Privacy Policy

Last updated: April 2, 2026

Lumina – SEO & GEO ("Lumina", "the Extension") is a Chrome browser extension created by Julien El-Bahy. This privacy policy explains how the Extension handles your data.

Data collection

Lumina does not collect, transmit, or store any personal data on external servers. The Extension does not use analytics, tracking scripts, or advertising of any kind.

How your data is processed

All SEO analysis (page audits, heading checks, link analysis, schema validation, etc.) is performed locally in your browser. The Extension reads the content of the currently active tab to perform its analysis. This data is never sent to any server operated by Lumina or any third party.

API keys

Lumina allows you to optionally connect your own API keys for enhanced functionality:

• OpenAI API Key: Used to power AI content tools. Requests are sent directly from your browser to OpenAI's API. Lumina does not proxy, store, or log these requests.
• DataForSEO API Key: Used for keyword research and SERP analysis. Requests are sent directly to the DataForSEO API.
• Google PageSpeed Insights API Key: Used for performance analysis. Requests are sent directly to Google's API.

All API keys are stored in Chrome's local storage (chrome.storage.local) on your device. They are never transmitted to any server other than the respective API provider.

Google OAuth (Search Console & Analytics)

Lumina allows you to connect your Google Search Console and Google Analytics 4 accounts using Google's OAuth 2.0 authorization flow. When you connect:

• You are redirected to Google's consent screen, where you grant access to webmasters.readonly (Search Console) and/or analytics.readonly (Analytics) scopes.
• Access tokens are stored in Chrome's session storage and are cleared when you close the browser.
• Refresh tokens are stored in Chrome's local storage for persistent access.
• All data requests go directly from your browser to Google's APIs. Lumina does not operate any backend server.
• You can disconnect at any time from the Extension's Settings panel, which removes all stored tokens.

Lumina only requests read-only access. It cannot modify your Search Console or Analytics data.

Data stored locally

The Extension stores the following data locally on your device using chrome.storage.local:

• Your settings and preferences (theme, API keys, default options)
• Cached keyword data (to reduce redundant API calls)
• Google OAuth refresh tokens (if you choose to connect GSC/GA4)

You can clear all stored data at any time via the Extension's Settings panel ("Reset All Data").

Permissions

The Extension requests the following Chrome permissions:

• storage — Save settings and API keys locally
• activeTab / tabs — Read the current page for analysis
• scripting — Inject content scripts for on-page features (heading highlighting, link checking)
• webRequest — Capture HTTP response headers (status codes, X-Robots-Tag, security headers)
• host_permissions (<all_urls>) — Required for fetching robots.txt, llms.txt, checking external links, and making API calls to Google, OpenAI, and DataForSEO
• identity — Google OAuth authentication flow
• clipboardWrite — Copy text/data to clipboard
• downloads — Export screenshots and CSV files

Data sharing

Lumina does not sell, rent, trade, or otherwise share your personal data with any third parties. No data is shared for advertising, marketing, or analytics purposes.

The only data transmissions that occur are:

• API requests you explicitly initiate (e.g., keyword research, AI content analysis) are sent directly from your browser to the respective API provider (Google, OpenAI, or DataForSEO).
• Google OAuth tokens are exchanged directly between your browser and Google's authentication servers.

Lumina does not operate any backend server or database. There is no server-side data collection or processing of any kind.

Third-party services

When you use API-connected features, data is sent to the following third-party services according to their own privacy policies:

• Google (Search Console, Analytics, PageSpeed)
• OpenAI (AI content tools)
• DataForSEO (keyword research, SERP data)

These services are only contacted when you actively use a feature that requires them. No data is sent in the background or without your knowledge.

Data retention and deletion

All data stored by Lumina resides locally on your device in Chrome's storage. Retention periods are as follows:

• Settings and API keys: Stored until you manually remove them or uninstall the Extension.
• Cached keyword data: Stored until you clear the cache via Settings or uninstall the Extension.
• OAuth access tokens: Stored in session storage and automatically deleted when you close your browser.
• OAuth refresh tokens: Stored until you disconnect the account via Settings or uninstall the Extension.

You can delete all stored data at any time by using the "Reset All Data" option in the Extension's Settings panel. Uninstalling the Extension also removes all locally stored data.

Data security

Lumina protects your data through the following measures:

• All data is stored locally on your device using Chrome's built-in storage APIs, which are sandboxed and inaccessible to other extensions or websites.
• API keys are never exposed in URLs or transmitted to any server other than the intended API provider.
• All API communications use HTTPS encryption.
• OAuth tokens are scoped to read-only access, minimizing risk.
• No data is logged, cached, or stored on any external server.

Your rights

You have full control over your data at all times:

• Access: All stored data is visible in the Extension's Settings panel.
• Deletion: Use "Reset All Data" in Settings to delete all stored data, or disconnect individual services.
• Portability: Since all data is stored locally, it remains on your device at all times.
• Revocation: You can revoke Google OAuth access at any time via the Settings panel or via Google's account permissions page.

If you are a resident of the European Union, you are entitled to rights under the GDPR, including the right to access, rectification, erasure, and data portability. Since Lumina does not collect or store any personal data on external servers, these rights are inherently fulfilled through the local storage model described above.

Children's privacy

Lumina is not directed at children under 13. We do not knowingly collect any information from children.

Changes to this policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. If significant changes are made, a notice will be provided within the Extension.

Contact

If you have questions about this privacy policy or about how your data is handled, contact: julien.elbahy [at] gmail.com