Privacy Policy

Last updated: January 2026

1. Information We Collect

We collect several types of information to provide and improve our services:

  • Account Information: Name, email address, and authentication credentials when you create an account.
  • Usage Data: Video prompts, generation settings, model preferences, and credit consumption history.
  • Payment Information: Processed securely through our payment partner Creem. We do not store your complete payment details.
  • Communications: Messages sent to our support team and feedback you provide.
  • Technical Data: IP address, browser type, device information, and usage patterns for security and analytics.
  • Generated Content: The videos you create and associated metadata (stored securely with limited access).

2. How We Use Your Information

We use your information for the following purposes:

Service Delivery: To process video generation requests, manage your credits, and provide customer support.

Platform Security: To detect fraud, prevent abuse, and ensure compliance with our terms of service.

Service Improvement: To analyze usage patterns, improve our AI models, and develop new features.

Communications: To send you important updates about your account, service changes, or technical issues.

Legal Compliance: To comply with applicable laws, regulations, and legal requests.

    3. Legal Bases for Processing (GDPR)

    If you are located in the European Economic Area (EEA), we process your data on the following legal bases:

    Contract Performance: To fulfill our obligations under our Terms of Service.

    Legitimate Interests: For fraud prevention, security, and service improvement (when not overridden by your rights).

    Legal Obligation: To comply with accounting, tax, and other legal requirements.

    Consent: When you explicitly opt-in to marketing communications or optional features.

      4. Data Sharing and Third Parties

      We may share your information with the following categories of third parties:

      AI Model Providers: Your prompts (not account data) are sent to OpenAI to generate videos via the Sora 2 model. OpenAI has its own privacy policy.

      Payment Processor: Creem, our merchant of record, processes payments and handles billing inquiries. You may receive email receipts from Creem.

      Service Providers: Cloud hosting, analytics, and email services that help us operate the platform.

      Legal Authorities: When required by law, court order, or to protect our rights.

      We never sell your personal data to third parties.

        5. Data Retention

        We retain your data for the following periods:

        Account Data: For the duration of your account plus 3 years after account closure.

        Transaction Records: 7 years to comply with tax and accounting requirements.

        Generated Videos: Stored according to your plan or until you delete them.

        Support Communications: 2 years from the date of communication.

        After these periods, data is securely deleted or anonymized.

          6. Your Rights and Choices

          Depending on your location, you may have the following rights:

          Access: Request a copy of your personal data.

          Correction: Update inaccurate or incomplete information.

          Deletion: Request deletion of your personal data (subject to legal retention requirements).

          Portability: Receive your data in a structured, machine-readable format.

          Objection: Object to processing based on legitimate interests.

          Restriction: Request limitation of how we use your data.

          Withdraw Consent: Withdraw consent for marketing communications at any time.

          To exercise these rights, contact us at support@lumina-runway.art. We will respond within 30 days.

            7. Cookies and Tracking

            We use cookies and similar technologies to:

            Authenticate your session and keep you logged in.

            Remember your preferences and settings.

            Analyze platform usage to improve performance.

            Essential cookies are required for the platform to function. Optional cookies for analytics and marketing can be disabled in your browser settings.

              8. International Data Transfers

              Your information may be transferred to and processed in countries other than your own. When we transfer data from the EEA to other countries, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

                9. Data Security

                We implement security measures including:

                Encryption of data in transit (HTTPS/TLS) and at rest.

                Access controls and authentication systems.

                Regular security audits and vulnerability assessments.

                However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

                  10. Children's Privacy

                  Our services are not intended for children under 16 years of age. We do not knowingly collect information from children under 16. If we discover we have collected such information, we will delete it promptly.

                    11. Changes to This Policy

                    We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice on the platform. Your continued use after changes constitutes acceptance of the updated policy.

                      Contact Us

                      If you have questions about this Privacy Policy or our data practices, please contact us at: