CardLuma.com ("CardLuma," "we," "us," or "our") operates the website located at https://www.cardluma.com (the "Website") and provides digital products and subscription-based software services (the "Services").
This Privacy Policy describes how we collect, use, disclose, and protect personal information when you access or use our Website or Services.
This Privacy Policy is part of and incorporated into the CardLuma.com Terms of Service. By accessing or using the Website or Services, you agree to both this Privacy Policy and the Terms of Service.
1. Information We Collect
We collect information in the following categories:
a. Information You Provide
- Account information (name, email address, login credentials)
- User-submitted content (including uploaded images, metadata, and related inputs)
- Communications with us (support requests, emails)
b. Automatically Collected Information
- IP address
- Browser type and version
- Device and operating system information
- Usage data (features used, timestamps, interactions)
c. Payment Information
Payments are processed by Stripe. We do not store or process full payment card details. Stripe collects and processes payment information in accordance with its own privacy policies.
2. How We Use Information
We use collected information to:
- Provide, operate, and maintain the Services
- Process subscriptions and transactions
- Authenticate users and secure accounts
- Generate AI-assisted outputs requested by users
- Improve reliability, performance, and usability
- Monitor usage, prevent fraud, and ensure security
- Communicate with users regarding their accounts or the Services
- Comply with legal obligations
3. AI Processing & User Content
User-submitted content (including images and metadata) is processed solely to provide the Services.
- User content is not used to train public or third-party AI models
- Content may be temporarily retained for service reliability, audit, or support
- We may use aggregated, anonymized data to improve system performance and accuracy
- AI outputs are generated on demand and may be retained as part of normal service operation
You remain responsible for verifying all outputs before relying on them.
4. Data Sharing & Third Parties
We share personal information only as necessary to operate the Services, including with:
- Payment processors: Stripe
- Infrastructure & hosting providers
- Analytics providers: Google Analytics, Cloudflare
- Legal or regulatory authorities, when required by law
We do not sell personal data.
We do not share personal data for advertising purposes.
Third-Party Platform Data
The Services integrate with third-party platforms (such as eBay) to publish marketplace listings on your behalf. When you connect a third-party platform account to the Services, we collect and store authentication tokens and API credentials necessary to access your account on that platform. We transmit listing data, images, item descriptions, Generated Outputs, and related content to the connected platform at your direction. We may receive account information, listing status, and transaction data from the connected platform as necessary to provide the Services.
Authentication tokens are stored using encryption at rest and are used solely to facilitate the Services. You may revoke access at any time through the third-party platform's account settings, and we will delete stored tokens within thirty (30) days of revocation or account termination.
Your use of third-party platforms is governed by their own terms and privacy policies. CardLuma.com is not responsible for the data practices of any third-party platform. For full terms governing third-party platform integrations, see our Terms of Service.
5. Cookies & Analytics
We use cookies and similar technologies for:
- Website functionality
- Security and performance (Cloudflare)
- Usage analytics (Google Analytics)
See our Cookie & Analytics Disclosure for details.
6. Data Security
We implement reasonable administrative, technical, and physical safeguards to protect personal information. However, no method of transmission or storage is 100% secure.
7. Data Retention
We retain personal information only as long as reasonably necessary to:
- Provide the Services
- Comply with legal obligations
- Resolve disputes
- Enforce our agreements
8. Your Privacy Rights Under Applicable State Laws
Depending on your state of residence, you may have additional rights under applicable state privacy laws, including the Virginia Consumer Data Protection Act (VCDPA), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and similar state privacy statutes.
Rights You May Have
Subject to applicable law, you may have the right to:
- Access: Confirm whether we are processing your personal data and obtain a copy of your personal data in a portable format.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your personal data, subject to certain legal exceptions.
- Opt-Out of Sale or Targeted Advertising: CardLuma.com does not sell personal data or use personal data for targeted advertising. No opt-out is necessary.
- Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
How to Exercise Your Rights
To submit a request, contact us at support@cardluma.com. We will verify your identity before processing your request. We will respond to verified requests within forty-five (45) days of receipt, as required by applicable law. If additional time is needed, we will notify you of the extension and the reason for it.
Right to Appeal
If we decline your request, you have the right to appeal our decision by contacting us at support@cardluma.com with the subject line "Privacy Rights Appeal." We will respond to appeals within sixty (60) days. If your appeal is denied, you may contact your state's attorney general to file a complaint.
Categories of Data We Collect
For the purposes of state privacy law disclosures, the categories of personal data we collect and the purposes for which they are used are described in Sections 1 and 2 of this Privacy Policy. We collect identifiers (name, email, IP address), commercial information (subscription and transaction records), internet activity data (usage logs, interactions), and user-generated content (uploaded images and metadata).
Data Sales and Sharing
CardLuma.com does not sell personal data. CardLuma.com does not share personal data for cross-context behavioral advertising. CardLuma.com does not use or disclose sensitive personal data for purposes other than providing the Services.
Authorized Agent
You may designate an authorized agent to submit requests on your behalf. Authorized agents must provide written proof of authorization. We may contact you directly to verify the request.
9. Children's Privacy
The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors.
10. Changes to This Policy
We may update this Privacy Policy from time to time by posting the revised version on the Website. Continued use constitutes acceptance.
11. Contact
For privacy-related questions or requests, contact: support@cardluma.com