Privacy Policy

1. Who we are

The data controller is Lumendra Labs, S.L. (VAT ID B88772140), C/ Arévalo 11, 11520 Rota, Cádiz, Spain, operator of Veristrate. Registered at the Mercantile Registry — Protocol 2026/2435, Entry 2026/3442, Sheet CA-69390 (May 20, 2026). Contact: support@lumendralabs.com.

2. Data we collect

• Account data: email, display name, avatar, country.
• Verification data: documents and signals you submit (email, phone, social links, ID provider results).
• Usage data: pages visited, API calls, device and IP for security.
• Billing data: handled by Stripe; we store only customer/subscription identifiers.

3. Why we process it

To provide the Service, compute trust scores, prevent fraud, comply with legal obligations, and (with consent) send you product updates.

4. Legal bases (GDPR)

Contract performance, legitimate interest (security, fraud prevention), consent (marketing, optional cookies) and legal obligation.

5. Sharing

We share data with sub-processors strictly to operate the Service: Lovable Cloud (database & auth), Stripe (payments), and verification providers you trigger. We never sell personal data.

6. International transfers

Some sub-processors are located outside the EU/EEA. Transfers rely on Standard Contractual Clauses and equivalent safeguards.

7. Retention

Account and trust data are kept while your account is active and up to 24 months after closure. Logs and rate-limit data are kept up to 30 days.

8. Your rights

You can access, rectify, delete, port or restrict your data, and object to processing. Contact us or use settings. You may also lodge a complaint with your local data authority (in Spain: AEPD).

9. Security

Encryption in transit and at rest, role-based access, audit logs, and continuous monitoring of authentication and API usage.

10. Changes

We will notify you of material changes via email or in-app notice.