Privacy Policy

Last updated: February 2026

1. Introduction

Luma ("we", "us", "our") operates the website www.luma-stories.com and the Luma storytelling platform. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service.

Luma is designed for parents and guardians of children under 10. We take your privacy and your child's safety seriously.

2. Information We Collect

We collect the following information:

  • Account information: Email address, name (optional), and password (securely hashed).
  • Stories: The stories you generate, including themes, characters, and language preferences.
  • Usage data: Number of stories generated, story views, and feature usage.
  • Payment information: Processed securely by Stripe. We do not store credit card numbers.
  • Analytics: Anonymous page views and visitor data via Vercel Web Analytics.

3. Children's Privacy

Luma accounts are created by parents and guardians only. We do not knowingly collect personal information from children under 13. Children's names entered for story personalization are used solely for story generation and are stored only within the parent's account.

If you believe a child has provided us with personal information without parental consent, please contact us immediately and we will delete it.

4. How We Use Your Information

  • To create and manage your account.
  • To generate personalized stories using AI (OpenAI).
  • To generate audio narration of stories (OpenAI TTS).
  • To process subscription payments (Stripe).
  • To improve our service and fix issues.
  • To send password reset emails (Supabase Auth).

5. What We Do NOT Do

  • We do not sell your personal data to third parties.
  • We do not use your data for advertising.
  • We do not share your stories with other users unless you explicitly share them to Story Palace.
  • We do not track children or create profiles of children.

6. Third-Party Services

We use the following third-party services to operate Luma:

  • Supabase: Authentication, database, and file storage (EU/US servers).
  • OpenAI: Story generation and text-to-speech audio. Story text is sent to OpenAI for processing but is not used to train their models.
  • Stripe: Payment processing. Stripe handles all payment data securely under PCI DSS compliance.
  • Vercel: Hosting and anonymous web analytics.

7. Data Storage and Security

Your data is stored securely using Supabase with row-level security policies. Passwords are hashed and never stored in plain text. All data is transmitted over HTTPS. Audio files are stored in private cloud storage with signed URLs for access.

8. Data Retention and Deletion

Your account data and stories are retained as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us at support@luma-stories.com. Upon deletion, your stories, audio files, playlists, and personal information will be permanently removed.

9. Cookies

Luma uses essential cookies for authentication (session management). We use Vercel Web Analytics which is privacy-friendly and does not use cookies for tracking. We do not use advertising cookies.

10. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Export your data in a portable format.
  • Withdraw consent at any time.

To exercise these rights, contact support@luma-stories.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. The "Last updated" date at the top reflects the most recent revision.

12. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:
support@luma-stories.com