PRIVACY POLICY — lumiflow.net

1. Introduction

1.1 Who we are and what this policy covers

This Privacy Policy describes how Lumiflow ("we", "us", or "our") collects, uses, and discloses your personal information when you visit our website located at https://lumiflow.net (the "Website"). Lumiflow operates as a software development studio, and our Website serves as a portfolio and corporate presence. This policy applies to all visitors and users of the Website, providing transparency regarding our data processing activities.

1.2 Our commitment to protecting your privacy

At Lumiflow, we take your privacy seriously. We are committed to processing your personal data in accordance with the highest international standards, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws. We implement robust technical and organizational measures to ensure that your data remains secure and that your rights are respected at all times.

2. Data Controller

2.1 Identity

Lumiflow acts as the Data Controller for the personal data collected through this Website. We are responsible for determining the purposes and means of processing your personal information. If you have any questions or concerns regarding our data practices, you can reach our designated privacy team at support@lumiflow.net.

2.2 How to contact us for privacy-related matters

For any requests related to your data rights, such as access or deletion requests, please contact us exclusively via email. We aim to respond to all inquiries within thirty (30) days. Our team is dedicated to resolving any privacy-related issues in a transparent and cooperative manner, ensuring full compliance with legal requirements.

3. What Personal Data We Collect

3.1 Data you provide directly

When you use our contact form to inquire about our services or projects, we collect the personal information you choose to provide. This typically includes your full name, your professional or personal email address, and the specific content of your message. We only collect the information necessary to address your inquiry effectively and maintain a record of our communication.

3.2 Data collected automatically

As you navigate through lumiflow.net, we automatically collect certain technical information about your visit. This data includes your anonymized IP address, browser type and version, your operating system, the specific pages you visit, the duration of your session, the referral source that led you to our site, and your general geographic region at a country or city level. This information helps us understand how our Website is being used without identifying you personally.

3.3 Cookies and tracking technologies

Lumiflow uses cookies to enhance your browsing experience and analyze website traffic. We categorize our cookies into strictly necessary cookies, which are essential for the Website to function, and analytics cookies provided by Google Analytics 4. These cookies may store a unique identifier to recognize your browser over time, but they do not contain sensitive personal data. You can manage your cookie preferences through your browser settings or opt-out of analytics specifically through the tools we provide links to in this policy.

4. Legal Basis for Processing (GDPR Art. 6)

4.1 Contact form — legitimate interests

In accordance with GDPR Article 6(1)(f), we process the data submitted through our contact form based on our legitimate interests. It is in our legitimate interest to respond to potential client inquiries, provide information about our software services, and engage with the global developer community. We ensure that these interests do not override your fundamental rights and freedoms.

4.2 Analytics — legitimate interests

We utilize aggregate and anonymized analytics data based on Article 6(1)(f) of the GDPR. Our legitimate interest lies in measuring the performance of our portfolio, understanding which content is most valuable to our visitors, and continuously improving the technical delivery and user interface of lumiflow.net. This processing is conducted with strong privacy safeguards, such as IP anonymization.

4.3 Cookie consent

For cookies that are not strictly necessary for the operation of the Website, we rely on your explicit consent pursuant to GDPR Article 6(1)(a). Upon your first visit to our Website, you are presented with a choice to accept or decline non-essential cookies. You have the right to withdraw this consent at any time through your browser's cookie management tools or our site-specific settings.

4.4 Legal compliance

In certain circumstances, we may be legally required to process or retain your data to comply with statutory obligations under GDPR Article 6(1)(c). This may include responding to lawful requests from public authorities, complying with financial reporting requirements, or preventing fraudulent activities that threaten our infrastructure or other users.

5. How We Use Your Data

We use the collected data primarily to provide and maintain our Website's functionality. This includes responding to inquiries submitted via the contact form, ensuring that we provide accurate and helpful information to our visitors. Furthermore, we use technical data to improve the layout and speed of our pages, ensuring a fluid experience across all device types and network conditions.

Internal reporting and aggregate analytics allow us to track the growth of our studio's online reach and the impact of our project showcases. We also use security-related data, such as server logs, to protect our infrastructure from malicious attacks, scraping bots, and other forms of digital abuse. Your data is handled with strict confidentiality and is never used for automated decision-making or profiling.

6. Cookies Policy

6.1 What cookies Lumiflow uses

Lumiflow uses a minimal number of cookies to ensure the Website remains stable and performant. We avoid intrusive tracking and do not use advertising or behavioral retargeting cookies. Our goal is to maintain a high-trust environment where you can browse our portfolio without being followed across the internet by marketing trackers.

6.2 Categories: strictly necessary / analytics

Strictly necessary cookies are used for security purposes and to remember your privacy preferences. Analytics cookies, specifically those from Google Analytics 4, help us understand how many unique visitors we have and how they interact with our content. These cookies typically expire within 14 months of your last session.

6.3 How to control or disable cookies

Most web browsers allow you to control cookies through their settings preferences. You can delete existing cookies, block new ones, or set your browser to alert you when a cookie is being placed. Additionally, you can opt-out of Google Analytics across all websites by installing the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.

7. Data Sharing and Third-Party Disclosure

Lumiflow does not sell, rent, or trade your personal data to third parties. We only share information with trusted service providers who assist us in operating our Website and conducting our business. Our primary third-party processor is Google LLC for analytics purposes, where data is processed under strict confidentiality agreements.

We also utilize infrastructure providers such as Vercel or Netlify for hosting, which may process server logs to ensure uptime and security. Our email delivery services handle the transmission of contact form data. We may also disclose your information if we believe in good faith that such disclosure is necessary to comply with a legal obligation, protect our rights, or ensure the safety of our visitors.

7.5 CCPA Compliance

For the purposes of the California Consumer Privacy Act (CCPA), we confirm that we have not "sold" any personal information in the preceding 12 months. We treat all visitors with the same high standard of privacy, regardless of their location, ensuring that your data is never monetized or misused.

8. International Data Transfers

Since Lumiflow operates globally, your data may be transferred to and processed in countries outside the European Economic Area (EEA), such as the United States. We ensure that such transfers are conducted with adequate safeguards in place, primarily relying on Standard Contractual Clauses (SCCs) approved by the European Commission. These clauses ensure that your data receives a level of protection essentially equivalent to that provided within the EU.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Data submitted via the contact form is retained for a maximum of 12 months after our last interaction to ensure we can provide continuity in our business discussions. Analytics data within Google Analytics 4 is retained for 14 months, following which it is automatically deleted from their servers. We may retain certain data longer if required by a legal hold or specific statutory retention period under applicable law.

10. Your Rights

Under the GDPR and other global privacy laws, you have comprehensive rights regarding your data. These include the right to access the data we hold about you, the right to request rectification of inaccurate data, the right to erasure ("right to be forgotten"), the right to restrict processing, and the right to data portability. You also have a strong right to object to processing based on our legitimate interests.

California residents have specific rights under the CCPA, including the "right to know" what data is collected, the "right to delete" that data, and the "right to non-discrimination" for exercising their privacy rights. To exercise any of these rights, please contact support@lumiflow.net. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

11. Children's Privacy

Lumiflow and our Website are not directed at individuals under the age of 16 (in the EU) or under 13 (in the USA). We do not knowingly collect or solicit personal information from minors. If we discover that we have inadvertently collected data from a child without verifiable parental consent, we will take immediate steps to delete that information from our systems.

12. Security Measures

We implement industry-standard technical security measures, including HTTPS/TLS encryption for all data transmissions. We follow the principle of data minimization, only collecting what is strictly necessary. Organizational measures include restricting access to personal data to only those team members who require it for their specific roles. We are committed to notifying relevant authorities and affected individuals in the event of a significant data breach, as required by law.

13. Third-Party Links

Our Website may contain links to external platforms such as GitHub, live project demos, and social media channels. Lumiflow is not responsable for the privacy practices of these external sites. We encourage all visitors to independently review the privacy policies of any third-party website they visit through a link on our platform.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any material changes will be indicated by an updated "Last Updated" date at the top of this page. We encourage you to review this policy periodically to stay informed about how we are protecting your information.