Luminar ERP/Legal/Privacy

Privacy Policy

What we collect, why we collect it, where it lives, and the rights you have over it.

Last updated · May 1, 2026Effective · May 1, 2026Version · 2026.1

01 Summary

We collect what we need to run your workspace and support your team — nothing more. We don't sell personal data and we don't use Customer Data to train external models.

02 Who is the controller

Luminar ERP, Inc. (“Luminar”) is the data controller for personal data we collect about you when you use the marketing site or sign up for a trial. For data inside a workspace, your organization is the controller and we are the processor.

03 Data we collect

  • Account data: name, work email, password hash, role.
  • Workspace data: company name, subdomain, region, plan.
  • Usage data: which features you use, request counts, error events. Used to operate, debug, and improve the Service.
  • Communications: emails you send to support and notes from onboarding calls.

We do not collect biometric data, government IDs, or special-category data unless your organization explicitly enables a feature that requires it.

04 How we use it

  • To provide, secure, and improve the Service.
  • To authenticate you and prevent abuse.
  • To send transactional email (account, billing, security).
  • To send product updates if you opt in. You can opt out at any time from email footer links or workspace settings.
  • To comply with our legal obligations and exercise our legal rights.

05 Sub-processors

We use a small set of vetted sub-processors: AWS (hosting, in Singapore region), Resend (transactional email), Sentry (error tracking, with PII redaction), and Cloudflare (CDN/WAF). Our current list is published in your workspace settings under “Compliance.”

06 International transfers

Customer Data is stored in AWS Singapore (ap-southeast-1) by default. Enterprise customers can request alternative regions on a case-by-case basis. We transfer only as needed to operate the Service and rely on standard contractual clauses where required.

07 Your rights

Depending on your jurisdiction (RA 10173 — Data Privacy Act of 2012, GDPR, CCPA), you may have the right to access, correct, delete, port, or object to processing of your personal data. Email [email protected] and we will respond within 30 days.

08 Retention

We retain personal data while you have an active account, and for up to 30 days after termination as part of our backup rotation. Audit log entries are retained for 7 years to satisfy financial-compliance obligations.

09 Security

AES-256 at rest, TLS 1.3 in transit, daily encrypted backups, least-privilege access for our staff, and an independent SOC 2 Type II audit annually. Report a vulnerability at [email protected].

10 Changes to this policy

We'll notify workspace owners by email at least 30 days before a material change. The version and effective date are shown at the top of this page.

Questions about this privacy?

Email [email protected] or write to Luminar ERP, Inc., DPO, Makati City, Philippines.