Privacy Policy · Lumora

Last updated: April 2026

This Privacy Policy describes how Lumora (“we”, “our”, or “us”) collects, uses, and protects your personal information when you use our AI-powered storytelling platform. By using Lumora, you agree to the practices described here.

1. Information we collect

Account data. Email, full name (if provided), and password hash when you register, or profile information returned by Google OAuth when you sign in with Google.
Content you create. Prompts, character definitions, synopses, chapters, comic scripts, and any other material you generate or upload in the product.
Usage data. Tokens consumed, feature usage, timestamps, error logs, and diagnostic information.
Billing data. Purchase receipts and subscription state; payment details are handled exclusively by our payment processor (LemonSqueezy) — we never store card numbers.

2. How we use your information

To operate and improve Lumora, including rendering your workspace and generations.
To provide customer support and respond to your inquiries.
To process token purchases and subscriptions through our payment processor.
To comply with legal obligations and prevent abuse.

3. AI generation and your content

When you run a generation step, we transmit the relevant inputs (your characters, synopses, outlines, etc.) to our AI providers strictly to produce the requested output. We do not grant AI providers a license to use your content for training, and we retain full control of your workspace data.

You retain ownership of all content you create on Lumora. You are responsible for ensuring your prompts and generated content comply with applicable laws and do not infringe third parties’ rights.

4. Sharing of information

We share information only with:

Our infrastructure and AI providers under confidentiality obligations.
Our payment processor for the purpose of completing your purchase.
Authorities when required by law, court order, or to protect our rights.

We do not sell your personal information.

5. Your rights (GDPR)

If you are in the EU / EEA, you have the right to:

Access, correct, or export your personal data.
Request deletion of your account and data (subject to legal obligations).
Object to or restrict certain processing.
Lodge a complaint with your data protection authority.

To exercise these rights, contact us at gabrbl.dev@gmail.com.

6. Data retention

We retain your account and content for as long as your account is active. When you delete your account, we delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., tax records).

7. Security

We apply industry-standard safeguards including encryption in transit (TLS), encrypted storage at rest, scoped access tokens, and auditing. No system is perfectly secure — please report any suspected incidents to gabrbl.dev@gmail.com.

8. Cookies

We use essential cookies to keep you signed in, to remember your language preference (the NEXT_LOCALE cookie), and to operate basic product functionality. We do not use third-party advertising cookies.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via the product or by email. The “Last updated” date at the top reflects the current version.

10. Contact

Any questions about this policy? Email gabrbl.dev@gmail.com.