Luminel

Get Started

Legal

Privacy Policy

Last updated: February 25, 2026

Overview

Luminel is a privacy-focused web analytics platform. We are committed to collecting only what is strictly necessary to provide the service — no personal data, no cookies, no cross-site tracking.

This policy covers two distinct contexts: (1) data collected from visitors of websites that use the Luminel analytics script, and (2) data collected from Luminel account holders who use our dashboard.

Data Collected from Website Visitors

When a website uses Luminel, our script records the following information for each pageview:

  • Page URL and referrer
  • Browser name and version
  • Operating system
  • Device type (desktop, mobile, tablet)
  • Country, region, and city (derived from IP address)
  • Screen viewport size
  • Preferred language
  • UTM campaign parameters (if present in the URL)

We do not collect or store IP addresses. IP addresses are used only in-flight to derive geo information and to generate a deterministic, anonymous session ID — then immediately discarded.

Session and visit IDs are computed as cryptographic hashes of the website ID, a hashed IP, the user-agent string, and a time-based salt (monthly for sessions, hourly for visits). This means two pageviews from the same person are grouped together for analytics purposes without storing any persistent identifier. No cookies are set.

Data Collected from Account Holders

To use the Luminel dashboard, you sign in with Google OAuth. We store:

  • Your name and email address (from Google)
  • Your profile picture URL
  • A session token for keeping you logged in
  • The websites you add to your account

We do not sell, share, or use this information for advertising purposes. It is used solely to authenticate you and associate your analytics data with your account.

Cookies

Luminel does not set any cookies on visitors of tracked websites. For dashboard users, a session cookie is set by BetterAuth to maintain your login state. This cookie is strictly necessary for the service to function and expires when your session ends or after 7 days.

Data Retention

Analytics data (pageviews, events) is retained for as long as your account is active. You may delete a website and all its associated data from the dashboard at any time. Account data is deleted upon account deletion.

Data Storage & Security

All data is stored in a PostgreSQL database hosted on Neon, with encryption at rest and in transit (TLS). The Luminel application is hosted on Vercel. Both providers maintain SOC 2 compliance.

Third-Party Services

We use the following third-party services:

  • Google OAuth — for account authentication
  • Neon — serverless PostgreSQL database
  • Vercel — application hosting and edge infrastructure

Each of these services has their own privacy policy and data processing agreements.

GDPR & Privacy Regulations

Because Luminel does not use cookies, does not track visitors across sites, and does not store personal data about website visitors, it is designed to be used without a cookie consent banner. However, compliance ultimately depends on your specific use case and jurisdiction. We recommend consulting a legal professional if you have specific compliance requirements.

Your Rights

As a Luminel account holder, you may request access to, correction of, or deletion of your personal data at any time. To exercise these rights, contact us at hello@luminel.app.

Changes to This Policy

We may update this policy from time to time. If we make material changes, we will update the date at the top of this page. Continued use of Luminel after changes constitutes acceptance of the updated policy.

Contact

Questions about this policy? Reach us at hello@luminel.app.