Privacy Policy
Last Updated: December 28, 2025
1. Introduction
This Privacy Policy explains how Alexander Bakharev ("we," "us," "our"), operating Luna's Room (lunasroom.com), collects, uses, and protects your personal data when you use our Service.
We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Data Controller:
Alexander Bakharev
Portugal
Email: sec.postmaster@gmail.com
2. Information We Collect
2.1 Information You Provide
- Account Information: Email address, password, username
- Payment Information: Processed by Stripe; we do not store full payment card details
- Chat Content: Messages you send to the AI, including any personal information you choose to share
- Profile Data: Any preferences or settings you configure
2.2 Information Collected Automatically
- Device Information: Browser type, operating system, device type
- Usage Data: Pages visited, features used, timestamps, session duration
- IP Address: Used for security and approximate location
- Cookies: See Section 8 for details
2.3 Sensitive Information
You may choose to share sensitive personal information (health, beliefs, relationships, etc.) in your conversations with the AI. By providing such information, you consent to our processing it solely to provide the Service. We do not use conversation content for marketing or advertising.
3. How We Use Your Information
We process your personal data for the following purposes:
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Provide and operate the Service | Contract performance |
| Process payments and manage subscriptions | Contract performance |
| Generate AI responses to your messages | Contract performance |
| Improve AI quality and Service functionality | Legitimate interest |
| Send service-related communications | Contract performance |
| Prevent fraud and ensure security | Legitimate interest |
| Comply with legal obligations | Legal obligation |
We do NOT:
- Sell your personal data
- Use your conversation content for advertising
- Share your chat history with third parties for marketing
4. Data Sharing
We share your data only with:
4.1 Service Providers
| Provider | Purpose | Location |
|---|---|---|
| Vercel | Website hosting | USA (EU data centers available) |
| Supabase | Database and authentication | USA/EU |
| Stripe | Payment processing | USA (EU-US Data Privacy Framework) |
| Anthropic | AI chat processing | USA |
| Google Analytics | Website analytics | USA |
These providers process data on our behalf under data processing agreements.
4.2 Legal Requirements
We may disclose data if required by law, court order, or to protect our legal rights.
4.3 Business Transfers
In case of merger, acquisition, or sale of assets, your data may be transferred to the successor entity.
5. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure adequate protection through:
- EU-US Data Privacy Framework (where applicable)
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
6. Data Retention
We retain your data as follows:
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + 30 days |
| Chat history | Until account deletion or upon request |
| Payment records | 7 years (legal requirement) |
| Server logs | 90 days |
| Analytics data | 26 months |
Upon account deletion, we delete or anonymize your data within 30 days, except where retention is required by law.
7. Your Rights (GDPR)
You have the following rights regarding your personal data:
- Access: Request a copy of your data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we process your data
- Portability: Receive your data in a machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Where processing is based on consent
How to Exercise Your Rights
- Email: sec.postmaster@gmail.com
- Account Settings: Delete account, download data (where available)
We will respond within 30 days. We may request identity verification before processing requests.
Right to Complain
You have the right to lodge a complaint with a supervisory authority. In Portugal, this is:
Comissão Nacional de Proteção de Dados (CNPD)
Website: https://www.cnpd.pt
8. Cookies
We use the following types of cookies:
| Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, security | Session |
| Functional | Preferences, settings | 1 year |
| Analytics | Usage statistics (Google Analytics) | 2 years |
Managing Cookies
You can control cookies through:
- Browser settings
- Our cookie consent banner (where displayed)
- Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout
9. AI and Chat Data
9.1 How Chat Data is Processed
Your messages are sent to our AI provider (Anthropic) to generate responses. This processing is necessary to provide the Service.
9.2 AI Memory Feature
For paid subscribers, the AI may retain context from previous conversations to provide personalized responses. This data is stored in our database and processed by our AI provider.
9.3 No Human Review
Your conversations are not routinely reviewed by humans. We may access data for technical support (with your consent) or to investigate violations of our Terms.
9.4 Training Data
We may use anonymized, aggregated conversation data to improve the Service. Individual conversations are not used to train third-party AI models without explicit consent.
10. Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest for sensitive data
- Access controls and authentication
- Regular security assessments
No system is 100% secure. You are responsible for maintaining the security of your account credentials.
11. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from children. If we become aware that we have collected data from someone under 18, we will delete it promptly.
12. Third-Party Links
The Service may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.
For material changes, we will provide notice through the Service or via email at least 30 days before the changes take effect.
14. Contact Us
For questions about this Privacy Policy or to exercise your rights:
Email: sec.postmaster@gmail.com
By using Luna's Room, you acknowledge that you have read and understood this Privacy Policy.