Legal

Privacy Policy

Last updated: April 2026

Luminaria ("we", "us", "our") is operated as a personal project by an individual based in the United Kingdom. This policy explains what data we collect, how we use it, and your rights.

What data we collect

When you register for a sync token, we collect your email address. This is the only personal data we hold about you.

When you sync highlights from your device, we store the content of your highlights (the text you marked in your books) on Cloudflare's infrastructure. This data is associated with your token and is only accessible to you.

If you subscribe to Luminaria Sync, payment is handled entirely by Stripe. We do not see or store your card details. We receive confirmation of payment status from Stripe and store a Stripe customer reference against your token.

If you connect Notion, we store a Notion access token against your Luminaria token. This token is used only to export your highlights to your Notion workspace on your request.

What we do not collect

We do not use analytics or tracking scripts
We do not use cookies (other than those set by Stripe during checkout)
We do not sell or share your data with third parties for marketing
We do not read the content of your highlights for any purpose other than returning them to you
Book highlights you load via file upload stay entirely in your browser — they are never sent to our servers unless you choose to sync

How we use your data

Email address — to send your sync token and subscription-related emails (confirmation, cancellation). We do not send marketing emails.
Highlights — to store and return them to you when you sync. We do not process, analyse or share them.
Stripe data — to manage your subscription status.
Notion token — solely to write your highlights to your Notion workspace when you request an export.

Data storage and security

Your data is stored on Cloudflare's infrastructure (Cloudflare KV) which is hosted in data centres across the EU and UK. Cloudflare is GDPR compliant. Highlights are stored encrypted at rest.

We take reasonable precautions to protect your data but no internet service can guarantee absolute security.

Data retention

We retain your email address and highlights for as long as you have an active token. You can request deletion of your account and all associated data at any time by emailing [email protected].

Your rights (UK GDPR)

As a UK resident or EU citizen you have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion of your data
Object to processing of your data
Data portability — receive your highlights in a machine-readable format

To exercise any of these rights, email [email protected]. We will respond within 30 days.

Third-party services

Cloudflare — infrastructure and data storage. Privacy policy
Stripe — payment processing. Privacy policy
Resend — transactional email delivery. Privacy policy
Notion — only if you connect your Notion account. Privacy policy
Open Library — used to fetch book cover images. No personal data is sent. Privacy policy

Children

Luminaria is not directed at children under 13. We do not knowingly collect data from children.

Changes to this policy

We may update this policy from time to time. We will notify registered users of significant changes by email. The current version is always available at luminaria.uk/privacy.html.

Contact

For any privacy-related questions, email [email protected].