If you are in the EU, EEA, or UK, you have legal rights to access, correct, delete, or port your personal data, and to object to how Luma processes it, including filing a complaint with your national data protection authority.
Consumer impact (what this means for users)
EU and UK users have enforceable legal rights to demand deletion of their data, object to AI training use of their content, and receive a copy of their data — these are free rights you can exercise by contacting Luma directly.
What you can do
⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
Delete Your Data
Email hello@lumalabs.ai stating your request to exercise your GDPR rights (access, deletion, restriction, or portability). Specify which right you are exercising and the personal data concerned. Luma must respond within one month under GDPR Art. 12.
Export Your Data
Email hello@lumalabs.ai requesting a copy of all personal data Luma holds about you under GDPR Art. 15 (right of access) or Art. 20 (data portability). Include your account email address and specify that you are exercising your GDPR data subject rights.
Cross-platform context
See how other platforms handle European Privacy Rights and similar clauses.
These rights are legally enforceable under GDPR and UK GDPR and can be exercised at no cost — EU and UK users can compel Luma to delete their data or stop certain processing, including potentially the use of their content for AI training.
View original clause language
Your European Privacy Rights. If you are located in the EEA or the UK, you have additional rights described below. You may request access to the personal information we maintain about you, update and correct inaccuracies in your personal information, restrict or object to the processing of your personal information, have your personal information anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your personal information to another company. In addition, you have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
(1) REGULATORY FRAMEWORK: This provision implements GDPR Arts. 15 (access), 16 (rectification), 17 (erasure), 18 (restriction), 20 (portability), 21 (objection), and 77 (right to lodge complaint); UK GDPR equivalent provisions enforced by ICO; enforced by EU national supervisory authorities in data subjects' country of residence, work, or incident location. Luma must respond to access and deletion requests within one month under GDPR Art. 12. (2)
🔒
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Applicable agencies
State AG
EU and UK data subjects can lodge complaints with their national supervisory authority (e.g., ICO in the UK); the State_AG category is the closest applicable category for non-US regulatory bodies in this context.