Privacy Policy

Effective date: March 7, 2026

1. Introduction

Luminary ("we," "us," or "our") operates the Luminary mobile application and the luminary.app website (collectively, the "Service"). This Privacy Policy explains what personal data we collect, how we use it, and the choices you have regarding your information. By using Luminary, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect only the information necessary to provide you with personalized Genshin Impact advice. This includes:

  • Account information: Your email address, provided when you sign up or create an account.
  • Game data: Your Genshin Impact UID, character roster (including levels, constellations, weapons, artifacts, and talent levels), Adventure Rank, server region, and other publicly available game account data accessed through the HoYoLab API.
  • Chat messages: Messages you send to our AI companion, along with the AI-generated responses. These are stored to provide conversation history and to improve the quality of recommendations.
  • Usage analytics: App interactions, feature usage patterns, session duration, screens visited, and error logs used to improve the Service.
  • Device information: Device type, model, operating system version, app version, unique device identifiers, and crash diagnostics.

We do NOT collect: HoYoverse or HoYoLab account passwords, payment card numbers (all payment processing is handled securely by the Apple App Store and Google Play Store), or private in-game messages.

3. How We Use Your Data

Your data is used to provide and improve the Service:

  • AI-powered game advice: Your roster data, chat messages, and game context are sent to our AI models to generate personalized team compositions, build reviews, pull planning, and gameplay recommendations.
  • Personalization: We use your game data and usage patterns to tailor the experience to your account, including relevant character suggestions, farming routes, and content recommendations.
  • Analytics and improvement: Aggregated, anonymized analytics help us understand usage patterns, identify bugs, optimize performance, and prioritize features.
  • Advertising: We display ads to free-tier users through Google AdMob. AdMob may use device identifiers and usage data to serve relevant ads. You can opt out of personalized ads through your device settings. Paid subscribers do not see ads.
  • App Tracking Transparency (iOS): On iOS, we request your permission via Apple's App Tracking Transparency framework before accessing your device's advertising identifier (IDFA). You can change this permission at any time in your device's Settings. If you deny tracking, you will still see ads, but they will not be personalized based on cross-app data.
  • Communications: We send product announcements, service notifications, and important updates. You can unsubscribe from non-essential communications at any time.
  • No data sales: We never sell, rent, or trade your personal data to third parties for their own marketing purposes.

4. Third-Party Services

We use the following third-party services to operate Luminary. Each service has its own privacy policy governing data it processes:

  • Google Gemini AI: Your chat messages and roster context are sent to Google's Gemini API to generate AI-powered responses. Google's AI data usage is governed by the Gemini API Terms of Service. Data sent via the paid API is not used to train Google's models.
  • Firebase Analytics & Crashlytics (Google): Used for anonymized app usage analytics, crash reporting, and performance monitoring. Data includes device type, OS version, app interactions, and crash stack traces.
  • Google AdMob: Serves ads to free-tier users. AdMob may collect device identifiers, IP address, and interaction data to deliver and measure ads. You can opt out of personalized advertising in your device's privacy settings.
  • Supabase: Provides our database, user authentication, and file storage infrastructure. Your account data, game data, and chat history are stored in Supabase's secure PostgreSQL database. Authentication is handled via Supabase Auth (GoTrue).
  • RevenueCat: Manages in-app subscriptions and purchase verification. RevenueCat receives your anonymized user ID and purchase data to manage subscription status across platforms.
  • Sentry: Provides error monitoring and performance tracking. Sentry receives error reports, stack traces, and limited device context to help us identify and fix bugs.
  • HoYoverse (HoYoLab API): We access your publicly visible Genshin Impact game data through HoYoLab's public API. This is strictly read-only access. We never receive or store your HoYoverse account password.

5. HoYoLab Integration

Luminary integrates with HoYoLab to provide roster-aware recommendations. Here is exactly how that works:

  • We access your Genshin Impact data exclusively through HoYoLab's public API. Only information you have made publicly visible on HoYoLab is accessible to us.
  • All access is strictly read-only. We cannot modify your HoYoverse account, your in-game data, or any settings on your behalf.
  • We never ask for, receive, or store your HoYoLab or HoYoverse password. Authentication to HoYoLab is handled entirely on their platform.
  • If you disconnect your HoYoLab account from Luminary, all synced game data is wiped from our servers immediately.

6. Data Storage & Security

We take the security of your data seriously and employ industry-standard measures to protect it:

  • All data is stored on secure, encrypted servers with access restricted to essential personnel only.
  • All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security).
  • Authentication tokens (JWT) are used for API access and expire regularly to limit exposure.
  • Database access is restricted via connection pooling with minimal permissions, and all queries use parameterized inputs to prevent injection attacks.

7. Data Retention & Deletion

We retain your data only for as long as your account is active or as needed to provide the Service:

  • Account deletion: You can delete your account at any time through the app (Settings > Delete Account). Upon deletion, your account is marked for removal.
  • 30-day retention period: After account deletion, your data is retained for 30 days to allow for account recovery if requested. After 30 days, all personal data (account information, game data, chat history, and usage data) is permanently purged from our systems.
  • Chat messages: Chat conversations with the AI companion are automatically deleted after 90 days. You can manually clear your chat history at any time through the app's Settings.
  • Anonymized data: Aggregated, anonymized analytics data that cannot be linked back to you may be retained indefinitely for service improvement purposes.
  • HoYoLab data: If you disconnect your HoYoLab integration (without deleting your account), synced game data is removed from our servers immediately.

8. Your Rights (GDPR & Global Privacy)

Regardless of where you live, we provide all users with the following data rights. If you are in the European Economic Area (EEA), United Kingdom, or another jurisdiction with data protection laws, these rights are guaranteed under applicable law:

Legal basis for processing (GDPR): We process your data based on: (a) your consent when you create an account and connect your game data; (b) contractual necessity to provide the Service you requested; (c) legitimate interests in improving the Service and preventing abuse, balanced against your privacy rights.

  • Right to access: You can request a copy of all personal data we hold about you. Contact us and we will provide a data export within 30 days.
  • Right to deletion: You can request permanent deletion of all your personal data. Use Settings > Delete Account in the app, or contact us directly. We will comply within 30 days.
  • Right to rectification: You can request correction of any inaccurate personal data we hold about you.
  • Right to data portability: You can request your data in a structured, machine-readable format (JSON export).
  • Right to object: You can object to data processing based on legitimate interests, including opting out of personalized advertising.
  • Disconnect HoYoLab: Revoke Luminary's access to your game data at any time. All synced game data is wiped from our servers instantly upon disconnection.
  • Unsubscribe from communications: Opt out of marketing emails and non-essential notifications at any time using the unsubscribe link in our emails or through your account settings.

To exercise any of these rights, contact us at support@luminary.app. We will respond within 30 days.

9. Cookies & Analytics

  • Our website uses minimal cookies for essential functionality (e.g., remembering preferences). We do not use third-party advertising trackers on the website.
  • The mobile app uses Firebase Analytics for anonymized usage analytics and Crashlytics for crash reporting. This data is aggregated and cannot be used to identify individual users.
  • You can disable analytics collection and personalized ads through your device's privacy settings. Disabling analytics does not affect the core functionality of the app.

10. Children's Privacy

Luminary is intended for users aged 13 and older. We do not knowingly collect personal information from children under the age of 13. If you are a parent or guardian and believe your child under 13 has provided us with personal data, please contact us at support@luminary.app and we will promptly delete the information from our systems. Users between the ages of 13 and 18 should have parental or guardian consent before using the Service.

11. International Data Transfers

Your data may be processed in countries other than your country of residence, including the United States and Singapore, where our servers and third-party service providers are located. We ensure that appropriate safeguards are in place to protect your data in compliance with applicable data protection laws, including standard contractual clauses where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we will notify you by email or through a prominent notice within the app. We encourage you to review this page periodically for the latest information on our privacy practices. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us: