Lunetra

Privacy Policy

Last Updated: June 17, 2025

1. Introduction

Welcome to Lunetra. This service is operated by Shaunak Choudhury, an individual based in India ("we," "our," or "us"). We are committed to protecting the data and privacy of our customers.

This Privacy Policy explains how we handle information in connection with our AI chatbot platform (the "Service"). It is important to distinguish between two types of data:

  • For our business customers who sign up for the Service ("Customers"), we act as the Data Controller for their account information.
  • For the data our Customers upload to train their chatbots ("Customer Content"), the Customer is the Data Controller, and we act as the Data Processor.

2. Information We Process and Why

2.1 Customer Account Data

When you create an account, we collect necessary information to provide you with the Service.

  • What we collect: Your name and email address.
  • How: This is collected and managed via our third-party authentication provider, Clerk.
  • Legal Basis (GDPR): To perform our contract with you.

2.2 Customer Billing Data

When you subscribe to a paid plan, our payment processor collects your payment information.

  • What is collected: Billing name, address, and payment card information.
  • How: This is collected directly by our payment processor, Dodopayments. We do not store your full payment card details on our servers.
  • Legal Basis (GDPR): To perform our contract with you.

2.3 Customer Content

This is the data you provide to train your chatbot (e.g., website URLs we scrape on your behalf, documents you upload, text you provide).

  • What we process: The content of the data you provide. This data belongs to you. We process it to create vector embeddings and enable your chatbot to function.
  • Our Commitment: We will never use your Customer Content to train our own models or for any purpose other than providing the Service to you.
  • Legal Basis (GDPR): Processing on your behalf, based on our contractual agreement and your legitimate interests.

2.4 End-User Interaction Data

This is data from the conversations your end-users have with your chatbot.

  • What we process: The questions asked by end-users and the conversation history.
  • What we DO NOT collect: We are committed to privacy. We do not collect or store personal identifiers from your end-users, such as IP addresses, browser details, or device identifiers. The conversation data is processed to provide the service but is not logged against an identifiable individual.

3. Data Sharing and Sub-processors

We do not sell your data. We use a limited number of trusted third-party services (sub-processors) to provide our Service. We have verified that these providers are compliant with relevant data protection laws.

  • Authentication: Clerk (USA)
  • Payments: Dodopayments
  • Cloud Hosting & Databases: DigitalOcean (We use their Frankfurt, Germany (EU) datacenter for hosting Customer Content and databases).
  • AI Model Provider: OpenAI (USA)

4. International Data Transfers

Your information may be processed in countries other than your own. We take specific measures to protect your data when it is transferred.

  • EU Data: All Customer Content is stored and processed in DigitalOcean's datacenter in Frankfurt, Germany, within the European Union.
  • Transfers for Sub-processing: Some of our sub-processors (like Clerk or our AI provider) are based in the USA. When data is transferred to them, it is protected under legal mechanisms compliant with GDPR, such as Standard Contractual Clauses (SCCs).

5. Data Security and Retention

We implement appropriate technical and organizational measures to protect your data. We retain your Customer Account Data for as long as your account is active. We retain your Customer Content for the duration of your subscription and will securely delete it within 30 days of your account being terminated.

6. Your Data Protection Rights

You have rights regarding your personal data. Depending on your location (such as under GDPR or other laws), these may include:

  • The right to access, update, or delete your account information.
  • The right to rectification (correcting data).
  • The right to object to processing.
  • The right to data portability.

To exercise these rights for your account data, please contact us. If you receive a data rights request from one of your End-Users, we will assist you in fulfilling that request as required by law.

7. Changes to This Privacy Policy

We may update this policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.

8. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

privacy@lunetrahq.com