Privacy Policy

DuoLumine ("we", "us", "our") is the data controller for the personal data you provide when using duolumine.com.

Contact: support@duolumine.com

• Account data: your email address and, if you sign in with Google, your name and Google profile ID.
• Relationship profile: the answers you provide during onboarding (relationship status, communication patterns, etc.). This is entirely voluntary.
• Conversation data: the messages you send and the AI responses you receive, along with two-sentence summaries used as memory across sessions.
• Usage data: conversation count, subscription tier, and timestamps. No tracking pixels, no behavioural analytics.
• Payment data: handled entirely by Stripe. We never see or store your card details.

• To provide the DuoLumine service — generating personalised AI responses using your relationship profile and conversation history as context.
• To manage your account and subscription.
• To enforce the free-tier usage limit and process payments.

We do not sell your data. We do not use your data to train AI models. We do not show you advertising.

We process your data under the following legal bases:

• Contract performance (Art. 6(1)(b)) — to provide the service you signed up for.
• Legitimate interests (Art. 6(1)(f)) — to prevent abuse and maintain service security.
• Consent (Art. 6(1)(a)) — for optional relationship profile data, which you may skip or leave blank at any time.

We share data with the following processors, each bound by GDPR-compliant data processing agreements:

• Supabase (database and authentication) — EU region
• Anthropic (AI responses) — your messages are sent to Anthropic's API to generate responses. Anthropic's API data is not used to train models.
• Stripe (payments) — processes payment information under their own privacy policy.
• Cloudflare (hosting and DNS) — your requests pass through Cloudflare's network.
• Resend (transactional email) — used to send account-related emails.

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or tax purposes.

Conversation summaries used as AI memory are retained for the lifetime of your account. You can request deletion at any time.

Under GDPR you have the right to:

• Access — request a copy of all data we hold about you.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your data ("right to be forgotten").
• Portability — receive your data in a machine-readable format.
• Objection — object to processing based on legitimate interests.
• Restriction — request that we restrict processing in certain circumstances.

To exercise any of these rights, email support@duolumine.com. We will respond within 30 days.

We use only essential session cookies necessary for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics.

We may update this policy from time to time. We will notify you by email of any material changes at least 14 days before they take effect.

For privacy questions: support@duolumine.com

If you believe we have not handled your data correctly, you have the right to lodge a complaint with your national data protection authority.