Privacy Policy

1. Who We Are

Luma Care ("we," "us," or "our") is a software service provider based in the Netherlands. We provide conversational support software designed specifically for beauty and aesthetic clinics.

For questions about this Privacy Policy or how we handle your data, please contact us at privacy@lumacare.app.

2. What Data We Collect

When you use Luma Care, we may collect the following types of personal data:

• Account Information: Your clinic's name, business email address, phone number, and billing details.
• Client Communication Data: Messages exchanged between your clinic's clients and the Luma Care assistant, including names, email addresses, phone numbers, and appointment-related information.
• Usage Data: Information about how you use our service, including IP addresses, browser type, device information, and interaction logs.
• Cookies and Tracking: We use essential cookies to maintain your session and may use analytics cookies with your consent.

3. Why We Collect This Data

We collect and process personal data for the following purposes:

• To provide and maintain our conversational support service
• To enable communication between your clinic and your clients
• To improve and optimize our service
• To ensure security and prevent fraud
• To fulfill our legal and regulatory obligations
• To communicate with you about service updates and support

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR) and Dutch implementation law (AVG), we process personal data based on the following legal grounds:

• Contractual Necessity: Processing is necessary to provide the service you have subscribed to.
• Legitimate Interest: We process certain data to improve our service, ensure security, and maintain business operations, balanced against your rights and freedoms.
• Legal Obligation: We process data to comply with applicable laws and regulations.
• Consent: Where required, we obtain your explicit consent (e.g., for marketing communications or non-essential cookies).

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law:

• Active Account Data: Retained for the duration of your subscription and up to 90 days after termination.
• Communication Logs: Retained for up to 12 months to enable service continuity and quality improvement.
• Billing Records: Retained for 7 years in accordance with Dutch tax and accounting regulations.

After the retention period, personal data is securely deleted or anonymized.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share data only in the following limited circumstances:

• Service Providers: We work with trusted third-party providers (such as hosting and infrastructure services) who process data on our behalf under strict data processing agreements.
• Legal Requirements: We may disclose data if required by law, court order, or to protect our legal rights.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity.

All third-party service providers are located within the European Economic Area (EEA) or have appropriate safeguards in place for international data transfers.

7. Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction:

• Data encryption in transit (TLS/SSL) and at rest
• Access controls and authentication mechanisms
• Regular security assessments and audits
• Employee training on data protection and confidentiality
• Incident response and breach notification procedures

While we strive to protect your data, no method of transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your account credentials.

8. Your Rights Under GDPR

Under GDPR and Dutch law, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
• Right to Restriction: Request that we limit how we use your data.
• Right to Data Portability: Receive your data in a structured, commonly used format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at privacy@lumacare.app. We will respond to your request within 30 days.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data appropriately.

9. Cookies and Analytics

We use cookies and similar technologies to provide and improve our service:

• Essential Cookies: Required for the service to function properly (e.g., session management, authentication).
• Analytics Cookies: Help us understand how you use our service to improve performance and user experience. These require your consent.

You can control cookies through your browser settings. Note that disabling essential cookies may affect your ability to use certain features.

10. Children's Privacy

Luma Care is intended for use by businesses and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through our service. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: