trial reminders — a reminder before your free trial ends (sent on day 5 of your 7-day trial)

You can disable push notifications at any time through your device's notification settings or within the app.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and third-party service providers are located. These countries may have data protection laws that differ from those in your country.

By using the Service, you consent to the transfer of your information to these countries. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

Data Breach Notification

In the unlikely event of a data breach that compromises your personal information, we will:

  • Investigate promptly and take steps to contain the breach
  • Notify affected users via email within 72 hours of becoming aware of the breach, where feasible
  • Provide details about what information was affected and what steps you can take to protect yourself
  • Notify relevant regulatory authorities as required by applicable law

Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through the app or by email. The "Effective date" at the top of this page indicates when the policy was last updated.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Luminas
Email: support@luminas.cc
Website: luminas.cc