Lunaar

Last updated: 2026-04-30

Privacy Policy

Not legal advice. This template is provided as a starting point. Consult counsel before relying on it for production.

This Privacy Policy explains how Lunaar Vision (“Lunaar”, “we”, “our”, or “us”) collects, uses, and discloses information when you create an account, generate an API key, or call any endpoint of the Lunaar Developer Platform available at platform.lunaarvision.com(the “Service”). By using the Service you agree to the practices described below.

1. Information We Collect

We collect three categories of information:

  • Account information. Name, email address, hashed password, organization name, country of residence, and any optional profile fields you provide.
  • API usage logs. For each API call: the endpoint, timestamp, originating IP, request size, response code, latency, credit cost, and the opaque identifier of the API key used. Inputs and outputs of AI endpoints (images, prompts, generated assets) are retained for the period described in Section 4.
  • Billing information. Plan tier, invoice history, and limited payment metadata (card brand, last 4 digits, billing address). Full card numbers are tokenized by our payment processor and never touch our servers.

2. How We Use It

We use the information above to: provide, operate, and improve the Service; authenticate requests and prevent abuse; meter credits and generate invoices; surface usage analytics in your dashboard; debug failed jobs and respond to support tickets; send transactional email about your account, billing, or material changes to the Service; and comply with legal obligations.

We do not sell your personal information, and we do not use the content of your API requests to train new foundation models unless you have explicitly opted in.

3. Data Sharing

We share information with a small set of vetted sub-processors, each bound by a written data processing agreement:

  • Iyzico — payment processing for card-based subscriptions and one-off charges.
  • Amazon Web Services (AWS) — object storage (S3), database hosting, and compute for the control plane and inference workers.
  • OpenAI and HuggingFace — third-party AI inference providers used by some of our endpoints. Inputs are transmitted in real time and are subject to the providers’ respective data processing terms.
  • Transactional email providers — for account verification, password reset, and billing notifications.

We may also disclose information when required by law, in response to a valid subpoena or court order, or to protect the rights, property, or safety of Lunaar, our users, or the public.

4. Storage & Retention

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Account information is retained for the lifetime of your account and for up to 12 months after deletion to satisfy tax and audit obligations. API request and response payloads are retained according to your plan: 7 days on Starter, 30 days on Growth, and 90 days on Pro. Aggregated, non-identifying usage metrics may be retained indefinitely for capacity planning and billing reconciliation.

5. Your Rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal information we hold about you, to object to or restrict certain processing, and to lodge a complaint with your local data protection authority. If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) applies. If you are located in Türkiye, the Personal Data Protection Law (KVKK, Law No. 6698) applies. To exercise any of these rights, email support@lunaarvision.com. We respond within 30 days.

6. Cookies

The dashboard uses a small number of strictly necessary cookies to keep you signed in and to remember your theme preference. We do not use advertising cookies. We use first-party analytics on the marketing pages only, with IP addresses truncated before storage.

7. International Transfers

Lunaar is headquartered in Türkiye, and our primary infrastructure is hosted in AWS regions in Europe. When we share data with sub-processors located outside your country, we rely on Standard Contractual Clauses or other lawful transfer mechanisms to safeguard the information.

8. Children’s Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

9. Changes to This Policy

We may update this policy from time to time. When we make material changes we will notify you by email and update the “Last updated” date above. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

10. Contact

Questions, complaints, or data subject requests can be sent to support@lunaarvision.com. Postal mail can be addressed to Lunaar Vision, attn: Data Protection Officer, Türkiye.