Privacy Policy

This Privacy Policy explains what data Luminum collects, how we use it, and the controls you have over your information. We've kept this in plain English where we can. Where the law requires specific phrasing, we'll say so.

If you don't agree with how we handle data, please don't use Luminum. By signing up or continuing to use the site, you agree to this policy.

1. What we collect # Copied!

We collect the minimum information needed to operate the platform:

• Account data. Email address, chosen username, and a hashed password (or Google OAuth identifier if you sign in with Google).
• Profile fields you provide. First name, last name, profile description ("bio"), occupation, metro area, avatar selection. These are optional except first / last name.
• Activity records. Questions you ask, advice you give, ratings, stars, bookmarks, blocks, reports, tip transactions, credit-ledger entries.
• Login events. Timestamps and IP addresses for successful sign-ins, used for security and forensic review.
• Payment metadata. When you buy credits or a membership pass via Stripe, we store the Stripe transaction identifiers needed for receipts and refunds. We do not store credit-card numbers. Card data is handled directly by Stripe under their PCI-compliant infrastructure.
• Communication preferences. Whether you've opted in or out of optional notifications.

2. How we use your data # Copied!

We use the data above to:

• Operate the platform — sign you in, render the site, process payments, deliver questions and advice to the right people.
• Enforce the Terms of Use, including content moderation, ban / suspension decisions, and abuse-pattern detection.
• Send transactional emails (sign-in links, pass confirmations, gift notifications). These are not marketing emails.
• Aggregate anonymized statistics to monitor platform health (counts of active members, advice given, etc.). These statistics never identify individual users.

We do not sell your data. We do not share it with advertisers or data brokers. We do not use your activity to build a profile for advertising purposes.

3. Third parties we share with # Copied!

We share the minimum data necessary with a small set of vetted service providers:

• Stripe — payment processing. Stripe receives your payment-method details directly (we never touch them) and your email address for receipts. See Stripe's privacy policy.
• Google — OAuth sign-in (optional). If you sign in with Google, we receive your email and a Google identifier. We don't receive your contacts, documents, or any other Google-account data. See Google's privacy policy.
• Email delivery provider. Transactional emails go through a third-party SMTP service. They process the email content briefly to deliver it and don't retain or analyze the contents.
• Hosting infrastructure. Our servers run on standard cloud infrastructure. Operational logs (uptime, error reports) may be processed by these providers but contain no member content.

We do not share your data for any purpose other than running Luminum. If we ever added a new third-party integration that materially changed this, we'd update this policy and notify members.

4. Cookies and sessions # Copied!

Luminum uses cookies for two purposes only:

• Session cookies — keep you signed in. Required for the site to work.
• CSRF cookies — protect against cross-site request forgery attacks. Required for form submissions to work safely.

We do not use tracking cookies, advertising pixels, fingerprinting scripts, or any cross-site analytics tools that follow you across the web.

5. What's public vs. private # Copied!

Some of your activity is public by design:

• Public: your username, your bio fields (occupation, metro, description), your closed questions and posted advice, your public mentor score.
• Anonymous until close: the author of an open question is hidden from other members until the question closes (this is the platform's design — it keeps advice unbiased while the question is live).
• Private: your email address, login events, payment history, block list, ratings you've given, stars you've placed, internal moderation decisions about your content, and your real first / last names.

6. Data retention # Copied!

We retain account data for as long as your account is active. When you close your account:

• You enter a 30-day grace period during which the account can be restored.
• After 30 days, your username and email are released, your credit balance is forfeited, your block list is cleared, and personal fields (name, bio, occupation, metro) are nulled.
• Content you posted (questions, advice) may be preserved in anonymized form as part of the platform's historical record, especially when other members rated or interacted with it.
• Transactional records (payment history, ledger entries) are retained for at least 7 years for legal and tax purposes.

7. Security # Copied!

We follow standard security practices: passwords are hashed using bcrypt, all traffic uses HTTPS, payment data is handled by Stripe and never touches our servers, we monitor login events for anomalies, and we apply software updates promptly.

No system is perfectly secure. If we ever experience a data breach affecting your personal information, we'll notify you in accordance with applicable law.

8. Your controls # Copied!

You can:

• Edit your profile fields any time from My Account.
• Block other members so neither of you sees the other's content.
• Close your account at any time from My Account.
• Request a copy of your account data by contacting Support. We'll provide it in a portable format within 30 days.
• Request that we delete your data, beyond what closure already does, by contacting Support. Some records (e.g. transactional history required for tax purposes) may be retained even after a deletion request.

9. Children's privacy # Copied!

Luminum is for users 18 and older. We do not knowingly collect data from children under 13. If you believe a child has provided personal information to us, contact Support and we'll delete it.

10. International users # Copied!

Luminum is operated from the United States. If you use the site from outside the US, your data is transferred to and processed in the US. By using the site, you consent to that transfer.

If you're in a jurisdiction with specific privacy rights (GDPR in the EU/UK, CCPA in California, PIPEDA in Canada, and similar regimes elsewhere), you may have rights including access, correction, deletion, portability, and objection to processing. You can exercise any of these rights by contacting Support.

11. Changes to this policy # Copied!

We may update this policy as Luminum evolves. When we make material changes, we'll update the "Last updated" date at the top and post a notice on the site. Continued use after a change means you accept the updated policy.

12. Contact # Copied!

Questions about your data, privacy concerns, or rights requests: Support.

This policy reflects how a small, community-run platform actually handles your data. We try to collect less, share less, and delete more than the industry default.