CardLuma.com ("CardLuma," "we," "us," or "our") operates the website located at https://www.cardluma.com (the "Website") and provides digital products and subscription-based software services (the "Services").
This Privacy Policy describes how we collect, use, disclose, and protect personal information when you access or use our Website or Services.
This Privacy Policy is part of and incorporated into the CardLuma.com Terms of Service. By accessing or using the Website or Services, you agree to both this Privacy Policy and the Terms of Service.
1. Information We Collect
We collect information in the following categories:
a. Information You Provide
- Account information, including name, email address, and login credentials
- User-submitted content, including uploaded images, metadata, and related inputs
- Communications with us, including support requests, emails, and other messages
b. Automatically Collected Information
- IP address
- Browser type and version
- Device and operating system information
- Usage data, including features used, timestamps, and interactions
- Cookie, pixel, and similar technology data
- Website activity and advertising measurement data, such as page views, referral information, and conversion events
c. Payment Information
Payments are processed by Stripe. We do not store or process full payment card details. Stripe collects and processes payment information in accordance with its own privacy policies.
2. How We Use Information
We use collected information to:
- Provide, operate, and maintain the Services
- Process subscriptions and transactions
- Authenticate users and secure accounts
- Generate AI-assisted outputs requested by users
- Improve reliability, performance, and usability
- Monitor usage, prevent fraud, and ensure security
- Communicate with users regarding their accounts, subscriptions, transactions, support requests, security, product or service changes, release information, newsletters, surveys, promotional offers, and other information related to the Services
- Measure and improve advertising and marketing campaigns
- Comply with legal obligations
Email Communications & Choices
We may send you service-related communications, including account notices, billing and subscription messages, security alerts, support responses, integration status updates, product or service changes, and legal notices. These communications are part of the Services.
Where permitted by law, we may also send marketing or promotional communications, including product updates, release announcements, newsletters, tips, surveys, special offers, check-in messages, and similar communications. You may opt out of marketing communications at any time by using the unsubscribe link included in those messages or by contacting us at support@cardluma.com.
Even if you opt out of marketing communications, we may continue to send service-related communications necessary to operate your account, provide the Services, respond to your requests, or comply with legal obligations.
3. AI Processing & User Content
User-submitted content, including images and metadata, is processed solely to provide the Services.
- User content is not used to train public or third-party AI models
- Content may be temporarily retained for service reliability, audit, or support
- We may use aggregated, anonymized data to improve system performance and accuracy
- AI outputs are generated on demand and may be retained as part of normal service operation
You remain responsible for verifying all outputs before relying on them.
4. Data Sharing & Third Parties
We share personal information only as necessary to operate, secure, improve, and market the Services, including with:
- Payment processors: Stripe
- Infrastructure and hosting providers
- Security and performance providers: Cloudflare
- Advertising, analytics, and measurement providers, such as Meta/Facebook, Google, and similar providers
- Legal or regulatory authorities, when required by law
We do not sell personal data for money.
We may share limited Website activity, device information, browser information, online identifiers, referral information, and conversion event data with advertising, analytics, and measurement providers, such as Meta/Facebook, Google, and similar providers. These providers may use cookies, pixels, tags, and similar technologies to help us measure advertising effectiveness, understand how visitors interact with our Website, create audiences, attribute conversions, and advertise CardLuma to people who may be interested in the Services.
We do not intentionally share uploaded images, user-submitted listing content, marketplace authentication tokens, full payment card details, or sensitive Service data with advertising providers.
Third-Party Platform Data
The Services integrate with third-party platforms, such as eBay, to publish marketplace listings on your behalf. When you connect a third-party platform account to the Services, we collect and store authentication tokens and API credentials necessary to access your account on that platform. We transmit listing data, images, item descriptions, Generated Outputs, and related content to the connected platform at your direction.
We may receive account information, listing status, and transaction data from the connected platform as necessary to provide the Services.
Authentication tokens are stored using encryption at rest and are used solely to facilitate the Services. You may revoke access at any time through the third-party platform's account settings, and we will delete stored tokens within thirty (30) days of revocation or account termination.
Your use of third-party platforms is governed by their own terms and privacy policies. CardLuma.com is not responsible for the data practices of any third-party platform. For full terms governing third-party platform integrations, see our Terms of Service.
5. Cookies, Advertising & Analytics
We use cookies and similar technologies for:
- Website functionality
- Security and performance, including Cloudflare
- Analytics, advertising measurement, ad attribution, audience creation, targeted advertising, and related advertising or marketing purposes, including technologies from providers such as Meta/Facebook, Google, and similar providers
Advertising and analytics technologies may allow us and our advertising, analytics, and measurement partners to collect or receive information from our Website and use that information to provide measurement services, analytics, ad attribution, audience creation, targeted advertising, and related services.
See our Cookie & Analytics Disclosure for details.
6. Data Security
We implement reasonable administrative, technical, and physical safeguards to protect personal information. However, no method of transmission or storage is 100% secure.
7. Data Retention
We retain personal information only as long as reasonably necessary to:
- Provide the Services
- Comply with legal obligations
- Resolve disputes
- Enforce our agreements
8. Your Privacy Rights Under Applicable State Laws
Depending on your state of residence, you may have additional rights under applicable state privacy laws, including the Virginia Consumer Data Protection Act, the California Consumer Privacy Act as amended by the California Privacy Rights Act, and similar state privacy statutes.
Rights You May Have
Subject to applicable law, you may have the right to:
- Access: Confirm whether we are processing your personal data and obtain a copy of your personal data in a portable format.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your personal data, subject to certain legal exceptions.
- Opt-Out of Sale, Sharing, or Targeted Advertising: We do not sell personal data for money. We may use advertising and measurement technologies that could be considered targeted advertising, cross-context behavioral advertising, or "sharing" under some privacy laws. Where applicable, you may opt out of this processing.
- Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
How to Exercise Your Rights
To submit a request, contact us at support@cardluma.com. We will verify your identity before processing your request. We will respond to verified requests within forty-five (45) days of receipt, as required by applicable law. If additional time is needed, we will notify you of the extension and the reason for it.
To opt out of targeted advertising, cross-context behavioral advertising, or sharing where applicable, contact us at support@cardluma.com with the subject line "Privacy Opt-Out."
Right to Appeal
If we decline your request, you have the right to appeal our decision by contacting us at support@cardluma.com with the subject line "Privacy Rights Appeal." We will respond to appeals within sixty (60) days. If your appeal is denied, you may contact your state's attorney general to file a complaint.
Categories of Data We Collect
For the purposes of state privacy law disclosures, the categories of personal data we collect and the purposes for which they are used are described in Sections 1 and 2 of this Privacy Policy. We collect identifiers, including name, email address, and IP address; commercial information, including subscription and transaction records; internet activity data, including usage logs, interactions, Website activity, advertising measurement data, and conversion event data; communications data, including support requests and emails; and user-generated content, including uploaded images and metadata.
Data Sales and Sharing
CardLuma.com does not sell personal data for money.
CardLuma.com may share limited online identifiers, device information, browser information, referral information, Website activity data, and conversion event data with advertising, analytics, and measurement providers for advertising measurement, analytics, attribution, audience creation, targeted advertising, and similar purposes.
CardLuma.com does not use or disclose sensitive personal data for purposes other than providing the Services.
CardLuma.com does not intentionally share uploaded images, user-submitted listing content, marketplace authentication tokens, full payment card details, or sensitive Service data with advertising providers.
Authorized Agent
You may designate an authorized agent to submit requests on your behalf. Authorized agents must provide written proof of authorization. We may contact you directly to verify the request.
9. Children's Privacy
The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors.
10. Changes to This Policy
We may update this Privacy Policy from time to time by posting the revised version on the Website. Continued use constitutes acceptance.
11. Contact
For privacy-related questions or requests, contact: support@cardluma.com
Previous Versions
Earlier versions of this Privacy Policy are preserved for reference: