This page does not constitute legal advice. For legal questions, please consult a qualified attorney.

Privacy Policy

Effective Date: April 11, 2026 | Last Updated: April 11, 2026

1. Introduction

Lumina Consulting LLC ("we," "us," or "our") values the privacy of the information you provide when using TrustGate. This Privacy Policy explains what information we collect, how we use it, how we store it, and how we protect it.

2. Information We Collect

2.1 Account Information

  • Email address (provided during waitlist registration and account creation)
  • Company name and platform URL (optional)
  • Contact information

2.2 API Usage Data

  • API request logs (endpoints, timestamps, response status codes)
  • Usage metrics (request counts, error rates)
  • IP addresses and user agents

2.3 Tenant Data

Data that you process through the API (identity verification information, content hashes, payment information, etc.) is processed within your tenant. This data is encrypted and isolated from other tenants via row-level security.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing, operating, and improving the Service
  • Managing your account and providing customer support
  • Monitoring API usage and preventing abuse
  • Sending important service-related notices
  • Complying with applicable laws and fulfilling legal obligations

4. Data Retention

  • Account information: Retained while your account is active, plus as long as necessary to fulfill legal obligations after termination
  • API usage logs: Retained for 90 days, after which only aggregate data is kept
  • Audit logs: Retained in accordance with applicable regulatory requirements (typically 7 years)
  • Waitlist information: Retained for 12 months after review is complete, then deleted

5. Third-Party Services

We may use the following third-party services in operating the Service:

  • Payment processors (CCBill, Epoch, Stripe): Processing payment transactions
  • Identity verification providers: Document verification services
  • Cloud infrastructure providers: Data hosting and processing
  • Analytics tools: Analysis of anonymized usage data for service improvement

These third parties access your data only to the extent necessary to provide their services and do not use it for their own purposes.

6. Encryption and Security

We implement the following security measures to protect your data:

  • All personally identifiable information (PII) is encrypted using AES-256-GCM with per-tenant derived keys
  • All communications are encrypted via TLS 1.2 or higher
  • PostgreSQL row-level security enforces data isolation between tenants
  • Audit logs are recorded as tamper-evident hash chains
  • API keys are stored in encrypted form

7. Data Subject Rights

7.1 GDPR (General Data Protection Regulation)

If you are located in the European Economic Area (EEA), you have the following rights:

  • Right of access: Request access to your personal data held by us
  • Right to rectification: Request correction of inaccurate personal data
  • Right to erasure: Request deletion of your personal data
  • Right to restriction: Request restriction of processing of your personal data
  • Right to data portability: Receive your personal data in a structured, machine-readable format
  • Right to object: Object to the processing of your personal data

7.2 CCPA (California Consumer Privacy Act)

If you are a California resident, you have the following rights:

  • Right to know what personal information we collect and why
  • Right to request deletion of your personal information
  • Right to opt out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your rights

To exercise any of these rights, please contact us at contact@lumina28.com.

8. Cookies

Our website may use cookies for the following purposes:

  • Essential cookies: Providing basic website functionality
  • Analytics cookies: Understanding website usage and making improvements

You can manage cookie preferences through your browser settings.

9. Children's Privacy

TrustGate is a business-to-business (B2B) service and is not intended for use by minors. We do not knowingly collect personal information from individuals under the age of 18. If we learn that personal information from a minor has been collected inadvertently, we will promptly delete that information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email to your registered address or by posting a notice on our website. The effective date of any changes will be indicated at the top of this page.

11. Contact

For questions about this Privacy Policy or to exercise your data subject rights, please contact us:

Lumina Consulting LLC
Email: contact@lumina28.com
Website: https://trustgate.lumina28.com