Lunas policy

Privacy Policy

How Lunas handles account data, health records, uploaded files, AI requests, sharing, and model-improvement choices.

Last updated: July 4, 2026

What Lunas collects

Lunas collects the account information needed to run the service, such as your email address, display name, plan, authentication records, and security events.

When you choose to use health-data features, Lunas may store uploaded files, extracted text, structured observations, timeline notes, consultation records, and chat messages. These records can contain sensitive health information.

How Lunas uses your data

We use your data to provide Chat, Clinic, Lab, timeline, file review, sharing, usage metering, support, security, and audit functions.

Lunas is designed so plan, role, ownership, and access checks are enforced server-side. Client-side UI controls are not treated as permission boundaries.

We do not sell sensitive health information or use it for advertising.

AI and model improvement

User health data is not used to train Stethos by default. Training eligibility requires explicit consent, de-identification, and human review before data can be approved for a training dataset.

Model providers may process prompts, retrieved context, and uploaded-file extracts to generate responses. Lunas minimizes unnecessary context and is intended to use provider retention and no-training controls where supported.

Sharing and access

You control whether personal timeline records are shared. Clinic and Lab records are access-controlled and should only be shared with people who need to review them.

Audit records may be retained for security, legal, and compliance purposes even after user-facing records are deleted.

If you use Lunas for a covered entity or regulated health organization, you are responsible for having the right authorization, organizational approval, and business associate agreement when required before submitting protected health information.

Your choices

You can request help exporting or deleting account data by contacting support@lunas.one. Self-serve export and deletion controls are planned.

We evaluate security incidents and provide required notices under applicable health, privacy, and breach-notification laws.

For privacy questions, data requests, or security concerns, contact support@lunas.one.