Privacy Policy

Last Updated: April 2025

Lumyna ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our spiritual guidance application and website (the "Service").

1. Information We Collect

We collect the following categories of personal information:

• Account Information: Email address or phone number, password (stored as a cryptographic hash), and optional nickname and birthday.
• Usage Data: Dream descriptions and oracle questions you submit for interpretation.
• Reading Records: Interpretations, hexagram results, and tarot readings you choose to save.
• Payment Information: Subscription status and Stripe customer ID (we do not store credit card numbers — Stripe handles payment processing).
• Technical Data: IP address, browser type, language preferences, and access timestamps.

2. How We Use Your Information

• To provide dream interpretation and oracle reading services
• To authenticate your account and maintain session security
• To deliver personalized daily fortune readings based on your birth date
• To process subscription payments through Stripe
• To improve our AI models and service quality
• To send service-related communications (no marketing without consent)
• To enforce our Terms of Service and prevent fraud

3. AI Processing

Dream descriptions and oracle questions you submit are processed by Anthropic's Claude AI to generate interpretations. By using our Service, you consent to your dream and oracle inputs being transmitted to Anthropic's API for processing. Anthropic's privacy policy governs that processing. We do not use your inputs to train AI models.

4. Data Sharing

We do not sell your personal information. We share data only with:

• Stripe — payment processing (governed by Stripe's Privacy Policy)
• Anthropic — AI interpretation (governed by Anthropic's Privacy Policy)
• Railway — cloud hosting infrastructure
• Law enforcement when required by law

5. Do Not Sell My Personal Information (CCPA)

6. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. Reading records are retained until you delete them or close your account. You may delete individual records within the app at any time.

7. Security

We use industry-standard security measures including bcrypt password hashing (12 rounds), JWT authentication with HS256 signatures, HTTPS-only transmission, and SQL injection prevention. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at adelody@lumyna.io.

9. International Data Transfers

Our servers are hosted by Railway in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States. By using our Service, you consent to this transfer.

10. Your Choices

• Account Deletion: Contact adelody@lumyna.io to request account deletion.
• Data Export: Contact us to request an export of your personal data.
• Language: Change your language preferences within the app Settings.
• Subscription: Cancel your subscription anytime through the Settings page or Stripe Customer Portal.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last Updated" date above. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or your personal data, please contact us:

Email: adelody@lumyna.io

---

© 2025 Lumyna. All rights reserved.