Privacy Policy

Last updated: March 2026

1. Who we are

Lunar Dinos ("we", "us", "our") is operated by Lunar Dinos UG (haftungsbeschränkt), registered at Görlitzer Strasse 39, 22045 Hamburg, Germany. We are the data controller responsible for processing your personal data.

For questions about this policy or your data, contact us at: privacy@lunardinos.com

1a. Data Protection Officer

The appointment of a Data Protection Officer is not required for our company under Art. 37 GDPR. For all data protection inquiries, please contact us at privacy@lunardinos.com.

2. What data we collect

2.1 Website visitors

When you visit our website, we may collect:

  • Technical data: browser type, operating system, screen resolution, referring URL
  • Usage data: pages visited, time on site, interactions

We do not use third-party tracking cookies. See our Cookie Policy for details.

2.2 Waitlist and demo signups

When you join our waitlist or book a demo, we collect:

  • Name
  • Email address
  • Company name (optional)
  • Role (optional)

2.3 Product users (when the product launches)

When you use Lunar Dinos as a customer, we process data on your behalf as a data processor. This includes session recordings and product usage data from your end users. Details will be covered in a separate Data Processing Agreement (DPA).

3. Why we process your data (legal basis)

Under the GDPR, we process your personal data based on:

  • Consent (Art. 6(1)(a) GDPR) — for waitlist signups, marketing emails, and optional cookies
  • Legitimate interest (Art. 6(1)(f) GDPR) — for basic website analytics (anonymized) and security
  • Contract performance (Art. 6(1)(b) GDPR) — for providing the product to paying customers

4. How we use your data

We use the data we collect to:

  • Communicate with you about early access, product updates, and your demo request
  • Improve our website and product
  • Provide and maintain the Lunar Dinos service
  • Comply with legal obligations

We do not sell your personal data. We do not share your data with third parties for their own marketing purposes.

5. Where your data is stored

All data is stored on servers located in the European Union (Germany). We use EU-based infrastructure providers. We do not transfer personal data outside of the EU/EEA unless explicitly stated and covered by appropriate safeguards (e.g., EU Standard Contractual Clauses).

6. How long we keep your data

  • Waitlist data: until you unsubscribe or request deletion, or 24 months after your last interaction — whichever comes first
  • Product data: for the duration of the customer contract, plus any legally required retention period
  • Website analytics: aggregated and anonymized, retained indefinitely

7. Your rights

Under the GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Restriction — restrict how we process your data
  • Data portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, email us at privacy@lunardinos.com. We will respond within 30 days.

8. Third-party services

We use the following third-party services that may process personal data:

  • Hetzner (hosting) — EU-based, data stays in Germany
  • Mistral AI (AI features) — EU-based LLM provider
  • Google Cloud Vertex AI (AI features) — data is processed in the EU (europe-west region). Subject to Google Cloud's Data Processing Addendum and EU Standard Contractual Clauses

We will update this list as we integrate additional services.

8a. Use of artificial intelligence

Lunar Dinos uses AI/LLM services (Mistral AI and Google Cloud Vertex AI) to power product intelligence features such as automated insights, pattern detection, and content analysis. When processing data on behalf of our customers, the following applies:

  • AI processing is performed based on the customer's instructions under a Data Processing Agreement (Art. 28 GDPR)
  • Data sent to AI providers is limited to what is necessary for the specific feature
  • Mistral AI processes data within the EU. Google Vertex AI processes data in the EU (europe-west region)
  • No personal data from AI processing is used for model training by the providers
  • The legal basis for AI processing is contract performance (Art. 6(1)(b) GDPR) for product users and legitimate interest (Art. 6(1)(f) GDPR) for product improvement

9. Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS), tenant-level data isolation, and access controls. Despite our efforts, no method of transmission or storage is 100% secure.

10. Children

Lunar Dinos is not directed at individuals under the age of 16. We do not knowingly collect personal data from children.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of our website after changes constitutes acceptance.

12. Supervisory authority

If you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

The supervisory authority responsible for us is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str. 22, 20459 Hamburg
datenschutz-hamburg.de