Privacy Policy

Effective Date: May 15, 2026

This Privacy Policy applies exclusively to the articles, blog posts, clinical explainers, mental health quizzes, self-tests, scheduling interfaces, and patient content provided by Luminara Healthcare (collectively, “Luminara,” “we,” “us,” or “our”). The link that brought you here was on a digital property owned, operated, or managed directly by Luminara Healthcare.

What We Do

At Luminara Healthcare, we are dedicated to making compassionate, high-quality care accessible while fiercely protecting your personal privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you access or use our websites, interactive self-scheduling widgets, screening tools, or any related platforms owned and operated by us that link to this policy (collectively the “Site”).

This Privacy Policy is designed to help you, the users of our Site (“Users”, “you,” or “your”) understand how we treat your personal data. By using or accessing our Site, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you consent to the collection, use, and sharing of your information as described here. If you are using the Site on behalf of another person (such as a minor child or dependent), you confirm that you have the explicit authority to accept this policy on their behalf. If you do not agree with this Privacy Policy, you may not use the Site.

1. Information We Collect

Personal Data

The following sections outline the types of personal data we collect. This refers to information that can identify or be linked to a specific individual and may include “personally identifiable information” or “protected health info” under applicable privacy frameworks and state laws. For each type of personal data, we also explain how we collect it, our commercial or business reasons for doing so, and the categories of third parties with whom we may share this data.

The subsections below apply to users of the publicly available areas of the Site, where you are not required, nor able, to log in. Contributing Clinicians and Authors who possess administrative account credentials should refer to the designated Contributing Clinicians section at the bottom of this page.

Categories and Examples of Personal Data Collected

  • Personal Identifiers: First and last name, email address, telephone number, mailing address, date of birth (DOB).
  • Insurance & Billing Data: Insurance carrier names, member ID prefixes, coverage selection status (e.g., self-pay vs. commercial coverage verification). Note: Raw credit card payment details are securely passed directly to our PCI-compliant payment gateways and are not stored on our native servers.
  • Self-Test & Assessment Data: Responses, inputs, raw scores, and category interpretations generated when completing our interactive screening tools (e.g., Narcissism Test, Depression Test, Mental Health Check-ins).
  • Online Identifiers: Public IP address, device type, browser type, browser version, operating system, and operating system version.
  • Internet Activity: Webpage interactions, page navigation logs, referring URLs, button clicks, and general system analytics data.
  • Geolocation Data: IP-address-based geographic location information (used primarily to surface nearby physical clinics or regional provider networks).
  • Other Identifying Information: Personal data including health backgrounds or structural narratives you choose to share via open text fields, emails, contact forms, or automated scheduling messaging features.

2. Sources of Personal Data

We collect personal data from the following distinct pipelines:

From You

  • Directly From Your Inputs: When you read articles, browse provider biographies, or interact with site text fields.
  • Communications: When you contact our support, clinical, or operations teams via webforms, chat, or email.
  • Self-Assessment Engagement: When you explicitly engage with and complete our interactive self-tests, health questionnaires, or screening tools.
  • Patient Intake & Scheduling Hooks: When you fill out your structural demographics (Name, Phone, Email, DOB) inside our appointment scheduling panels to request care slots.

Automatically via the Services

  • Tracking & Optimization Technologies: Through the deployment of modern tracking pixels, clear GIFs, and browser-level Cookies.
  • System Diagnostic Logs: When you navigate our interface, your browser automatically relays technical connection metrics to help optimize layout delivery and system stability.

Third Parties

  • Service Providers: Technical partners assisting with system analytics, interactive data hosting, and customer engagement platforms.
  • Insurance Verification Networks: Systems utilized to dynamically process network status confirmation when checking plan eligibility via our digital tools.

3. How We Use Your Information

We process and utilize your personal data for the following operational workflows:

  • A. Improving the Site & Clinical User Experience: Analyzing aggregate interaction data to make care pathways more intuitive and customized to individual navigation preferences.
  • B. Dynamic Personalization & Interactive Delivery: Serving real-time, localized results (such as identifying local providers or instant self-test scoring breakdowns) based directly on user submissions.
  • C. Operational Security & Fraud Mitigation: Protecting our platform from bot attacks, scrapers, and malicious digital activities while validating security integrity across scheduling channels.
  • D. De-Identified and Aggregated Reporting: Anonymizing data fields to build structural insights, performance metrics, or high-level health trends for clinical analysis or research.

4. How We Disclose Your Personal Data

We may disclose your personal data with select third parties in the following strictly vetted situations:

  • A. System Service Providers: We securely share relevant data with critical operational infrastructure vendors including:
    • Data Hosting & Edge Networks: Amazon Web Services (AWS), Cloudflare.
    • Analytics & Observability: Google Analytics, Datadog.
    • Customer Experience & Communication Systems: HubSpot, Zendesk.
  • B. Legal and Regulatory Disclosures: Disclosing required identifiers to comply with subpoenas, court mandates, or regulatory state investigations to safeguard the physical or digital safety of Luminara, its users, or the general public.
  • C. Corporate Evolution & Structural Business Transfers: Transferring digital data repositories as a core asset during potential mergers, clinical acquisitions, or organizational restructures, with required notifications pushed to users regarding material shifts in data ownership.
  • D. Integrated AI & Automation Sub-Processors: Utilizing securely sandboxed artificial intelligence (AI) engines, data parsing algorithms, or conversational models to handle administrative tasks, power interactive workflows, score quiz behaviors, or automate patient messaging queues.

5. Tracking Technologies, Advertising, and Your Options

Information Collected Automatically

Luminara utilizes cookies, pixel tags, web beacons, and JavaScript (collectively “Cookies”) to recognize your device, protect your session data, and track engagement patterns.

Types of Cookies We Use

  • Essential Cookies: Mandatory infrastructure layers enabling core site navigation, script rendering, and secure form processing. Disabling these breaks core parts of the user experience.
  • Functional & Personalization Cookies: Allowing our layout engine to preserve active user states, such as holding your progress across a multi-step scheduling sequence or saving an intermediate quiz choice.
  • Performance and Analytics Cookies: Relaying anonymous browser metrics to engines like Google Analytics and Datadog so we can monitor system errors, click behavior, and load times.

Managing Controls, DNT, and Global Privacy Control (GPC)

You can clear, reject, or completely disable cookies through your specific browser or device settings menu.

Luminara fully recognizes and respects Global Privacy Control (GPC) signals sent by compliant browsers. When our servers detect a valid, automated GPC signal from your browser, we systematically interpret it as a request to opt out of any tracking or analytical sharing mechanisms that could legally constitute a “sale” or “share” under modern state laws. You may also execute manual preferences by clicking our “Do Not Sell or Share My Personal Information” framework located in the footer of our web applications.

6. Data Security

At Luminara Healthcare, we treat the safeguarding of your operational and diagnostic personal data with the highest priority. We deploy industry-vetted administrative, physical, and technical safeguards engineered to prevent unauthorized deletion, access, or data manipulation.

Our Protocols Include

  • Enforced Transport Layer Security (TLS) encryption protocols protecting all data actively in transit across our public web applications.
  • Standardized, restricted access schemas limiting internal administrative data access exclusively to essential personnel.
  • Multi-zone archival backup systems built on top of high-security cloud platforms located inside the United States.

Please be aware that despite our advanced security postures, no digital data pipeline operating over the public internet is 100% impenetrable. Transmission of personal data through public networks is completed at your own risk.

Data Breach Notification

In the rare event of a validated infrastructure security compromise impacting your personal identifiers, Luminara will issue a transparent notice via email or via a prominent public alert directly on our Site, precisely conforming with all local and federal data breach regulatory timeframes.

7. Data Retention

We maintain your personal identifiers and self-test inputs exclusively for the exact duration required to satisfy the functional healthcare operations or corporate analysis tasks for which they were gathered.

  • Account configuration logs and platform communication markers remain active for the operational lifecycle of your profile.
  • Technical diagnostics, server log patterns, and device fingerprints are cleared via rolling data pipelines once analytical or system security evaluation periods conclude.
  • Aggregated, fully anonymized strings that present no capability of identifying an isolated human individual may be preserved indefinitely for historical trend analysis.

8. Children’s Privacy

The open-access Site and clinical quizzes provided by Luminara Healthcare are not constructed for, nor intentionally directed to, children under the age of 13. By using our assessment tools, you confirm that you are at least 13 years of age.

We do not knowingly gather or store data directly from children under 13. If we discover that personal markers belonging to an individual under 13 have been inadvertently captured without confirmed parental or guardian verification, we will purge that data from our production storage arrays immediately. If you have reason to suspect a minor under 13 has supplied identifiers to us, please notify our team instantly at support@luminarahealthcare.com.

9. California Privacy Rights

This section delivers specific mandatory disclosures required under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

Your Explicit Rights Include

  • The Right to Access & Know: Requesting clear disclosure regarding the specific categories of data collected, commercial capture sources, third-party disclosure profiles, and isolated pieces of data collected over the preceding 12 months.
  • The Right to Deletion: Requesting complete removal of accumulated personal files from our data systems, subject to essential transactional, technical, or legal-compliance exemptions.
  • The Right to Correction: Directing our team to amend inaccurate personal data strings maintained within our live databases.
  • The Right to Limit Sensitive Data: Limiting the processing of Sensitive Personal Information (SPI) strictly to the minimal operational services requested.
  • The Right to Opt-Out of Sale or Sharing: Halting any prospective processing of personal parameters used for cross-context behavioral or targeted advertising.

To submit a verified CCPA request, please email support@luminarahealthcare.com with the subject string “California Rights Request.” Luminara enforces a strict non-discrimination policy; exercising your statutory privacy controls will never result in service denials, degraded layout access, or altered pricing.

10. Other U.S. State Rights and Disclosures

Residents of states with comprehensive privacy frameworks—including Virginia, Colorado, Connecticut, Utah, and Washington State (with explicit reference to state laws regarding consumer health data privacy)—possess distinct structural controls over their personal data.

Available Controls

  • Confirming processing status and accessing stored data files.
  • Exporting personal identifiers in a clear, machine-readable format (Data Portability).
  • Requesting data deletion or correcting inaccurate historical fields.
  • Opting out of predictive profiling pipelines that result in legal or similarly significant outcomes.

Process for Appealing a Denial

If a consumer request is denied or unresolved within the standard legal window, you have the right to challenge our decision. To submit an official appeal:

  1. Email support@luminarahealthcare.com with “Consumer Appeal” in your subject header.
  2. Supply your original request transaction metadata and any relevant verification tokens.
  3. We will process, re-evaluate, and respond to your appeal within 45 days. If the denial is upheld, you may escalate the grievance to your state’s Attorney General or designated regulatory department.

11. Exercising Your Rights

To submit a request to access, delete, correct, or limit your personal data under applicable state privacy frameworks, you must submit a Valid Request. A Valid Request is defined as a communication that:

  1. Provides sufficient cryptographic or identity details allowing our privacy team to reasonably verify you are the individual whose personal data was collected.
  2. Contains an explicit, detailed description of the exact privacy action you want completed.

Contact Channels

  • Email Intermediary: support@luminarahealthcare.com using subject flags like “Access/Delete/Correct Data Request” or “Opt-Out Request.”
  • Footer Configuration Control: Select the explicit “Do Not Sell or Share My Personal Information” link embedded in the layout footer of our site to instantly adjust automated web-tracking profiles.

12. GDPR and EU Privacy Rights

For individuals interacting with our digital interfaces from within the European Union (EU) or European Economic Area (EEA), data operations conform explicitly to the General Data Protection Regulation (GDPR).

Lawful Bases for Processing Your Data

  • Consent: Explicitly granted by you when enrolling in promotional updates or opting into cookie deployments.
  • Contractual Necessity: Required to manage scheduling inputs or complete tasks you request.
  • Legal Compliance: Fulfilling statutory administrative mandates or corporate accounting rules.
  • Legitimate Interests: Operating our web infrastructure, securing our networks against threat actors, and refining our clinical content layouts, provided these goals do not infringe upon your primary human rights.

International Data Transfers & Standard Contractual Clauses (SCCs)

Luminara Healthcare operates its principal processing hardware and database networks inside the United States. When transferring any personal data streams outside the European Economic Area to countries lacking a formal European Commission adequacy decision, we deploy and enforce standard contractual clauses (SCCs) to mandate equivalent data security standards.

Policy Information

  • Policy Version: 1.0
  • Corporate Oversight Contact: support@luminarahealthcare.com

Luminara Healthcare reserves the right to amend or alter this Privacy Policy at any time to adapt to evolving technical integrations or legislative changes. When structural modifications are deployed, we will update the “Effective Date” at the top of this document. We encourage users to periodically review this page to stay informed about how we safeguard their data.

For Contributing Clinicians & Authors

This specific subsection acts as an operational addendum for licensed medical practitioners, independent clinical authors, or internal personnel possessing administrative credentials allowing authentication into our backend content management system (CMS) or “The Cortex” portal environment.

Additional Collected Personnel Data

In addition to standard online identifiers, we securely archive professional licensing credentials, workplace signatures, author biographies, profile imagery, and active workspace logs. This profile information is processed to maintain clinical validation, log interface security edits, track publication contributions, and ensure full regulatory traceability across all public-facing medical literature hosted by Luminara Healthcare. Personnel account tokens are retained for the active lifecycle of the enterprise relationship plus any statutory periods required under corporate data compliance laws.