LuminoBot

Privacy Policy

Last updated: February 20, 2026

This Privacy Policy describes how Lumino Labs LLC ("we," "us," or "our"), a New York limited liability company, collects, uses, and protects your personal information when you use the LuminoBot platform and related services (collectively, the "Service"). By using the Service, you agree to the collection and use of information as described in this policy.

1. Information We Collect

We collect different types of information depending on how you interact with the Service. Below is a detailed breakdown organized by data source.

Account Data (via Discord OAuth)

  • Discord username, display name, email address, and avatar URL
  • We do not access your Discord messages, friends list, or server memberships

Payment and Billing Data

  • Subscription payments are processed by Stripe. We do not store your billing card number, CVC, or billing address — Stripe handles this directly.
  • Stripe Customer ID is stored to link your account to your subscription

Checkout Profile Data (for Automation)

  • If you use the checkout automation features, you may provide: name, email, phone number, shipping address, and payment card details
  • Card numbers and CVVs are encrypted at rest using AES-256-GCM encryption
  • Card brand, last 4 digits, and expiry date are stored in plaintext for display purposes
  • Basic plan: card data is stored locally on your device using operating system encryption (Windows DPAPI)
  • Fully Managed plan: encrypted card data is stored on our servers and decrypted only during active checkout operations

Device and License Data

  • Machine fingerprint (a hash derived from hardware characteristics — we cannot reverse this to identify your specific hardware)
  • Machine name and operating system information
  • IP address (recorded during license activation and periodic heartbeats)
  • License activation and deactivation timestamps

Telemetry Data

  • Automation event types and timestamps (e.g., automation started, checkout completed)
  • Client software version and plugin configuration
  • Machine hostname

Screenshots

  • During automation, the desktop client may capture screenshots of the browser window
  • These screenshots are uploaded to our servers and may be used for model training to improve the Service
  • Screenshots of checkout or order confirmation pages may incidentally contain personal information visible on screen

Waitlist

  • Name, email address, and plan interest (if you join the waitlist)

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and operating the Service — including account management, checkout automation, and license enforcement
  • Processing payments through Stripe for subscription billing and plan management
  • Preventing abuse and enforcing license restrictions — including IP logging, machine fingerprinting, and rate limiting to ensure fair use
  • Improving the Service — including model training from automation screenshots and telemetry analysis to enhance detection accuracy and reliability
  • Communicating with you about your account, subscription status, or material changes to the Service

3. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Payment card data is encrypted with AES-256-GCM with unique initialization vectors per encryption operation
  • Authentication tokens and machine fingerprints are stored as SHA-256 hashes — the original values are not retained
  • All data is transmitted over HTTPS/TLS
  • Session tokens are encrypted, HTTP-only cookies
  • Access to personal data is restricted to authorized administrators

While we take reasonable steps to protect your information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of your data.

4. Third-Party Services

We share data with the following third parties only as necessary to operate the Service:

  • Stripe — payment processing. Stripe receives your email and name for customer records. Stripe's use of your data is governed by the Stripe Privacy Policy.
  • Discord — authentication. We receive your Discord profile information; Discord receives our OAuth callback. Discord's use of your data is governed by the Discord Privacy Policy.
  • Google AI / Anthropic — captcha solving. These services receive only captcha grid images and no personal data.
  • Amazon Web Services (S3) — screenshot and training data storage.

We do not sell your personal information to third parties.

5. Data Retention and Deletion

  • Account data is retained for the duration of your account
  • Deleting your account removes your user data, checkout profiles, orders, licenses, and associated records from our database
  • To request account deletion, contact support@lumino-labs.io
  • Screenshots stored in cloud storage may not be immediately deleted upon account deletion
  • Stripe customer records are retained per Stripe's data retention policies

6. Cookies

  • We use a single session cookie (set by NextAuth.js) to maintain your login state
  • This cookie is HTTP-only, secure, and cannot be accessed by JavaScript
  • We use Umami, a privacy-focused analytics service, to collect anonymous pageview data (pages visited, referrer, browser, country). Umami does not use cookies, does not collect personal information, and does not track individual users across sessions
  • We do not use advertising cookies or third-party tracking cookies

7. Children's Privacy

The Service is intended for users aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have collected data from a minor, we will take steps to delete that information promptly. If you believe that a child under 18 has provided us with personal information, please contact us at support@lumino-labs.io.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated via the email associated with your account or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

9. Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at:

support@lumino-labs.io
Lumino Labs LLC
New York