Privacy Notice

Last updated: 11 May 2026

1. Who we are

Lumen is operated by Pascal Joel Collet ("we", "us", "our"), an individual based in the European Union. We act as the data controller for personal data processed in connection with the Lumen service (the "Service").

For privacy questions, contact: privacy@lumen.app.

2. Data we collect

• Account data: name, email, login credentials, authentication identifiers (e.g. Google ID).
• Profile and content: portfolios, simulations, settings, and other content you create.
• Support data: messages and attachments you send us.
• Usage and device data: pages viewed, actions, IP address, browser/OS, device identifiers, approximate location, error logs.
• Cookies and similar technologies: see Section 9.

Payment data (card numbers, billing address, tax IDs) is collected and processed by Paddle as our Merchant of Record — we do not store full payment details.

3. Why we use your data and legal bases

• Provide the Service (contract): account creation, authentication, delivering features.
• Security and fraud prevention (legitimate interests / legal obligation).
• Customer support (contract / legitimate interests).
• Service improvement and analytics (legitimate interests).
• Marketing communications (consent, where required) — you can opt out anytime.
• Compliance with law (legal obligation): tax, accounting, responding to lawful requests.

4. Who we share data with

• Service providers / subprocessors: hosting, database, authentication, email, analytics, error monitoring.
• Paddle.com Market Ltd ("Paddle"), our Merchant of Record, for sale of the product, subscription management, payments, tax compliance, invoicing, refunds, and chargebacks.
• Professional advisers: legal, accounting, auditors.
• Authorities: where required by law or to protect rights, safety, or property.

We do not sell your personal data.

5. International transfers

Where personal data is transferred outside the UK/EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or adequacy decisions.

6. Retention

We keep personal data only as long as needed for the purposes described above, to comply with legal obligations (e.g. tax records typically 6–10 years), to resolve disputes, and to enforce our agreements. Account data is deleted or anonymised after account closure, subject to legal retention requirements.

7. Your rights

Subject to applicable law (including GDPR/UK GDPR), you have the right to:

• Access your personal data;
• Rectify inaccurate data;
• Erase data ("right to be forgotten");
• Restrict or object to processing;
• Data portability;
• Withdraw consent at any time;
• Lodge a complaint with your local supervisory authority.

We aim to respond within one month. To exercise your rights, email privacy@lumen.app.

8. Security

We implement appropriate technical and organisational measures including encryption in transit, access controls, least-privilege permissions, and regular review of our security practices. No system is perfectly secure; please use a strong, unique password.

9. Cookies

We use essential cookies required to operate the Service (e.g. authentication, security). We may use analytics cookies to understand usage and improve the Service. You can manage cookie preferences in your browser settings; disabling essential cookies may break the Service.

10. Children

The Service is not intended for children under 16. We do not knowingly collect their data.

11. Changes to this Notice

We may update this Notice. Material changes will be communicated via the Service or by email.