If you are in the EU or UK, you have the right to access, correct, delete, restrict, or export your personal data, and to complain to your national data protection authority.
This analysis describes what Luma AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
EEA and UK users have legally backed rights to control their personal data held by Luma, including the right to request deletion and to lodge a regulatory complaint if those rights are not respected.
Text is identical; provision retained with no changes.
View full change record →EEA and UK users can request that Luma provide, correct, delete, or transfer their personal data by contacting the company directly. If Luma does not respond appropriately, users have the right to escalate to their national data protection authority.
How other platforms handle this
If you are a California resident, you may have the right to: Know what personal information we collect, use, disclose, sell, or share. Correct inaccurate personal information. Delete your personal information. Opt out of the sale or sharing of your personal information. Limit the use and disclosure ...
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
Monitoring
Luma AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Your European Privacy Rights. If you are located in the EEA or the UK, you have additional rights described below. You may request access to the personal information we maintain about you, update and correct inaccuracies in your personal information, restrict or object to the processing of your personal information, have your personal information anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your personal information to another company. In addition, you have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.— Excerpt from Luma AI's Luma AI Privacy Policy
REGULATORY LANDSCAPE: This provision directly reflects GDPR Articles 15 through 22 (rights of access, rectification, erasure, restriction, portability, and objection) and UK GDPR equivalents. The supervisory authority complaint right is mandated by GDPR Article 77. Luma's commitment to fulfilling these rights within a reasonable period should be assessed against GDPR's one-month response requirement under Article 12. GOVERNANCE EXPOSURE: Medium. While the provision correctly identifies the applicable rights, it does not specify a dedicated process, portal, or response timeline for EEA/UK rights requests, which may create practical friction and increase the risk of regulatory complaints if response times are inadequate. JURISDICTION FLAGS: All EEA member states and the UK are within scope. The right to lodge a complaint with a supervisory authority means Luma could face enforcement action from any relevant national data protection authority, not only in its primary establishment jurisdiction. This is particularly significant given that Luma's AI training use of user content may attract scrutiny from regulators focused on AI data practices. CONTRACT AND VENDOR IMPLICATIONS: Enterprises deploying Luma as a processor should ensure their data processing agreements address how EEA/UK data subject rights requests received by Luma will be handled and escalated to the controller. COMPLIANCE CONSIDERATIONS: Legal teams should confirm Luma has a documented process for handling data subject access requests within GDPR's required timeframes. The identity verification requirement described in the policy should be proportionate and not create undue barriers to rights exercise. Records of rights request handling should be maintained as part of GDPR accountability obligations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
EEA and UK users have legally backed rights to control their personal data held by Luma, including the right to request deletion and to lodge a regulatory complaint if those rights are not respected.
EEA and UK users can request that Luma provide, correct, delete, or transfer their personal data by contacting the company directly. If Luma does not respond appropriately, users have the right to escalate to their national data protection authority.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Luma AI.