Privacy Policy
Last updated:
1. Who we are
Lumenism S.L. (“Lumenism”, “we”, “our”) is a private company incorporated in Spain and operating under EU law. We run the Symbolic Identity personality experience available at lumenism.com (the “Service”).
Contact us at support@thelumenism.com.
2. What data we collect & why
| Category | Examples | Legal basis |
|---|---|---|
| Account data | Email, hashed password (optional) | Contract (GDPR Art. 6-1-b) |
| Assessment responses | 120 IPIP-NEO items + optional demographics | Consent (Art. 6-1-a) |
| Derived scores | 5 domains, 30 facets, 9 sub-bands, symbolic label & narratives | Legitimate interest (Art. 6-1-f) |
| Device & usage | IP, browser UA, coarse location, logs | Legitimate interest (Art. 6-1-f) |
| Payment data | Tokenised card details via Stripe | Contract / Legal obligation |
We do not intentionally collect special-category data (GDPR Art. 9).
3. Where we store data
Primary data are hosted on Supabase in Frankfurt (EU). Daily encrypted backups stay in the same region. Log files rotate after 30 days; anonymised analytics are kept indefinitely.
4. Sub-processors
- Supabase – database & auth (EU)
- Vercel – hosting & edge logs (EU deployment)
- Stripe – payments (tokenised, EU)
- Plausible – self-hosted analytics (EU)
- Postmark – transactional email (EU)
5. Data retention
- Assessment data – 24 months from last activity.
- Account data – until you delete your account.
- Billing records – 6 years (tax).
Delete your data any time from settings or email us; erasure completes within 30 days.
6. Your rights
Access, rectify, erase, port or object to processing (GDPR Art. 15-22). Write to support@thelumenism.com — we reply within 30 days.
7. Automated profiling notice
We algorithmically calculate an OCEAN profile (domains, facets, nine-level sub-bands) and a “Symbolic Identity” label. These outputs are reflective only, not diagnostic.
8. Children
Users must be 16 +. We delete unintended minor data immediately.
9. Changes to this policy
Major updates are emailed to registered users and posted 14 days in advance.
10. Cookies & Local Storage
We set one essential cookie (Supabase session) and store your theme preference in localStorage. No marketing, retargeting or cross-site tracking cookies are used.
© 2025 Lumenism S.L.