Privacy Policy

1. Introduction

Lumina Rx AI ("we", "our", or "us") is committed to protecting the personal information of individuals who interact with our platform, website, and services. This Privacy Policy explains how we collect, use, store, share, and protect your information in connection with our AI-powered pharmacovigilance platform, LuminaNarrate, and the Lumina Rx AI website.

This policy applies to all users, including healthcare professionals, pharmacovigilance teams, enterprise clients, and website visitors. By accessing or using our services, you agree to the practices described in this policy.

2. Information We Collect

We collect information in the following categories depending on your interaction with our services:

• Account & Identity Information: Name, email address, job title, organisation name, and login credentials when you register or request access.
• Usage Data: Pages visited, features accessed, session duration, IP address, browser type, and device identifiers collected automatically via cookies and server logs.
• Platform Input Data: Adverse event case data, narrative content, and MedDRA coding inputs submitted through LuminaNarrate for processing.
• Communication Data: Messages, support requests, and contact form submissions you send to us.
• Technical Data: API keys (hashed), integration metadata, and audit log entries generated during platform use.

We do not knowingly collect data from individuals under the age of 18.

3. How We Use Your Information

We use collected information to:

• Provide, operate, and improve the LuminaNarrate platform and Lumina Rx AI services.
• Authenticate users and maintain account security.
• Process adverse event narratives and generate AI-assisted outputs as instructed by your organisation.
• Respond to support enquiries and communicate service updates.
• Monitor platform performance, detect errors, and conduct analytics to enhance reliability.
• Comply with applicable legal and regulatory obligations, including GxP and HL7v3 requirements.
• Send product announcements or updates where you have opted in to receive such communications.

We do not use your data for advertising or sell it to third-party marketing platforms.

4. Legal Basis for Processing (GDPR)

Where GDPR applies, we rely on the following legal bases to process personal data:

• Contract: Processing necessary to deliver the services you or your organisation have contracted.
• Legitimate Interests: Platform security, fraud prevention, and service improvement.
• Legal Obligation: Compliance with applicable laws including pharmacovigilance reporting requirements.
• Consent: Marketing communications, where required by law.

5. Data Storage & Security

All data processed through LuminaNarrate is stored on AWS infrastructure with the following safeguards:

• Encryption at rest (AES-256) and in transit (TLS 1.2+).
• Role-based access controls (RBAC) and multi-factor authentication enforced for all platform users.
• Full audit trails for all data access, narrative generation, and export events.
• Regular penetration testing and vulnerability assessments aligned with GxP and HIPAA requirements.
• Automated backup and disaster recovery across AWS regions.

We retain personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by contract or applicable law.

6. Sharing of Information

We do not sell or rent personal data. We may share information with:

• Service Providers: AWS (cloud infrastructure), authentication providers, and analytics tools — bound by data processing agreements.
• Your Organisation: Administrators within your enterprise account have access to user and audit data within their own tenant.
• Regulatory Authorities: Where required by pharmacovigilance regulations or legal compulsion.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, data may be transferred subject to equivalent privacy protections.

7. Cookies & Tracking

Our website uses cookies to:

• Remember session preferences (e.g., intro screen dismissed).
• Analyse traffic patterns and page performance via anonymised analytics.

You can control cookie settings through your browser. Disabling cookies may affect the functionality of certain features. We do not use third-party advertising cookies.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your data ("right to be forgotten"), subject to legal retention obligations.
• Restrict or object to certain processing activities.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time where consent is the legal basis.

To exercise any of these rights, contact us at privacy@luminarxai.com. We will respond within 30 days.

9. International Data Transfers

Lumina Rx AI operates primarily on AWS infrastructure in the United States and may process data across regions for disaster recovery and redundancy. Where personal data is transferred outside the European Economic Area, we apply appropriate safeguards including Standard Contractual Clauses (SCCs) or equivalent mechanisms.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately at privacy@luminarxai.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website. Continued use of our services after the effective date constitutes acceptance of the updated policy. We encourage you to review this page periodically.

12. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please reach out:

• Email: privacy@luminarxai.com
• General Enquiries: Contact page
• Registered Entity: Lumina Rx AI