This privacy policy explains what personal data LuminHive Ltd collects, how we use it, who we share it with, and the rights you have. It covers our marketing website at lumin-hive.com and our product once you have a LuminHive account.
We aim to do the minimum amount of data collection possible. Where the law gives you rights, we honour them. Where it does not, we try to act as if it did.
1Who we are
LuminHive Ltd ("LuminHive", "we", "us", "our") is a company registered in England and Wales. We are the controller of personal data collected via lumin-hive.com and our product.
1.1 Registered address: 138 Queen Edith's Way, Cambridge, CB1 8NW, United Kingdom.
1.2 Privacy contact: privacy@lumin-hive.com.
1.3 We are not currently required to appoint a Data Protection Officer. Our privacy contact handles all enquiries.
2Data we collect
Different data, for different reasons, at different times.
2.1 Marketing website
2.1.1 Server logs. When you visit lumin-hive.com our hosting provider records your IP address, browser user-agent, request time, and the page you requested. These logs are kept short-term to defend the site against abuse.
2.1.2 Consent records. If you dismiss our cookie notice, a small record is stored in your browser's localStorage under the key lh_cookie_notice. This is not sent to us.
2.1.3 Forms and calculators. If you use the "revenue lost" calculator on the homepage, the numbers you enter stay in your browser. We do not receive them.
2.1.4 Contact you initiate. When you email us or book a call, we receive the information you choose to share (name, email, phone, what you tell us about your business).
2.2 The LuminHive product
2.2.1 Account details. Name, business name, email, phone number, billing address, payment method.
2.2.2 Service data. Inbound calls, voicemails, transcripts, messages, contact records, calendar events, invoices, and other business records you ask our agents to work with. This is your firm's data. We act as processor of it on your behalf under a separate data processing agreement.
2.2.3 Usage data. Which features you use, how often, when. Used to keep the product working and to decide what to build next.
3Why we use it (legal bases)
Under UK and EU GDPR, we need a lawful basis for every use of your personal data. Ours are:
3.1 Contract. To operate your account and deliver the service you signed up for.
3.2 Legitimate interests. To secure our systems, prevent abuse, analyse site usage in aggregate (without cookies), respond to enquiries, and improve the product. We balance these interests against your rights and do not rely on legitimate interests where the impact on you would outweigh the benefit to us.
3.3 Consent. We ask for consent before sending marketing emails. You can withdraw consent at any time using the unsubscribe link.
3.4 Legal obligation. To keep accounting records, answer lawful requests from regulators, and comply with tax law.
4How long we keep it
4.1 Server logs. 30 days, then deleted or anonymised.
4.2 Enquiry emails. 2 years from the last message, then deleted unless they relate to an ongoing customer relationship.
4.3 Account data. For the life of your account, plus 7 years afterwards for accounting and tax purposes (UK statutory minimum is 6 years, we keep a year's buffer).
4.4 Service data (your firm's data). For the life of your account, deleted on your written request or within 90 days of account closure, whichever is sooner.
4.5 Marketing consent records. 3 years from last interaction.
5Who we share it with
We do not sell your personal data. We share it with a short list of processors who help us run the service. Each is bound by a written data processing agreement.
5.1 Google Workspace (Google LLC, US) — email, calendar, document storage. Transfers covered by the EU-US Data Privacy Framework and UK Extension.
5.2 Netlify (Netlify Inc, US) — marketing website hosting and logs. Transfers covered by Standard Contractual Clauses and UK IDTA.
5.3 Squarespace Domains (Squarespace Inc, US) — domain registration and DNS.
5.4 Professional advisers — accountants, lawyers, bankers as needed and only when necessary.
5.5 Regulators and law enforcement — where required by law, and after challenge where appropriate.
When we add new processors, we update this policy.
6International transfers
We are a UK company. Some of our processors are in the US. Every international transfer is protected by one of the following mechanisms:
6.1 The EU-US Data Privacy Framework and its UK Extension, for processors certified under it (e.g. Google).
6.2 Standard Contractual Clauses (EU) and the UK International Data Transfer Addendum, for processors not certified under the DPF.
6.3 We do not transfer personal data to jurisdictions without an adequacy decision or appropriate safeguards.
7Your rights (UK & EU GDPR)
If you are in the UK or EU, you have the following rights over your personal data:
7.1 Right of access. Ask us what personal data we hold about you, and receive a copy.
7.2 Right to rectification. Ask us to correct inaccurate or incomplete data.
7.3 Right to erasure ("right to be forgotten"). Ask us to delete your data, where the reasons for keeping it no longer apply.
7.4 Right to restrict processing. Ask us to pause what we do with your data while we resolve a dispute about it.
7.5 Right to data portability. Ask us to send you your data in a machine-readable format, or send it to another provider you choose.
7.6 Right to object. Object to our use of your data for legitimate interests or direct marketing. Where you object to marketing, we will stop immediately.
7.7 Right to withdraw consent. Where we rely on consent, you can withdraw it at any time.
7.8 Right to complain. You can complain to the UK Information Commissioner's Office (ico.org.uk) or your local EU data protection authority.
To exercise any of these rights, email privacy@lumin-hive.com. We respond within 30 days.
8Your rights (California — CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:
8.1 Right to know what personal information we have collected about you, the categories of sources, the purposes, and the categories of third parties we share it with.
8.2 Right to delete personal information we have collected from you, subject to certain exceptions.
8.3 Right to correct inaccurate personal information.
8.4 Right to opt out of sale or sharing of personal information. See section 10.
8.5 Right to limit use of sensitive personal information. We do not use sensitive personal information for purposes that require offering this limit.
8.6 Right to non-discrimination. We will not charge you more, give you worse service, or deny you service because you exercised a privacy right.
To exercise these rights, email privacy@lumin-hive.com. We verify identity using information we already hold (such as your email or phone on file). Authorised agents may submit requests on your behalf with a signed written permission.
8.7 Categories of personal information we collect (CCPA)
In the 12 months before the date of this policy, we collect the following categories of California-resident personal information: identifiers (name, email, phone, IP), commercial information (purchase records), internet/network activity (server logs), and professional information (job title, business name). We collect these directly from you and from service providers. We use them for the business purposes described in section 3.
9Your rights (other US states)
If you live in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Hampshire, New Jersey, Tennessee, Indiana, Minnesota, Maryland, Kentucky, Rhode Island or another US state with a comprehensive privacy law, you generally have rights to access, correct, delete and port your personal data, plus a right to opt out of targeted advertising and the sale of personal data. We honour these rights for residents of any US state, regardless of current statute coverage, using the same process as section 8.
10Do Not Sell or Share My Personal Information
If this ever changes, we will add a clearly labelled "Do Not Sell or Share My Personal Information" link to our site and update this policy before any new processing begins.
11Children's privacy
LuminHive is a business-to-business service for professional trades businesses. We do not knowingly collect personal data from anyone under the age of 16. If we learn we have collected data from a child, we will delete it. Parents or guardians who believe we hold such data can email privacy@lumin-hive.com.
12Cookies and similar technologies
We use strictly necessary cookies only. We do not run analytics pixels, advertising cookies, or tracking scripts on lumin-hive.com. See the cookie policy for the current list.
13Security
We use appropriate technical and organisational measures to protect personal data, including TLS encryption in transit, encryption at rest for service data, role-based access control for staff, and regular review of our processors' security practices. No system is perfectly secure. If we ever discover a breach affecting your data, we will notify you and the relevant supervisory authority in line with our legal obligations.
14Changes to this policy
We may update this policy. When we do, we change the "Last updated" date at the top and, for material changes, notify you by email (if we have one for you) before the change takes effect. Previous versions are available on request.
15Contact us
Privacy enquiries, rights requests, complaints
Email privacy@lumin-hive.com
Post: LuminHive Ltd, 138 Queen Edith's Way, Cambridge, CB1 8NW, United Kingdom
Supervisory authorities: UK residents may complain to the ICO (ico.org.uk). EU residents may complain to their national data protection authority. California residents may contact the California Attorney General's Office (oag.ca.gov/privacy).