Solar – Privacy Policy and Terms of Service
Privacy Policy
Last updated: May 13, 2025
1. Who We Are
Lumenary, Inc. ("Lumenary," "we," "us") provides the Solar app‑generation platform, including the marketing site available at https://try.solar and the application hosted at https://solarapp.dev (collectively, the "Service"). Lumenary, Inc. is the data controller for personal data processed through the Service. Privacy inquiries: [email protected]
2. Scope
This Privacy Policy explains how we collect, use, disclose, and secure information about end‑users and account‑holders (collectively, "Users"). It applies to all visitors to the Service worldwide.
3. What We Collect
| Category | Examples | Source | Purpose | Retention |
|---|---|---|---|---|
| Identifiers | Email address, account UID | Direct from User | Account creation, authentication | Life of account + 30 days |
| Internet / device data | IP address, device type, browser, interactions, pages visited | Automatic via PostHog client SDK & server logs | Analytics, debugging, security monitoring | 18 months (analytics) / 30 days (raw logs) |
| Diagnostic data | Error traces, stack traces | Automatic via Sentry | Error resolution | 90 days |
| Performance metrics | CPU, memory, latency, infra events | Automatic via Datadog | Infrastructure monitoring | 13 months |
| Application data | Content you store in InstantDB (projects, text, code) | Direct from User | Provide core functionality | Until deleted by user or 30 days post‑account deletion |
We do not collect payment card data—payments are processed exclusively by Stripe.
4. Cookies & Tracking Technologies
We use first‑party cookies/tags from PostHog to measure usage patterns. Essential cookies cannot be declined. We currently do not respond to browser‑based "Do Not Track" signals. Analytics cookies load only after consent from EU/UK visitors (GDPR Art 6(1)(a)). Manage preferences any time via the “Cookie Settings” link in the site footer.
5. How We Use Information
(legal bases in parentheses)
- Operate and maintain the Service (Contract)
- Diagnose and fix bugs (Legitimate Interest)
- Analyze product usage and improve features (Consent / Legitimate Interest)
- Send transactional emails (Contract)
- Send product updates & YC‑style announcements you opt into (Consent)
- Detect, prevent, and respond to abuse or security incidents (Legitimate Interest / Legal Obligation)
6. How We Share Information
- $1- Organization accounts: If you sign up using an email address controlled by your employer or another organization, we may share your email and account status with that organization’s administrators.
- Corporate Events: merger, financing, acquisition (with notice).
- Legal: government or court requests where required. We do not sell or share personal data for cross‑context behavioral advertising as defined by the California Consumer Privacy Rights Act ("CPRA"), including for users under 16.
7. International Transfers
We host data in the United States. When EU/UK data is transferred, we rely on Standard Contractual Clauses and implement supplementary safeguards (TLS 1.3 in transit, AES‑256 at rest).
8. Your Rights
| Region | Rights & how to exercise |
|---|---|
| EU/EEA/UK | Access, rectify, erase, restrict processing, data portability, object. Email [email protected]. We respond within 30 days. You may lodge complaints with your local supervisory authority. |
| California | Know, delete, correct, limit use of sensitive data, opt-out of sale/share (not applicable). Use our web request form or email above. |
| Other U.S. States | We extend similar rights (access + deletion) to all Users. |
9. Data Security
We employ industry‑standard controls including: • TLS 1.3 encryption in transit • AES‑256 encryption at rest • Role‑based access & MFA for staff • 24×7 infrastructure monitoring (Datadog) • Access to personal data is limited to authorized personnel and vetted sub‑processors under written contracts. Despite these measures, no system is 100% secure.
10. Data Retention
We retain personal data only as long as necessary for the purposes above or to comply with legal obligations, then delete or anonymize it. Specific periods appear in §3.
11. Children
Solar is not directed to anyone under 13. We do not knowingly collect data from children. Parents who believe a child has provided information should contact us for deletion.
12. Changes
We will post any changes on this page and update the "Last updated" date. Material changes will be announced by email or service banner 14 days before they take effect. Where required by law, we will seek your consent before those changes apply.
13. Contact
Lumenary, Inc.