Privacy Policy
Last updated: February 21, 2026
1. Who we are
Lumensis is operated by Curious Life, registered in Denmark. This policy explains how we collect, use, and protect your data when you use lumens.is.
2. Data we collect
Account data
When you sign in (via Google, GitHub, or magic link), we store your email address and a unique user ID. If you sign in with a password, we store a bcrypt hash — never the plaintext password.
Free analysis (browser-only)
The free analysis runs entirely in your browser. No conversation data is sent to our servers. We do not see, store, or process your files.
Paid analysis (server-processed)
When you purchase a neural analysis, your conversation file is uploaded to our servers, encrypted in transit (TLS) and at rest (Fernet symmetric encryption). The file is processed in a single session and raw data is deleted within 7 days. Only computed metrics and narrative interpretations are retained.
Payment data
Payments are processed by Stripe. We do not store your card details. We receive your email and payment confirmation from Stripe.
3. How we use your data
- To authenticate you and manage your account
- To process your conversation files and generate analysis results
- To send you your results via email (using Resend)
- To improve the service (aggregated, anonymised usage patterns only)
We do not sell your data, use it for advertising, or share it with third parties for marketing purposes.
4. Third-party services
| Service | Purpose | Data shared |
|---|---|---|
| Anthropic (Claude API) | Narrative generation and territory labelling | Conversation excerpts (processed in-session, not stored by Anthropic) |
| Cloudflare (R2, D1, Workers) | Encrypted result storage, user database, API proxy | Encrypted analysis results, email, user ID |
| Google Cloud Run | GPU processing for neural analysis | Uploaded files (in-memory, ephemeral) |
| Stripe | Payment processing | Email, payment details |
| Resend | Transactional email delivery | Email address, message content |
| Google Analytics | Anonymised site usage analytics | Page views, device info (no personal data) |
| Sentry | Error monitoring | Error context (no personal data sent) |
5. Data retention
- Free analysis: No data leaves your browser. Nothing is stored.
- Paid analysis (raw data): Encrypted conversation files are deleted within 7 days.
- Analysis results: Computed metrics and narratives are stored in your private, encrypted space. You can request deletion at any time.
- Account data: Stored until you request deletion.
6. Cookies and local storage
We use localStorage to store your authentication token (JWT). This is not a cookie but functions similarly. It is cleared when you log out.
We use IndexedDB temporarily to persist your uploaded file across the payment redirect flow. Files are auto-deleted after 1 hour.
Google Analytics uses cookies to collect anonymised usage data. You can opt out using a browser extension or by disabling cookies.
7. Your rights (GDPR)
If you are in the EU/EEA, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Delete your account and all associated data
- Export your analysis results
- Object to processing
- Withdraw consent at any time
To exercise any of these rights, contact hello@lumens.is. We will respond within 30 days.
8. Security
All data is encrypted in transit (TLS) and at rest (Fernet symmetric encryption). Our servers run on isolated, ephemeral instances. We follow security best practices including parameterised database queries, bcrypt password hashing, and JWT-based authentication with 24-hour expiry.
9. Children
Lumensis is not intended for anyone under the age of 18. We do not knowingly collect data from minors.
10. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email or a notice on the site.
11. Contact
Questions about your privacy? Contact us at hello@lumens.is.