LUNARI
Legal

Privacy

Effective 1 January 2026

Finance data is the most consequential data in a company. We treat it that way at every layer.

1. Who we are

Lunari is operated by Lunari Cloud Ltd. We provide a finance intelligence platform to organisations under written agreement. This policy explains how we handle personal data we encounter as part of providing that service and operating our website.

2. What data we collect

We collect (a) account data you provide when you sign up or contact us — name, work email, employer, and the messages you send us; (b) operational data your organisation chooses to load into Lunari for processing; and (c) standard product telemetry — page views, errors, and feature usage — used to operate and improve the service.

3. How we use it

We use personal data to provide and secure the service, respond to enquiries, comply with legal obligations, and — only where you have a Lunari account — to improve the platform. We do not sell personal data and we do not use customer data to train models that serve other customers.

4. How we share it

We share data with sub-processors that help us deliver the service (cloud hosting, email delivery, error tracking, customer support tooling). A current list is available on request. We never share customer data with marketing networks or data brokers.

5. Where we store it

Customer data is hosted in the region you select at provisioning — EU, UK, or US. We replicate within-region for resilience and never move data between regions without your written instruction.

6. How long we keep it

We retain account and operational data for the duration of your contract plus the period required to meet legal and accounting obligations. On termination, customer data is deleted within 30 days unless a longer period is agreed in writing.

7. Your rights

You have the right to access, correct, export, and delete personal data we hold about you. To exercise these rights, email privacy@lunari.cloud. We respond within 30 days. If you are an end user of a Lunari customer, please contact your organisation first — they are the data controller for that data.

8. Security

We hold SOC 2 Type II and ISO 27001 certifications. Data is encrypted in transit (TLS 1.3) and at rest (AES-256). See our Security page for the full pillars and how to request our security pack.

9. Changes

We update this policy as the service evolves. Material changes are notified to account holders by email at least 30 days before they take effect.

10. Contact

Privacy questions: privacy@lunari.cloud. Security disclosures: security@lunari.cloud. Postal address available on request.