LUMIZ legal

Privacy Policy

How we process personal data under GDPR (Art. 13/14).

Back

1. Controller

LUMIZ, Tobias Reidl
Düppelstr. 15
45138 Essen
Germany

Email: tbr@lumiz.app

2. Data we process

  • Account data (email, full name, company name).
  • Authentication/session data managed by Supabase.
  • Billing data managed via Stripe (customer, invoices, payments).
  • Content you upload (images, 3D models, metadata, room photos).
  • Operational logs and anti-abuse/security events.
  • Optional website analytics and advertising measurement data when consent is granted.
  • Consent audit logs (analytics decisions).

3. Purposes and legal bases

  • Contract performance (Art. 6(1)(b) GDPR): provide account, model generation, catalog hosting.
  • Legal obligations (Art. 6(1)(c) GDPR): accounting and tax retention.
  • Legitimate interests (Art. 6(1)(f) GDPR): security, abuse prevention, service reliability.
  • Consent (Art. 6(1)(a) GDPR): optional web analytics and Google Ads conversion/measurement.

4. Processors and transfers

We use selected processors for infrastructure, authentication, billing, and AI-powered product recommendation features. If data is transferred outside the EU/EEA, we apply appropriate safeguards (for example adequacy decisions and/or Standard Contractual Clauses) in line with GDPR requirements.

  • Supabase for authentication, database, and storage.
  • Stripe for payments, invoices, and subscription management.
  • Resend for transactional email delivery.
  • Vercel Web Analytics for optional first-party website analytics, only after consent.
  • Google for optional advertising/measurement integrations via the Google tag (`gtag.js`) and Google Ads, only after consent.

5. Retention

We retain account and content data while your account is active, and as needed for legal/compliance obligations. You can request account deletion from settings; statutory records may be retained where required.

6. Your rights

  • Access, rectification, erasure, restriction, portability, and objection.
  • Withdraw consent at any time (without affecting prior processing).
  • Right to lodge a complaint with a supervisory authority.

Contact: tbr@lumiz.app

7. Cookie preferences

Details about required and optional technologies are listed on our Cookie Policy page. You can change your preferences anytime from Settings. Withdrawal of consent applies going forward and does not affect prior processing carried out while consent was valid.

8. Updates

Last updated: March 24, 2026.