Privacy Policy
Last Updated: May 2026
Lumyna ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our spiritual guidance application and website (the "Service"). The Service is for entertainment and wellness reflection only — not medical, psychological, financial, or legal advice.
1. Information We Collect
We collect the following categories of information:
- Account Information (linked to you): Email address or phone number, password (stored as a cryptographic hash), and optional nickname and birthday.
- User Content (linked to you): Dream descriptions, oracle questions, and saved interpretations (I Ching, tarot, daily oracle).
- Voice Input (linked to you when you use the feature): If you use optional voice input, a short audio recording is transmitted to our servers for speech-to-text conversion. Audio is not stored after processing; only the resulting text is used like typed input.
- Purchase Information (linked to you): Subscription status, plan type, and validated in-app purchase or payment metadata (Apple/Google receipt IDs on mobile; Stripe customer ID on web). We do not store full payment card numbers.
- Product Interaction / Analytics (not linked to your account): An anonymous
visitor_id, platform (app or web), language, page or screen identifiers, and event types (e.g. page access, feature entry) to understand usage. These events are not stored with your email or user ID.
- Technical Data: IP address, user agent, and access timestamps (e.g. for security, rate limiting, and visitor analytics).
- Crash Diagnostics (if enabled in our apps): Crash stack traces and optional numeric user ID via Sentry when you are signed in. We do not send email or phone to Sentry.
2. How We Use Your Information
- To provide dream interpretation and oracle reading services
- To authenticate your account and maintain session security
- To deliver personalized daily fortune readings based on your birth date
- To process subscriptions (Apple App Store, Google Play, or Stripe on web)
- To improve reliability and product experience (anonymous usage analytics; crash reports if enabled)
- To send service-related communications (no marketing without consent)
- To enforce our Terms of Service and prevent fraud
We do not use your dream or oracle inputs to train third-party AI models.
3. AI Processing
Dream descriptions and oracle questions you submit are processed by Anthropic's Claude AI to generate interpretations. By using our Service, you consent to your dream and oracle inputs being transmitted to Anthropic's API for processing. Anthropic's privacy policy governs that processing. On our paid API plan, Anthropic does not use your content to train its models.
4. Data Sharing
We do not sell your personal information. We do not use your data for cross-app advertising tracking. We share data only with:
- Stripe, Inc. — payment processing on the web (governed by Stripe's Privacy Policy). We store only your Stripe customer ID and subscription status; full payment card data never reaches our servers.
- Apple Inc. — in-app purchases on iOS via App Store / StoreKit (governed by Apple's Privacy Policy). Apple handles billing for iOS subscriptions; we receive only validated receipt metadata.
- Google LLC — in-app purchases on Android via Google Play Billing (governed by Google's Privacy Policy). Google handles billing for Android subscriptions; we receive only validated purchase tokens.
- Anthropic PBC — AI dream and tarot interpretation via the Claude API (governed by Anthropic's commercial terms and Privacy Policy).
- Resend, Inc. — transactional email (registration OTP, account deletion codes).
- Hugging Face, Inc. — distribution of the open-source BERT model file to our server only; no user content is sent to Hugging Face.
- Railway Corp. — cloud hosting (Node.js, Python, PostgreSQL) in the United States.
- Sentry (Functional Software, Inc.) — optional crash reporting in our mobile apps when enabled; governed by Sentry's Privacy Policy.
- Law enforcement when required by valid legal process.
5. Do Not Sell My Personal Information (CCPA)
Under the California Consumer Privacy Act (CCPA), California residents have the right to:
- Know what personal information we collect and how it is used
- Request deletion of your personal information
- Opt out of the sale of personal information (we do not sell personal information)
- Non-discrimination for exercising your privacy rights
To exercise these rights, contact us at adelody@lumyna.io. We will respond within 45 days.
6. Data Retention
We retain your account data for as long as your account is active or as needed to provide the Service. Specifically:
- Account record: retained until you delete the account.
- Reading records: retained until you delete them or delete the account.
- Visitor analytics events: retained for operational analysis (typically up to 24 months, then aggregated or purged).
- Payment audit log: retained for 7 years for tax / accounting compliance; anonymized on account deletion.
- Email OTP codes: expire after 10 minutes and are purged within 24 hours.
- Security audit logs: retained up to 90 days.
- Voice audio: not retained after speech-to-text processing.
7. Security
We use industry-standard security measures including bcrypt password hashing (12 rounds), JWT authentication with HS256 signatures, HTTPS-only transmission, and SQL injection prevention. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
8. Children's Privacy
The Service is intended for users aged 12 and older and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at adelody@lumyna.io.
9. International Data Transfers
Our servers are hosted by Railway in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States. By using our Service, you consent to this transfer.
10. Your Choices and Rights
- Account Deletion (in-app): Lumyna app → Settings → Delete My Account (email OTP + type DELETE).
- Account Deletion (web): https://lumyna.io/delete-account.html
- Account Deletion by email: adelody@lumyna.io from your registered address (within 30 days).
- Data Export: Contact adelody@lumyna.io.
- Subscription Cancellation:
- Web (Stripe): Settings → Manage Subscription → Stripe Customer Portal.
- iOS: Settings → Apple ID → Subscriptions → Lumyna.
- Android: Google Play → Payments & subscriptions → Subscriptions → Lumyna.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last Updated" date above. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
Email: adelody@lumyna.io
© 2025 Lumyna. All rights reserved.