Effective April 28, 2026
This Privacy Policy describes how Lumetra ("Lumetra," "we," "us") collects, uses, and stores information when you use our platform at app.luminehq.com or visit luminehq.com. By using either site, you agree to the practices described here.
When you request access or create an account, we collect information you provide directly: your name, business name, email address, and phone number. We also collect information about your plan tier, account status, and any supplier contacts you add to the platform. If you use the waitlist form on luminehq.com, we collect the name, email address, and spa name you submit.
We do not collect or store patient names, patient health information, patient contact details, or any data that qualifies as protected health information (PHI) under HIPAA. Lumetra is an inventory management tool. Patient data has no place in our platform and is not part of its design.
When your team uses the injector sign-out feature, we store the injector's name, the product used, the quantity, the lot number, the treatment type, and the timestamp. This data belongs to your practice. We do not share it with third parties and do not use it for any purpose other than powering the features you have enabled.
We use the information we collect to: create and manage your account, deliver platform features, send reorder and expiration alerts via email through Amazon SES, respond to support requests, and communicate about your subscription. We do not sell your data, use it for advertising, or share it with third parties except as described in this policy.
Lumetra sends transactional emails including reorder alerts, expiration warnings, and account notifications through Amazon Simple Email Service (Amazon SES). These are operational emails tied to your inventory settings. You control alert preferences from within your account dashboard. We do not send marketing emails without your consent.
Your data is stored in Supabase, a cloud database hosted in the United States. We use row-level security policies to ensure each practice's data is isolated and inaccessible to other platform users. We implement reasonable technical safeguards to protect your data, but no system is perfectly secure and we cannot guarantee absolute protection.
We retain your account data for the duration of your subscription and for a reasonable period after cancellation for record-keeping purposes. If you request deletion of your account and data, contact us at hello@luminehq.com and we will process your request within 30 days.
Lumetra uses a limited number of third-party services to operate the platform: Supabase for database infrastructure, Amazon SES for email delivery, and Vercel for hosting. Each of these providers has its own privacy practices. We do not authorize any of these providers to use your data for their own purposes beyond what is necessary to operate the service.
The luminehq.com landing page does not use tracking cookies or third-party analytics scripts. We do not run ads and do not use advertising networks. The platform at app.luminehq.com may use session cookies to maintain your logged-in state. These are functional and not used for tracking.
If you are a California resident, you have the right to request disclosure of the personal information we hold about you, request deletion of that information, and opt out of any sale of personal information. We do not sell personal information. To exercise your rights, contact us at hello@luminehq.com.
We may update this Privacy Policy from time to time. Material changes will be communicated to your account email. The effective date at the top of this page will always reflect the most recent version.
If you have questions about how we handle your data, reach out at hello@luminehq.com.
Lumetra is committed to keeping your practice's data private, minimal, and secure. We collect what we need to run the platform and nothing more.