Privacy Policy

1. Introduction

We take the protection of your personal data seriously. This Privacy Policy explains what personal data we collect when you use Lumino, how we use it, and what rights you have.

Processing complies with the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. Controller and Contact Information

Controller within the meaning of the GDPR: Multiangular UG (haftungsbeschränkt) Urbanstraße 71, 3. Hof, 4. TRH D-10967 Berlin, Germany Managing Director: Wladimir Alexi Email: mail@multiangular.com For data-protection enquiries, please contact us at the email address above.

3. Categories of Personal Data We Collect

Depending on how you use Lumino, we may process the following categories of personal data: • Account information: email, name, encrypted password, account type, workspace. • Usage data: pages visited, features used, activity, login timestamps. • Technical data: IP address, browser type, device type, operating system, language, timezone. • Communication data: emails, support requests, and other messages exchanged with us.

4. Legal Basis for Processing

We process personal data on the following legal bases under GDPR Article 6: • Performance of a contract (Art. 6(1)(b)) — to provide the services you have signed up for. • Compliance with legal obligations (Art. 6(1)(c)) — to meet tax, accounting, and other regulatory requirements. • Legitimate interests (Art. 6(1)(f)) — to operate, secure, and improve the platform; to detect and prevent fraud and abuse. • Consent (Art. 6(1)(a)) — for non-essential cookies, analytics, and marketing communications.

5. Purposes of Data Processing

We process your personal data for the following purposes: • Providing the services and managing your account. • Delivering customer support and service communications. • Improving the platform and developing new features. • Ensuring the security and integrity of the platform. • Complying with legal obligations. • Where you have consented: usage analytics, marketing communications, and targeted advertising.

6. Third-Party Services and Data Recipients

We rely on a limited set of trusted service providers to operate Lumino. All providers process data on our behalf under data-processing agreements pursuant to Art. 28 GDPR. Services we currently use: • Supabase (data centres in the EU / Frankfurt): authentication, database, and storage. Transfers outside the EEA are covered by EU Standard Contractual Clauses where applicable. • Lovable Cloud (USA / EU): website and application hosting. Services we may use with your consent (where applicable): • Google Analytics (Google Ireland Ltd. / Google LLC) — usage analytics. • Meta Pixel and Meta Conversions API (Meta Platforms Ireland Ltd.) — advertising measurement. • MailerLite (Lithuania) — email newsletters and announcements. Non-essential providers are only activated after you have given consent via the cookie banner. You can withdraw consent at any time.

7. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law: • Account data: until you delete your account, plus any retention required by law. • Transaction and invoicing data: 10 years, as required by German commercial and tax law (§ 257 HGB, § 147 AO). • Usage and analytics data: up to 26 months. • Support communications: up to 3 years after resolution. • Cookie-consent records: 1 year.

8. Your Rights Under GDPR

You have the following rights with respect to your personal data: • Right of access (Art. 15 GDPR). • Right to rectification of inaccurate data (Art. 16 GDPR). • Right to erasure (Art. 17 GDPR). • Right to restriction of processing (Art. 18 GDPR). • Right to data portability (Art. 20 GDPR). • Right to object to processing (Art. 21 GDPR). • Right to withdraw consent at any time (Art. 7(3) GDPR), without affecting the lawfulness of processing carried out before withdrawal. To exercise any of these rights, contact us at mail@multiangular.com. We will respond within one month of receiving your request. You also have the right to lodge a complaint with a supervisory authority. The competent authority for our registered office in Berlin is: Berliner Beauftragte für Datenschutz und Informationsfreiheit Friedrichstr. 219, 10969 Berlin, Germany www.datenschutz-berlin.de

9. Cookies and Tracking

We use a small number of essential cookies and similar technologies to operate the platform (e.g., to keep you signed in and to remember your interface preferences). Non-essential cookies (analytics and marketing) are blocked by default until you provide consent via our cookie banner, in compliance with GDPR and the German Telecommunications-Telemedia Data Protection Act (TTDSG). For full details, see our Cookie Policy.

10. Data Security

We implement technical and organisational measures to protect your personal data, including: • TLS/SSL encryption of data in transit. • Encrypted password storage (bcrypt or equivalent). • Row-level security on database tables containing personal data. • Access controls and audit logging. • Encrypted backups. • Regular security reviews and updates. No system is fully secure; we cannot guarantee absolute security, but we work continuously to maintain a high standard.

11. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we rely on one or more of the following safeguards: • EU–US Data Privacy Framework certifications (where applicable). • Standard Contractual Clauses adopted by the European Commission. • Binding Corporate Rules of the recipient (where applicable). We perform transfer-impact assessments for each sub-processor that processes data outside the EEA.

12. Children's Privacy

Lumino is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us so that we can delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The revised version will be posted with an updated "Last updated" date. We encourage you to review this Policy periodically.

14. Contact Us

If you have questions about this Privacy Policy or our processing of your personal data, contact us at: Multiangular UG (haftungsbeschränkt) Urbanstraße 71, 3. Hof, 4. TRH D-10967 Berlin, Germany Email: mail@multiangular.com