Loading...
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally.
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the operator's contact details in the Legal Notice (Imprint) of this website.
How do we collect your data?
Your data is collected when you provide it to us. This may include data you enter in a contact form or during registration.
What do we use your data for?
Some data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipients, and purpose of your stored personal data free of charge at any time. You also have the right to request correction or deletion of this data.
This website and all associated services are hosted on a Virtual Private Server (VPS) provided by IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany).
Processed Data:
Server Location: Data processing takes place exclusively in IONOS data centers in Germany (Karlsruhe). No third-country transfer occurs.
Legal Basis: The use of the hosting provider is for the purpose of contract fulfillment towards our customers (Art. 6(1)(b) GDPR) and in the legitimate interest of secure, fast, and efficient provision of our online offering (Art. 6(1)(f) GDPR).
Data Processing Agreement: We have concluded a Data Processing Agreement (DPA) with IONOS in accordance with Art. 28 GDPR. IONOS processes personal data exclusively according to our instructions and takes appropriate technical and organizational measures for data protection.
Retention Period: Server logs (IP addresses, access data) are automatically deleted after a maximum of 7 days.
IONOS Privacy Policy: https://www.ionos.de/terms-gtc/datenschutzerklaerung/
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.
The responsible party for data processing on this website is:
Marvin Malessa
Heroldstr. 49, 44894 Bochum, Germany
Phone: +49 234 37999008
Email: datenschutz@luminara-ai.de
This Privacy Policy is governed by the <strong>EU General Data Protection Regulation (GDPR)</strong> and <strong>German federal data protection law (BDSG)</strong>. These regulations provide one of the highest standards of data protection worldwide and apply to all users of our services, regardless of their location.
Unless a more specific storage period is stated in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you submit a legitimate deletion request or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods).
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The lawfulness of data processing carried out until the revocation remains unaffected by the revocation.
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format.
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients, and the purpose of data processing at any time, and, if applicable, a right to correction or deletion of this data.
You have the right to request restriction of the processing of your personal data. You can contact us at any time at the address given in the Legal Notice (Imprint).
For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
The page provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
This data is not merged with other data sources. Data collection is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website.
When you register on our website, the data you enter (name, email address, password) is collected to fulfill the contractual relationship. Data processing is based on Art. 6(1)(b) GDPR (contract fulfillment).
The following data is collected during registration:
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For data collected during the registration process, this is the case when you delete your account or the registration is canceled.
As part of using our service, we store the product data, domain URLs, and configurations you enter. This data is required to provide the AI visibility functionality (Art. 6(1)(b) GDPR). The data is stored as long as your account is active.
To increase the visibility of your business in AI-based searches and recommendations, we make your business, product, and service data available in an AI-optimized format via public interfaces. This data can be accessed by AI systems such as ChatGPT (OpenAI), Google Gemini, Perplexity AI, and other AI assistants.
Note: Only business-related data is transmitted. The customer is responsible for ensuring that data provided via the platform does not contain personal data of third parties (e.g. end customers) without their consent or another legal basis under Art. 6 GDPR.
The following AI systems and their operators may access the provided data:
Data transmission partially occurs to third countries outside the EU/EEA, particularly to the USA.
Legal Basis for Third-Country Transfer:
More information on data protection measures of AI providers:
Data transmission to AI systems is based on the following legal grounds:
You have the right to object to the provision of your data to AI systems at any time.
How to Object:
Consequences of Objection: After deactivation, your data will no longer be provided via AI feeds. This may reduce the discoverability of your business in AI-based searches. Already crawled data may still be available in AI systems for a transition period (typically 30-90 days) until their caches are updated.
Data is provided via our AI feeds as long as your account is active and you have not deactivated AI visibility. AI systems may store the data for their own purposes; the storage duration is beyond our control and is governed by the privacy policies of the respective AI provider.
We do not use any analytics or advertising tools; only technically necessary session cookies for authentication are used. An exception applies exclusively when accessed via a partner link: After your express consent, we set an affiliate tracking cookie <span class="font-mono">affiliate_ref</span> (30 days, HttpOnly, SameSite=Lax) for anonymous assignment of referrals. Details can be found in our <a href="/legal/partnerprogramm-cookies" class="text-primary-600 hover:underline">Cookie Policy</a>.
If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and agree to receive the newsletter. Consent is given through an opt-in procedure.
Data processing is based on Art. 6(1)(a) GDPR. You can revoke your consent at any time. The lawfulness of data processing operations already carried out remains unaffected by the revocation.
Retention period: Your email address is stored for newsletter delivery until you revoke your consent or unsubscribe from the newsletter. After unsubscribing, your email address is deleted without delay.
For sending emails (confirmation emails, password reset, notifications), we use external SMTP service providers. Your email address and the content of the email are transmitted to the service provider. Data processing is based on Art. 6(1)(b) GDPR (contract fulfillment).
For payment processing (credit cards), we use the payment service provider Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA.
Processed Data:
Purpose: Data transmission to Stripe is necessary for contract fulfillment (payment processing, invoicing, subscription management) and fraud prevention.
Legal Basis: Art. 6(1)(b) GDPR (contract fulfillment). Processing is necessary for the performance of the contract.
Third Country Transfer:
Stripe processes personal data partly in the USA. Stripe, Inc. is certified under the EU-US Data Privacy Framework (DPF) and has concluded EU Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR. This ensures an adequate level of data protection.
Retention Period: Stripe retains payment data for the duration of your subscription and for statutory retention periods (in Germany: 10 years for tax-relevant data). Data is deleted after expiry of these periods.
More Information: Stripe Privacy Policy at https://stripe.com/privacy
EU-US Data Privacy Framework: Stripe DPF Certification
For routing AI requests to the 9 AI platforms (ChatGPT, Claude, Perplexity, Gemini, Copilot/Phi-4, DeepSeek, Grok, Z.AI, Kimi), we use OpenRouter LLC, USA.
Only business-related data is transmitted (product/service data, company name). Personal customer data (name, email, address) is NOT shared with OpenRouter or the AI platforms.
Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in providing the AI visibility service).
We have concluded Data Processing Agreements (DPA) with our service providers in accordance with Art. 28 GDPR. Details on data processing can be found in our <a href="/legal/dpa" class="text-primary-600 hover:underline">DPA document</a>.
You have the following rights regarding your personal data:
If you are located in the EU/EEA, you have the right to lodge a complaint with the competent data protection supervisory authority. The supervisory authority responsible for us is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestr. 2–4, 40213 Düsseldorf, Germany, https://www.ldi.nrw.de
For users outside the EU: You may also have data protection rights under the laws of your country of residence. The GDPR provides one of the highest standards of data protection worldwide, which we apply to all our users.
For questions about data protection or to exercise your rights, please contact:
Email: privacy@luminara-ai.de
The contact details of the responsible party can be found in our <a href="/legal/legal-notice" class="text-primary-600 hover:underline">Legal Notice</a>.
This Privacy Policy is governed by <strong>German law</strong> and the <strong>EU General Data Protection Regulation (GDPR)</strong>, which provides one of the highest standards of data protection worldwide. We apply these standards to all users, regardless of their location.
California residents may have additional rights under the California Consumer Privacy Act (CCPA). The GDPR provides similar or higher protection levels. If you are a California resident and wish to exercise your CCPA rights, please contact us at privacy@luminara-ai.de.
UK residents are protected by the UK General Data Protection Regulation (UK-GDPR), which provides similar protections to the EU GDPR. This privacy policy is compliant with both EU GDPR and UK-GDPR.
Last updated: April 1, 2026
This is a translation of the German privacy policy. In case of discrepancies between the English and German versions, the German version shall prevail for users in Germany.