Skip to content
Lumin
HomeMCPDevelopersDocsBlogContact
Book a DemoUse with Claude
Back to Legal

Privacy

Privacy Policy

Last updated: 16 May 2026

1. Introduction

Lumin (“we”, “us”, “our”) operates a KP astrology platform across three surfaces:

  • lumin.guru, the marketing site you are reading now
  • MCP mcp.lumin.guru, the MCP server, used through MCP-compatible clients such as Claude
  • Dashboard app.lumin.guru, the developer dashboard, with sign-in and MCP API key management

This Privacy Policy explains how we collect, use, store, and protect your personal information across these surfaces. Where a clause applies to only one product, it is tagged with a MCP or Dashboard label. Untagged clauses apply to both.

We are committed to transparency about our data practices. By using Lumin, you acknowledge that you have read and understood this policy. If you do not agree with our practices, please do not use the platform.

2. Information We Collect

2.1 Account Information Dashboard

When you sign in to the developer dashboard using Google authentication, we receive and store the following from your Google account:

  • Email address
  • Display name
  • Profile picture URL

The MCP server does not require sign-in. Anonymous use is permitted within rate limits, and authenticated use relies on an API key or OAuth token issued through the developer dashboard.

2.2 Birth Data MCP

To compute a KP astrology chart, the MCP server needs birth details supplied with each tool call by your client (for example Claude):

  • Date of birth
  • Time of birth (if known)
  • Place of birth (resolved to geographic coordinates and UTC offset)
  • Preferred ayanamsa system
MCPBirth data is processed in memory to compute the requested chart, then discarded. It is never written to our database, and request bodies are not retained in logs. Lumin does not store birth data or build profiles from it.

2.3 MCP Tool Calls MCP

For each tool call to the MCP server we record a usage event containing: tool name, timestamp, authentication mode (anonymous, API key, or OAuth), and the API key identifier or user identifier when applicable. We do not log the tool input parameters (which include birth data) or the computed response body. These events are used for rate limiting, billing, and aggregate analytics.

2.4 MCP API Keys MCP

When you create an API key for the MCP server through app.lumin.guru/developer, we store: a one-way hash of the key (never the plaintext), a short prefix to help you identify it, a label you choose, the assigned tier, the owner email, optional expiry, and the daily call counter. The plaintext key is shown to you exactly once at creation time and is not recoverable afterwards.

2.5 Usage and Diagnostic Data

We collect anonymised usage events (feature usage, session counts, MCP tool counts) and error logs (stack traces, request paths) to maintain and improve the platform. Error tracking is handled through Sentry, which may collect browser metadata and error context. For the MCP server, the hosting provider records access logs containing IP address, request path, and timestamp; these are retained per the schedule in §7.

3. How We Use Your Information

We use your personal information to:

  • Deliver the service: compute KP astrology charts, dasha timelines, sub-lord analyses, and other structured data from the birth details supplied with each MCP tool call
  • Dashboard Authenticate your account: verify your identity through Google sign-in and maintain your session in the developer dashboard
  • MCP Verify MCP access: validate API keys and OAuth tokens, and apply per-tier rate limits to MCP requests
  • Improve reliability: diagnose errors, monitor performance, and improve the platform
  • Communicate with you: send service-related notices (e.g., policy changes, maintenance windows, key expiry warnings)

We do not use your data for advertising, profiling for marketing purposes, or any purpose unrelated to providing the Lumin service.

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR) and similar frameworks, we process your data on the following bases:

  • Contract performance: processing birth data and MCP tool calls is necessary to deliver the service you requested
  • Legitimate interest: error logging, usage analytics, rate limiting, and platform security
  • Consent: where required by law (e.g., for non-essential cookies, if applicable)

5. Automated Processing and Generated Content

The MCP server returns raw computation output (planet positions, cusps, sub-lords, dasha periods, and structured analyses) to your MCP client. Lumin does not run a language model and does not generate natural-language readings. Interpretation is performed by the model running inside your client (for example Claude). Your conversation with that model is governed by the client’s own privacy policy.

Any interpretation built from Lumin’s data is generated content and should not be treated as professional advice. No automated decisions with legal or similarly significant effects are made about you.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to any third party.

We share data only with the following categories of service providers, strictly for the purpose of operating the platform:

  • Dashboard Authentication provider: Supabase (handles Google OAuth and session management for the developer dashboard)
  • Database hosting: Supabase (stores developer dashboard account data, plus hashed MCP API keys and MCP usage events, all with row-level security)
  • Error tracking: Sentry (receives error context and stack traces for debugging; no birth data is included in error reports)
  • Hosting and deployment: our hosting providers serve the applications and may process access logs for both the MCP server and the developer dashboard
  • Landing Site analytics: Umami (cookieless, privacy-friendly analytics on the marketing site at lumin.guru; collects aggregate metrics such as page views and referrer with no personal data and no cross-site tracking)

Each provider is bound by a Data Processing Agreement and is required to process your data only as instructed by us.

7. Data Retention

We believe in minimal data retention. Your data is kept only as long as necessary to provide the service:

Data CategoryScopeRetention Period
Account dataDashboardDuration of account + 30 days
MCP request bodies & responsesMCPNot stored
MCP usage events (tool name, auth mode, timestamp)MCP90 days
MCP API keys (hashed)MCPUntil revoked, or 30 days after account deletion
Error logsBoth90 days
Usage analytics (anonymised)Both12 months

When you delete your account, all associated personal data, including your account details and MCP API keys, is permanently deleted within 30 days. Anonymised aggregate statistics may be retained beyond this period.

8. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you
  • Rectification: correct inaccurate account data we hold about you
  • Erasure: request deletion of your data (or delete your account from the developer dashboard)
  • Portability: receive your data in a structured, machine-readable format
  • Restriction: request that we limit processing of your data
  • Objection: object to processing based on legitimate interest
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at contact@lumin.guru. We will respond within 30 days (or within the timeframe required by your local regulation).

For California residents (CCPA/CPRA): You have the right to know what personal information we collect, the right to delete, the right to opt-out of the sale of personal information (we do not sell your data), and the right to non-discrimination for exercising your privacy rights.

For EU/EEA/UK residents: You have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.

9. Children’s Privacy

Lumin is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a user is under 16, we will promptly delete their account and associated data.

10. International Data Transfers

Your data may be processed in countries outside your country of residence, including the United States, where our service providers operate. Where data is transferred outside the EU/EEA/UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or reliance on adequacy decisions.

11. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS on all connections)
  • Encryption at rest for database storage
  • Row-level security policies ensuring users can only access their own data
  • JWT-based authentication with secure session management
  • MCP API keys stored as one-way hashes (plaintext shown to you exactly once at creation)
  • Per-tier rate limiting and body size limits to prevent abuse on the MCP server
  • Security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy)

No system is completely secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through a notice on the platform or via email. Continued use of Lumin after changes take effect constitutes acceptance of the updated policy.

We encourage you to review this page periodically for the latest information on our privacy practices.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

contact@lumin.guru