Privacy Policy

Last updated: May 25, 2026

1. Who we are

Lumora (“we”, “us”, “our”) provides an AI-guided self-reflection experience that uses tarot card imagery to help users sit with their own questions. This policy explains what limited personal data we collect and how we handle it.

2. Information we collect

• Email address — provided when you sign in via a magic link.
• Readings — the question you type and the reflection text we generate, stored so you can revisit them.
• Usage counters — how many readings you have used today (to enforce the free quota).
• Account status — whether you have an active subscription and your remaining credit balance.

We never see, receive, or store your payment card details. Card data is handled solely by our payment processor (see §3).

3. Third parties we rely on

• Supabase (Singapore region) — authentication and database hosting. Processes your email and reading history on our behalf.
• Volcengine Ark (China) — generates the AI reflection text. We transmit only the cards drawn and the question text you typed; we do not send your email or any account identifier.
• Dodo Payments — our merchant of record for payments. When you purchase, you are redirected to Dodo’s hosted checkout. They receive your email, country, and payment details directly; we never see card numbers.

4. Cookies

We use first-party cookies only to keep you signed in. We do not use third-party advertising or tracking cookies on the application itself. Marketing pages may load analytics scripts that use cookies — those scripts are disclosed at the point of collection.

5. Data retention

Your account and stored readings remain until you ask us to delete them. To delete, email the address below; we will remove your account and associated data within 30 days.

6. Your rights

You may request a copy of the data we hold about you, or request its deletion. Email support@lumora.app and we will respond within 30 days.

7. International transfers

Data may be processed in Singapore (Supabase), mainland China (Volcengine Ark), and the regions where Dodo Payments operates. By using Lumora you consent to these transfers.

8. Children

Lumora is intended for users aged 18 and over. If you believe a minor has provided us personal data, contact us and we will remove it.

9. Changes

We may update this policy. Material changes will be notified via the email address on file. Continued use after notification means acceptance of the updated policy.

10. Contact

For any privacy question, email support@lumora.app.