Lunipay.
Log inStart free

Privacy Policy

Last updated: March 6, 2026

1. Introduction

LuniPay, Inc. ("Company," "we," "us," "our," or "LuniPay") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process information when you access and use our website, mobile applications, and services (collectively, the "Service").

This Privacy Policy applies to:

  • Business users who create LuniPay accounts ("Merchants")
  • Customers of Merchants who receive invoices and make payments ("Customers")
  • Visitors to our website and marketing pages ("Visitors")

Please read this Privacy Policy carefully. If you do not agree with our practices, please do not use our Service. By using LuniPay, you consent to the collection and use of your information as described in this policy.

2. Information We Collect

2.1 Account Information

When you create a LuniPay account, we collect information such as:

  • Full name and email address
  • Business name and business registration details
  • Physical business address
  • Phone number
  • Tax identification number or VAT registration
  • Bank account information (for payouts)
  • Profile picture or business logo (uploaded through Uploadthing)

2.2 Payment and Financial Information

When you use LuniPay to process payments, we collect financial transaction data. Importantly:

  • LuniPay does not store credit card numbers or sensitive payment card data. All payment processing is handled securely by Stripe, our PCI-DSS compliant payment processor.
  • We collect payment metadata including transaction amounts, payment methods used (card type, last 4 digits), transaction timestamps, and payment status.
  • We maintain records of payouts to your bank account, including payout amounts, processing fees, and FX conversions.
  • We store invoice data including line items, amounts, and payment history.

2.3 Transaction and Invoice Data

We collect and store all invoice, payment link, recurring billing template, and installment plan data you create, including:

  • Invoice descriptions, quantities, and pricing
  • Dates (due dates, payment dates, payout dates)
  • Payment statuses (draft, sent, viewed, paid, overdue, partially paid)
  • Dispute and chargeback information
  • Reminder history and engagement metrics

2.4 Customer Data (Your Customers)

When you add customers to LuniPay or send them invoices, we collect information about your customers, including:

  • Customer name and email address
  • Customer phone number
  • Business/company information (for B2B invoices)
  • Shipping/billing addresses (if provided)
  • Information they enter when paying an invoice or accessing the customer portal

Important: For customer data, you are the data controller and LuniPay is a data processor. You are responsible for obtaining necessary consents from your customers and complying with applicable data protection laws.

2.5 Usage and Analytics Data

We automatically collect information about how you use our Service:

  • Device information (device type, operating system, browser type, browser version)
  • IP address and geolocation data
  • Pages visited, features used, and time spent on each page
  • Clickstream data and navigation patterns
  • Performance metrics (page load times, errors encountered)
  • Search queries and filters you apply

This data is collected through analytics tools including Vercel Analytics and error monitoring via Sentry.

2.6 Authentication Data

We collect authentication information to verify your identity:

  • For Google OAuth: we receive your Google account profile information including name and email from Google
  • For email/password authentication: we store a cryptographically hashed version of your password (we do not store your password in plain text)
  • Session tokens and authentication cookies to maintain your login state
  • For customer portal access: magic link tokens and session data

2.7 Communications

We collect information when you communicate with us:

  • Contact form submissions (name, email, subject, message)
  • Customer support inquiries and replies
  • Email addresses you provide for notifications and invoices
  • Feedback and bug reports you submit

2.8 Information from Third Parties

We may receive information about you from:

  • Stripe: account verification status, account balance, charge history, dispute data
  • Google: when you authenticate via Google OAuth
  • Your customers: when they provide information to pay your invoices
  • Team members: when they are invited to your organization

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve the LuniPay platform and features
  • Payment Processing: To process payments, issue payouts, and maintain financial records
  • Account Management: To create and manage your account, process sign-ups and password resets
  • Communications: To send transactional emails (invoices, receipts, payment confirmations), service updates, and customer support responses
  • Marketing: With your consent, to send promotional emails about new features, product updates, or special offers
  • Analytics & Improvement: To understand how you use LuniPay, identify usage patterns, and optimize our service
  • Fraud Prevention & Security: To detect, prevent, and address fraud, abuse, and security incidents
  • Compliance: To comply with legal obligations, including tax reporting, anti-money laundering (AML) requirements, and regulatory inquiries
  • Dispute Resolution: To investigate and resolve disputes, chargebacks, and complaints
  • Legal Protection: To enforce our Terms of Service and other agreements, and to protect our legal rights

4. How We Share Your Information

We may share your information with the following categories of recipients:

4.1 Service Providers and Processors

We share information with third-party service providers who help us operate our Service:

  • Stripe: For payment processing, invoicing, Connect account management, and financial data
  • SendGrid: For sending transactional and marketing emails
  • Vercel: For hosting, server infrastructure, analytics, and performance monitoring
  • Sentry: For error tracking and application monitoring
  • Uploadthing: For secure file storage (logos, invoice PDFs, documents)
  • Upstash: For Redis caching, rate limiting, and session management
  • NextAuth.js: For authentication infrastructure and session management

All service providers are contractually obligated to use your information only as necessary to provide their services and to maintain the confidentiality and security of your data.

4.2 Your Customers

When you send an invoice or payment link to a customer, they will receive their name and the invoice/payment details you provide. They may access the customer portal using a magic link, where they can view their payment history and manage their payment methods.

4.3 Team Members

If you invite team members to manage your LuniPay account, they may have access to your customer data, invoices, and financial information based on their assigned role and permissions.

4.4 Legal Requirements and Enforcement

We may disclose your information when required by law or when we believe in good faith that such disclosure is necessary to:

  • Comply with legal process (subpoena, warrant, court order)
  • Enforce our Terms of Service and other agreements
  • Respond to government or law enforcement requests
  • Protect the safety, rights, and property of LuniPay, our users, or the public
  • Prevent fraud, security incidents, or other illegal activities

4.5 Business Transfers

If LuniPay is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding, your information may be transferred as part of that transaction. We will provide notice of such change in ownership or control of your information where required by law.

5. Data Retention

We retain your information for as long as necessary to provide our Service and to comply with legal obligations:

  • Account Information: Retained while your account is active. If you delete your account, we retain your information for up to 30 days to allow recovery, then securely delete it unless longer retention is required by law.
  • Transaction & Invoice Data: Retained indefinitely for financial record-keeping, tax compliance, and dispute resolution.
  • Customer Data: Retained as long as the customer relationship exists and for compliance purposes, typically 6-7 years for tax and regulatory requirements.
  • Analytics & Usage Data: Retained for up to 12 months for analytics and improvement purposes.
  • Support Communications: Retained for 2 years from the date of your last communication for customer service records.
  • Marketing Communications: Retained until you unsubscribe or request deletion.

Some information may be retained longer if retention is required by law (tax records, regulatory compliance, dispute resolution).

6. Data Security

We take data security seriously and implement comprehensive measures to protect your information:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL protocol.
  • Encryption at Rest: Sensitive data is encrypted when stored in our databases.
  • PCI-DSS Compliance: Payment card information is processed through Stripe, which is PCI-DSS Level 1 compliant. We do not store or transmit unencrypted card data.
  • Access Controls: We restrict access to your personal information to employees and contractors who need access to perform their duties, and require them to maintain confidentiality.
  • Secure Authentication: We use bcrypt hashing for password storage and OAuth tokens for secure third-party authentication.
  • Regular Security Audits: We regularly audit and test our security measures.
  • Monitoring & Logging: We monitor our systems for suspicious activity and maintain audit logs.

While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security. If you become aware of a security breach, please contact us immediately at support@lunipay.io.

7. Your Rights and Choices

7.1 General Rights

Subject to applicable law, you have the following rights:

  • Access: You have the right to access your personal information by logging into your LuniPay account or contacting us.
  • Correction: You can update, correct, or modify your account information through your account settings.
  • Deletion: You have the right to request deletion of your account and associated personal data, subject to applicable legal requirements.
  • Data Portability: You can request a copy of your data in a structured, machine-readable format.
  • Marketing Opt-Out: You can opt out of receiving marketing emails by clicking the unsubscribe link in any email or by contacting us.

7.2 EU and UK Data Protection Rights (GDPR)

If you are located in the European Union or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to Restrict Processing: You can request that we limit how we use your data.
  • Right to Object: You can object to our processing of your personal data for legitimate interests.
  • Right to Withdraw Consent: You can withdraw consent you've provided at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.

Our legal basis for processing your data includes performance of a contract with you, compliance with legal obligations, and our legitimate interests (fraud prevention, security, service improvement).

7.3 California Consumer Privacy Act (CCPA) Rights

If you are a California resident, you have rights under the California Consumer Privacy Act:

  • Right to Know: You can request to know what personal information we collect and how we use it.
  • Right to Delete: You can request deletion of personal information we hold about you (with certain exceptions).
  • Right to Opt-Out: You can opt out of the "sale" or "sharing" of your personal information (as defined by CCPA).
  • Right to Correct: You can request correction of inaccurate personal information.
  • Right to Limit Use: You can limit our use of your personal information to the purposes for which it was disclosed.

To exercise these rights, contact us at support@lunipay.io.

7.4 How to Exercise Your Rights

To exercise any of your rights, please contact us at:

Email: support@lunipay.io

We will respond to your request within 30 days (or as required by applicable law). We may request verification of your identity to protect your privacy and security.

8. Cookies and Tracking Technologies

LuniPay uses cookies and similar tracking technologies to provide and improve our Service:

8.1 Types of Cookies We Use

  • Essential Cookies: Required for authentication, session management, and basic functionality. These cannot be disabled.
  • Analytics Cookies: Used to understand how users interact with our Service. These are used by Vercel Analytics to track page views, user flows, and performance metrics.
  • Performance Cookies: Used to monitor application performance and errors (Sentry).

8.2 Third-Party Tracking

LuniPay does not use third-party advertising networks or tracking pixels for retargeting or behavioral advertising. We do not allow advertisers to track you across websites.

8.3 Managing Cookies

Most web browsers allow you to control cookies through browser settings. You can typically enable, disable, or delete cookies, or set your browser to notify you before a cookie is placed. However, disabling essential cookies may affect your ability to use LuniPay.

9. Children's Privacy

LuniPay is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will promptly delete such information and terminate the child's account. If you believe we have collected information from a child under 18, please contact us immediately at support@lunipay.io.

10. International Data Transfers

LuniPay is based in the United States and your information may be transferred to, stored in, and processed in the United States or other countries where we or our service providers operate. The United States and other countries may not have data protection laws equivalent to those in your country of origin.

By using LuniPay, you consent to the transfer of your information to countries outside your country of residence, which may provide a different level of data protection than your home country. We implement appropriate safeguards such as Standard Contractual Clauses and other mechanisms to protect your information in compliance with applicable laws.

If you are located in the EU, UK, or other jurisdictions with strict data protection requirements and have questions about international data transfers, contact us at support@lunipay.io.

11. Third-Party Links and Services

Our website and Service may contain links to third-party websites, applications, and services that are not operated by LuniPay, including Stripe, SendGrid, and others. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices.

We encourage you to review the privacy policies of any third-party services before providing your information or using their services. Your use of third-party services is governed by their terms and privacy policies, not ours.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the "Last updated" date at the top of this policy and, for significant changes, by sending you an email notice or displaying a prominent notice on our website.

Your continued use of LuniPay following the posting of a revised Privacy Policy means that you accept and agree to the changes. We encourage you to review this policy periodically to stay informed about how we protect your information.

13. Contact Information

If you have questions about this Privacy Policy, our privacy practices, or your personal information, please contact us:

LuniPay, Inc.

Privacy Contact: support@lunipay.io

General Contact: support@lunipay.io

Mailing Address:
1111B S Governors Ave, STE 23835
Dover, DE 19904
United States

We aim to resolve any privacy concerns within 30 days of receiving your inquiry. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.

14. Data Processing for Customer Data

Important: When you enter customer information into LuniPay (names, email addresses, phone numbers, etc.), you are the "data controller" and LuniPay is a "data processor."

  • You are responsible for: Obtaining necessary consent from your customers, complying with applicable data protection laws, and providing data protection notices to your customers.
  • LuniPay is responsible for: Processing customer data only as directed by you, maintaining appropriate security measures, and assisting with your legal obligations (e.g., handling data access requests).
  • Data Processing Agreement: For EU/UK customers subject to GDPR, we are prepared to enter into a Data Processing Agreement (DPA) to govern the processing of personal data. Please contact us at support@lunipay.io.

We process customer data only to provide our Service to you (e.g., to send invoices, process payments). We do not use customer data for our own marketing, analytics, or other purposes without your explicit instruction.

This Privacy Policy is effective as of March 6, 2026 and is subject to change. Please review it regularly for updates.