Cookie notice
Last updated: 2026-05-16. Questions: privacy@lumauna.app.
1. Summary
Lumauna uses strictly-necessary cookies only. We do not use marketing cookies, advertising cookies, cross-site tracking, or third-party analytics trackers. No consent banner is required under EU ePrivacy / UK PECR because every cookie we set is necessary to deliver the service you signed in to. We do not "sell" or "share" personal information for cross-context behavioural advertising under CCPA/CPRA, and we do not use cookies that would trigger LGPD consent obligations in Brazil.
2. The cookies we set
| Cookie | Purpose | Lifetime |
|---|---|---|
wos-session | Session token issued by our managed identity provider. Required to keep you signed in. | Session |
csrf | CSRF protection on form submissions. Required to prevent cross-site request forgery. | Session |
theme | Remembers your colour-scheme preference (light/dark) so the UI matches it on return. | 1 year |
3. Third-party cookies
None set by Lumauna on lumauna.app. If you embed Lumauna pages elsewhere or follow links to our sub-processors, those parties set their own cookies under their own policies — see /sub-processors.
4. Your choices
Because all cookies above are strictly necessary, blocking them will break sign-in or form submission. You can still clear or block cookies in your browser settings; you can also revoke the active session at any time from Settings → Sessions.
5. Changes
We'll update this page if we ever add a cookie that requires consent. We will not silently introduce tracking cookies.