Sign InSign Up

Policy

Privacy Policy

Here you can find what we collect, who sees it, and how to get it removed.

Last updated: May 27, 2026 at 4:00 PM PT

What we collect

When you create a LUMINA account or book an appointment, we store the following on our own servers:

  • Account basics. Name, email address, optional phone number, date of birth (used to confirm age for waiver purposes), optional mailing address.
  • Profile photo. If you upload one. Stored via Vercel Blob (US datacenters), served from a public URL only visible to you and Lumina staff in admin views.
  • Booking history. The classes and red light sessions you've booked, attended, cancelled, or no-showed, including timestamps and the staff/instructor involved.
  • Subscription + credit balances. Tier, billing cycle, remaining red light credits, free token state.

We do not store credit card numbers, bank details, or any payment-method data on our servers. All payment data flows directly through Stripe (see below).

Third parties we share data with

We use the following service providers to run Lumina. Each one receives only the data it needs to do its job.

Stripe

Their policy →

Payments + subscription billing

Your name, email, billing address (for tax purposes), and the card details you enter on the Stripe Checkout page. Lumina never sees the card number - Stripe handles it entirely. We do receive and store a Stripe customer ID + subscription/payment metadata so we can match payments to your account.

Google (OAuth login)

Their policy →

Optional sign-in via your Google account

If you sign in with Google we receive your name, email address, profile picture URL, and a Google account ID. We don't get access to your Gmail, Drive, contacts, or any other Google services.

Resend

Their policy →

Transactional email (booking confirmations, reminders, receipts)

Your name and email address are sent to Resend so we can deliver email. Resend doesn't use your data for marketing.

Neon

Their policy →

PostgreSQL database hosting (where all the above data lives)

Everything in 'What we collect' is stored in a Neon-hosted database in US datacenters. Encrypted at rest and in transit.

Vercel

Their policy →

Web hosting + serverless compute + blob storage

Every request to the Lumina site passes through Vercel infrastructure. They see request metadata (IP, user agent) for the duration of each request but don't durably store your personal data outside of the blob storage used for profile photos.

Cookies + sessions

We set a session cookie (HTTP-only, secure in production) when you sign in. That cookie is the only thing Lumina uses to identify you on follow-up requests. We don't use cookies for ad tracking, analytics, or any third-party purpose.

Stripe Checkout pages may set their own cookies for fraud prevention. Google's OAuth flow may set Google cookies in your browser during the sign-in handshake. Both are governed by those providers' respective policies (linked above).

How long we keep your data

  • Active accounts. As long as you have an account with us.
  • Booking history. Indefinitely while your account is active, so we can show you past sessions and so staff can reference your history.
  • Payment records. Retained as long as required by tax + accounting rules (typically 7 years in the US), independent of account deletion. Held in Stripe.

Your rights

You can ask us to:

  • See what we have on you. We'll export it and send it within 30 days.
  • Correct anything inaccurate. You can edit most of this yourself on the account page; for things you can't change (like name or email), email us.
  • Delete your account. We'll close it and purge personal data from our database. Past bookings and payment records are retained as anonymised statistics for operational purposes (e.g. capacity planning) and as required by law (payment records).
  • Opt out of marketing emails. Every marketing email has an unsubscribe link. Transactional emails (booking confirmations, password resets) can't be opted out of while you have an active account because they're part of the service.

Send requests to support@lumina-reno.com with the subject line "Privacy request."

Children

Lumina services are intended for adults (18+). We don't knowingly collect personal data from anyone under 13. If you believe a child has created an account, contact us and we'll delete it.

Changes to this policy

When we materially change what we collect or who sees it, we'll update the "Last updated" date at the top of this page.

Questions? Email support@lumina-reno.com or use the contact form. See also our cancellation policy.