Privacy Policy
Last updated: May 27, 2026
This Privacy Policy explains how Lumavexel ("we", "us", "our") collects, uses, shares, and protects information about you when you visit lumavexel.com or use our subscription email digest service (the "Service"). We are committed to handling your information responsibly and in accordance with applicable law, including the California Consumer Privacy Act ("CCPA") and the EU General Data Protection Regulation ("GDPR").
1. Who we are
Lumavexel operates a subscription email service that aggregates and delivers publicly available state insurance department bulletins to compliance professionals. You can reach us at info@lumavexel.com with any questions about this policy or how we handle your information.
2. Information we collect
2.1 Information you give us directly
When you sign up for a trial or paid subscription, we collect:
- Your name
- Your work email address
- Your business name
- Payment information (processed by Stripe — see Section 4)
- State preferences and any onboarding details you share with us by email
2.2 Information collected automatically
When you visit our website or open our digest emails, we and our service providers may automatically collect:
- IP address, browser type, device type, and operating system
- Pages viewed, referring URL, and timestamps
- Email open and click events (for our own deliverability monitoring)
We do not use third-party advertising trackers or behavioral profiling cookies.
2.3 Information we do not collect
We do not collect any of the following from individual subscribers: Social Security numbers, government IDs, financial account numbers (Stripe handles all payment data — we never see your card), health information, biometric information, or precise geolocation data.
3. How we use your information
We use the information described above to:
- Provide the Service — send you the daily digest and any account-related communications
- Process payments and manage your subscription (via Stripe)
- Respond to your support requests
- Improve the Service — measure which bulletins matter most, fix scraper bugs, refine the digest format
- Comply with legal obligations and enforce our Terms of Service
- Detect, investigate, and prevent fraud, abuse, and security incidents
We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes.
4. Service providers we share information with
We use a small set of trusted third-party providers to operate the Service. Each receives only the data necessary to perform their function:
| Provider | Purpose | Data shared |
|---|---|---|
| Stripe, Inc. | Payment processing, subscription management, billing emails, customer portal | Name, email, business name, payment method (Stripe collects and stores this directly — Lumavexel never sees your card number) |
| SendGrid (Twilio Inc.) | Outbound transactional and digest email delivery | Name, email, digest content |
| Cloudflare, Inc. | Website hosting, DNS, SSL, and email routing for info@lumavexel.com | Standard server log data (IP, request metadata); inbound email forwarding |
Each of these providers is contractually bound to use the data only to provide their services to us. Stripe's privacy policy is available at stripe.com/privacy. SendGrid's is at twilio.com/legal/privacy. Cloudflare's is at cloudflare.com/privacypolicy/.
5. Public information we aggregate
The bulletin content we deliver in our digest is sourced from publicly available pages on state insurance department websites. We do not collect any private or personal information from these sources — only the published regulatory text, bulletin numbers, dates, and document links. We do not assert any proprietary right over the underlying regulatory information itself; our service is in the aggregation, normalization, and timely delivery of it.
6. How long we keep your information
We keep your account information for as long as you are a subscriber and for a reasonable period afterward to comply with tax, accounting, and dispute-resolution obligations (generally up to seven years for payment records). Email engagement data is retained for up to 24 months for deliverability analysis. You can request earlier deletion at any time (see Section 8).
7. Security
We use industry-standard safeguards to protect your information, including HTTPS/TLS encryption for all web and email traffic, hosted infrastructure with reputable providers (Cloudflare, Stripe, SendGrid), and access controls limiting who can view subscriber data. No system is perfectly secure; if we ever become aware of a breach affecting your information, we will notify you as required by applicable law.
8. Your rights
Depending on where you live, you may have one or more of the following rights regarding your personal information:
- Access — request a copy of the personal information we hold about you
- Correction — ask us to correct inaccurate or incomplete data
- Deletion — ask us to delete your personal information
- Portability — receive your data in a structured, machine-readable format
- Objection / restriction — object to or restrict certain processing of your data
- Opt-out of sale or sharing — we do not sell or share your personal information for cross-context behavioral advertising, but you may confirm this in writing
- Non-discrimination — we will not discriminate against you for exercising any of these rights
To exercise any right, email info@lumavexel.com with your request. We will respond within 30 days (or 45 days where permitted by law).
9. California residents (CCPA / CPRA)
If you are a California resident, you have the rights described in Section 8 above. In the past 12 months, we have collected the categories of personal information listed in Section 2.1 and 2.2, for the purposes described in Section 3, and shared them only with the service providers listed in Section 4. We have not sold or shared personal information for cross-context behavioral advertising in the past 12 months.
10. EU / UK residents (GDPR / UK GDPR)
If you are in the European Economic Area or the United Kingdom, our lawful bases for processing your personal information are: (a) performance of a contract (delivering the Service you subscribed to), (b) our legitimate interests (operating, securing, and improving the Service), and (c) compliance with legal obligations. You have the rights described in Section 8 and may lodge a complaint with your local supervisory authority if you believe we have not handled your data appropriately.
11. International transfers
Our service providers (Stripe, SendGrid, Cloudflare) may process your information in the United States and other countries. Where required, these transfers are protected by Standard Contractual Clauses or equivalent safeguards.
12. Children
The Service is intended for business use by compliance professionals and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have done so, please contact us and we will delete it.
13. Cookies
Our website uses only essential cookies required for the site to function (for example, to remember your preferences). We do not use advertising cookies or third-party behavioral tracking. Stripe's checkout page may set cookies required for payment processing — see Stripe's privacy policy linked in Section 4.
14. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify subscribers by email and update the "Last updated" date at the top of this page. Continued use of the Service after a change constitutes acceptance of the revised policy.
15. Contact us
Questions, requests, or concerns about this policy or our handling of your information: