Privacy & Cookie Policy

Last updated: 27 October 2025

1) Who We Are & Scope

This Privacy & Cookie Policy (“Policy”) explains how The Luminous Agency Inc. (“Luminous,” “we,” “us,” “our”) collects, uses, shares, and safeguards personal information when you visit or use our websites, apps, and online properties that link to this Policy, and when you otherwise interact with us (collectively, the “Services”).

Controller vs. Processor. For our own Sites, marketing, analytics, and business operations, Luminous acts as a controller(a “business”). For client projects where we handle data solely under a client’s documented instructions, we act as a processor/service provider.

2) Information We Collect

A. Device & Usage Data (often pseudonymous): browser/OS type, device identifiers, IP address, general location derived from IP, pages viewed, links clicked, referral URLs, timestamps, session and interaction data collected via cookies, pixels, SDKs, and similar technologies.


B. Information You Provide: contact details (name, email, phone), company/role, project details, support/chat content, survey responses, and any files or content you upload or send us.


C. Information From Partners: leads from referral partners, analytics/advertising vendors, cloud/security and anti-fraud services, publicly available sources, and (for client engagements) data clients lawfully provide for us to process on their behalf.


Sensitive Information. We do not seek to collect sensitive personal information (e.g., precise geolocation, government IDs, health data). If a project requires it, we will do so only with a valid legal basis and appropriate safeguards.

 

3) How & Why We Use Information

We use information to:

  • provide, operate, secure, and maintain the Services;

  • respond to inquiries and provide support;

  • analyze, research, and improve features and user experience;

  • send service and transactional notices;

  • send marketing communications where permitted and measure performance;

  • detect, investigate, and help prevent fraud, abuse, spam, and security incidents;

  • comply with legal obligations and enforce our terms;

  • protect our rights, users, and property.

Automated decision-making. We do not engage in automated decision-making that produces legal or similarly significant effects without human involvement. If this changes, we will disclose the logic and your rights where required.

 

4) Cookies, Tracking Tech, Ads & Signals

We use first-party and third-party cookies/pixels/SDKs for:

  • Essential operations (e.g., load balancing, security, login),

  • Analytics & performance (e.g., measuring usage and diagnostics),

  • Advertising/retargeting (where applicable and permitted).

Consent & controls. Where required by law, we obtain consent for non-essential cookies and provide a way to withdraw it at any time  You can also control cookies via your browser/device settings. Some features may not function without certain cookies.

5) When We Share Information

We do not sell personal information for money. We may “share” personal information for cross-context behavioral advertising only where permitted and always subject to applicable opt-out rights. We disclose information to:

  • Service providers/processors that host, secure, analyze, support, or otherwise help deliver our Services under contracts limiting their use to providing services to us and requiring appropriate security;

  • Professional advisors (lawyers, auditors, insurers) under confidentiality;

  • Counterparties in corporate transactions (e.g., merger, acquisition, asset sale) consistent with this Policy;

  • Public authorities or others where required by law, legal process, or to protect rights, safety, property, or to prevent fraud/security incidents.

We impose appropriate data protection terms on our processors and take reasonable steps to verify their compliance; however, we cannot guarantee the acts or omissions of any independent third party.

 

6) Third-Party Tools, Links & Platforms (Important Liability Section)

Our Services may link to or integrate third-party websites, plug-ins, SDKs, and platforms (“Third-Party Services”). Third-Party Services are operated by independent controllers that set their own privacy practices. We do not control, and are not responsible for, their handling of your data. Please review each third party’s privacy policy before providing information.
To the maximum extent permitted by law, Luminous disclaims responsibility and liability for any loss, misuse, unauthorized disclosure, or other processing of personal information by Third-Party Services that are not acting as our processors under our documented instructions.

7) International Data Transfers

We may transfer, store, and process information in countries other than yours. Where your local law requires a transfer mechanism, we use appropriate safeguards, and we perform transfer risk assessments where required.

8) Security

We implement technical and organizational measures appropriate to the risk, including access controls, encryption in transit, and vendor due diligence. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. Where legally required, we will notify you and/or regulators of a breach without undue delay.

 9) Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, including providing the Services, complying with legal, tax, accounting, or reporting requirements, resolving disputes, and enforcing agreements. We may anonymize or aggregate data for analytics and to improve the Services.

10) Your Rights & Choices

Your privacy rights depend on where you live. Subject to exceptions and verification, you may have the right to:

  • Access/know the categories and specific pieces of personal information we hold about you;

  • Correct/rectify inaccurate personal information;

  • Restrict or object to certain processing (including opt-out of targeted advertising, sale/share, or profiling in furtherance of decisions with significant effects);

  • Withdraw consent where we rely on consent;

  • Appeal our decision if we decline your request (where required by law);

  • Non-discrimination for exercising your rights.

How to exercise your rights. Submit a request to  via our web form under “contact Us”. We will verify your identity and respond within the timeframe required by law. If we deny your request, you may appeal by replying “Appeal” to our decision notice.

11) Children’s Privacy

Our Services are not intended for children and we do not knowingly collect personal information from children under 13 (or the higher age where local law requires parental consent). If you believe a child has provided personal information to us, please contact us and we will take appropriate steps to delete it or obtain verifiable parental consent as required by law.

 12) Processor Activities for Client Work

When we act as a processor/service provider for a client, we process personal information only under the client’s instructions, the governing contract, and applicable law. In that case, the client’s privacy policy applies to their use of your information. If you send us a data rights request in this context, we may direct you to the relevant client/controller.

13) Cookie Details

The list below shows common categories we use. The exact cookies on your device can change (e.g., when we add or remove vendors), so please check the Cookie Banner on our site for the most up-to-date list and to manage your settings.

Essential

  • Site operation, security, load balancing, user preferences

  • Session to 12 months

  • Analytics

Measure usage, diagnose issues, improve features

  • 1–24 months

  • Advertising

  • Show or measure ads; retargeting

1–24 months

  • Functional

  • Enhanced features (e.g., chat, video embeds)

  • Session to 12 months

 Managing cookies. Use our Cookie Preferences footer to make granular choices and withdraw consent anytime. You can also adjust browser/mobile settings to block or delete cookies; doing so may affect site functionality. Where required, we will obtain consent for non-essential cookies before they run.

14) Data Minimization & Accuracy

We collect only what we need for the purposes described, and we take reasonable steps to keep it accurate and up to date.

15) Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will post the updated Policy and update the “Last updated” date above. In some cases, we may provide additional notice (e.g., a banner or email).

16) How to Contact Us

For questions or to exercise your rights, contact us via our “contact us” page, with your questions.