This Privacy Policy explains how Lumora ("we," "us," or "our") collects, uses, and protects information when you use our Service. We are committed to keeping your data minimal and your images private.
| Data | Why we collect it | Stored? |
|---|---|---|
| Google account email & name | Identity / authentication | Yes — in database |
| Credit balance | Track purchased & used credits | Yes — in database |
| Payment metadata | Confirm successful purchase | Session ID only — no card data |
| Images you upload | Watermark removal processing | No — discarded after processing |
We do not sell, rent, trade, or otherwise share your personal information with third parties for marketing purposes.
Images you upload are transmitted securely to our server solely for the purpose of watermark removal. They are processed by Google Cloud Vertex AI (Imagen 3) and immediately discarded — we do not write your images to persistent storage, index them, or use them for any secondary purpose including AI model training.
Lumora uses the following third-party services, each with their own privacy practices:
Lumora uses browser localStorage (not cookies) to store your authentication session token provided by Supabase. This token allows you to remain signed in across sessions. It is stored locally on your device and is never shared with third parties. You can clear it at any time by signing out or clearing your browser's site data.
Your account data (email, credit balance) is retained for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us. Payment records may be retained as required by applicable financial regulations.
We use industry-standard security practices including HTTPS/TLS for data in transit and rely on Supabase's secure infrastructure for data at rest. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
The Service is not directed at children under 18. We do not knowingly collect personal information from minors. If you believe a child has provided us with personal information, please contact us immediately.
Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data. To exercise any of these rights, contact us at the address below. We will respond within 30 days.
We may update this Privacy Policy from time to time. Changes will be posted on this page with a revised "Last updated" date. Your continued use of the Service constitutes acceptance of the updated policy.