Privacy Policy

Lumina is a business operating platform built for learning businesses — course creators, bootcamps, and coaching programs. Our registered entity is Lumina Technologies Ltd. References to "Lumina", "we", "us", or "our" in this policy refer to Lumina Technologies Ltd.

If you have questions about this policy, contact us at privacy@lumina.co.

We collect the following categories of personal data:

Account data: When you register, we collect your name, email address, and password (stored as a salted hash — we never store plain-text passwords).

Business data: Information you provide about your learning business, such as your business name, payment gateway credentials (encrypted at rest using AES-256-GCM), and platform configuration.

Contact data: Details of contacts (students, clients) that you import or create within Lumina — names, emails, phone numbers, tags, and custom metadata. You are the data controller for this information; we process it on your behalf.

Usage data: How you interact with the Lumina platform — pages visited, features used, actions taken. Collected via server logs and first-party analytics.

Communication data: Emails, support messages, and form submissions you send to us.

Payment data: We do not store card numbers or full payment credentials. Payments are processed by Paystack and Stripe. We store transaction identifiers and metadata returned by those processors.

We use personal data to:

- Provide, operate, and improve the Lumina platform - Process payments and issue invoices - Send transactional emails (account confirmations, password resets, billing receipts) - Respond to support requests and enquiries - Detect and prevent fraud or abuse - Comply with legal obligations

We do not sell your data or your contacts' data to third parties. We do not use your contacts' data to market our own services to them.

If you are located in the European Economic Area or the United Kingdom, our legal bases for processing personal data are:

- Contract: Processing necessary to deliver the Lumina service you have subscribed to. - Legitimate interests: Analytics and security monitoring, where these interests are not overridden by your rights. - Legal obligation: Compliance with applicable laws (e.g., tax record-keeping). - Consent: Where we have asked for and received your explicit consent (e.g., marketing communications).

All data is stored on servers located in the European Union. We use industry-standard measures to protect your data:

- All data in transit is encrypted via TLS 1.2+ - Payment gateway credentials stored in Lumina are encrypted at rest using AES-256-GCM with envelope encryption - Database backups are encrypted and retained for 30 days - Access to production systems is restricted to authorised personnel and protected by multi-factor authentication

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we take it seriously and respond promptly to any incidents.

When you use Lumina to store and communicate with your contacts (students, clients), you act as the data controller and we act as a data processor on your behalf. We process that data only as instructed by you through your use of the platform.

By using Lumina, you agree to our Data Processing Agreement (DPA), which is incorporated into our Terms of Service. You are responsible for ensuring you have a lawful basis to process your contacts' data and for maintaining your own privacy notices with them.

Lumina integrates with the following third-party processors who may receive personal data:

- Paystack (payment processing — Nigeria and Africa) — paystack.com/privacy - Stripe (payment processing — global) — stripe.com/privacy - SendGrid / Mailgun / AWS SES / Brevo (email delivery, configured by you) — subject to your own agreements with these providers - Vercel (hosting and edge infrastructure) - Upstash / Redis (job queue infrastructure)

We select processors who provide appropriate data protection guarantees.

We retain your account data for as long as your subscription is active, plus 90 days after cancellation to allow reactivation. After that window, data is permanently deleted.

Contact records (your students and clients) are deleted on the same schedule, or immediately if you delete them through the platform.

Certain records may be retained longer where required by law (e.g., invoice records retained for 7 years for tax purposes).

Depending on your location, you may have the following rights:

- Access: Request a copy of the personal data we hold about you - Correction: Request that inaccurate data be corrected - Deletion: Request that your data be deleted (subject to legal retention requirements) - Portability: Receive your data in a machine-readable format - Restriction: Request that we restrict processing of your data - Objection: Object to processing based on legitimate interests - Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, email privacy@lumina.co. We will respond within 30 days.

We use the following cookies:

- Essential cookies: Required for authentication and session management. Cannot be disabled. - Analytics cookies: First-party analytics to understand how the platform is used. You can opt out via your account settings.

We do not use third-party advertising cookies or cross-site tracking.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of Lumina after the effective date constitutes acceptance of the updated policy.

For privacy-related enquiries, contact our team at:

Email: privacy@lumina.co Postal: Lumina Technologies Ltd, Lagos, Nigeria

For EU/UK residents: if you believe we have not adequately addressed your complaint, you have the right to lodge a complaint with your local data protection authority.