Privacy Policy

What we collect

Account data you provide (name, email, hashed password) to create and secure your workspace.

Content you create: sites, forms, bookings, uploads, and the domains you connect.

Operational data: sign-in audit events, basic request metadata, and aggregate analytics for sites you publish.

How we use it

To run your workspace, render and deliver your published sites, process form and booking submissions, and keep the platform secure. We do not sell your data.

Your visitors’ data

When someone submits a form or books a slot on your site, that data belongs to you, the workspace owner. You are the controller of it; Lumiopage processes it on your behalf so you can read and export it.

Security

Passwords are hashed with argon2id. Sensitive tokens are encrypted at rest with AES-256-GCM and refresh tokens are hashed before storage. Traffic is served over HTTPS outside local development.

Retention and deletion

Your content lives until you delete it or your workspace. You can request export or deletion of your account data; deleting a workspace removes its tenant-scoped data.

Cookies

We use strictly necessary cookies for authentication (an httpOnly access token and a rotating refresh token) and a CSRF token for state-changing requests. No third-party advertising cookies.

Third parties

We use processors only where needed to deliver the service, for example payment processing for paid plans and email delivery for verification and notifications. Each is used for that purpose only.

Changes and contact

Material changes are communicated through the product. Privacy requests can be raised from your workspace. The operator of this deployment may extend this policy with deployment-specific detail.