Legal

Privacy Policy

Last updated: March 2026 · Applies to all Lumira users and visitors

Your privacy matters to us. This policy explains exactly what data we collect, why we collect it, how we protect it, and your rights. We will never sell your data.

Contents
Section 01

Who We Are

Lumira operates the automated crypto trading platform at lumirainvest.co and app.lumirainvest.co, based in Las Vegas, Nevada. We are the data controller responsible for personal information collected through our platform, Telegram bot (@LumiraAlertsBot), and all communications with us. Contact us at support@lumirainvest.co for any privacy questions.

Section 02

Data We Collect

We collect only the minimum information necessary to provide our service:

Data TypeWhat We CollectWhy
Account InfoFull name, email, hashed passwordAccount creation and management
SubscriptionPlan type, billing status, datesManage subscription and bot parameters
Kraken API KeysAES-256 encrypted API key and secretExecute trades on your Kraken account
Trading DataTrade history, prices, P&L, positionsDisplay on dashboard and improve AI
Telegram Chat IDNumeric Telegram Chat ID (if connected)Send trade alerts and notifications
Login ActivityTimestamps, IP addresses, browser infoSecurity monitoring
Support MessagesMessages via form or emailRespond to inquiries
Payment InfoStripe customer ID and subscription ID onlyBilling — card details handled by Stripe, never us
Section 03

How We Use Your Data

  • Service delivery: To operate your bot, execute trades, and display your portfolio on the dashboard.
  • Account management: To authenticate your identity and manage your subscription.
  • Alerts and notifications: Real-time trade alerts via Telegram and email, daily P&L summaries.
  • Security monitoring: To detect and alert you to suspicious login attempts.
  • Customer support: To respond to your support requests.
  • Platform improvement: Aggregated, anonymized trading patterns to improve Nexus AI performance.
  • Billing: To process subscription payments through Stripe.

We will never: Sell your personal data, use it for advertising, share your trading history with other users, or use it in ways not described in this policy.

Section 04

Data We Never Collect

  • Full payment card numbers, CVV, or banking credentials — handled exclusively by Stripe.
  • Your Kraken account password — only trade-permission API keys.
  • Government-issued ID or KYC documents of any kind.
  • Social security or tax identification numbers.
  • Advertising trackers, third-party analytics pixels, or behavioral tracking cookies.
  • Biometric data of any kind.
Section 05

How We Protect Your Data

  • API key encryption: AES-256 encryption before storage. Never stored in plain text.
  • Password security: Bcrypt hashing with strong salt. We cannot retrieve your plain text password.
  • Encrypted transmission: All data protected by HTTPS/TLS in transit.
  • Database security: PostgreSQL hosted on Supabase with SSL encryption and restricted access.
  • Server security: VPS infrastructure with access controls, firewall rules, and continuous monitoring.

Breach notification: In the unlikely event of a breach affecting your personal information, we will notify you by email within 72 hours of becoming aware of it.

Section 06

Third-Party Services

ServicePurposeData Shared
StripePayment processingEmail, name — Stripe Privacy Policy applies
KrakenCryptocurrency exchangeTrade instructions via API — Kraken Privacy Policy applies
TelegramTrade alert deliveryChat ID and alert message content
SupabaseDatabase hostingAll encrypted account and trading data — US region
ResendTransactional emailEmail address and message content for notifications
AnthropicAI in Telegram bot & chat widgetQuestions you ask the AI to generate responses

We do not share your personal data with any other third parties. We do not sell, rent, or trade your personal information.

Section 07

Kraken API Keys

  • Encrypted with AES-256 immediately upon receipt, before any storage.
  • Decrypted in memory only — temporarily — when your bot needs to authenticate with Kraken.
  • Never written to disk, logged, or transmitted anywhere outside of direct Kraken API calls.
  • We only accept trade-permission keys. We will never ask you to enable withdrawal access.
  • Permanently and immediately deleted upon account cancellation.
Section 08

Telegram Integration

Connecting @LumiraAlertsBot is optional. If connected: we store your Telegram Chat ID (numeric only) to send alerts; we do not store your username, phone, or profile; messages you send to the bot may be processed by Claude AI (Anthropic) to generate responses; you can disconnect anytime from dashboard Settings and your Chat ID is removed immediately.

Section 09

Cookies & Analytics

  • Session cookies: Essential cookies to keep you logged in. Deleted when you log out.
  • JWT tokens: Stored in your browser to authenticate sessions. Expire automatically.
  • No third-party tracking: We do not use Google Analytics, Facebook Pixel, or any advertising technology.
  • No advertising cookies: We serve no ads and have no advertising cookies of any kind.
Section 10

Data Retention

  • Active accounts: All data retained for the duration of your subscription.
  • After cancellation: Account data retained for 90 days to allow reactivation, then permanently deleted.
  • API keys: Deleted immediately upon cancellation — not retained during the 90-day period.
  • Support communications: Retained for up to 2 years.
  • Payment records: Stripe transaction records retained 7 years for financial compliance.
  • Deletion requests: Processed within 30 days. Payment records required by law cannot be deleted.
Section 11

Your Rights

  • Access: Request a complete copy of all personal data we hold about you.
  • Correction: Update account info directly in dashboard Settings at any time.
  • Deletion: Request complete deletion of your account and personal data — processed within 30 days.
  • Portability: Request your trading history and account data in CSV or JSON format.
  • Withdraw consent: Withdraw consent at any time where processing is consent-based.

Response time: We respond to all data rights requests within 30 days at no charge. Contact support@lumirainvest.co.

Section 12

Children's Privacy

Lumira is not intended for anyone under 18. We do not knowingly collect personal information from children. Contact support@lumirainvest.co immediately if you believe a child has provided information to us.

Section 13

International Users

Lumira is operated from the United States. If you access our platform from outside the US, your data will be transferred to, stored, and processed in the United States. EEA and UK users have additional rights under GDPR/UK GDPR including those in Section 11. Our legal basis for processing is performance of a contract (your subscription) and legitimate interests in operating a secure platform.

Section 14

Policy Changes

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by email at least 14 days before they take effect and update the date at the top of this page.

Section 15

Contact Us

Lumira Privacy

Email: support@lumirainvest.co

Website: lumirainvest.co

Support: lumirainvest.co/support.html

We respond to all privacy inquiries within 5 business days.

© 2026 Lumira · Powered by Nexus AI · lumirainvest.co · support@lumirainvest.co

Systems operational