PRIVACY POLICY

Last updated: 30 January 2026

This Privacy Policy explains how Luminary AI Ltd (trading as Luminary Diagnostics) collects and uses personal information.

We handle personal data responsibly in accordance with UK data protection law, including the UK GDPR.

1. Who We Are

Luminary AI Ltd (Company No. 16402565)
Trading as Luminary Diagnostics

Website: https://luminary-diagnostics.com
Email: steve.butler@luminary-diagnostics.com

2. Personal Data We Collect

We may collect:

a) Website and Contact Data

  • Name

  • Email address

  • Organisation

  • Information submitted via enquiry forms or email

b) Purchase and Payment Data

When purchasing services via Stripe, we may receive:

  • Billing contact details

  • Purchase confirmation

Payment card details are processed securely by Stripe. Luminary does not store full card information.

c) Diagnostic Participant Data

Where individuals respond to diagnostic instruments, we may process:

  • Professional role information

  • Responses relating to AI governance, authority, visibility, or dependency

3. How We Use Personal Data

We use personal data to:

  • deliver diagnostic services

  • generate diagnostic outputs and reports

  • communicate regarding scheduling and delivery

  • maintain service security

  • comply with legal obligations

4. Legal Basis for Processing

We process personal data under the following lawful bases:

  • Contractual necessity (to deliver purchased services)

  • Legitimate interests (to operate and improve services securely)

  • Consent (where required for marketing communications)

  • Legal obligation (where required by law)

5. Data Controller and Processor Roles

Where Diagnostic Instruments involve participant responses:

  • The Client acts as Data Controller

  • Luminary acts as Data Processor

The Client is responsible for ensuring participants are appropriately informed.

6. Data Sharing

We do not sell personal data.

We may share data with trusted providers such as:

  • Stripe (payments)

  • Secure hosting and IT providers

  • Professional advisers where required

All providers are required to handle data securely.

7. Cookies and Analytics

Luminary Diagnostics does not use cookies for advertising or behavioural tracking, and we do not use third-party analytics tools that profile visitors across websites.

Our website uses only strictly necessary cookies required for basic security and service operation (for example, to protect against automated abuse and to support secure checkout).

8. Data Retention

Unless otherwise agreed:

  • Participant response data is retained for no longer than 30 days after delivery, then securely deleted

  • Contract and payment records may be retained longer where legally required (e.g., accounting obligations)

Clients are responsible for storing their own copies of reports once delivered.

9. Data Security

We implement reasonable technical and organisational measures to protect personal data, including access controls and secure storage.

We may also collect limited technical log information (such as IP address) for security and operational purposes.

10. Your Rights

Individuals have rights including:

  • access

  • correction

  • deletion (where applicable)

  • restriction or objection

  • portability (where applicable)

Requests can be made by contacting: steve.butler@luminary-diagnostics.com

11. International Transfers

Where service providers process data outside the UK, Luminary ensures appropriate safeguards are in place.

12. Updates

We may update this Privacy Policy from time to time. The latest version will always be posted on our website.