Last Updated: May 2026 · Effective: May 2026
LuminaProse is operated by Achieve Pro Limited, a company registered in England and Wales. Achieve Pro Limited is the data controller for personal data processed in connection with the Service.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and what rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Questions or requests regarding your data: support@luminaprose.com
Account data: Your email address, display name, and (if you register via Google) your Google profile name. Passwords are hashed using ASP.NET Core Identity — we never store plaintext passwords.
Creative content: Manuscripts, chapters, scenes, characters, locations, themes, book settings, arc and outline notes, and chat history that you create or import into LuminaProse. This is your content; see Section 5 for our strict access policy.
Subscription and billing data: Your subscription plan, billing status, and payment history. Full card details are never stored by us — they are handled exclusively by Stripe.
AI usage data: Records of AI actions (e.g. "scene generation", "chat turn") including the model used and the cost in credits. Prompt text and generated output are not stored permanently on our servers beyond what appears in your manuscript or chat history.
BYOK API keys: If you use the Bring Your Own Key plan, your OpenRouter API key is stored encrypted in our database using AES-256 via ASP.NET Core Data Protection. We do not transmit or share it with anyone other than OpenRouter when making API calls on your behalf.
Technical and usage data: Application logs, error reports, and session data necessary to keep the service running and secure. IP addresses may appear in server logs and are retained for up to 90 days.
We use your data for the following purposes and legal bases:
We do not use your data for advertising, do not sell your data to third parties, and do not use your creative content to train AI models.
OpenRouter (openrouter.ai) — All AI generation requests are routed through OpenRouter to the relevant model provider. When you use an AI feature, the relevant portion of your manuscript, your prompt, and contextual story data are transmitted to OpenRouter and onward to the model provider (e.g. DeepSeek, OpenAI, Anthropic, Google). OpenRouter acts as a processor under a data processing agreement. OpenRouter's privacy policy is available at openrouter.ai/privacy. Model providers' data policies vary; we recommend reviewing the policy of whichever model you use. OpenRouter does not retain prompt data for training purposes under their default API terms.
Stripe — Payment processing is handled by Stripe (Stripe Payments Europe Ltd, registered in Ireland). Stripe acts as an independent data controller for payment data. Your full card number, CVV, and billing address are processed directly by Stripe and are never transmitted to our servers. Stripe's privacy policy is available at stripe.com/privacy.
Google (optional) — If you choose to sign in with Google, your name and email address are shared with us via Google's OAuth service. We use this information only to create and manage your account. Google's privacy policy is available at policies.google.com/privacy.
We do not use any advertising networks, analytics SDKs, or tracking pixels. There are no third-party cookies on LuminaProse other than those set by Stripe during the checkout flow.
We will never read, access, or review the content of your manuscripts, characters, locations, story outlines, or any other creative work you store in LuminaProse.
This is an unconditional commitment. Employees, contractors, and agents of Achieve Pro Limited are prohibited from accessing user creative content except in the following tightly controlled circumstances:
Any access under either exception is logged, time-limited, and restricted to the minimum necessary. We will never access your creative work for product development, quality assessment, training data, marketing, or any other business purpose.
Your data is stored on a virtual machine server in a data centre. We apply the following security measures:
No method of internet transmission is 100% secure. While we apply industry-standard measures, we cannot guarantee absolute security. If we become aware of a data breach affecting your personal data, we will notify you and the ICO in accordance with our obligations under UK GDPR.
LuminaProse uses cookies only for essential service operation:
We do not use analytics cookies, advertising cookies, or any third-party tracking cookies. You cannot opt out of essential cookies without losing the ability to use the Service.
Active accounts: Your data is retained for as long as your account is open.
Closed accounts: Personal data and creative content are deleted within 90 days of account closure, except
where retention is required by law (e.g. financial records, which are retained for 7 years as required by HMRC).
Server logs: Retained for up to 90 days then automatically purged.
Billing records: Stripe transaction history is retained by Stripe in accordance with their policies and by
us for up to 7 years to comply with accounting obligations.
As a data subject under UK GDPR, you have the following rights:
To exercise any of these rights, contact us at support@luminaprose.com. We will respond within 30 days. We may need to verify your identity before actioning a request.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
LuminaProse is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, contact us immediately at support@luminaprose.com and we will delete it promptly.
AI requests are processed by OpenRouter and model providers whose infrastructure may be located outside the UK and EEA (including the United States). These transfers occur under OpenRouter's and the relevant providers' standard contractual arrangements. Stripe may also process payment data in the United States under EU-US Data Privacy Framework mechanisms.
We may update this Privacy Policy from time to time. Material changes will be communicated by email at least 14 days before they take effect. The "Last Updated" date at the top of this page will always reflect the most recent version.
Achieve Pro Limited (Data Controller)
Email: support@luminaprose.com