Privacy Policy

Effective date: March 26, 2026

1. Introduction

Pompeii Labs, Inc. ("Pompeii," "we," "our," or "us") operates Lux Cloud (luxdb.dev), a managed database hosting platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

Information you provide directly:

  • Account information. When you sign in with Google OAuth, we receive your name, email address, and profile picture.
  • Communications. Support requests, feedback, or other messages you send to us.
  • Payment information. Billing is handled entirely by Stripe. We never see or store your full card number. Stripe shares a summary (last 4 digits, expiration, billing email) so we can display it in your dashboard.

Information collected automatically:

  • Instance data. The data you store in your Lux instances (keys, values, streams, vectors, etc.) lives on our infrastructure. We do not access or inspect it unless required for debugging at your request.
  • Usage metrics. We collect operational metrics about your instances: memory usage, connection counts, command throughput, and disk usage. This powers the metrics dashboard and helps us monitor instance health.
  • Log data. Error reports and performance data for maintaining the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service (running your instances, routing connections, serving the dashboard)
  • Process transactions and billing through Stripe
  • Monitor instance health and maintain service reliability
  • Send administrative communications (security alerts, maintenance notices, billing updates)
  • Respond to support requests and inquiries
  • Detect, investigate, and prevent fraudulent or abusive activity
  • Comply with legal obligations

We may use aggregated, anonymized usage metrics to improve and benchmark the Service. We do not build advertising profiles or sell your data.

4. Sub-processors

We use the following third-party service providers ("sub-processors") to operate the Service. Each processes data only to the extent necessary to deliver their function:

Supabase -- Authentication and account metadata storage.

Hetzner -- Infrastructure hosting for Lux instances where your data is stored and served.

Stripe -- Payment processing and billing. Stripe stores all payment information directly; we do not have access to full card numbers.

Cloudflare -- DNS, CDN, and DDoS protection for the web application.

We do not sell, rent, or share your data with third parties for marketing or advertising purposes.

5. Data Sharing

Beyond the sub-processors listed above, we may share your information only in the following circumstances:

  • Legal requirements. When required by law, subpoena, court order, or other legal process.
  • Safety. To protect the rights, property, or safety of Pompeii Labs, our users, or the public.
  • Business transfers. In connection with a merger, acquisition, or sale of assets, in which case your data would remain subject to this Privacy Policy.
  • With your consent. In any other case with your explicit consent.

6. Data Retention

Account data is kept for as long as your account is active. Upon account deletion, we remove your personal information from our systems within 30 days, except where retention is required by law.

Instance data is deleted when you terminate an instance. Snapshots are deleted along with the instance unless you have exported them.

Usage metrics are retained for 30 days, then automatically purged.

Payment records are retained as required by tax and accounting regulations.

7. Data Security

We implement reasonable technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These include encrypted connections (TLS), password authentication on all instances, and access controls on infrastructure. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users by email within 72 hours of becoming aware of the breach, consistent with GDPR requirements. We will also notify relevant supervisory authorities where required by law.

9. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Rectification of inaccurate or incomplete information
  • Erasure of your personal information ("right to be forgotten")
  • Restriction of processing in certain circumstances
  • Data portability (receive your data in a structured, machine-readable format)
  • Objection to processing based on legitimate interests
  • Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at hello@pompeiilabs.com. We will respond within 30 days.

You can also delete your account at any time from the dashboard, and export your instance data using the snapshot and CLI tools.

10. Cookies

We use a single session cookie managed by Supabase to keep you logged in. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

11. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States (where our infrastructure is located). These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to these countries. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by updating the effective date at the top of this page. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

14. Contact

If you have questions about this Privacy Policy or our data practices, please contact us at:

Pompeii Labs, Inc.

169 Madison Ave STE 18927

New York, NY 10016

hello@pompeiilabs.com