Privacy Policy

Introduction

ÆtherLight ("we," "us," or "our") operates the Lumina software application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We take your privacy seriously. This policy describes what data we collect, why we collect it, and how you can manage your information.

Information We Collect

Account Information

When you create an account, we collect:

• Email address (required)
• Full name (optional)
• GitHub username (optional)
• Password (encrypted, never stored in plain text)

Usage Data

We automatically collect certain information about your device and how you interact with our Service:

• Device type and operating system
• IP address (for security and analytics)
• Browser type and version
• Pages visited and features used
• Time and date of access
• Error logs and diagnostic information

Content You Create

When you use Lumina, we store:

• Voice transcriptions: Text output from voice commands (audio files are processed locally and immediately deleted)
• Patterns: Design decisions and reasoning chains you create (opt-in sharing only)
• Sprint data: Tasks, progress tracking, and project management information
• Settings: Your preferences and configuration

Important: We NEVER collect or store raw audio recordings, API keys, passwords, or sensitive code from your projects. All sensitive data remains local to your device.

How We Use Your Information

We use the collected information to:

• Provide, operate, and maintain the Service
• Improve and personalize your experience
• Communicate with you (product updates, security alerts, support)
• Process transactions and manage subscriptions
• Detect and prevent fraud, abuse, and security issues
• Analyze usage patterns to improve our Service
• Comply with legal obligations

Data Storage and Security

Where Your Data Lives

• Local storage: Patterns, voice transcriptions, and sensitive data are stored locally on your device using SQLite and ChromaDB
• Cloud storage (Supabase): Account information, subscription data, and opt-in shared patterns are stored on secure servers hosted in the United States
• Mesh network (beta): If you opt in, patterns may be replicated across your Circle of Trust nodes using end-to-end encryption

Security Measures

We implement industry-standard security measures:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Zero-knowledge encryption for shared patterns (we cannot decrypt your data)
• Regular security audits and penetration testing
• Multi-factor authentication (optional)
• Access logging and monitoring

Note: While we take security seriously, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Sharing Your Information

We do NOT sell your personal information. We only share your data in these limited circumstances:

• With your consent: When you explicitly opt in to share patterns with teammates or the community
• Service providers: Trusted third parties who help us operate the Service (Supabase for database, Stripe for payments, OpenAI for voice transcription)
• Legal requirements: When required by law, subpoena, or government request
• Business transfers: In the event of a merger, acquisition, or sale of assets (you will be notified)
• Security and fraud prevention: To protect our users and prevent abuse

Your Rights and Choices

You have the following rights regarding your data:

• Access: Request a copy of all personal data we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data (some data may be retained for legal compliance)
• Portability: Export your data in a machine-readable format
• Opt-out: Unsubscribe from marketing emails (service emails still required)
• Restrict processing: Limit how we use your data

To exercise these rights, email us at privacy@aetherlight.dev

Cookies and Tracking

We use cookies and similar technologies to:

• Keep you signed in
• Remember your preferences
• Analyze usage patterns (Google Analytics, optional)
• Prevent fraud and abuse

You can control cookies through your browser settings. Note that disabling cookies may limit functionality.

Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us immediately at privacy@aetherlight.dev

International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place (Standard Contractual Clauses, GDPR compliance).

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via:

• Email notification (if you have an account)
• Prominent notice on our website
• In-app notification

Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices:

GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to be forgotten
• Right to restrict processing
• Right to object to processing
• Right to lodge a complaint with your local Data Protection Authority

Our legal basis for processing your data is consent, contract performance, and legitimate interests.

California Privacy Rights (CCPA)

California residents have the right to:

• Know what personal information is collected
• Know if personal information is sold or disclosed
• Say no to the sale of personal information (we don't sell your data)
• Access your personal information
• Request deletion of personal information
• Not be discriminated against for exercising your rights