Privacy Policy
Last updated: June 2026
1. Introduction
Luminoly (“we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website and application (collectively, the “Service”).
We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Controller
Luminoly is the data controller responsible for your personal data. If you have any questions about this policy or our data practices, you can contact us at:
Email: privacy@luminoly.com
3. Data We Collect
We collect the following categories of personal data:
Account data
Name, email address, password (hashed), country, timezone, and language preference — collected when you register.
Financial data
Income, expenses, budgets, goals, debts, investment holdings, and net worth entries — provided by you when using the Service.
Bank account data
When you use the bank sync feature, we receive transaction data and account balances from your bank via PSD2-compliant APIs. We never receive or store your banking credentials.
Usage data
Pages visited, features used, and interaction logs — used to improve the Service and for support purposes.
Payment data
Subscription and billing information is processed by Stripe. We do not store full payment card details.
Communications
Messages you send us via the contact form or email.
4. Legal Basis for Processing
We process your personal data under the following legal bases:
- Contract performance — to provide the Service you have signed up for.
- Legitimate interests — to improve the Service, prevent fraud, and ensure security.
- Legal obligation — to comply with applicable laws and regulations.
- Consent — for optional communications such as marketing emails (you may withdraw consent at any time).
5. How We Use Your Data
- To provide, maintain, and improve the Service.
- To process subscription payments via Stripe.
- To sync bank transactions via Enable Banking's PSD2 API.
- To generate AI-powered financial insights using the Claude API (data is not used to train AI models).
- To send transactional emails (e.g., account confirmation, billing receipts).
- To respond to support requests.
- To detect and prevent fraudulent or abusive activity.
6. Third-Party Service Providers
We work with the following trusted third-party processors. Each is bound by data processing agreements and GDPR obligations:
| Provider | Purpose |
|---|---|
| Supabase | User authentication and database hosting |
| Stripe | Payment processing and subscription management |
| Enable Banking | PSD2 bank account connectivity (EU banks) |
| Anthropic (Claude) | AI-powered financial insights generation |
| Sentry | Error monitoring and crash reporting |
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal, accounting, or fraud prevention purposes.
8. Your Rights (GDPR)
Under GDPR, you have the following rights:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure — request deletion of your personal data (“right to be forgotten”).
- Right to restriction — request that we limit how we use your data.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interests.
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at privacy@luminoly.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.
9. Cookies
We use cookies and similar technologies to maintain your session, remember your preferences, and analyse usage. You can control cookie settings through your browser. Disabling certain cookies may affect functionality of the Service.
10. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. All data is transmitted over HTTPS. Passwords are hashed using industry-standard algorithms.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page and notify you by email if the changes are material.
12. Contact
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@luminoly.com.