Privacy Policy

1. Introduction

Lumina ("we," "our," or "us") operates at lumina.rest and provides spiritual consultation services, including astrology readings and intuitive guidance. We are committed to protecting your personal information and respecting your privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, in compliance with Singapore's Personal Data Protection Act 2012 (PDPA) and applicable data protection laws.

2. Data Controller Information

3. Personal Data We Collect

We collect the following types of personal information to provide our services:

• Contact Information: Name, email address, phone number (optional)
• Birth Data (for astrology services): Birth date, birth time, birth place
• Session Information: Selected service, booking date and time, session notes
• Session Mode: Video call, voice call, or text chat preference
• Payment Information: Processed securely through Stripe — we do not store your payment card details
• Communications: Messages you send us, email correspondence
• Text Chat Logs: For text chat sessions, conversation logs may be retained as session records
• Technical Data: IP address, browser type, device information for security and analytics

4. Purpose of Data Collection

We use your personal data for the following purposes:

• Service Provision: To schedule and conduct consultation sessions
• Booking Management: To manage appointments, send reminders, and handle rescheduling
• Payment Processing: To process payments securely via Stripe
• Astrology Preparation: To prepare natal charts and astrological analyses
• Communication: To respond to inquiries and send session-related information
• Service Improvement: To improve our services and customer experience
• Legal Compliance: To comply with legal obligations and protect our rights

5. Legal Basis for Processing

Under Singapore's PDPA, we process your personal data based on:

• Consent: When you voluntarily provide information and agree to our terms
• Contractual Necessity: To fulfill our service agreement and provide booked sessions
• Legitimate Interests: For service improvement, fraud prevention, and security purposes
• Legal Obligation: To comply with accounting, tax, and other legal requirements

6. Third-Party Services

We use trusted third-party services to operate our platform:

7. Data Retention Period

We retain your personal data for the following periods:

• Booking Records: 2 years from the session date (for service quality and dispute resolution)
• Payment Records: Per Stripe's retention policy (typically 7 years for accounting purposes)
• Email Communications: 3 years or until account deletion
• Website Analytics: Aggregated data only, retained for 26 months

After the retention period, your data is securely deleted or anonymized unless we are required by law to retain it longer.

8. Your Rights Under Singapore's PDPA

You have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Correct: Request correction of inaccurate or incomplete data
• Right to Withdraw Consent: Withdraw consent for data processing where consent is the legal basis
• Right to Deletion: Request deletion of your personal data, subject to legal and business obligations
• Right to Portability: Request your data in a portable, machine-readable format
• Right to Object: Object to processing based on legitimate interests

To exercise these rights, contact us at ask@lumina.rest. We will respond within 30 days.

9. Data Security Measures

We implement appropriate security measures to protect your data:

• Encryption of data in transit (TLS/SSL)
• Secure password hashing and authentication
• Access controls and authentication requirements
• Regular security assessments and updates
• Limited data access to authorized personnel only

Despite our measures, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Cookie Policy

We use minimal cookies essential for our service:

• Essential Cookies: Session management, authentication, and security (required)
• Functional Cookies: Remember your preferences and booking progress
• No Marketing Cookies: We do not use cookies for advertising or tracking purposes

You can manage cookies through your browser settings, but disabling essential cookies may affect website functionality.

11. International Data Transfers

Your information may be transferred to and processed in countries other than Singapore through our use of cloud-based service providers (Supabase, Vercel, Stripe, Resend, Google). These providers maintain data protection certifications including EU-US Data Privacy Framework and SOC 2 Type II compliance.

12. Children's Privacy

Our services are intended for individuals 18 years and older. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a child under 18, we will take steps to delete such information immediately.

13. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last updated" date. Continued use of our services after such changes constitutes acceptance of the updated policy.

14. Contact Us