Privacy Policy

Lumo Pages (“we,” “our,” “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard personal data when you use the Lumo Pages platform, in compliance with the EU General Data Protection Regulation (“GDPR”) and the Israeli Privacy Protection Law, 5741-1981.

For privacy requests, contact [email protected].

---

1. Introduction and scope

This Policy applies to visitors and users of the Lumo Pages platform, including our website, app, and live pages. The platform is not intended for individuals under 16 years of age.

2. Roles (controller / processor)

• Lumo Pages as controller: We act as a data controller for personal data related to your Lumo Pages account, billing, support, security, and platform analytics where applicable.
• You as controller / Lumo Pages as processor: For data collected through forms you publish (respondent data), you are the controller and Lumo Pages acts as a processor on your behalf. See our Data Processing Agreement.

3. Information we collect

A. Account data. Name, email address, username, and details you provide to create and manage an account.

B. Usage and device data. Approximate location (city/country), device type, browser, pages viewed, and event logs to maintain, secure, and improve the platform.

C. Payment data. We do not store full payment card details. Payments may be processed by a PCI-DSS compliant provider; we may receive transaction metadata (status, plan, invoices).

D. User content. Pages, forms, media you create or upload, and data collected through your Lumos.

E. Support communications. Information you provide when contacting support.

F. Marketing preferences. If you opt in at registration, we record your marketing email consent (including the time of consent). We use this to send product updates, tips, and occasional promotional messages via our email marketing provider.

4. Cookies, local storage, and similar technologies

We use essential storage for login, security, navigation, and core functionality. Optional analytics may be used only with consent where required. You can withdraw consent by clearing storage or using in-product controls where available. Third-party services may set cookies depending on your settings.

Cross-domain preferences: When you accept or reject optional analytics on LumoPages, that choice may be stored in a cookie scoped to lumopages.com and all of its subdomains (for example app.lumopages.com and live.lumopages.com), so you are not asked again on each subdomain for that preference. Essential storage for sign-in and core functionality may still apply.

5. How we use your information

• Operate the platform (accounts, authentication, features).
• Process payments and manage subscriptions.
• Provide support.
• Secure the platform, prevent abuse, maintain logs.
• Improve and develop features, including analytics where permitted.
• Send product updates, tips, and occasional promotional emails if you have opted in to marketing communications.
• Comply with law and enforce our Terms of Service.

6. Legal bases (GDPR)

Where GDPR applies, we rely on contract, legitimate interests (balanced against your rights), consent where required (e.g., optional analytics and marketing emails), and legal obligation as appropriate. Marketing emails are sent only with your consent. You may withdraw consent at any time by using the unsubscribe link in our emails or through your preferences in the email marketing service we use.

7. Artificial intelligence (AI)

AI features (e.g., Google Gemini) support form and page creation. Processing is limited to prompts and instructions you provide in the product. We do not intentionally send respondent personal data from your forms to AI providers for training in the manner described in your builder usage. Do not enter prohibited sensitive data into AI features unless you have a valid legal basis.

8. Sharing and sub-processors

We share data with providers that help us operate the Platform: hosting, security, payments, support, analytics where permitted, and email marketing (for users who opt in). See the Sub-processor Appendix. We require processors to protect personal data and use it only to provide services to us.

9. Security

We use HTTPS/TLS, encryption at rest where appropriate, password hashing, access controls, monitoring, backups, and incident procedures. No method is 100% secure; we apply reasonable safeguards.

10. International transfers

Data may be processed in the EU, US, Israel, and elsewhere. Where required we use SCCs, DPF, adequacy decisions, or other lawful mechanisms.

11. Retention and deletion

We retain data only as long as needed for the purposes described. Account data is kept while your account is active and as required afterward. Deletion and backup cycles are handled as described in support documentation. Support communications are retained as needed for resolution and compliance.

12. Your rights

You may have rights to access, rectify, erase, restrict or object to processing, portability, and to withdraw consent (including marketing email consent), and to lodge a complaint with a supervisory authority. To withdraw marketing consent, use the unsubscribe link in our emails or contact [email protected]. Contact us to exercise other rights.

13. Liability and governing law

Liability is subject to limitations in our Terms of Service. This Policy is governed by the laws of the State of Israel, subject to mandatory local law where applicable.

14. Changes

We may update this Policy and revise the effective date. Material changes may be communicated through the platform where appropriate.