Legal & Privacy

Privacy Policy

Last updated: 2026-03-23

Contents

1

Who we are

LumaCare is a care coordination platform for families and caregivers of loved ones who need support. This privacy policy describes how we collect, use, and protect personal data when you use our service.

Data controller: Tvermose IT, Denmark.
Contact: lumacare@tvermose.it

2

What data we collect

We process the following categories of personal data:

  • Account data – name, email address, and authentication identifiers provided during sign-up.
  • Care recipient and family data – names, dates of birth, care notes, schedules, appointments, and event records you create.
  • Health-related data – care notes and event records may contain health information about your care recipient (Article 9 GDPR). We only process this data on your explicit instruction.
  • Usage data – anonymised logs of feature use for improving the platform. No personal identifiers are retained in logs.
  • Media uploads – photos and audio clips you upload to Memory events.
3

Legal basis for processing

  • Contract – to deliver the service you have signed up for.
  • Explicit consent – for processing special-category health data about your care recipient (Article 9(2)(a) GDPR).
  • Legitimate interest – for platform security and abuse prevention.
4

How we store and protect your data

All data is stored within the European Union on Microsoft Azure infrastructure. Data is encrypted at rest and in transit. Access is restricted to authenticated family members and their authorised helpers.

5

Third-party services

We use the following third-party processors:

  • Microsoft Azure – cloud hosting, storage, and authentication (Microsoft Entra External ID).
  • Azure OpenAI Service – voice-to-event transcription and AI assistant features. Transcripts are not retained by the AI service beyond the request.
  • Stripe – payment processing. We do not store your payment card details. Stripe's privacy policy governs how Stripe processes your payment data.
6

Data retention

Your data is retained for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us at lumacare@tvermose.it.

7

Your rights

Under GDPR you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time (without affecting prior processing)

To exercise any of these rights, contact us at lumacare@tvermose.it.

8

Cookies and local storage

LumaCare uses browser local storage and session state solely to maintain your authenticated session and UI preferences. No third-party advertising or tracking cookies are used.

9

Changes to this policy

We may update this policy from time to time. Significant changes will be communicated via the app or by email. The date at the top of this page indicates when it was last revised.

10

Contact and complaints

For any privacy-related queries contact lumacare@tvermose.it.

You also have the right to lodge a complaint with your national data protection authority. In Denmark: Datatilsynet.

Questions about your data?

We're happy to help with any privacy-related questions.

lumacare@tvermose.it About LumaCare