Lumavex

Legal

Privacy Policy

Last updated: May 2026

1. Data Controller

The data controller responsible for your personal data is:

Lumavex LTD
Company No. 17225895
71-75 Shelton Street
Covent Garden
London WC2H 9JQ
England and Wales
Email: dolor@lumavex.io

2. Data We Collect

When you use our website or contact us, we may collect:

  • Your name and business email address (from contact and enquiry forms)
  • Your website URL or Instagram handle (if provided)
  • Information about your business needs (form responses)
  • Technical data: IP address, browser type, pages visited (via analytics cookies)
  • Cookie preferences

We do not collect payment card data. Payments are processed directly by Stripe.

3. How We Use Your Data

  • To respond to your enquiry and send you a personalised recommendation
  • To deliver services you have purchased from us
  • To communicate about your account or service changes
  • To improve our website and understand how visitors use it (analytics, with your consent)

4. Legal Basis for Processing

  • Legitimate interest — responding to enquiries and managing client relationships
  • Contract performance — delivering services you have agreed to purchase
  • Consent — analytics cookies (you may withdraw consent at any time)

5. Third Parties

We share data only with the service providers necessary to operate our business:

  • Vercel — website hosting (EU/US data centres)
  • Resend — transactional email delivery
  • Calendly — meeting booking
  • Anthropic (Claude API) — AI-assisted communication and content generation

In a future phase, this list will expand to include: Stripe (payments), Supabase (database), Twilio (voice/SMS), ManyChat (messaging automation). This policy will be updated accordingly.

We do not sell, rent, or share your personal data with advertisers or unrelated third parties.

6. Data Retention

  • Enquiry form data: retained for 12 months, then deleted
  • Client data (active contracts): retained for the duration of the contract plus 6 years (UK legal requirement)
  • Analytics data: retained per the analytics provider's policy; cookies expire as described in Section 8

7. Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — at any time for consent-based processing (e.g. analytics)

To exercise any of these rights, email dolor@lumavex.io. We will respond within 30 days.

8. Cookies

We use two categories of cookies:

  • Necessary — session management. These do not require consent and cannot be disabled.
  • Analytics — understand how visitors use our site. Only activated if you click "Accept" on the cookie banner. You may change your preference at any time by clearing your browser storage.

9. AI Technology

Lumavex uses AI technology (Claude by Anthropic) to assist with customer communication and content generation as part of our service delivery. Where AI is involved in communications with your customers, a disclosure is always included in the first message. We do not use AI to make automated decisions that have legal or similarly significant effects on individuals.

10. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this page will reflect any changes. We will notify active clients by email of material changes.

11. Contact & Complaints

For any privacy-related questions, email dolor@lumavex.io.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.