Back

logo

Privacy Policy (GDPR)

1. Privacy at a Glance

The following information provides a simple overview of what happens to your personal data when you visit this website.

2. General Information

The responsible party for data processing on this website is:

LumaEcho
Ürziger Str. 7
50969 Cologne
Germany
Email: info@lumaecho.com

3. Data Collection on This Website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the imprint of this website.

How do we collect your data?
Your data is collected, on the one hand, by you providing it to us. This could, for example, be data that you enter into a contact form.

4. Audio Recordings and Public Content

Important Privacy Notice:
When you create audio content (posts, echoes, or replies) on LumaEcho, you have the option to set the visibility of your content. Please be aware:

  • Public Content: If you set a post, echo, or reply to "PUBLIC", your voice recording will be accessible and audible to everyone, including visitors who are not logged in to the platform.
  • Followers Only: Content set to "FOLLOWERS_ONLY" will only be accessible to users who follow you.
  • Private Content: Content set to "PRIVATE" will only be visible and audible to you.

By uploading and publishing audio recordings, you consent to the storage and accessibility of your voice data according to the privacy settings you have chosen. Public content will be accessible to anyone, including non-registered visitors. You can delete your audio content at any time.

5. Third-Party Data Processors

To provide our services, we use trusted third-party service providers who process your personal data on our behalf. These processors are contractually bound to comply with GDPR requirements and process data only according to our instructions.

OpenAI (Transcription Service)
We use OpenAI's Whisper API to automatically transcribe your audio recordings into text. When you upload audio content:

  • Your audio file is transmitted to OpenAI's servers for processing
  • OpenAI transcribes the audio into text format
  • The transcription is returned to us and stored in our database
  • OpenAI does not retain your audio data after processing (per their API usage policy)
  • Data transfer occurs to the United States (OpenAI is a US-based company)

Purpose: Transcriptions enable search functionality, accessibility features, and content moderation.
Legal basis: Legitimate interest (Art. 6 Para. 1 lit. f GDPR) and your consent when uploading content.
OpenAI Privacy Policy: https://openai.com/privacy

Cloudflare (Security and Bot Protection)
We use Cloudflare to provide:

  • Bot detection and protection during login/registration
  • DDoS protection and security services
  • SSL/TLS encryption for data transmission
  • Web application firewall

Cloudflare may process metadata such as IP addresses, request headers, and access logs during authentication processes.
Data transfer: Cloudflare operates globally with servers in the EU and other regions.
Legal basis: Legitimate interest (Art. 6 Para. 1 lit. f GDPR) for security and fraud prevention.
Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy

DeepL (Translation Service)
We use the DeepL API to translate transcriptions of audio content (posts and echoes) into other languages. When you request a translation:

  • The text transcription of the audio content is transmitted to DeepL SE servers for translation
  • DeepL translates the text into your preferred language
  • The translated text is returned to us and displayed to you
  • DeepL does not store your data after processing (per their API terms)
  • DeepL SE is a German company with servers in the EU

Purpose: Translations enable users to understand content in other languages.
Legal basis: Legitimate interest (Art. 6 Para. 1 lit. f GDPR) and your consent when requesting a translation.
DeepL Privacy Policy: https://www.deepl.com/privacy

Data Transfer Safeguards
For transfers to third countries (e.g., USA), we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the EU Commission
  • Data Processing Agreements (DPAs) with all processors
  • Regular security and compliance audits
6. Rights of the Data Subject

You have the right at any time to:

  • Request information about your stored data
  • Request correction of incorrect data
  • Request deletion of your data
  • Request restriction of data processing
  • Request data portability
  • Object to data processing
7. Cookies

This website uses cookies. Cookies are small text files stored on your device. We distinguish the following types:

Strictly necessary cookies (no opt-in required):

  • Authentication cookies (JWT access and refresh tokens, HttpOnly)
  • Cookie consent cookie (lumaecho-cookie-consent, 365 days)
8. Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

9. Contact

If you have any questions about data protection, please send us an email to: info@lumaecho.com