Política de Privacidad

2. Alojamiento

IONOS VPS Hosting

This website and all associated services are hosted on a Virtual Private Server (VPS) provided by IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany).

Processed Data:

• IP addresses of website visitors
• Access timestamps
• Browser information (User-Agent)
• Referrer URLs (from which page did you come?)
• Transferred data volume
• HTTP status codes

Server Location: Data processing takes place exclusively in IONOS data centers in Germany (Karlsruhe). No third-country transfer occurs.

Legal Basis: The use of the hosting provider is for the purpose of contract fulfillment towards our customers (Art. 6(1)(b) GDPR) and in the legitimate interest of secure, fast, and efficient provision of our online offering (Art. 6(1)(f) GDPR).

Data Processing Agreement: We have concluded a Data Processing Agreement (DPA) with IONOS in accordance with Art. 28 GDPR. IONOS processes personal data exclusively according to our instructions and takes appropriate technical and organizational measures for data protection.

Retention Period: Server logs (IP addresses, access data) are automatically deleted after a maximum of 7 days.

IONOS Datenschutzerklärung: https://www.ionos.de/terms-gtc/datenschutzerklaerung/

3. Información General e Información Obligatoria

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

Note on the Responsible Party

The responsible party for data processing on this website is stated in the Legal Notice (Imprint).

Applicable Law

This Privacy Policy is governed by the <strong>EU General Data Protection Regulation (GDPR)</strong> and <strong>German federal data protection law (BDSG)</strong>. These regulations provide one of the highest standards of data protection worldwide and apply to all users of our services, regardless of their location.

Storage Duration

Unless a more specific storage period is stated in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you submit a legitimate deletion request or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods).

Withdrawal of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The lawfulness of data processing carried out until the revocation remains unaffected by the revocation.

Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format.

Information, Deletion, and Correction

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients, and the purpose of data processing at any time, and, if applicable, a right to correction or deletion of this data.

Right to Restriction of Processing

You have the right to request restriction of the processing of your personal data. You can contact us at any time at the address given in the Legal Notice (Imprint).

SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

4. Recopilación de Datos en Este Sitio Web

Server Log Files

The page provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources. Data collection is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website.

Contact Form / Registration

When you register on our website, the data you enter (name, email address, password) is collected to fulfill the contractual relationship. Data processing is based on Art. 6(1)(b) GDPR (contract fulfillment).

The following data is collected during registration:

• Name or company name
• Email address
• Password (stored encrypted)
• Selected plan
• Time of registration

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For data collected during the registration process, this is the case when you delete your account or the registration is canceled.

Product Data and Domain Data

As part of using our service, we store the product data, domain URLs, and configurations you enter. This data is required to provide the AI visibility functionality (Art. 6(1)(b) GDPR). The data is stored as long as your account is active.

5. Provisión de Datos a Sistemas IA (Feeds IA)

Purpose and Legal Basis

To increase the visibility of your business in AI-based searches and recommendations, we make your business, product, and service data available in an AI-optimized format via public interfaces. This data can be accessed by AI systems such as ChatGPT (OpenAI), Google Gemini, Perplexity AI, and other AI assistants.

Transmitted Data

• Company name, business designation
• Business address, location data
• Opening hours, contact details (if provided)
• Product/service descriptions, categories
• Prices, availability
• Publicly visible review information (average rating, number of reviews)
• Images and media (if provided)

Recipients of the Data

The following AI systems and their operators may access the provided data:

• OpenAI (ChatGPT): OpenAI Ireland Limited, 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland (data processing partially in USA)
• Google (Gemini): Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (data processing partially in USA)
• Perplexity AI: Perplexity AI, Inc., USA
• Other AI Assistants: Other AI-based search engines and assistants that index public web data

International Data Transfers

Data transmission partially occurs to third countries outside the EU/EEA, particularly to the USA.

Legal Basis for Third-Country Transfer:

• EU-US Data Privacy Framework: Adequacy decision of the EU Commission (Art. 45 GDPR) for certified US companies
• EU Standard Contractual Clauses (SCCs): According to Art. 46(2)(c) GDPR for non-certified recipients

More information on data protection measures of AI providers:

• OpenAI: https://openai.com/policies/privacy-policy
• Google: https://policies.google.com/privacy
• Perplexity AI: https://www.perplexity.ai/privacy

Legal Basis

Data transmission to AI systems is based on the following legal grounds:

• Art. 6(1)(b) GDPR (Contract Fulfillment): Increasing your visibility in AI searches is an essential part of our service offering.
• Art. 6(1)(f) GDPR (Legitimate Interest): We have a legitimate interest in increasing the reach and discoverability of your business. This interest outweighs your interests in confidentiality, as only publicly visible business data is transmitted.

Right to Object (Art. 21 GDPR)

You have the right to object to the provision of your data to AI systems at any time.

How to Object:

• In Dashboard: Deactivate the "AI Visibility" option in your settings under "Account → Privacy → AI Feeds"
• Via Email: Write to privacy@luminara-ai.de with the subject "Deactivate AI Feeds"

Consequences of Objection: After deactivation, your data will no longer be provided via AI feeds. This may reduce the discoverability of your business in AI-based searches. Already crawled data may still be available in AI systems for a transition period (typically 30-90 days) until their caches are updated.

Storage Duration

Data is provided via our AI feeds as long as your account is active and you have not deactivated AI visibility. AI systems may store the data for their own purposes; the storage duration is beyond our control and is governed by the privacy policies of the respective AI provider.

6. Analítica y Publicidad

No Analytics; Affiliate Cookie Only After Consent

We do not use any analytics or advertising tools; only technically necessary session cookies for authentication are used. An exception applies exclusively when accessed via a partner link: After your express consent, we set an affiliate tracking cookie <span class="font-mono">affiliate_ref</span> (30 days, HttpOnly, SameSite=Lax) for anonymous assignment of referrals. Details can be found in our <a href="/legal/partnerprogramm-cookies" class="text-primary-600 hover:underline">Cookie Policy</a>.

7. Boletín

Newsletter Data

If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and agree to receive the newsletter. Consent is given through an opt-in procedure.

Data processing is based on Art. 6(1)(a) GDPR. You can revoke your consent at any time. The lawfulness of data processing operations already carried out remains unaffected by the revocation.

8. Plugins y Herramientas

Email Sending (SMTP)

For sending emails (confirmation emails, password reset, notifications), we use external SMTP service providers. Your email address and the content of the email are transmitted to the service provider. Data processing is based on Art. 6(1)(b) GDPR (contract fulfillment).

Payment Processing (Stripe)

For payment processing (credit cards, SEPA direct debit), we use the payment service provider Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA.

Processed Data:

• Name, email address
• Billing address
• Payment information (credit card number, IBAN - encrypted by Stripe)
• Transaction data (amount, date, subscription status)
• IP address (for fraud prevention)

Purpose: Data transmission to Stripe is necessary for contract fulfillment (payment processing, invoicing, subscription management) and fraud prevention.

Legal Basis: Art. 6(1)(b) GDPR (contract fulfillment). Processing is necessary for the performance of the contract.

Third Country Transfer:

Stripe processes personal data partly in the USA. Stripe, Inc. is certified under the EU-US Data Privacy Framework (DPF) and has concluded EU Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR. This ensures an adequate level of data protection.

Retention Period: Stripe retains payment data for the duration of your subscription and for statutory retention periods (in Germany: 10 years for tax-relevant data). Data is deleted after expiry of these periods.

More Information: Stripe Privacy Policy at https://stripe.com/privacy

EU-US Data Privacy Framework: Stripe DPF Certification

9. Procesamiento de Datos

We have concluded Data Processing Agreements (DPA) with our service providers in accordance with Art. 28 GDPR. Details on data processing can be found in our <a href="/legal/dpa" class="text-primary-600 hover:underline">DPA document</a>.

10. Tus Derechos

You have the following rights regarding your personal data:

• Right to Access (Art. 15 GDPR): You have the right to request confirmation from us as to whether personal data concerning you is being processed.
• Right to Rectification (Art. 16 GDPR): You have the right to request that we correct inaccurate personal data concerning you without undue delay.
• Right to Erasure (Art. 17 GDPR): You have the right to request that we delete personal data concerning you without undue delay.
• Right to Restriction of Processing (Art. 18 GDPR): You have the right to request that we restrict processing.
• Right to Data Portability (Art. 20 GDPR): You have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format.
• Right to Object (Art. 21 GDPR): You have the right to object at any time to processing of personal data concerning you.

Supervisory Authority

If you are located in the EU/EEA, you have the right to lodge a complaint with the competent data protection supervisory authority. The supervisory authority responsible for us is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestr. 2–4, 40213 Düsseldorf, Germany, https://www.ldi.nrw.de

For users outside the EU: You may also have data protection rights under the laws of your country of residence. The GDPR provides one of the highest standards of data protection worldwide, which we apply to all our users.

11. Contacto

For questions about data protection or to exercise your rights, please contact:

Email: privacy@luminara-ai.de

The contact details of the responsible party can be found in our <a href="/legal/legal-notice" class="text-primary-600 hover:underline">Legal Notice</a>.

12. Información para Usuarios Internacionales

Applicable Law

This Privacy Policy is governed by <strong>German law</strong> and the <strong>EU General Data Protection Regulation (GDPR)</strong>, which provides one of the highest standards of data protection worldwide. We apply these standards to all users, regardless of their location.

For California Residents (US)

California residents may have additional rights under the California Consumer Privacy Act (CCPA). The GDPR provides similar or higher protection levels. If you are a California resident and wish to exercise your CCPA rights, please contact us at privacy@luminara-ai.de.

For UK Residents

UK residents are protected by the UK General Data Protection Regulation (UK-GDPR), which provides similar protections to the EU GDPR. This privacy policy is compliant with both EU GDPR and UK-GDPR.

Última actualización: 24 de enero de 2026

Esta es una traducción de la política de privacidad alemana. En caso de discrepancias entre las versiones en inglés y alemán, prevalecerá la versión alemana para usuarios en Alemania.