Privacy on User-Created Pages

This notice describes how personal data is handled when you interact with a Lumo (page or form) published by a Lumo Pages customer.

---

1. Who is responsible?

The person or organization that created and published the Lumo is usually the Data Controller for information you submit. They decide why and how your data is used. Lumo Pages acts as a Processor, providing hosting and tools on their instructions.

2. What we process as a platform

We may process:

• Information you enter into the form fields on the Lumo.
• Technical data needed to deliver and secure the service (e.g., IP address, device/browser metadata, timestamps), as described in our Privacy Policy.

3. Who receives your data?

Your responses are available to the publisher (Controller) through their Lumo Pages account (e.g., inbox, exports, webhooks they configure). We do not sell respondent data. Sub-processors used to run the platform are listed in our Sub-processor Appendix.

4. Retention

Retention is determined by the Controller’s settings, subscription, and our data retention practices described in the Privacy Policy. If the Controller deletes data or ends their account, data is handled according to that policy and the DPA.

5. Your rights

Under GDPR and other laws, you may have rights to access, correct, delete, or object to certain processing. Contact the publisher first for requests about the data you submitted through their Lumo, since they are the Controller. You may also contact Lumo Pages at [email protected] for platform-related questions.

6. International transfers

Data may be processed in multiple countries with appropriate safeguards as described in our Privacy Policy.

Full details: Privacy Policy and Data Processing Agreement.