Privacy Policy

Last updated: April 23, 2026

Luma Care USA ("Luma," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at lumacareusa.com (the "Site") or use the Luma platform (the "Service").

1. Information We Collect

Information You Provide

Contact information: Name, email address, phone number, and clinic name when you request a demo or contact us.
Account information: Credentials and profile details when you create an account on the Luma platform.
Clinical data: Patient authorization records, clinical notes, caregiver training logs, and other data you input into the Service. This data may include Protected Health Information (PHI) as defined by HIPAA.

Information Collected Automatically

Usage data: Pages visited, features used, time spent on the Service, and interaction patterns.
Device data: Browser type, operating system, IP address, and device identifiers.
Cookies: We use essential cookies for authentication and functionality. We do not use third-party advertising cookies.

2. How We Use Your Information

To provide, operate, and improve the Service.
To respond to demo requests and communicate with you about our products.
To generate authorization appeals and compliance reports on your behalf.
To monitor and ensure the security of the Service.
To comply with legal obligations, including HIPAA requirements.

3. HIPAA Compliance

Luma processes Protected Health Information (PHI) on behalf of covered entities (ABA clinics). We act as a Business Associate under HIPAA and will enter into a Business Associate Agreement (BAA) with each clinic customer. We implement administrative, physical, and technical safeguards to protect PHI in accordance with the HIPAA Security Rule.

4. How We Share Your Information

We do not sell your personal information or PHI. We may share information in the following circumstances:

Service providers: Trusted third-party vendors who assist in operating the Service (cloud hosting, infrastructure). These vendors are bound by contractual obligations to protect your data.
Legal requirements: When required by law, regulation, legal process, or governmental request.
Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice.
With your consent: When you have given us explicit permission to share specific information.

5. Data Security

We use industry-standard security measures to protect your information, including:

Encryption in transit (TLS 1.2+) and at rest (AES-256).
Role-based access controls with multi-tenant isolation.
Regular security assessments and monitoring.
Azure enterprise-grade cloud infrastructure.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Contact and demo request data is retained for up to 24 months. Clinical data is retained in accordance with your BAA and applicable regulatory requirements. You may request deletion of your data at any time by contacting us.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

Access, correct, or delete your personal information.
Withdraw consent for data processing.
Request a copy of your data in a portable format.
Opt out of marketing communications at any time.

8. Children's Privacy

The Site and Service are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. Clinical data related to minor patients is processed under the authority of the treating clinic and governed by the applicable BAA.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date and, where appropriate, providing additional notice via the Service or email.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Luma Care USA
Email: hello@lumacareusa.com