Privacy Policy

LumyxTech ("we", "our", or "us") is committed to protecting the privacy of everyone who interacts with our website and services. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and what rights you have, regardless of where in the world you are located.

By visiting lumyxtech.com or engaging our services, you acknowledge that you have read and understood this policy.

Information you provide directly

• ■Name, email address, company name, and message when you submit our contact form.
• ■Name and email address when you subscribe to our newsletter.
• ■Project details, technical specifications, and related materials shared during a service engagement.
• ■Booking details (name, email, calendar availability) if you schedule a meeting through our booking tool.

Information collected automatically

• ■Basic server and access logs (IP address, browser type, pages visited, timestamps) retained by our hosting infrastructure for security and performance purposes. These are aggregated and anonymized where possible.
• ■Anonymized usage analytics (page views, session duration, referral sources) via Google Analytics, where you have not opted out.

Information from third parties

• ■If you book through our scheduling tool, that provider processes your booking information under its own privacy terms.
• ■If you engage with us via LinkedIn or other platforms, information you share through those platforms is subject to their privacy policies.

We use personal information only for the following purposes:

• ■To respond to your project inquiries and service requests.
• ■To deliver, manage, and improve agreed services.
• ■To send transactional emails (booking confirmations, project updates, invoices) directly related to your engagement.
• ■To send our newsletter, only to those who have explicitly subscribed.
• ■To analyze website usage in aggregate to improve our content and user experience.
• ■To detect and prevent security threats or fraudulent activity.
• ■To comply with legal obligations applicable in any jurisdiction where we operate.

We do not sell, rent, exchange, or otherwise transfer personal information to third parties for their own marketing or commercial purposes.

For individuals whose personal data is subject to data protection legislation (including the General Data Protection Regulation (GDPR) in the European Union and European Economic Area, the UK GDPR, Brazil's LGPD, California's CCPA/CPRA, and equivalent frameworks in other jurisdictions), we process personal data on the following legal bases:

• ■Consent: For newsletter subscriptions and any non-essential communications. You may withdraw consent at any time without affecting prior lawful processing.
• ■Contractual necessity: To perform the services you have engaged us for.
• ■Legitimate interests: To respond to inquiries, maintain security, prevent fraud, and improve our services, where those interests are not overridden by your rights.
• ■Legal obligation: Where we are required to process data to comply with applicable law.

We share personal information only with trusted service providers acting as data processors on our behalf, and only to the extent necessary to deliver our services:

• ■Resend: Our email delivery provider processes contact form submissions and newsletter communications. Resend acts solely as a data processor under our instructions.
• ■Calendly (or equivalent booking tool): Processes booking details when you schedule a meeting with us.
• ■Google Analytics: Receives anonymized, aggregated website usage data. You may opt out via browser settings or the Google Analytics opt-out browser add-on.
• ■Cloudflare: Hosts and serves our website. Basic request data passes through Cloudflare's infrastructure.

We require all processors to implement appropriate technical and organizational security measures and to process data only according to our documented instructions. We do not authorize processors to use your data for their own independent purposes.

We may also disclose personal information where required by law, court order, regulatory authority, or other legally binding process in any applicable jurisdiction.

LumyxTech serves clients worldwide and our team operates remotely across multiple locations. As a result, personal data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction.

Where such transfers occur, we rely on appropriate safeguards to ensure your data remains protected to an equivalent standard, including: Standard Contractual Clauses (SCCs) approved by relevant authorities, adequacy decisions where applicable, or other transfer mechanisms recognized as providing sufficient protection under your jurisdiction's data protection framework.

We retain personal information only for as long as necessary for the purposes described in this policy, or as required by applicable law.

• ■Contact form submissions: Up to 12 months from date of submission, unless an engagement is initiated.
• ■Service engagement data: Up to 3 years from the end of the engagement, or longer if required by applicable law (e.g., financial record-keeping requirements).
• ■Newsletter subscriptions: Until you unsubscribe or request deletion.
• ■Server and access logs: Up to 90 days, after which they are deleted or fully anonymized.
• ■Analytics data: Retained in anonymized, aggregated form for up to 26 months.

You may request earlier deletion of your data at any time by contacting us (see Section 10).

Depending on the laws of the jurisdiction where you are located, you may have the following rights regarding your personal data:

• ■Right of access: Request a copy of the personal data we hold about you.
• ■Right to rectification: Request correction of inaccurate or incomplete data.
• ■Right to erasure: Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
• ■Right to restrict processing: Request that we limit how we use your data in certain circumstances.
• ■Right to data portability: Receive your data in a structured, machine-readable format.
• ■Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
• ■Right to withdraw consent: Where processing is based on consent, withdraw it at any time without penalty.
• ■Right not to be subject to automated decisions: We do not make solely automated decisions with significant legal effects.
• ■Right to lodge a complaint: File a complaint with your local data protection authority or supervisory body.

To exercise any of these rights, contact us at Info@lumyxtech.com. We will respond within 30 days, or within any shorter period required by the laws of your jurisdiction. We will not charge a fee for reasonable requests.

Our website uses a minimal set of cookies. Essential cookies are required for the website to function correctly (for example, security and session management). We do not use advertising cookies, cross-site tracking cookies, or behavioral profiling technologies.

Analytics cookies (Google Analytics) are used to understand aggregate usage patterns. These cookies do not identify you personally. You can disable or delete cookies through your browser settings at any time. Where required by law, we obtain your consent before placing non-essential cookies.

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or alteration. These include encrypted data transmission (HTTPS/TLS), access controls limiting who can access personal data, and regular reviews of our security practices.

While we take these precautions, no method of transmission over the internet is completely secure. We cannot guarantee absolute security, but we are committed to addressing any breach promptly and in accordance with applicable law.

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from someone under 18, please contact us immediately at Info@lumyxtech.com and we will take steps to delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will update the date at the top of this page. For significant changes affecting how we use your data, we will take additional steps to notify you (for example, by email or a prominent notice on our website).

Continued use of our website or services after changes take effect constitutes acknowledgment of the updated policy.

For any questions, requests, or complaints relating to this Privacy Policy or our data practices, please contact us:

• ■Email: Info@lumyxtech.com
• ■Website: lumyxtech.com/contact

We are committed to resolving privacy concerns promptly and fairly. If you are not satisfied with our response, you have the right to escalate your complaint to the relevant data protection authority in your jurisdiction.