Our Commitment

Lumière is built on transparency. That principle extends to how we handle personal data. This Privacy Policy explains what information we collect, why we collect it, how we use it, and what rights you have over it. We do not sell personal data. We do not use it for purposes beyond what is described here.

Information We Collect

Information you provide directly:

• Name, email address, and company name when you contact us, book a call, or sign up for updates

• Project details and requirements shared during onboarding or discovery conversations

• Payment and billing information processed through our payment provider

• Communications sent to us via email, forms, or any other channel

Information collected automatically:

• Browser type, operating system, and device information

• IP address and approximate geographic location

• Pages visited, time spent on pages, and navigation patterns on our website

• Referral source — how you arrived at our website

Information from third parties:

• If you interact with us through a third-party platform, we may receive basic profile information consistent with your privacy settings on that platform

• Analytics and advertising partners may share aggregated, non-identifying information about how users interact with our content

How We Use Your Information

We use the information we collect for the following purposes:

• Delivering our services — communicating with clients, managing engagements, and fulfilling the obligations defined in our agreements

• Responding to enquiries — replying to messages, booking calls, and providing information requested through our website

• Improving our services — understanding how our website is used and how our services can be made more effective

• Sending updates — sharing insights, case studies, and service updates with people who have opted in to receive them

• Legal and compliance — meeting our obligations under applicable law and protecting our legitimate business interests

We do not use personal data for automated decision-making that produces legal or similarly significant effects.

Legal Basis for Processing

For users in jurisdictions where a legal basis for processing is required, we process personal data on the following grounds:

• Contract performance — processing necessary to deliver services to clients under a signed agreement

• Legitimate interests — processing necessary for our reasonable business interests, including website analytics and service improvement, where those interests are not overridden by individual rights

• Consent — processing based on explicit opt-in, including email marketing communications

• Legal obligation — processing required to comply with applicable law

Data Sharing

We do not sell personal data. We share data only in the following circumstances:

• Service providers — trusted third parties who help us operate our business, including hosting providers, payment processors, analytics platforms, and communication tools. These providers are contractually bound to use data only for the purposes we specify.

• Professional advisors — legal, financial, and other professional advisors under strict confidentiality obligations

• Legal requirements — when disclosure is required by law, court order, or regulatory authority

• Business transfers — in the event of a merger, acquisition, or sale of assets, personal data may transfer to the successor entity under equivalent privacy protections

Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. Specifically:

• Client data is retained for the duration of the engagement and for seven years following its conclusion, in line with standard financial record-keeping requirements

• Marketing and contact data is retained until you withdraw consent or request deletion

• Website analytics data is retained in aggregated form and not linked to individual identities after 26 months

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you

• Correction — request correction of inaccurate or incomplete data

• Deletion — request deletion of your personal data, subject to legal retention requirements

• Portability — request your data in a structured, machine-readable format

• Objection — object to processing based on legitimate interests

• Withdrawal of consent — withdraw consent for processing based on consent at any time

To exercise any of these rights, contact us at privacy@lumiere.io. We will respond within 30 days.

Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or disclosure. These measures include encryption in transit and at rest, access controls, and regular security reviews. No system is perfectly secure, and we cannot guarantee absolute security, but we take our responsibility to protect your data seriously.

Cookies

We use cookies and similar technologies on our website. For full details of how we use cookies and how to manage your preferences, please see our Cookie Policy below.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted to this page with an updated date. For material changes, we will provide additional notice where required by law or where we consider it appropriate given the nature of the change.

Contact

For privacy-related questions or to exercise your rights, contact us at privacy@lumiere.io