How we handle your personal data.

The data controller responsible for the personal data collected through this website is [Razón social pendiente], registered at [Dirección fiscal pendiente].

For any privacy-related request, contact legal@lumoraip.com.

• Contact forms: name, email, company, country, phone, message and any other data you voluntarily provide.
• Quote requests: jurisdiction, service type, Nice classes, urgency, company size, and contact details.
• Client portal (if you create an account): email, name, authentication metadata (sign-in events, device).
• Technical data: IP address (truncated for analytics), user agent, referrer, language preference, timestamps.
• Cookies and similar technologies: see the Cookies Policy.

• Consent (Art. 6.1.a GDPR) — analytics cookies, marketing communications.
• Pre-contractual measures and contract performance (Art. 6.1.b GDPR) — quotes, engagement letters, ongoing matters.
• Legitimate interest (Art. 6.1.f GDPR) — fraud prevention, system security, basic non-identifying analytics.
• Legal obligation (Art. 6.1.c GDPR) — tax records, anti-money laundering compliance.

We keep personal data only as long as necessary for the purposes described above. Specifically: contact and quote requests are kept for up to 24 months after the last interaction; client matters are kept according to applicable statutes of limitations (typically 5–10 years depending on jurisdiction); accounting records for the period required by tax law.

Some of the processors listed in section 7 may transfer data outside the European Economic Area, including the United States. We rely on adequacy decisions and the EU Standard Contractual Clauses (SCCs) where applicable. Several US-based processors are adhered to the EU-US Data Privacy Framework.

The website and backend are hosted on Google Cloud Platform (Google LLC), primarily in europe-southwest1 (Madrid, España) and europe-west1 (Bélgica, UE). See Google Cloud compliance.

We rely on the following third-party processors:

• Google Workspace (Gmail, Calendar, Drive) (Google Ireland Limited) — Comunicación profesional, gestión documental, calendarios. Region: EU (con SCCs para tránsito EE.UU.). Terms
• HubSpot CRM (HubSpot Ireland Limited) — Gestión comercial de leads y comunicación con clientes. Region: EU + EE.UU. (Data Privacy Framework adherido). Terms
• Firebase Authentication (Google LLC) — Autenticación del portal cliente. Region: EE.UU. (Data Privacy Framework). Terms
• Google Analytics 4 (Google Ireland Limited) — Analítica anónima de navegación (con consentimiento). Region: EU + EE.UU.. Terms

You have the right to:

• Access, rectify, and erase your personal data.
• Restrict or object to processing.
• Receive your data in a portable, structured format.
• Withdraw consent at any time (without affecting prior lawful processing).
• Lodge a complaint with the Spanish Data Protection Agency (AEPD) or the relevant local authority.

To exercise these rights, write to legal@lumoraip.com including a copy of an identification document.

For data subjects located in Brazil, this policy is read in conjunction with the Lei Geral de Proteção de Dados (LGPD, Law 13.709/2018). The legal@lumoraip.com address acts as the contact point for the Encarregado (DPO).

We may update this policy. Material changes will be announced on this page and, where legally required, communicated by email to active clients.