Navigation

Home How it works Partners Organizations Security Enterprise Contact
Sign in Create account

Legal

Privacy Policy

How Luxminex collects, uses, stores, and protects personal data in confidential transaction workflows.

Last updated: 2026-06-03

1. Introduction

This Privacy Policy explains how Luxminex collects, uses, stores, shares, and protects personal data when you use our website, platform, organization workspaces, deal workspaces, partner features, communications, and related services.

Luxminex is designed for confidential business collaboration. We process personal data only as necessary to provide, secure, operate, support, and improve the platform.

2. Our role in organization workspaces

For account registration, website usage, platform security, billing, support, and product operations, Luxminex generally acts as a data controller.

For content uploaded or managed by organizations inside private workspaces, such as deal documents, participant records, messages, and workspace metadata, the relevant organization may act as the data controller and Luxminex may act as a data processor or service provider, depending on the circumstances.

Where required, organization customers may request a data processing agreement by contacting support@luxminex.com.

3. Personal data we collect

Account data

  • name;
  • email address;
  • password hash;
  • account status;
  • email verification status;
  • MFA configuration metadata where enabled.

Organization and workspace data

  • organization membership and roles;
  • workspace invitations;
  • deal participation records;
  • workspace preferences and settings;
  • subscription, payment request, legal acceptance, and plan information.

Deal and collaboration data

  • deal titles, descriptions, statuses, stages, and timestamps;
  • participant names, roles, and access records;
  • messages and collaboration activity inside workspaces;
  • document metadata such as filenames, file size, uploader, timestamps, and access events;
  • audit events and activity records.

Security and technical data

  • login events;
  • failed authentication attempts;
  • session records;
  • IP address;
  • user agent and device information;
  • password reset events;
  • MFA events;
  • administrative and security audit logs.

Support, partner, and communication data

  • support requests;
  • contact form submissions;
  • partner applications;
  • upgrade requests;
  • notification preferences;
  • email delivery status and communication history.

4. How we use personal data

  • to create and manage user accounts;
  • to authenticate users and maintain secure sessions;
  • to provide organization and deal workspaces;
  • to manage invitations, participants, permissions, and access controls;
  • to store, display, and secure documents and workspace content;
  • to deliver transactional emails, including verification, password reset, security, invitation, and billing-related emails;
  • to operate notification preferences and optional communications;
  • to provide support and respond to user requests;
  • to detect abuse, investigate incidents, and protect platform integrity;
  • to enforce our Terms of Service and subscription limits;
  • to comply with legal, tax, accounting, security, and regulatory obligations.

5. Legal bases for processing

Where the GDPR or similar laws apply, we process personal data based on one or more of the following legal bases:

  • Contract performance - to provide the platform, accounts, workspaces, subscriptions, invitations, documents, messaging, and support.
  • Legitimate interests - to secure the platform, prevent abuse, improve reliability, maintain audit trails, communicate service updates, and operate business-to-business services.
  • Consent - where required for optional marketing communications, certain cookies, or similar optional processing.
  • Legal obligation - where processing is necessary for tax, accounting, compliance, legal claims, regulatory requests, or security obligations.

6. What we do not do

  • We do not sell personal data.
  • We do not store plaintext passwords.
  • We do not intentionally log password reset tokens, MFA secrets, access tokens, or refresh tokens in plaintext.
  • We do not use third-party advertising trackers inside authenticated workspaces.
  • We do not make private deal workspaces publicly searchable.
  • Password recovery responses are designed not to confirm whether an email address is registered.

7. Data sharing and subprocessors

We may share personal data with trusted service providers that help us operate Luxminex. These providers may include hosting providers, database infrastructure, object storage providers, email delivery providers, logging and monitoring tools, Robokassa and other payment or billing providers, and customer support tools.

These providers process data only as necessary to provide their services to Luxminex and are expected to apply appropriate security and confidentiality measures.

We may also disclose data where required by law, legal process, regulatory request, security investigation, enforcement of our Terms, or protection of rights, safety, and platform integrity.

8. International transfers

Personal data may be processed in countries where Luxminex, its infrastructure providers, or subprocessors operate. Where required by applicable law, we use appropriate safeguards for international transfers, such as contractual protections, data processing agreements, or other legally recognized transfer mechanisms.

9. Data retention

We retain personal data for as long as necessary to provide the platform, maintain security, comply with legal obligations, resolve disputes, enforce agreements, support billing, and maintain auditability.

Retention periods may vary by data type:

  • account data is retained while the account remains active or as needed for support, security, and legal obligations;
  • workspace content is retained according to organization settings, subscription terms, deletion requests, and legal or audit requirements;
  • security and audit records may be retained for incident investigation, abuse prevention, compliance, and platform integrity;
  • billing records may be retained for accounting, tax, and legal requirements;
  • expired password reset tokens and temporary authentication records are invalidated according to platform security rules.

10. Security

We apply technical and organizational measures designed to protect personal data, accounts, sessions, organizations, and workspaces. These measures may include access controls, tenant isolation, secure credential handling, audit records, session management, least-privilege administrative access, encryption in transit, and operational monitoring.

No method of transmission or storage is completely secure. If you believe your account or workspace has been compromised, contact us immediately at support@luxminex.com.

11. Cookies and similar technologies

Luxminex may use cookies or similar technologies that are necessary for authentication, session management, security, preferences, and platform operation.

If optional analytics or marketing cookies are introduced, we will update this Privacy Policy and provide consent controls where required by applicable law.

12. Email communications and notification preferences

We send mandatory service communications such as email verification, password reset, security alerts, account notices, invitation emails, and billing-related messages.

Users may manage optional notification preferences in account settings, including product updates, deal notifications, partner invitations, and marketing emails where available. Mandatory security and account-related emails cannot be disabled.

13. Your rights

Depending on your jurisdiction, you may have rights to:

  • access personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion of personal data;
  • request restriction of processing;
  • object to certain processing;
  • request data portability;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with a data protection authority.

To exercise rights, contact support@luxminex.com. We may need to verify your identity before processing certain requests.

Some requests may be limited by legal obligations, contractual obligations, security requirements, billing records, audit retention, or the rights and data of other users or organizations.

14. Organization administrator requests

If your account belongs to an organization workspace, certain requests may need to be handled by the organization administrator or the organization acting as controller for workspace content. Luxminex may redirect workspace-content requests to the relevant organization where appropriate.

15. Children

Luxminex is intended for professional and business use. It is not intended for children, and we do not knowingly collect personal data from children.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the platform, by email, or through another reasonable method. Continued use of Luxminex after an update means the updated policy applies from its effective date.

17. Contact

General support: support@luxminex.com

An error has occurred. This application may no longer respond until reloaded. Reload 🗙

Restoring your secure session

Reconnecting to the Luxminex workspace. This usually takes a moment.

Connection interrupted

Retrying in s. Attempt of .

Unable to reach the server

The secure channel could not be restored. Check that services are running, then retry or reload the page.