Privacy Policy

Last updated: 17 April 2026

1. Who We Are

Lumin is operated by David Casey, trading as Casey Photography, a sole trader registered in Ireland.

Data Controller: Casey Photography (sole trader)

Address: Ballygroman Lower, Ovens, County Cork, Ireland

Contact: support@lumin-app.com

This Privacy Policy explains how we collect, use, and protect your personal data when you use Lumin.

We are committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR) and Irish data protection law.

2. Data We Collect

Account information

  • Name
  • Email address
  • Password (stored as a secure hash)
  • Account type (Pro or consumer)
  • Account creation date

Business information (Lumin Pro accounts only)

  • Business name
  • Website URL
  • Phone number
  • Country

Content you upload

  • Photos and videos
  • Gallery titles, descriptions, and section names
  • Guest upload names and email addresses
  • Metadata associated with files

Billing information (paid subscriptions only)

Payment is processed by Stripe. We do not store full credit card numbers. Stripe provides us with:

  • Subscription status
  • Payment history
  • The last four digits of your card and card type for display in your account

Usage data

  • Login times and IP addresses
  • Browser type and device information
  • Pages visited and features used
  • Gallery view counts and download events

Cookies and similar technologies

We use essential cookies to keep you logged in and to operate the Service. We do not use advertising cookies or third-party tracking cookies. See Section 9 for details.

3. How We Use Your Data

We use your data to:

  • Provide and operate the Lumin service
  • Process subscription payments
  • Send transactional emails (account confirmation, gallery acceptance, billing, expiry warnings)
  • Respond to support requests
  • Detect and prevent fraud and abuse
  • Comply with legal obligations

We do not sell your personal data. We do not share it with third parties for marketing purposes.

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract — to provide the Service you have signed up for
  • Legal obligation — to comply with tax, financial, and legal reporting requirements
  • Legitimate interests — to secure and improve the Service, prevent fraud, and communicate important service updates
  • Consent — where you have explicitly agreed, for example to marketing emails (which we do not currently send)

5. Photographers and Client Data

When a Lumin Pro user (the Photographer) uploads photographs of identifiable individuals, the Photographer is the data controller of those photographs. Lumin acts as a data processor on behalf of the Photographer for that content.

If you are a subject of photographs uploaded by a Photographer and you wish to exercise your rights over those photographs, please contact the Photographer directly. We will support reasonable requests by deleting content at the Photographer's instruction.

A Data Processing Agreement governing the relationship between Lumin and Photographers is available on request at support@lumin-app.com.

6. Data Sharing

We share your data only with:

  • Stripe — for subscription payment processing
  • Resend — for transactional email delivery
  • Cloudflare — for storage and content delivery
  • Render — for application hosting
  • Law enforcement — where required by legal order

All our service providers are bound by data processing agreements and handle your data in accordance with GDPR.

We do not transfer personal data outside the European Economic Area without appropriate safeguards such as Standard Contractual Clauses.

7. Data Retention

We retain your data for different periods depending on its type:

Active account data — retained while your account is active.

Deleted content — when you delete a gallery, photo, or other content, it is removed from your active account immediately and purged from our systems within 90 days. This retention period exists for operational recovery and legal compliance. It does not provide you with ongoing access to deleted content.

Closed account data — when you close your account, your personal data is deleted within 30 days, except where we are required to retain specific data for legal purposes.

Financial records — retained for the period required by Irish tax and accounting law, typically 6 years.

Logs and usage data — retained for up to 12 months for security and operational purposes.

8. Your Rights

Under GDPR you have the following rights:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your personal data (Article 17)
  • Restriction — request that we limit how we process your data
  • Portability — request a copy of your data in a machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent

To exercise any of these rights, email support@lumin-app.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Irish Data Protection Commission at www.dataprotection.ie.

9. Cookies

We use only essential cookies required to operate the Service:

  • Session cookies — to keep you logged in
  • Security cookies — to prevent fraud and abuse
  • Preference cookies — to remember your settings

We do not use advertising cookies, tracking cookies, or third-party marketing cookies. Because we only use essential cookies, we do not currently display a cookie consent banner — essential cookies are permitted under GDPR without consent.

10. Data Security

We protect your data using:

  • TLS encryption for all data in transit
  • Encrypted storage for passwords and sensitive data
  • Access controls and audit logging
  • Regular security updates and monitoring
  • Secure backup procedures

No system is completely secure. In the event of a data breach affecting your personal data, we will notify you and the Data Protection Commission within 72 hours as required by GDPR.

11. Children's Privacy

Lumin is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us at support@lumin-app.com and we will delete it promptly.

Photographs uploaded by Photographers may depict minors. The Photographer is responsible for ensuring they have the necessary permissions from parents or guardians.

12. International Data Transfers

Our primary data storage and processing takes place within the European Economic Area. Some of our service providers may process data outside the EEA. In those cases, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or through the Service. The "Last updated" date at the top indicates when it was last revised.

14. Contact

For any privacy-related questions or to exercise your rights, please contact:

Casey Photography

Ballygroman Lower

Ovens

County Cork

Ireland

Email: support@lumin-app.com

You may also contact the Irish Data Protection Commission:

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2

D02 RD28

Ireland

Website: www.dataprotection.ie