Privacy Policy

User Preferences: Display name, theme preferences, language settings, and other preferences you configure while using the platform. This data is stored locally in your browser.

Wellness Data: Self-reported mood entries, journal content, wellness goals, meditation and breathing exercise activity, game progress, and wellness scores you voluntarily submit.

AI Interaction Data: Conversations with Luma Core AI, prompts, responses, feedback ratings, and conversation metadata (timestamps, session duration).

Usage Data: Pages visited, features used, time spent on platform, click patterns, device information (browser type, operating system), IP address, and general geolocation (country/region level).

Technical Data: Cookies, local storage data, session identifiers, error logs, and performance metrics necessary for platform operation.

Communication Data: Support requests, feedback submissions, and any correspondence you send to us.

We use your personal information for the following purposes:

• Service Delivery: To provide, maintain, and improve the Lumavine wellness platform and its features
• Personalization: To customize your wellness experience, provide relevant content recommendations, and track your progress
• AI Improvement: To train and improve our AI models, enhance Luma Core responses, and develop new features (using anonymized/aggregated data where possible)
• Communication: To send service updates, respond to inquiries, and provide customer support
• Analytics: To understand usage patterns, measure platform performance, and conduct research to improve our services
• Security: To detect, prevent, and address fraud, abuse, security incidents, and technical issues
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests

We do NOT sell your personal data to third parties. We do not share your data with advertisers for targeted advertising purposes.

For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions with similar data protection laws, we process your data based on the following legal grounds:

• Contractual Necessity: Processing necessary to provide you with our services as outlined in our Terms of Service
• Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications, optional data sharing)
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services, fraud prevention, and platform security, balanced against your rights and freedoms
• Legal Obligation: Processing necessary to comply with applicable laws and regulations

You may withdraw consent at any time for processing based on consent, without affecting the lawfulness of processing based on consent before its withdrawal.

Depending on your location, you may have the following rights under applicable privacy laws including GDPR (EU), CCPA/CPRA (California), and other state/national privacy regulations:

How to Exercise Your Rights: Submit a verifiable request via email to support@lumavine.ai. We will respond within 30 days (or 45 days for complex requests, with notice). California residents may also designate an authorized agent to make requests on their behalf.

Lumavine uses cookies and similar technologies to enhance your experience, analyze usage, and provide core functionality. Below are the types of cookies we use:

Managing Cookies: You can control cookies through your browser settings. Disabling essential cookies may impact platform functionality. Most browsers allow you to refuse cookies, delete existing cookies, or receive alerts before cookies are set. Note that some features may not function properly without cookies.

Do Not Track: Lumavine honors Do Not Track (DNT) browser signals. When DNT is enabled, we limit data collection to essential operations only.

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy:

• User Preferences: Stored locally in your browser. You can clear this data at any time through your browser settings
• Wellness Data: Stored locally in your browser. Deleted when you clear your browser data or upon specific request
• AI Conversation Logs: Retained for 90 days for quality assurance, then anonymized for model improvement or deleted
• Usage Analytics: Aggregated and anonymized data retained for up to 3 years for trend analysis
• Support Communications: Retained for 2 years for quality assurance and legal purposes
• Legal Compliance: Certain data may be retained longer if required by law or for legitimate legal purposes (e.g., dispute resolution, fraud prevention)

After the retention period, data is securely deleted or irreversibly anonymized. You may request earlier deletion by contacting us.

Lumavine is based in Canada. If you access our services from outside Canada, your data may be transferred to, stored, and processed in Canada or other countries where our service providers operate.

For transfers from the EEA, UK, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs): EU-approved contractual terms ensuring adequate data protection
• Data Privacy Framework: Where applicable, certification under the EU-U.S. Data Privacy Framework
• Supplementary Measures: Additional technical and organizational safeguards as needed

By using Lumavine, you consent to the transfer of your data to Canada and other jurisdictions as described herein.

Lumavine is intended for users 18 years of age and older. We do not knowingly collect personal information from children under 18. If you are under 18, please do not use Lumavine or provide any personal information.

If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as quickly as possible. If you believe we may have collected information from a child under 18, please contact us immediately at support@lumavine.ai.

Parents and guardians: If you become aware that your child has provided us with personal information without your consent, please contact us so we can take appropriate action.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption: TLS 1.3 encryption for data in transit; AES-256 encryption for data at rest
• Access Controls: Role-based access controls and authentication requirements
• Infrastructure: Secure cloud hosting with SOC 2 Type II certified providers
• Monitoring: Continuous security monitoring, vulnerability scanning, and incident response procedures
• Data Protection: Local browser data is protected by the browser's built-in security model

While we strive to protect your data, no method of transmission or storage is 100% secure. If you have any security concerns, please contact us immediately.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes:

• We will update the "Last Updated" date at the top of this policy
• We will notify you via email and/or a prominent notice on our platform
• For significant changes, we may request your renewed consent

We encourage you to review this policy periodically. Your continued use of Lumavine after changes take effect constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about our data practices, please contact us:

Supervisory Authority: Canadian residents may file a complaint with the Office of the Privacy Commissioner of Canada. EU residents have the right to lodge a complaint with their local data protection supervisory authority if they believe their data protection rights have been violated.