Privacy Policy & Data Rights

1. Data Controller and Governance

Lumina Apps (https://lumina-apps.com) operates as a primary Data Controller under the Texas Data Privacy and Security Act (TDPSA), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). Our infrastructure is built on the principle of "Privacy-by-Design," ensuring that data protection is not an afterthought but a core architectural requirement. We maintain strict administrative, technical, and physical safeguards to protect against unauthorized access or disclosure of metadata.

2. Taxonomy of Collected Information

We process data based on contractual necessity and legitimate interest. Collected data points include:

• Network Telemetry: Ingress/egress IP addresses, TLS/SSL handshake metadata, and routing headers required for latency optimization in our Texas clusters.
• Identity Metadata: Cryptographic hashes and Decentralized Identifiers (DIDs) used for multi-factor authentication.
• System Interaction: Non-personally identifiable logs of API calls, resource consumption, and error rates used to maintain our 99.999% SLA.

3. AI Ethics and Data Sovereignty

In accordance with Texas regulations, Lumina Apps ensures that no proprietary client data is utilized for the training of Large Language Models (LLMs) without a standalone "Model Training Consent Agreement." All inference processing occurs in volatile memory environments and is purged upon session termination. We do not engage in the sale, trade, or leasing of user datasets to third-party brokers or advertising networks.

4. Advanced Encryption and Storage

Data at rest is secured via AES-256-GCM encryption. Data in transit is protected by TLS 1.3 with Perfect Forward Secrecy (PFS). Our data centers are SOC2 Type II and ISO 27001 certified. We utilize hardware security modules (HSMs) to manage cryptographic keys, ensuring that even in the event of a physical breach, data remains unreadable.

5. Statutory Rights of Users

Under the TDPSA and GDPR, you have the right to:

• Access: Request a full audit of telemetry data associated with your corporate identity.
• Rectification: Correct any inaccuracies in your metadata profile.
• Deletion: Exercise your "Right to be Forgotten" via a cryptographic wipe of all associated records within 30 days.

6. Changes to this Protocol

Lumina Apps reserves the right to update this Privacy Policy to reflect changes in Texas law or global cybersecurity standards. Users will be notified via our technical changelog or direct email for material changes.