Effective Date: December 5, 2024

Introduction

At Lumanu, we take your privacy seriously. This Privacy Policy explains how Lumanu ("we," "us," or "our") collects, uses, and protects your personal information when we process payments between buyers and vendors, assist vendors in opening bank accounts, file taxes on their behalf, and provide other related services. This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Gramm-Leach-Bliley Act (GLBA), and the Right to Financial Privacy Act (RFPA). By using or visiting any Lumanu website, application, product, software, tool, data feed, and/or service (collectively the “Service”), you understand and agree to the terms of this policy unless we must specifically obtain your permission under any applicable law.

Information We Collect

To provide our services, Lumanu may collect the following types of personal information:

• Contact Information: Name, email address, phone number, and physical address.

• Payment Information: Bank account details, payment history, and transaction data to process payments between buyers and vendors.

• Tax Information: Tax identification numbers, Social Security Numbers (SSNs), or Employer Identification Numbers (EINs) for tax filing purposes.

• Business Information: Vendor business name, legal structure, and ownership details.

• Identification Documents: Government-issued IDs, such as passports or driver’s licenses, to verify identity when opening bank accounts or facilitating payments, including compliance with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations under the USA Patriot Act.

• Credit-Related Information: Under the FCRA and FACTA, we may collect information related to your creditworthiness, including credit reports, for identity verification and fraud prevention purposes when opening financial accounts.

• Social Media Information: With your explicit consent, we may collect information from your connected social media accounts (such as Facebook, Instagram, or TikTok) for whitelisting access purposes. This may include username, profile details, and certain permissions necessary to provide the whitelisting services.

• Technical Information: Device and usage data, such as IP address, browser type, and cookies, for enhancing our website and services.

• Access to Personal Information:  Customer support and software engineers have access to the data we collect. Our banking partner will also have access to information for know your customer requirements. We also use third parties for filing taxes and for making international payments as well as identity verification.

• We may collect non-personally identifiable information about you when you visit the Website. Non-personally identifiable information may include technical and measurement information concerning, for example, your connection to and usage of the Website. We may use this information for internal purposes, such as usage analysis and improving the Website. This information does not include your Personal Information.

How We Use Your Information

Lumanu collects and uses personal information for the following purposes:

• Payment Processing: To facilitate transactions between buyers and vendors, including sending and receiving payments on behalf of both parties.

• Account Management: To assist vendors in opening and maintaining business bank accounts.

• Tax Compliance: To file tax documentation for vendors and comply with applicable tax laws.

• Social Media Whitelisting Access: To enable vendors and buyers to connect their social media accounts for whitelisting purposes, such as granting authorized users access to advertising tools or media assets.

• Credit Reporting and Verification: To comply with the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act (FACTA), we may use credit-related information to verify identity and protect against fraud when facilitating financial services.

• Legal Compliance: To meet legal obligations, including those under the USA Patriot Act (e.g., KYC and AML regulations), as well as anti-fraud measures, tax laws, and identity verification processes together with use to enforce the terms of our user agreement or to protect third party rights, safety or property.

• Service Improvement: To improve our website, customer support, and overall service offering.

• Customer Requests. Customers are permitted to request we stop processing their data. Customers provide the data we use.

Personal information is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Lumanu will use the personally identifiable information directly provided by you solely for the purpose for which you have provided it, whether it be to register, use the Service, communicate with others, request information, etc. We may also use the information you provide to contact you for reasons related to use of the Service.\

Legal Basis for Processing

Under GDPR, Lumanu processes personal information on the following legal bases:

• Contractual Necessity: We process your data as required to fulfill our contractual obligations (e.g., processing payments and filing taxes).

• Legal Obligation: We process your data to comply with legal obligations, such as tax regulations, anti-fraud requirements, and obligations under the USA Patriot Act (including identity verification for AML and KYC).

• Legitimate Interest: We process data for our legitimate interests, such as improving services and preventing fraud, provided that such interests are not overridden by your data protection rights.

• Consent (For Social Media Whitelisting): We process your social media account information only with your explicit consent, which is necessary to provide whitelisting access services.

Your Rights

As a user, you have the following rights regarding your personal data:

• Access and Portability: You can request access to your personal data and obtain a copy in a machine-readable format.

• Rectification: You can request corrections to any inaccurate or incomplete personal data we hold about you.

• Erasure: You have the right to request the deletion of your personal data, subject to certain exceptions (e.g., compliance with legal obligations such as those under AML/KYC laws).

• Restriction and Objection: You may request that we restrict the processing of your data or object to processing under certain circumstances.

• Data Protection Rights for California Residents (CCPA): California residents have the right to request information about the collection, use, and sharing of their personal data and to opt out of the sale of their personal data (Note: Lumanu does not sell personal data). California residents also have the right not to be discriminated against in the use of data.

• Right to Financial Privacy (RFPA): Lumanu adheres to the RFPA, which protects the confidentiality of your financial records and requires that your financial information can only be disclosed to government authorities if a formal written request or legal subpoena is provided, or with your express consent.

• FCRA and FACTA Rights: You have the right to access and dispute the accuracy of credit-related information we collect under the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act (FACTA). If any adverse action is taken based on your credit report, you will be informed, and you have the right to dispute inaccuracies with the reporting agency.

To exercise any of these rights, please contact us at privacy@lumanu.com or call us at 415-702-2980. If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the Data Protection Commission via their website at dataprotection.ie.

How far our responsibility extends

This Privacy Policy applies to services that are owned and operated by us. It does not necessarily apply to sites our customers create using our software, even if operated by us. We do not exercise control over other users or third party websites that may link to our Service. They may place their own or other files on their website, collect data or solicit personal information from you. We accept no responsibility or liability for these other sites or services. Third party websites.

Connecting Social Media Accounts for Whitelisting Access

Lumanu provides the option for vendors and buyers to connect their social media accounts (such as Facebook, Instagram, or TikTok) for whitelisting services. This allows authorized parties to access certain advertising tools and media assets.

• Permissions and Information Collected: When connecting your social media account, Lumanu may request permissions to access specific information, such as your username, profile, and any relevant settings or media assets required for whitelisting.

• Consent: Connecting your social media account is entirely voluntary, and you will be asked to provide explicit consent before any data is accessed or used for whitelisting purposes.

• Data Usage: The information collected will only be used for the purpose of enabling and managing social media whitelisting access. Lumanu will not share or use this data for any other purpose without your consent.

Do Not Track & Disabling Cookies

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and/or across different websites. However, these features are not yet uniform and there is no common standard adopted by industry groups, technology companies, or regulators. Therefore, although we may recognize a DNT signal for visitors from certain jurisdictions and/or certain browsers, we do not currently commit to responding to browsers’ DNT signals with respect to our Sites. We will continue to monitor developments around DNT browser technology and the implementation of a standard.

With regard to information we collect via cookies as described above, for further information about cookies, including how to see and manage what cookies have been set on your computer or mobile device, you can visit www.allaboutcookies.org. You can also manage your cookie settings on our Site by clicking on the Cookie Settings below. If you do not accept our cookies or later disable cookies, you may experience some inconvenience in your use of our Sites.

Sharing Your Information

Lumanu only shares your personal information under the following circumstances:

• Service Providers: We may share your data with trusted third-party vendors and service providers who assist in payment processing, tax filing, identity verification, and other essential business services. We cannot accept customers who do not wish to permit this sharing. Do not sign up if this concerns you.

• Legal Compliance: We may disclose your information to regulatory bodies, law enforcement, or other third parties when required by law, such as for compliance with anti-money laundering (AML) laws under the USA Patriot Act, the Gramm-Leach-Bliley Act (GLBA), tax regulations, or under the Right to Financial Privacy Act (RFPA) when mandated by government authorities or law enforcement. Additionally, we comply with the FCRA and FACTA regulations regarding credit-related information sharing and protection.

• Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity, subject to the same privacy protections outlined in this policy.

Data Security

We take the protection of your data seriously and implement appropriate technical, administrative, and physical safeguards to prevent unauthorized access, use, disclosure, or destruction of your personal data. These measures include encryption, secure access controls, and ongoing security assessments. We take appropriate organizational and technical measures to protect the data provided to us or collected by us, and do not retain it any longer than permitted in order to perform our services or as required under relevant legislation, with due observance of the applicable obligations and exceptions under the relevant legislation. You should be aware that internet communications are not always secure. You are responsible for maintaining the security and confidentiality of your account passwords. It is a condition of your use that you agree we are not liable for any such disclosure.

Data Retention

Lumanu retains your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. For example, we may retain transaction records for tax filing, AML/KYC compliance, or credit-related documentation as required by law.

International Transfers

Lumanu may transfer your personal data to countries outside of your home jurisdiction, including to data centers or third-party service providers located in other regions. When transferring data internationally, we ensure adequate data protection measures are in place, such as standard contractual clauses approved by the European Commission (for GDPR compliance).

Children's Privacy

Lumanu’s services are not intended for use by individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete it.

Changes to This Privacy Policy

We reserve the right to and may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. If there are material changes to this statement or in how we will use your personal information, we will notify you by prominently posting a notice of such changes here or on our home page, or by sending you an email. If we want to make use of your personal data in a way that we have not previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent. We encourage you to review this policy regularly to stay informed about how we protect your privacy.

Contact Us

If you have any questions or concerns about this Privacy Policy or wish to exercise your rights regarding your personal data, please contact us at:

Email: privacy@lumanu.com

Mailing Address: 1528 Webster St, Oakland, CA 94612

Our EU Representative:

Under Article 27 of the GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is :

Instant EU GDPR Representative Ltd.

Adam Brogden
contact@gdprlocal.com

Tel +35315549700

INSTANT EU GDPR REPRESENTATIVE LTD
Office 2, 12A Lower Main Street, Lucan Co. Dublin, K78 X5P8, Ireland

Our UK Representative:

Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is: GDPR Local Ltd.

Adam Brogden
contact@gdprlocal.com

Tel +44 1772 217800

1st Floor Front Suite, 27-29 North Street, Brighton, England

Compliance Notices

• GDPR Notice: Users in the European Economic Area (EEA) have rights related to their personal data under the General Data Protection Regulation (GDPR).

• CCPA Notice: California residents have specific rights regarding their personal data under the California Consumer Privacy Act (CCPA).

• GLBA Notice: This policy also complies with the Gramm-Leach-Bliley Act (GLBA), which governs the collection, disclosure, and safeguarding of nonpublic personal information in the financial services industry.

• RFPA Notice: The Right to Financial Privacy Act (RFPA) provides protections over your financial records by requiring government authorities to have a formal written request or subpoena to access your financial information, unless you give express consent.

• USA Patriot Act Notice: We comply with the USA Patriot Act by implementing AML and KYC processes for identity verification and financial crime prevention.

• FCRA and FACTA Notice: We comply with the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act (FACTA) by protecting credit-related information and providing users the right to access and dispute their credit information.

Disclosure Policy

Data security is a priority for Lumanu. If you believe you’ve found a security vulnerability in Lumanu’s service, please notify us. We will work with you to resolve the issue promptly.

• We will maintain standard confidentiality in our communications with you. 

• We commit to thoroughly investigate and make every reasonable effort to address confirmed issues in a way that prioritizes the safety and security of those who may be impacted by a reported vulnerability.

• We will work with you to confirm and address your disclosure appropriately.

What we ask of Researchers

If you believe you’ve discovered a potential vulnerability, please let us know by emailing security@lumanu.com and including the subject line Lumanu Security - (issue found). We will acknowledge your email within ten business days.

• We ask researchers to supply adequate technical details and context required for our team to verify reported issues, including screen recordings where relevant.

• Make a good faith effort to avoid violating privacy, interrupting or degrading Lumanu.com service, or destroying data. Please only interact with accounts you own or for which you have explicit permission from the account holder.

• ‍Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within 24 hours of disclosure.

Exclusions

• While researching, we’d like you to refrain from:

• Distributed Denial of Service (DDoS)

• Spamming

• Social engineering or phishing of Lumanu employees

Thank you for helping to keep Lumanu.com and our users safe!

© 2024 Lumanu, Inc. All Rights Reserved.