lumatara
Sign in Get started free

Privacy Policy

Last updated: May 29, 2026

1. Who we are

Lumatara ("we", "our", "us") operates lumatara.com and the Lumatara web application. This policy explains what data we collect, why we collect it, and how we protect it. If you have questions, email us at hello@lumatara.com.

2. Data we collect

Account data — When you sign up, we store your email address and a hashed password. We do not store payment information directly; payments (when introduced) will be handled by a third-party processor.

Portfolio data — If you use the investment tracker, we store the holdings, transaction history, and NAV data you import or sync. This data is yours and is never shared.

Usage data — We use Vercel Analytics to collect anonymised, aggregated page view counts and Core Web Vitals. Vercel Analytics does not use cookies and does not track individuals across sites.

Broker credentials — When you connect Zerodha or another broker via OAuth, we store only the access tokens required to sync your holdings. We never store your broker username or password.

3. How we use your data

  • To provide and improve the Lumatara service.
  • To send transactional emails (e.g. account verification, password reset). We do not send marketing emails without explicit consent.
  • To diagnose bugs and monitor service health using aggregated logs.
  • We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Data storage and security

All user data is stored in Supabase, hosted on AWS in the Asia Pacific (Mumbai) region. Supabase enforces row-level security — your data is only accessible to your authenticated session.

Data is encrypted in transit (TLS 1.2+) and at rest. We apply the principle of least privilege to all database access.

5. Cookies

Lumatara uses a minimal session cookie to keep you logged in (via Supabase Auth). We do not use advertising cookies, tracking pixels, or third-party analytics cookies. Vercel Analytics is cookie-free.

6. Your rights

You have the right to:

  • Access — request a copy of all data we hold about you.
  • Correction — ask us to correct inaccurate data.
  • Deletion — request deletion of your account and all associated data. Email us and we will process it within 30 days.
  • Portability — export your portfolio data at any time using the CSV export feature in the app.

7. Third-party services

  • Supabase — database and authentication. Privacy policy.
  • Vercel — hosting and analytics. Privacy policy.
  • AMFI — mutual fund NAV data. Public data, no personal data involved.
  • open.er-api.com — exchange rate data. Public data, no personal data involved.

8. Children

Lumatara is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

9. Changes to this policy

We may update this policy. When we do, we will update the "Last updated" date at the top. Material changes will be communicated by email to registered users.

10. Contact

Questions about this policy? Email us at hello@lumatara.com.