Privacy Policy
Protecting your data with transparency and care.
Effective date: 8 September 2025
Contact: privacy@lumioforge.com
Contracting party : Roko Bojanic, trading as LumioForge, provides web design, CRO/UX and automation Services and runs lumioforge.com
We do not publish a postal address at this time; contact us by email for privacy matters.
Data We Process
You provide. Name, business contact details, company or role, project inputs such as brand assets, goals, copy, images, and messages. Contract or billing data if you become a client.
Collected automatically. Basic device and usage data such as pages visited, timestamps, general location from IP, browser or OS for security, debugging, and improving the site.
Third-party sources or stack you request. Telephony, CRM, forms, missed-call text-back, tagging, A or B testing, dashboards and exports - used only to deliver the services and show results you ask for.
Business audience and no children. Our site and services target businesses. We do not knowingly collect data from children under 16.
Source of data. We may receive business contact details from referrals or public sources (e.g., your website or business listings).
Purposes & Legal Bases
Contract. Respond to enquiries, prepare proposals, and perform the contract under GDPR Article 6(1)(b).
Legitimate interests. Run and improve the site, security, debugging, anti-abuse, portfolio or case studies with permission or contract under Article 6(1)(f). You may object.
Consent. Marketing communications where required under Article 6(1)(a). You can withdraw consent anytime.
Legal obligations. Tax, accounting, and fraud prevention under Article 6(1)(c).
AI assistance. If you ask us to enable AI features, outputs can be inaccurate - keep human review for important decisions.
No solely automated decisions. We do not make solely automated decisions with legal or similarly significant effects.
Necessity of provision. Providing business contact and project details is necessary to evaluate proposals and perform our Services; if you don’t provide them, we may be unable to respond or deliver the Services.
Cookies & Signals
Framer Analytics only. Does not use cookies or persistent identifiers - no cookie banner needed for that alone.
If we add trackers. Non-essential analytics or ads will run only after your consent via our banner. This Policy will be updated accordingly.
California under CPRA. If we ever engage in sale or share such as retargeting pixels, we will provide a Do Not Sell or Share link and honor Global Privacy Control where applicable.
International Transfers & Vendors
Transfers. We may transfer data outside the EEA or UK using appropriate safeguards such as the EU-US Data Privacy Framework for certified US recipients, Standard Contractual Clauses, and for UK data the UK-US Data Bridge or IDTA where applicable. You can request a copy or summary of safeguards.
Vendors examples. Framer for hosting or CMS, n8n for automation, telephony and CRM tools you choose, AI APIs if you request, Telegram for operational alerts if you opt in.
Telegram note. Cloud chats are not end-to-end encrypted by default. Secret Chats are end-to-end encrypted.
Your Rights, Retention & Security
Rights in the EEA or UK. Access, rectification, erasure, restriction, portability, and objection. You can withdraw consent. You can complain to a supervisory authority.
How to exercise. Email privacy@lumioforge.com. We respond within one month, extendable by up to two months for complex or multiple requests.
Retention. Keep data no longer than necessary. For example enquiries or proposals about 24 months after last interaction, logs about 12 months, project or admin per tax rules, test snapshots as needed.
Security. Appropriate technical and organizational measures such as least-privilege access, encryption in transit, and platform controls. No method is 100 percent secure.
Regional Notes, Changes & Contact
UK visitors and representative. We honor UK-GDPR rights and apply transfer tools in section 4. We have not appointed a UK representative at this time. Our UK processing is assessed as occasional and low-risk and will be reviewed. If it becomes regular or targeted we will appoint one and update this notice.
Third-party tools you request. When you direct integrations such as analytics, call tracking, CRM, email or SMS, and payments, those providers are independent controllers or processors with their own terms.
Changes. We may update this Policy. The Effective date shows the latest change.
Contact. privacy@lumioforge.com