Privacy Statement

Lumina is a web application for systematic review screening, collaboration, literature monitoring, and related research workflows. This privacy statement applies to the Lumina website and the Lumina product, including pages hosted at luminareviewer.com.

If you have privacy questions, you can contact us at [email protected].

Depending on how you use Lumina, we may collect the following categories of information:

• Account information: username, email address, password hash, email verification status, and subscription status.
• Project and research content: project titles, inclusion and exclusion criteria, uploaded references, paper titles, abstracts, author and journal metadata, screening decisions, comments, exports, and literature alert queries.
• Support data: information you submit through the contact form or by email, including your name, email address, subject, and message.
• Billing data: subscription and payment status information needed to manage paid plans. Card payments are processed by Stripe and we do not store full payment card details on our servers.
• Usage and device data: IP-related security signals, session identifiers, referrer and landing page information, UTM parameters, and product analytics events.
• Cookie and consent data: cookie consent choices and related browser storage values used to remember your privacy preferences.

We use personal data to operate, secure, and improve Lumina. This includes:

• creating and managing user accounts;
• processing uploaded references and project data so you can screen, search, rank, deduplicate, export, and collaborate inside the product;
• generating AI-powered ranking, semantic search, summaries, and assistant responses when those features are enabled;
• running literature alerts and sending service emails such as verification, billing, team invitation, and workflow notifications;
• handling support requests, abuse prevention, and fraud or bot detection;
• measuring product usage and marketing performance, subject to your cookie choices where required.

Where applicable under data protection law, our legal bases typically include providing the service you requested, complying with legal obligations, protecting our legitimate interests in running and securing the service, and consent for optional analytics or marketing technologies where consent is required.

Lumina uses third-party infrastructure and processors to deliver core functionality. Based on the current product configuration, these may include:

• OpenAI for embeddings and AI-assisted features such as semantic ranking and assistant functionality.
• Stripe for checkout, subscription management, and billing portal access.
• PostHog for product analytics.
• Google Tag Manager for analytics and measurement tags.
• Sentry for error monitoring and debugging.
• Cloudflare Turnstile for bot and abuse protection on selected forms.

We use these providers to the extent needed to operate the service. We do not sell your personal data. Research data you upload is used to provide Lumina features to you and your authorized collaborators.

Lumina uses cookies and similar browser storage for essential site functions, security, login state, and consent management. We also use analytics technologies to understand product usage and site performance.

The site is configured with a privacy-first consent flow. In regions where consent is required, analytics storage is denied by default until you accept. We also store your choice so the banner does not reappear on every visit.

You can control cookies through your browser settings, though some essential product functions may not work properly if core cookies are blocked.

We may share information in limited circumstances:

• with service providers that process data on our behalf to operate Lumina;
• with collaborators you intentionally invite into shared projects or teams;
• if required to comply with law, regulation, court order, or a valid government request;
• to protect the rights, security, and integrity of Lumina, our users, or the public;
• as part of a merger, acquisition, financing, or asset sale, subject to appropriate confidentiality protections.

We retain data for as long as needed to provide the service, maintain account records, meet legal or tax obligations, resolve disputes, and enforce our agreements. Retention periods can vary depending on the type of record and whether an account or subscription remains active.

Lumina is designed with security controls intended to protect personal and research data. That includes account authentication, access controls, payment processing through Stripe, and technical measures to reduce unauthorized access. No system is perfectly secure, so we cannot guarantee absolute security.

The product currently states that data is hosted within the European Union, including Germany. If our infrastructure or processor footprint changes materially, we will update this statement.

Depending on your location, you may have rights to request access, correction, deletion, restriction, portability, or objection to certain processing of your personal data. You may also have the right to withdraw consent where processing is based on consent.

If you want to exercise a privacy right, contact us at [email protected]. We may need to verify your identity before fulfilling a request.

For privacy questions, data requests, or complaints, email [email protected] or use the contact page.

We may update this statement from time to time. If we make material changes, we will post the revised version on this page and update the effective date above.