Privacy Policy

The data controller responsible for this website is:

We collect personal data that you voluntarily provide when contacting us through our contact form or email. This includes your name, email address, and the content of your message. We also collect your selected service preference to better assist you.

The legal basis for processing this data is Article 6(1)(b) GDPR (performance of a contract or pre-contractual measures) when you contact us regarding our services, and Article 6(1)(f) GDPR (legitimate interest) for responding to general inquiries.

We use Umami, a self-hosted, open-source, and privacy-focused analytics tool, to understand how our website is used. Umami does not use cookies, does not track visitors across websites, and does not collect any personally identifiable information. All visitor data is anonymized.

The data collected includes general usage metrics such as page views, referrer URLs, browser type, operating system, device type, and approximate geographic location (country level). This data is stored on our own server located within the European Union. We also track certain anonymized user interactions (such as button clicks) to improve our website. No personal data is collected through these interactions.

We process this data based on our legitimate interest in understanding and improving our website (Article 6(1)(f) GDPR).

We do not use any analytics or tracking cookies. The following cookies and local storage items may be set:

Strictly necessary cookies: Cloudflare may set security-related cookies (such as cf_clearance) to protect our website from malicious traffic and to ensure proper functioning. These cookies are essential for the security and operation of our website and cannot be disabled.

Bot protection: We use Cloudflare Turnstile on our contact form to protect against spam and automated abuse. Turnstile may load scripts from challenges.cloudflare.com and process limited technical data (such as browser characteristics) to verify that submissions come from real users. No personal data is collected by Turnstile beyond what is necessary for this verification.

Functional cookies: We use cookies or local storage to remember your language preference. These are set automatically to ensure a consistent user experience.

None of these cookies contain personally identifiable information or are used for tracking or advertising purposes.

Our website features an optional AI-powered chatbot that can answer general questions about our services. When you use the chatbot, the messages you send are transmitted to an external AI service provider (OpenRouter / OpenAI) for processing. We do not send any personal data beyond the content of your chat messages. Chat conversations are not stored on our servers and are not linked to your identity.

The chatbot is entirely optional — you are not required to use it, and no data is collected unless you actively submit a message. We process this data based on your consent (Article 6(1)(a) GDPR), which you provide by choosing to use the chatbot.

We use your personal data solely to respond to your inquiries and to provide the services you have requested. We do not use your data for marketing purposes unless you have given explicit consent. We do not share your personal data with third parties unless required by law or as described in this policy.

Our website uses the following third-party services:

Cloudflare: Our website is served through Cloudflare, which may process limited technical data (such as IP addresses) for security, CDN, and performance purposes. Cloudflare acts as a data processor on our behalf. For more information, see Cloudflare's privacy policy at https://www.cloudflare.com/privacypolicy/

Cloudflare Turnstile: Used on our contact form for bot protection. Processes browser characteristics to distinguish humans from bots. See Cloudflare's privacy policy above.

OpenRouter / OpenAI: Chat messages submitted through our AI chatbot are processed by these services to generate responses. No personal identifiers are transmitted. See https://openrouter.ai/privacy and https://openai.com/privacy/

Umami Analytics: Self-hosted on our own EU server. No data is shared with third parties.

Your data may be processed outside the European Economic Area (EEA) by the following services:

Cloudflare operates a global network and may process data in various countries. Cloudflare relies on Standard Contractual Clauses (SCCs) and other approved transfer mechanisms to ensure an adequate level of data protection.

OpenRouter / OpenAI may process chatbot messages on servers located in the United States. These transfers are covered by Standard Contractual Clauses.

Our self-hosted analytics (Umami) and contact form data are stored exclusively on servers within the European Union.

Contact form submissions: We retain personal data from contact form inquiries for up to 12 months after the last communication, or longer if required for ongoing business relationships or legal obligations.

Analytics data: Anonymized analytics data collected by Umami is retained indefinitely as it cannot be linked to any individual.

Chatbot conversations: Chat messages are not stored on our servers. They are processed in real-time and discarded after the response is generated.

Cookies: Security cookies set by Cloudflare expire according to Cloudflare's cookie policy. Language preference cookies are retained until you clear your browser data.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of all data in transit via TLS/SSL
• Strict Content Security Policy (CSP) headers to prevent cross-site scripting
• Rate limiting and bot protection on forms
• Regular security updates and monitoring
• Access controls limiting data access to authorised personnel only

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Article 15)
• Right to rectification (Article 16)
• Right to erasure (Article 17)
• Right to restriction of processing (Article 18)
• Right to data portability (Article 20)
• Right to object to processing (Article 21)

Since our analytics data is fully anonymized, it cannot be linked back to you and is therefore not subject to these rights. For any personal data you have provided through our contact form, you may exercise your rights by contacting us at contact@luminx.lu.

You also have the right to lodge a complaint with the Luxembourg data protection authority:

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us: