Privacy Policy

Last updated: November 28, 2025

1. Introduction

SANC AG ("we," "our," or "us") operates the LumaBill service (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and ensuring compliance with the Swiss Federal Data Protection Act (nDSG) and the General Data Protection Regulation (GDPR).

2. Data Controller

SANC AG, Binzstrasse 16, 8712 Stäfa, Switzerland. Email: support@lumabill.com

3. Information We Collect

3.1 Information You Provide

  • Guest Users: If you use our Service without an account, your invoice data (client details, items, amounts) is processed locally in your browser. It is not transmitted to or stored on our servers.
  • Registered Users: When you create an account, we collect your email address and authentication credentials (managed via AWS Cognito). When you save invoices or profile settings, this data is transmitted via encryption (HTTPS) and stored securely in our database.
  • Uploaded Media: If you upload a company logo, the image file is stored in our secure cloud storage (AWS S3).
  • Waitlist Information: When you join our waitlist, we collect your email address to notify you about service availability.

3.2 Automatically Collected Information

We use Google Analytics to collect information about how you interact with our Service to improve user experience. We use cookies to manage user sessions and preferences.

4. How We Use Your Information

We use the information we collect to provide, maintain, and improve our Service, send you notifications about service availability, and comply with legal obligations.

5. Data Sharing and Disclosure

We do not sell your personal information. We share data with trusted third-party service providers including:

  • Amazon Web Services (AWS): For hosting, database, authentication, and file storage.
  • Google Analytics: For analyzing website traffic.

6. International Data Transfers

Our primary infrastructure and databases are located in Germany (EU) (AWS Frankfurt region). Germany is recognized by the Swiss Federal Data Protection and Information Commissioner (FDPIC) as providing an adequate level of data protection.

7. Your Rights

Under Swiss and EU data protection laws, you have the right to access, correct, export, or delete your personal data. You can delete your account and all associated data instantly via the "Delete Account" button in your Settings dashboard.

8. Contact Us

If you have any questions about this Privacy Policy, please contact us at: support@lumabill.com