Privacy Policy

Effective date: 3/7/2023

We at Luna know you care about how your personal information is used and shared, and we take your privacy seriously. Please read the following to learn more about our Privacy Policy.

By using or accessing the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent that we will collect, use, and share your information in the following ways. Remember that your use of Luna’s Services is at all times subject to the Terms of Use, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in that document.

What does this Privacy Policy cover?

This Privacy Policy covers our treatment of Personal Information we collect from you that we gather when you are accessing or using our Services, but not to the practices of companies we don’t own or control, or people that we don’t manage. “Personal Information” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal data” or “sensitive personal information” under applicable data privacy laws, rules, or regulations.

This Privacy Policy also covers how and when we treat your “protected health information” (“PHI”) (as that term is defined by HIPAA) differently from your other Personal Information. We gather various types of Personal Information from our users, as explained in more detail below, and we use this Personal Information internally in connection with our Services, including to personalize, provide, and improve our services, to allow you to set up a user account, to contact you and allow other users to contact you, to fulfill your requests for certain products and services, and to analyze how you use the Services. In certain cases, we may also share some Personal Information with third parties, but only as described below.

As noted in the Terms of Use, we do not knowingly collect or solicit personal information from anyone under the age of 13 without parental consent or from individuals residing outside of the United States. If you are under 13 without parental consent or residing outside the United States, please do not attempt to register for the Services or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 13 without parental consent or an individual residing outside the United States, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us personal information without parental consent, please contact us at concierge@getluna.com.

Will Luna ever change this Privacy Policy?

We’re constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time as well, but we will alert you to changes by placing a notice on our website(s) and applications, by sending you an email, and/or by some other means. Note that if you’ve opted not to receive legal notice emails from us, those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes.

What information does Luna collect?

Categories of sources of Personal Information:

You:

We receive and store any information you knowingly provide to us. For example, through the registration process and/or through your account settings, we may collect Personal Information such as your name, home address, email address, and phone number. Certain information may be required to register with us or to take advantage of some of our features. We may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers on behalf of other businesses, or email you about your use of the Services. If you do not want to receive communications from us, please indicate your preference by unsubscribing from those types of emails or by replying to received text messages that you wish to unsubscribe from such notifications. Whenever you interact with our Services, we may automatically receive and record information through Cookies.

Third parties:

• Service providers/Analytics partners: We may use third parties may help us provide you with customer support, or analytics providers to analyze how you interact and engage with the Services. We may use vendors to obtain information to generate leads and create user profiles.
• Advertising partners: We receive information about you from some of our vendors who assist us with marketing or promotional services related to how you interact with our websites, applications, products, Services, advertisements or communications
• Public records: From the government or other sources.

Our business purposes for collecting or disclosing Personal Information:

Providing, customizing, and improving the Services:

• Creating and managing your account.
• Personalizing the Services, website content and communications based on your preferences.
• Processing orders or other transactions; billing.
• Providing you with the products, services or information you request.
• Meeting or fulfilling the reason you provided the information to us.
• Providing support and assistance for the Services.
• Improving the Services, including testing, research, internal analytics and product development.
• Doing fraud protection, security and debugging.
• Carrying out other business purposes stated when collecting your Personal Information or as otherwise set forth in applicable data privacy laws, such as the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (the “CPRA”).

Marketing the Services:

• Marketing and selling the Services.
• Showing you information and/or advertisements, including interest-based or online behavioral advertising.

Corresponding with You:

• Responding to correspondence that we receive from you, contacting you when necessary or requested, and sending you information about Luna or the Services.
• Sending emails, text messages, and other communications according to your preferences or that display content that we think applies to you and/or will interest you.

Meeting legal requirements and enforcing legal terms:

• Fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities.
• Protecting the rights, property or safety of you, Luna or another party.
• Enforcing any agreements with you.
• Responding to claims that any posting or other content violates third party rights.
• Resolving disputes.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated or incompatible purposes without providing you notice. If you are a California resident, please note that we only use or disclose your sensitive personal information for the purposes set forth in section 7027(m) of the CPRA regulations and we do not collect or process sensitive personal information with the purpose of inferring any characteristics about California residents.

Additional information may be found at this page describing more details on categories and examples of Personal Information we collect.

What are my rights with respect to my PHI specifically?

Electronic copy of your medical record: You may request an electronic copy of your medical record and other PHI we have about you by contacting us at concierge@getluna.com. We will provide you with a copy or summary of your health information within 15 days of your request or as required by law. Your record will be sent via email to the address specified in your account details.

Correct your medical record: You may request that we correct PHI about you that you think is incorrect or incomplete by contacting us at concierge@getluna.com. We may say “no” to your request, but we will tell you why in writing within 60 days of your request or as required by law.

Request confidential communications: You may request that we contact you in a specific way (for example, at your home or office phone) or send email/mail to a different address. We will say “yes” to all reasonable requests.

Restrict access to certain PHI: You may request that we not use or share certain PHI for treatment or payment purposes. We are not required to agree to your request, and we may say “no” if it would affect your care. If you pay for the Services out-of-pocket in full, you may request that we not share that information with your health insurer. We will say “yes” unless a law requires us to share that information.

Request a list of when and with whom we’ve shared your PHI: You may request for a list of when, with whom, and why we shared your PHI for six years prior to your request date (an “Accounting”). We will include all the disclosures except we will not disclose information specifically pertaining to treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We will provide one Accounting each year at no cost to you, however if you request an additional Accounting within such year we will charge a reasonable fee.

Receive a paper copy of this Privacy Policy: You may request a paper copy of this Privacy Policy at any time, even if you have agreed to receive the notice electronically. We will promptly provide you with a paper copy.

Assign an individual medical power of attorney: You may indicate by contacting us at concierge@getluna.com if you would like to assign an individual medical power of attorney or indicate an individual as your legal guardian. If you have so indicated, such individual may exercise your rights and make choices about your PHI. We will make sure the person has this authority and can act for you before we take any action.

Right to inspect and copy your health information: You have a right to inspect and copy your own health information upon request. However, we are not required to provide you access to all health information that we maintain. For example, this right does not extend to information compiled in reasonable anticipation on an administrative proceeding. Access may also be denied if disclosure would reasonably endanger you or another person.

Right to verbally object: You have the right to verbally object to certain disclosures that are routinely made for treatment, payment or health care operations or for other purposes without an authorization. For example, you will be given the opportunity to object to the sharing of your health information with a person or family member participating in your treatment.

When authorizations are required: An authorization is required for most uses and disclosures of your health information for marketing purposes, and disclosures that constitute a sale of protected health information. Moreover, other uses and disclosures of your health information not described in this Privacy Policy may be made only with a valid authorization from you. You have a right to revoke a validly executed authorization for the use of or disclosure of your health information. However, such revocation will not have any effect on uses or disclosures prior to the receipt of the revocation.

Right to be notified following a breach of your health information: If you are affected by a breach of your unsecured protected health information by us or our business associates, you have a right to be notified following such breach.

File a complaint if you feel your rights are violated: You may complain if you feel we have violated your rights by contacting us at concierge@getluna.com. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting https://www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.

Will Luna disclose any of the Personal Information it receives?

We may disclose your Personal Information with third parties as described in this section. Depending on state laws that may be applicable to you, some of these disclosures may constitute a “sale” of your Personal Information. For more information, please refer to the state-specific sections below.

Information that’s been de-identified: We may de-identify your Personal Information so that you are not identified as an individual, and provide that information to our partners or otherwise use that information in connection with our business. We may also provide aggregate usage information to our partners (or allow partners to collect that information from you), who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal online experience. However, we never disclose aggregate usage or de-identified information to a partner (or allow a partner to collect such information) in a manner that would identify you as an individual person.

Affiliated businesses/business partners: In certain situations, businesses or third party websites we’re affiliated with may sell or provide products or services to you through or in connection with the Services (either alone or jointly with us). You can recognize when an affiliated business is associated with such a transaction or service, and we will disclose your Personal Information with that affiliated business only to the extent that it is related to such transaction or service. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to an affiliated website or business, please review all such business’ or websites’ policies.

Service providers: We employ other companies and people to perform tasks on our behalf and need to disclose your information with them to provide products or services to you; for example, we may use a payment processing company to receive and process your credit card transactions for us. Unless we tell you differently, our service providers do not have any right to use the Personal Information we disclose with them beyond what is necessary to assist us.

User data and submissions: Certain user information, including your name, location, and any video or image content that such user has uploaded to the Services, may be displayed to other authorized users (such as your Luna Physical Therapist and/or the Luna Concierge) to facilitate user interaction within the Services or address your request for our services.

Business transfers: We may choose to buy or sell assets, and may disclose and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party.

Analytics partners: We may use analytics partners, such as Google Analytics, to grow our business, to improve and develop our Services, to monitor and analyze use of our Services, to aid our technical administration, and to increase the functionality and user-friendliness of our Services. These services may collect and retain some information about you, such as the IP address assigned to you on the date you use the Services, but not your name or other personally identifying information. We do not combine the information generated through the use of these services with your Personal Information. Although these services may plant a persistent cookie on your web browser to identify you as a unique user the next time you use the Services, the cookie cannot be used by anyone but Google. The Google Analytics services’ ability to use and disclose information about your use of the Services is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You may find additional information about Google Analytics at http://www.google.com/policies/privacy/partners/. Finally, you can opt out of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout/.

Advertising partners: These parties help us market our services and provide you with other offers that may be of interest to you. They include ad networks, data brokers, and marketing providers.

Protection of Luna and others: We reserve the right to access, read, preserve, and disclose any information that we believe is necessary to comply with law or court order; enforce or apply our Terms of Use and other agreements; or protect the rights, property, or safety of Luna, our employees, our users, or others.

Tracking tools, advertising, and opt-out

Whenever you interact with our Services, we automatically receive and record information on our server logs from your browser or device, which may include your IP address, geolocation data, device identification, “cookie” information, the type of browser and/or device you’re using to access our Services, and the page or feature you requested. “Cookies” are identifiers we transfer to your browser or device that allow us to recognize your browser or device and tell us how and when pages and features in our Services are visited and by how many people. You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features.

If you click on a link to a third party website or service, a third party may also transmit cookies to you. Again, this Privacy Policy does not cover the use of cookies by any third parties, and we aren’t responsible for their privacy policies and practices. Be aware that cookies placed by third parties may continue to track your activities online even after you have left our Services, and those third parties may not honor “Do Not Track” requests you have set using your browser or device.

We may use this data to customize content for you that we think you might like, based on your usage patterns. We may also use it to improve the Services – for example, this data can tell us how often users use a particular feature of the Services, and we can use that knowledge to make the Services more helpful to as many users as possible.

We use the following types of Cookies:

Essential Cookies. Essential Cookies are required for providing you with features or services that you have requested. For example, certain Cookies enable you to log into secure areas of our Services. Disabling these Cookies may make certain features and services unavailable.

Functional Cookies. Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name and remember your preferences.

Performance/Analytical Cookies. Performance/Analytical Cookies allow us to understand how visitors use our Services. They do this by collecting information about the number of visitors to the Services, what pages visitors view on our Services and how long visitors are viewing pages on the Services. Performance/Analytical Cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Services’ content for those who engage with our advertising. For example, Google LLC (“Google”) uses cookies in connection with its Google Analytics services. Google’s ability to use and share information collected by Google Analytics about your visits to the Services is subject to the Google Analytics Terms of Use and the Google Privacy Policy. You have the option to opt-out of Google’s use of Cookies by visiting the Google advertising opt-out page at http://www.google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/. 

Retargeting/Advertising Cookies. Retargeting/Advertising Cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you.

You can decide whether or not to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website and some of the Services and functionalities may not work. To find out more information about Cookies generally, including information about how to manage and delete Cookies, please visit http://www.allaboutcookies.org. 

Information about interest-based advertisements:

We may serve advertisements, and also allow third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors and research firms, to serve advertisements through the Services. These advertisements may be targeted to users who fit certain general profile categories or display certain preferences or behaviors (“Interest-Based Ads”). Information for Interest-Based Ads (including Personal Information) may be provided to us by you, or derived from the usage patterns of particular users on the Services and/or services of third parties. Such information may be gathered through tracking users’ activities across time and unaffiliated properties, including when you leave the Services. To accomplish this, we or our service providers may deliver Cookies, including a file (known as a “web beacon”) from an ad network to you through the Services. Web beacons allow ad networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Web beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Web beacons allow ad networks to view, edit or set their own Cookies on your browser, just as if you had requested a web page from their site.

We attempt to comply with the Digital Advertising Alliance (“DAA”) Self-Regulatory Principles for Online Behavioral Advertising. Through the DAA and Network Advertising Initiative (“NAI”), several media and marketing associations have developed an industry self-regulatory program to give consumers a better understanding of, and greater control over, ads that are customized based a consumer’s online behavior across different websites and properties. To make choices about Interest-Based Ads from participating third parties, including to opt-out of receiving behaviorally targeted advertisements from participating organizations, please visit the DAA’s or NAI’s consumer opt-out pages, which are located at http://www.networkadvertising.org/choices/ or http://www.aboutads.info/choices.

Will Luna share any of the PHI it receives?

We will never (i) rent or sell your PHI; (ii) share your PHI for marketing purposes; or (iii) use or share your PHI other than as described below unless you have given us explicit permission in writing to do so. We may share your PHI with third parties as described here:

Family members, guardians, specified individuals: We may share your PHI with your family member, guardian or other individual, only as specifically requested by you or in those circumstances where such individuals are involved in your care or treatment and you have had the opportunity to agree or object (verbally or in writing) and have been notified in advance of such use or disclosure.

Business associates: With an acknowledgment or proper authorization or as otherwise permitted under HIPAA, we are permitted to disclose your health information to business associates and to allow business associates to receive your health information of our behalf. A business associate is defined under HIPAA as an individual or entity under contract with us to perform or assist us in a function or activity which requires the use of your health information. Examples of business associates include, but are not limited to, consultants, accountants, and third party billing companies.

Physical therapists: We may share your PHI with your Luna Physical Therapist in order to provide you the Services, manage your treatment, and improve your health.

Outpatient clinic and/or hospital partners of Luna: We may obtain, use, and disclose PHI and related health to any physical therapy clinic or hospital partner that is engaged in connection with the provision of physical therapy services to you for purposes of coordinating treatment and payment for services.

Other clinical professionals: If you have communicated to us that you are receiving treatment from a physician, we may share your PHI with that physician’s office.

Emergency: In the event of an emergency or a serious or imminent threat to your health or safety (e.g., you are unconscious), we may share your PHI if we believe it is in your best interest.

Public good and/or research purposes: We may share your PHI if we believe it is for the benefit of public health, such as (i) preventing disease; (ii) helping with product recalls; (iii) reporting adverse reactions to medications; (iv) reporting suspected abuse, neglect or domestic violence; (v) preventing or reducing a serious threat to anyone’s health or safety, or for health research purposes. We will only share your PHI in accordance with the law. To find out more, please go to: https://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html

Compliance with law: We reserve the right to access, read, preserve, and disclose any PHI that we believe is necessary to comply with law or court order, including requests from the Department of Health and Human Services to ensure our compliance with federal privacy law.

Address workers’ compensation, law enforcement, mandated reporting and other government requests: We may share PHI about you: (i) for workers’ compensation claims; (i) for law enforcement purposes or with a law enforcement official; (iii) with health oversight agencies for activities authorized by law; (iv) for special government functions such as military, national security, and presidential protective services; (v) for any applicable mandated reporting purposes such as child abuse, sexual assault, intimate partner violence or other mandated reporting.

Treatment payment and healthcare operations. We are permitted to use and disclose your health information in the provision and coordination of your healthcare, in determining coverage, billing, claims management, medical data processing and reimbursement, and as part of Luna’s routine healthcare operations such as utilization reviews, auditing, certification, licensing or credentialing activities.

Authorization. We can use and disclose your health information for purposes other than treatment, payment or healthcare operations with your written authorization. For example, with your authorization we can provide your name and medical condition to companies who might be able to provide you useful items or services. You may revoke your authorization; however, such revocation will not have any effect on uses or disclosures of your health information prior to our receipt of the revocation.

Is Personal Information about me secure?

Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.

We endeavor to protect the privacy of your account and other Personal Information we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. We are required by law to maintain the privacy and security of your PHI. If a breach occurs that may have compromised the privacy or security of your PHI, we will promptly inform you by a notice on the website(s) and applications, and follow any applicable laws.

We retain Personal Information about you for as long as necessary to provide you with our Services or to perform our business or commercial purposes for collecting your Personal Information. When establishing a retention period for specific categories of information, we consider who we collected the information from, our need for the Personal Information, why we collected the Personal Information, and the sensitivity of the Personal Information. In some cases we retain Personal Information for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

What Personal Information can I access?

Through your account settings or by contacting us, you may access, and, in some cases, edit or delete the following information you’ve provided to us: Name, password, home address, email address, insurance details, and other related user information.

The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact us at concierge@getluna.com.

Health Insurance Portability & Accountability Act

You understand that Luna is a “health care provider” and must comply with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). HIPAA protects the privacy of individually identifiable health information, or “protected health information” as that term is defined in HIPAA (“PHI”). The Privacy Policy (this document) outlines your rights and our responsibilities regarding your PHI, additional information on how Luna may use your Content and any communications between you and your Luna Physical Therapist and who to contact if you have any concerns regarding your PHI. Your acceptance of these Terms acknowledges that you have been given access to the Privacy Policy and acknowledges receipt of such policy.

You understand that as a “health care provider”, Luna must comply with HIPAA and therefore retain data you input/upload to the platform related to (but not limited) with:

• Written or electronic record of a designation of an organization as a covered entity or business associate;
• All signed authorizations and, where applicable, written acknowledgments of receipt of the notice or documentation of good faith efforts to obtain such written acknowledgments;
• Privacy Policy (this document);
• Medical records and billing records about individuals maintained by or for a covered healthcare provider;
• Enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; and
• Other records that are used, in whole or in part, by or for the covered entity to make decisions about individuals;
• This data may be retained by Luna as required by HIPAA even in the case that your account has been suspended, deactivated, and/or marked for deletion.

California resident rights

If you are a California resident, you have the rights set forth in this section. Note that we may process Personal Information of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Information as a service provider, you should contact the entity that collected your Personal Information in the first instance to address your rights with respect to such data.

If there are any conflicts between this section and any other provision of this Privacy Policy and you are a California resident, the portion that is more protective of Personal Information shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us at concierge@getluna.com. 

Access:

You have the right to request certain information about our collection and use of your Personal Information over the past 12 months. In response, we will provide you with the following information:     

• The categories of Personal Information that we have collected about you.
• The categories of sources from which that Personal Information was collected.
• The business or commercial purpose for collecting or selling your Personal Information.
• The categories of third parties with whom we have shared your Personal Information.
• The specific pieces of Personal Information that we have collected about you.

If we have disclosed your Personal Information to any third parties for a business purpose over the past 12 months, we will identify the categories of Personal Information shared with each category of third party recipient. If we have sold your Personal Information over the past 12 months, we will identify the categories of Personal Information sold to each category of third party recipient.

Deletion and correction:

You have the right to request that we delete the Personal Information that we have collected about you. Under the CPRA, this right is subject to certain exceptions: for example, we may need to retain your Personal Information to provide you with the Services or complete a transaction or other action you have requested, or if we are required to retain this data by HIPAA, or if deletion of your Personal Information involves disproportionate effort. If your deletion request is subject to one of these exceptions, we may deny your deletion request.

You have the right to request that we correct any inaccurate Personal Information we have collected about you. Under the CPRA, this right is subject to certain exceptions: for example, if we decide, based on the totality of circumstances related to your Personal Information, that such data is correct. If your correction request is subject to one of these exceptions, we may deny your request.

Personal Information sharing opt-out and opt-in:

Under the CPRA, California residents have certain rights when a business “shares” Personal Information with third parties for purposes of cross-contextual behavioral advertising. We may have shared the foregoing categories of Personal Information for the purposes of cross-contextual behavioral advertising:

• Contact data
• Device / Internet protocol data
• Web analytics data
• Geolocation data

As described above, we have incorporated Cookies from certain third parties into our Services. These Cookies allow those third parties to receive information about your activity on our Services that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Services or on other websites you visit. Under the CPRA, sharing your data through third party Cookies for online advertising may be considered a “sale” of information. You can opt out of data selling and/or sharing by following the instructions in this section.

We may share Personal Information with the following categories of third parties:

• Advertising partners.

Over the past 12 months, we may have shared the following categories of Personal Information with the categories of third parties listed for the following purposes:

• Marketing and selling the Services.
• Showing you advertisements, including interest-based or online behavioral advertising.

You have the right to opt-out of the sharing of your Personal Information. You can opt-out using the following methods:

• You can opt-out of the sharing of your Personal Information by updating your Cookie Settings.
• You can use a Global Privacy Control or similar control that is legally recognized by a government agency or industry standard. Please note this does not include Do Not Track signals.

Once you have submitted an opt-out request, we will not ask you to reauthorize the sharing of your Personal Information for at least 12 months.

Under the CPRA, we share the Personal Information of minors under 16 years of age in a way that may be considered sharing or selling. If you are between 13 and 16 years of age, you must authorize us to share your Personal Information. If you are under 13 years of age, your parent or guardian must authorize us to share your Personal Information.

We will not discriminate against you for exercising your rights under the CPRA:

We will not discriminate against you for exercising your rights under the CPRA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CPRA. However, we may offer different tiers of our Services as allowed by applicable data privacy laws (including the CPRA) with varying prices, rates or levels of quality of the goods or services you receive related to the value of Personal Information that we receive from you.

Exercising your rights:

To exercise the rights described in this Privacy Policy, you or, if you are a California resident, your Authorized Agent (defined below) must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Information, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Information provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.

We will work to respond to your Valid Request within the time period required by applicable law. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.

You may submit a Valid Request using the following methods:

• You can submit a request at our Data Rights Request page.
• You can email us at privacy@getluna.com. 

If you are a California resident, you may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.

Other state law privacy rights

California residents:

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Information to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at privacy@getluna.com.

Nevada residents:

If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise this right by contacting us at privacy@getluna.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not sell your Personal Information, per the definition of “sale” as defined in Nevada Revised Statutes Chapter 603A.

Virginia residents:

If you are a Virginia resident, you have the rights set forth under the Virginia Consumer Data Protection Act (“VCDPA”). Please see the information below for instructions regarding how to exercise these rights. Please note that we may process Personal Information of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Information as a service provider, you should contact the entity that collected your Personal Information in the first instance to address your rights with respect to such data. Additionally, please note that these rights are subject to certain conditions and exceptions under applicable law, which may permit or require us to deny your request.

If there are any conflicts between this section and any other provision of this Privacy Policy and you are a Virginia resident, the portion that is more protective of Personal Information shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us at concierge@getluna.com.

Access: You have the right to request confirmation of whether or not we are processing your Personal Information and to access your Personal Information.

Correction: You have the right to correct inaccuracies in your Personal Information, to the extent such correction is appropriate in consideration of the nature of such data and our purposes of processing your Personal Information.

Portability: You have the right to request a copy of your Personal Information in a machine-readable format, to the extent technically feasible.

Deletion: You have the right to delete your Personal Information.

Opt-Out of Certain Processing Activities: You have the right to opt-out of the processing of your Personal Information for targeted advertising purposes. We process your Personal Information for targeted advertising purposes. To opt-out of our processing of Personal Information for targeted advertising purposes, please update your Cookie Settings.

We do not currently sell your Personal Information as defined under the VCDPA.

You have the right to opt-out from the processing of your Personal Information for the purposes of profiling in furtherance of decisions that produce legal or similarly significant effects to you, if applicable.

Appealing a Denial: If we refuse to take action on a request within a reasonable period of time after receiving your request in accordance with this section. In such appeal, you must (1) provide sufficient information to allow us to verify that you are the person about whom the original request pertains and to identify the original request, and (2) provide a description of the basis of your appeal. Please note that your appeal will be subject to your rights and obligations afforded to you under the VCDPA. We will respond to your appeal within 60 days of receiving your request. If we deny your appeal, you have the right to contact the Virginia Attorney General using the methods described at https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint. You may appeal a decision by emailing us at: concierge@getluna.com.

What choices do I have?

You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features.

You may be able to add and/or update information as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. Some information will remain in our records after you suspend (or deactivate, or mark for deletion) use of your account as required by law. We may use any aggregated data derived from or incorporating your Personal Information after you add and/or update it, but not in a manner that would identify you personally.

What if I have questions about this policy?

If you have any questions or concerns regarding our privacy policies, please send us a detailed message to concierge@getluna.com, and we will try to resolve your questions or concerns.