Privacy Policy

Last updated: 27 March 2026

1. Who we are

Lumo 22 ("we", "us", "our") provides 30 Days of Social Media Captions and related services. We process your personal data when you use our website, create an account, place an order, or contact us. Our contact email is hello@lumo22.com.

2. What data we collect

We collect the following personal data:

• Account data: Email address, password (stored in hashed form). If you enable passkeys, we store only cryptographic public keys tied to your device — not your fingerprint or face data.
• Order and intake data: Email, business name, voice preferences, audience, platform choices, and other form answers you provide when ordering or completing the caption intake form.
• Payment data: We do not store full card details. Payment is handled by Stripe. We store Stripe customer and subscription identifiers so we can manage your billing and link orders to your account.
• Communications: Emails you send us (e.g. support requests).
• Technical data: IP address, browser type, device information, and similar data that may be logged when you use our website.

3. How we use your data

We use your data to:

• Create and deliver your caption packs.
• Process payments and manage subscriptions.
• Send transactional emails (order confirmation, form link, delivery, password reset, subscription cancellation or plan-change confirmations, and billing-related notices sent by us or our payment provider).
• Send service emails (e.g. pre-pack reminders for subscribers and reminders to complete your intake form if you have not yet done so for a recent order; you can opt out in your account where available).
• Send a single upgrade-reminder email to one-off customers a few days before their 30 days are up, offering to upgrade to a subscription; you can unsubscribe from upgrade reminders using the link in that email.
• Send marketing emails if you opt in (tips, updates, offers). You can opt out anytime in your account.
• Run the refer-a-friend programme (we record when a purchase is made via your referral link so we can apply your discount and your friend’s discount).
• Respond to your enquiries and support requests.
• Improve our services and comply with legal obligations.

4. Who we share data with

We use the following third parties, who may process your data on our behalf:

• Stripe — Payment processing. Stripe privacy policy.
• SendGrid — Transactional and marketing emails. Twilio/SendGrid privacy policy.
• Supabase — Database hosting (account and order data). Supabase privacy policy.
• Anthropic (Claude) and/or OpenAI — Caption and story generation (depending on configuration). Anthropic privacy policy; OpenAI privacy policy.

We do not sell your personal data. We share data only as necessary to provide our services and as described in this policy.

5. Legal basis (UK/EEA)

If you are in the UK or EEA, we process your data on the following bases:

• Contract: To fulfil orders and provide our services.
• Legitimate interests: To improve our services, prevent fraud, and send service-related communications.
• Consent: For marketing emails (you can withdraw consent anytime by opting out).

6. Retention

We retain your data for as long as your account is active or as needed to provide services. Order and subscription information (including cancelled subscriptions and billing-related details we need to run your account) is kept until you delete your account, so we can deliver the service, support you, and offer flows such as resubscribe with prefilled choices. After account deletion, we remove your personal data and order history. We may retain a minimal identifier (e.g. hashed email) to prevent re-contact after deletion. We may also retain limited data where required by law (e.g. for tax, legal claims, or regulatory requirements).

7. Your rights

Depending on where you live, you may have the right to:

• Access your personal data.
• Correct inaccurate data.
• Request deletion of your data (you can delete your account from your account settings).
• Object to or restrict processing.
• Data portability (receive your data in a structured format).
• Withdraw consent (for processing based on consent).
• Complain to a data protection authority (in the UK: ICO; in the EEA: your local supervisory authority).

To exercise these rights, contact us at hello@lumo22.com.

8. Cookies and similar technologies

We use essential cookies for session management (e.g. keeping you logged in) and for security. Our payment provider (Stripe) may set cookies. You can control cookies via your browser settings.

9. International transfers

Your data may be processed in the UK, EEA, or other countries where our service providers operate. When we transfer data outside the UK/EEA, we use appropriate safeguards (e.g. standard contractual clauses) to protect your data.

10. Security

We use technical and organisational measures to protect your data, including encryption in transit (HTTPS) and secure storage. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

11. Children

Our services are not intended for anyone under 18. We do not knowingly collect data from children.

12. Changes to this policy

We may update this policy from time to time. We will post the updated version on this page and update the "Last updated" date. For material changes, we may notify you by email or a notice on our website.

13. Contact

For questions about this privacy policy or your data, contact us at hello@lumo22.com.

← Back to Captions · Terms · Lumo 22 home