Privacy Notice

Last updated: June 13, 2026

This Privacy Notice explains how Lumera Technologies Inc. ("Lumera", "we", "us") collects, uses, shares, and protects personal data in connection with Lumera StockFlow (the "Service"). It is issued in accordance with the Philippines Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and issuances of the National Privacy Commission (NPC).

1. Who we are

Lumera Technologies Inc. is the Personal Information Controller for the personal data processed through the Service. You may contact us at support@mylumera.net for any privacy question, request, or complaint.

2. Personal data we collect

  • Account data — name, email address, password (hashed), workspace name.
  • Profile and workspace data — role, workspace membership, profile photo (optional).
  • Content you submit — warehouses, SKUs, stock movements, attachments and other records you enter into the Service.
  • Support data — messages, attachments and metadata when you contact support.
  • Usage and device data — IP address, browser type, device identifiers, pages viewed, timestamps, error logs.
  • Cookies — strictly necessary cookies for authentication and session management.

Payment card details are collected and processed directly by our Merchant of Record, Paddle.com Market Ltd. ("Paddle"). We do not see or store full card numbers.

3. Purposes and legal basis

  • Provide the Service — create accounts, authenticate users, host your data (contractual necessity).
  • Customer support — respond to inquiries and resolve issues (contractual necessity, legitimate interest).
  • Security and fraud prevention — protect accounts and detect abuse (legitimate interest, legal obligation).
  • Service improvement — monitor performance and improve features (legitimate interest).
  • Billing and tax — through Paddle, our Merchant of Record (contractual necessity, legal obligation).
  • Transactional emails — invites, account notifications, receipts (contractual necessity).
  • Compliance — to comply with applicable laws and lawful orders (legal obligation).

Where we rely on your consent, you may withdraw it at any time without affecting prior lawful processing.

4. Sharing of personal data

We share personal data only with the following categories of recipients:

  • Service providers / sub-processors — cloud hosting, database, email delivery, error monitoring and analytics providers acting under written agreements.
  • Paddle — as our Merchant of Record for payment processing, subscription management, invoicing and tax compliance. See Paddle's Privacy Notice.
  • Professional advisers — legal, accounting and audit firms bound by confidentiality.
  • Public authorities — when required by law, regulation, court order or lawful request.
  • Successors — in the event of merger, acquisition or sale of assets, subject to equivalent protection.

We do not sell your personal data.

5. International transfers

Some of our service providers may process data outside the Philippines. Where this occurs, we ensure appropriate safeguards under the Data Privacy Act, including contractual commitments requiring a comparable level of protection.

6. Retention

We retain personal data only for as long as necessary to fulfil the purposes set out above, comply with our legal obligations (including tax and accounting record-keeping), and resolve disputes. When you cancel your subscription, account data is retained for a short grace period to allow recovery, then deleted or anonymised. Backups are purged on a rolling schedule.

7. Your rights under the Data Privacy Act

You have the following rights, subject to legal limitations:

  • Right to be informed
  • Right to access your personal data
  • Right to object to processing
  • Right to rectification of inaccurate data
  • Right to erasure or blocking
  • Right to data portability
  • Right to damages for violations
  • Right to lodge a complaint with the National Privacy Commission (privacy.gov.ph)

To exercise any of these rights, email support@mylumera.net. We will respond within the period required by law.

8. Security

We implement reasonable and appropriate organizational, physical, and technical security measures, including encryption in transit, encrypted password storage, access controls, audit logging and least-privilege practices. No system is 100% secure; we will notify affected users and the NPC of any personal data breach as required by law.

9. Cookies

We use strictly necessary cookies to keep you signed in and to operate the Service. We do not use advertising cookies. Your browser settings allow you to block or delete cookies, but doing so may impair functionality.

10. Children

The Service is not directed to individuals under 18. We do not knowingly collect personal data from minors.

11. Updates

We may update this Privacy Notice from time to time. Material changes will be announced through the Service or by email. Continued use after the effective date constitutes acceptance of the updated Notice.

12. Contact

Lumera Technologies Inc.
Data Protection Officer: support@mylumera.net