LumoraBack to site
Placeholder, not yet live. The operator details on this page are placeholders. Fill them in lib/site.ts and set LEGAL_DETAILS_FILLED = true before release. This notice disappears once done. (Template only, have it reviewed by a lawyer.)

Legal

Datenschutzerklärung

Privacy policy under the GDPR / DSGVO. We keep data collection to the minimum needed to run a private beta.

1. Controller (Verantwortlicher)

[ OPERATOR NAME: full legal name or company ] [ STREET & NUMBER ] [ POSTAL CODE & CITY ] Germany

Email: [ contact@yourdomain ]

2. What we collect & why

Waitlist email

When you join the waitlist, we store the email address you submit, plus the time of submission. Purpose: to contact you about private-beta access. Legal basis: your consent (Art. 6(1)(a) GDPR), given when you submit the form. You can withdraw it at any time (see section 6).

Invite code & access cookie

When you redeem an invite code, we set one essential cookie (lumora_access) so the gated terminal knows you are an approved beta user. It contains a signed expiry value only (no tracking, no personal data) and expires after 30 days. Legal basis: our legitimate interest in securing the private beta (Art. 6(1)(f) GDPR); as a strictly necessary cookie it does not require prior consent (§ 25(2) TDDDG). We do not use analytics, advertising, or tracking cookies.

Server logs

Our hosting provider may process technical access data (IP address, timestamp, user agent) to deliver and secure the site. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

3. Processors & hosting

We use the following service providers, bound by data-processing agreements:

  • Hosting: [ HOSTING PROVIDER: e.g. Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA ]
  • Database: Supabase, Inc., 970 Toa Payoh North #07-04, Singapore 318992 (database, waitlist + invite codes)

Where a processor is located outside the EU/EEA, the transfer is safeguarded by the EU Standard Contractual Clauses or an equivalent mechanism.

4. Retention

We keep waitlist emails until the beta ends or you ask us to delete yours, whichever comes first. The access cookie expires automatically after 30 days.

5. No automated decision-making & no profiling

The market “reads” shown in the product are not based on your personal data and do not profile you. We do not sell or share your data for marketing.

6. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you (Art. 15);
  • rectification (Art. 16) and erasure (Art. 17);
  • restriction of processing (Art. 18) and data portability (Art. 20);
  • object to processing based on legitimate interest (Art. 21);
  • withdraw consent at any time, without affecting prior processing (Art. 7(3));
  • lodge a complaint with a supervisory authority (Art. 77), e.g. your local Landesdatenschutzbehörde.

To exercise any of these, email [ contact@yourdomain ].

7. Changes

We may update this policy as the product evolves. The current version always lives at this URL; the date below reflects the last change.

Last updated: 25 June 2026