Privacy Policy

Last updated: April 6, 2026

1. Who We Are

Luno Studio (“we”, “us”, “our”) operates the AI video and image generation platform at lunostudio.ai. This Privacy Policy explains how we collect, use, and protect your personal data when you use our Service.

2. Data We Collect

Account Data

When you create an account, we collect your email address and authentication credentials (managed by Supabase Auth).

Billing Data

Payment processing is handled by Stripe. We store your Stripe customer ID and subscription status. We do not store your credit card number, CVV, or full card details — Stripe handles this in their PCI-compliant environment.

Usage Data

We collect data about your use of the Service, including: generation prompts, model selections, credit consumption, timestamps, and project metadata. This data is used to deliver the Service and improve our platform.

Technical Data

We automatically collect IP address, browser type, device information, timezone, and referring URL when you access the Service.

3. How We Use Your Data

  • Service delivery: Processing your generations, managing credits, and maintaining your account.
  • Billing: Processing payments, issuing receipts, and managing subscriptions via Stripe.
  • Fraud prevention: Detecting and preventing abuse, unauthorized access, and payment fraud.
  • Communication: Sending transactional emails (receipts, account alerts, service updates).
  • Improvement: Analyzing anonymized, aggregated usage patterns to improve the platform.

4. Data Sharing

We share data only with the following categories of processors:

  • Stripe — payment processing and fraud detection.
  • Supabase — database hosting and authentication.
  • Vercel — application hosting and CDN.
  • Third-party AI model providers (Google, OpenAI, ByteDance, Runway, etc.) — we send your generation prompts to these providers to produce outputs. We do not send your personal identity to model providers.

We do not sell your personal data. We do not share your data with advertisers.

5. Data Retention

  • Account data is retained for as long as your account is active.
  • Generated content is stored for the duration of your project’s lifecycle.
  • Billing records (invoices, receipts, ledger entries) are retained for 7 years for legal and tax compliance.
  • Stripe webhook event logs are retained for 90 days.
  • Upon account deletion, personal data is removed within 30 days. Anonymized, aggregated data may be retained indefinitely.

6. Data Security

We use industry-standard security measures to protect your data, including: encrypted connections (TLS), secure authentication, row-level security on database tables, and access controls. Payment data is processed in Stripe’s PCI DSS Level 1 certified environment.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (“right to be forgotten”).
  • Export your data in a portable format.
  • Object to or restrict certain processing.

To exercise any of these rights, email support@lunostudio.ai. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies.

9. Children’s Privacy

The Service is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Service. The “Last updated” date at the top reflects the most recent revision.

11. Contact

For privacy-related questions or requests, contact us at support@lunostudio.ai.