Luna Executive Chauffeurs — Privacy Policy

§ 01 Who we are

Luna Executive Chauffeurs is a private chauffeur service headquartered in the Miami metropolitan area, Florida, United States, operating throughout South Florida and across approved affiliate networks worldwide.

For the purposes of this policy, Luna Executive Chauffeurs is the data controller of your personal information. Our registered business address and preferred contact channels are listed at the end of this document.

§ 02 What we collect

2.1   Information you give us directly

• Account data: full name, email address, phone number, and a password (stored as a secure hash — we never see your plain-text password).
• Reservation data: pickup and dropoff addresses, date and time of service, passenger count, vehicle selection, flight information (when applicable), and notes you add (e.g. child seat, meet-and-greet instructions, stops).
• Profile preferences: saved addresses, preferred vehicles, default number of passengers, corporate account affiliation.
• Communications: messages you send us through forms, email, SMS, or phone, including recordings of calls to our dispatch line where local law permits and we have notified you.
• Payment information (future): when online payment is enabled, payment details are handled by our PCI-DSS compliant payment processor (see section 5). Luna does not store full card numbers on its own servers — only a tokenized reference and the last four digits, for reconciliation.

2.2   Information we collect automatically

• Device and browser data: browser type, operating system, screen resolution, language preference, referring URL.
• IP address and approximate location derived from it, for security, fraud prevention, and regional routing.
• Usage data: pages visited, actions taken, timestamps, and session identifiers.
• Cookies and similar technologies: see section 6.

2.3   Information from third parties

• Affiliates and hotel concierges: booking data they submit on your behalf (name, contact, trip details).
• Corporate account administrators: employee or guest profiles added to a corporate booking portal.
• Flight tracking providers (future): real-time arrival and delay information tied to a flight number you provided.

§ 03 How we use it

• Operate the service: create and manage your account, accept and dispatch reservations, assign chauffeurs and vehicles, route to pickup, handle flight delays and live changes, and confirm completion.
• Process payment and invoicing: charge the fare, issue receipts, reconcile corporate accounts, handle disputes and refunds.
• Communicate with you: confirmations, on-the-way notifications, arrival texts, service changes, receipts, and responses to your inquiries.
• Improve the service: understand how clients use the site and dashboard, fix bugs, measure performance, refine vehicle availability and pricing.
• Security and fraud prevention: detect suspicious logins, chargebacks, bot activity, and unauthorized access attempts.
• Legal and regulatory: comply with tax, transportation, insurance, anti-money-laundering, accessibility, and record-retention obligations.
• Marketing, with your consent: occasional service updates, editorial content, and limited offers — only when you have explicitly opted in, and always with a one-click unsubscribe.

§ 04 Legal basis (GDPR & LGPD)

If you are in the European Economic Area, the United Kingdom, or Brazil, we process your personal data under the following legal bases:

§ 05 Who we share data with

We share personal information only with the categories of recipients listed below, and only to the extent necessary for the stated purpose. We do not sell your personal information in the meaning of the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), nor do we share it for cross-context behavioral advertising.

Each processor is bound by a written Data Processing Agreement (DPA) or equivalent contractual commitment, where required by law.

§ 06 Cookies & tracking technologies

We use cookies and similar technologies to keep you logged in, remember your preferences, secure your session, and — where you consent — measure how our site is used.

• Strictly necessary cookies: session, authentication token, CSRF protection, load-balancer affinity. These cannot be disabled.
• Functional cookies: language, light/dark theme preference, recently viewed rates.
• Analytics cookies (consent-based): aggregate usage metrics via Google Analytics, with IP anonymization.

If you access the site from the European Economic Area, the United Kingdom, or Brazil, non-essential cookies are set only after you consent via our cookie banner. You can withdraw consent at any time through your browser settings or by clearing cookies for this site.

§ 07 Data retention

• Account data — retained while your account is active, and deleted (or fully anonymized) within twenty-four (24) months of account closure, unless a longer retention period is required by law.
• Reservation, invoice and payment records — retained for seven (7) years after the ride date, to meet United States federal and Florida state tax-record obligations.
• Support communications — retained up to three (3) years after the last interaction.
• Marketing consent records — retained as long as necessary to prove lawful consent (typically the duration of the subscription plus two (2) years).
• Server logs and security events — retained up to twelve (12) months.

§ 08 International transfers

Luna operates from the United States, and most of our vendors process data on servers located in the United States. If you are outside the United States, your personal information will be transferred to, stored and processed in, the United States.

For transfers from the European Economic Area, the United Kingdom and Switzerland, we rely on Standard Contractual Clauses approved by the European Commission. For transfers from Brazil, we rely on contractual safeguards recognized under LGPD Art. 33. You may request a copy of the safeguards in place by writing to the contact in section 14.

§ 09 Your rights

9.1   If you are in the European Economic Area, the United Kingdom, or Switzerland (GDPR)

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request deletion ("right to be forgotten"), subject to legal retention duties.
• Portability — receive your data in a structured, machine-readable format.
• Restriction — limit how we process your data in specific circumstances.
• Objection — object to processing based on legitimate interest, including direct marketing.
• Withdraw consent — at any time, for any processing based on consent.
• Lodge a complaint — with your national supervisory authority.

9.2   If you are in California, Colorado, Connecticut, Virginia, Utah or another covered U.S. state (CCPA/CPRA and equivalents)

• Right to know — what personal information we collect, use, share and for what purposes.
• Right to delete — request deletion of personal information we hold about you.
• Right to correct — inaccurate personal information.
• Right to opt out of sale or sharing — Luna does not sell or share your personal information for cross-context behavioral advertising. If this ever changes, a "Do Not Sell or Share My Personal Information" link will appear on our site footer.
• Right to limit use of sensitive personal information — we do not use sensitive personal information for purposes beyond those permitted without this right.
• Right to non-discrimination — you will not receive degraded service for exercising these rights.

9.3   If you are in Brazil (LGPD)

• Confirmation that we process your data, and access to it.
• Correction of incomplete, inaccurate or outdated data.
• Anonymization, blocking or deletion of unnecessary or excessive data.
• Portability to another service provider.
• Deletion of data processed with your consent.
• Information on public and private entities with which we have shared your data.
• Information on the possibility of refusing to give consent and the consequences of such refusal.
• Revocation of consent at any time.
• Filing a complaint with the National Data Protection Authority (ANPD).

§ 10 How to exercise your rights

Send your request to privacy@lunaexecutivechauffeurs.com from the email address associated with your account, and include:

1. The right you wish to exercise.
2. Enough information for us to verify your identity — typically the full name and phone number on your account, plus the date of a recent booking if any.
3. The jurisdiction whose law you invoke (EU, UK, California, Brazil, etc.), if you know it.

We will acknowledge receipt promptly and respond within thirty (30) days under GDPR/LGPD and forty-five (45) days under CCPA/CPRA, extendable once if the request is complex, with notice to you. There is no charge for a reasonable first request.

You may also designate an authorized agent to act on your behalf, where permitted by applicable law, provided the agent can demonstrate authority.

§ 11 Children

The Services are intended for adults eighteen (18) years of age or older. Luna does not knowingly collect personal information from children under the age of eighteen. If you believe a child has provided us with personal information, please contact us and we will promptly delete the data in accordance with applicable law (including COPPA in the United States, GDPR Art. 8 in the EEA, and LGPD Art. 14 in Brazil).

Children may, of course, travel as passengers in Luna vehicles — in which case the booking is made by an accompanying adult and any information relating to the child (e.g. "three passengers, one infant, requires child seat") is provided by that adult as part of the reservation.

§ 12 Security

We protect personal information with administrative, technical and physical safeguards: encryption in transit (TLS 1.2+), encryption at rest on our managed databases, password hashing via industry-standard algorithms, least-privilege access controls for our team, audit logging, and vendor assessments for processors.

No system is perfectly secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within seventy-two (72) hours where GDPR applies, and notify affected individuals without undue delay as required by applicable law.

§ 13 Changes to this policy

We may update this Privacy Policy to reflect changes in our Services, our vendors, or applicable law. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will provide additional notice — for example, an email to account holders or a banner on the site — before the change takes effect. Continued use of the Services after the effective date constitutes acceptance of the updated policy.

§ 14 Contact us

Questions, requests, or concerns about this Privacy Policy or how your data is handled:

• Email: privacy@lunaexecutivechauffeurs.com
• General support: support@lunaexecutivechauffeurs.com
• Phone (dispatch, 24/7): +1 (954) 910-9739
• Mailing address: Luna Executive Chauffeurs — Miami, Florida, United States (full street address to be published at launch)

See also our Terms of Service.