Privacy Policy
Last updated: [DATE]
This policy explains what personal data we collect when you visit lumafit.org or buy LumaFit, why we collect it, who helps us process it, and the rights you have under the EU General Data Protection Regulation (GDPR). We keep data collection to the minimum needed to sell you a digital guide.
1. Who is responsible for your data (data controller)
The data controller for LumaFit is:
- Controller: [LEGAL NAME]
- Registered address: [REGISTERED ADDRESS, Latvia] (Latvia, EU)
- Contact for privacy requests: edgars@ideajetlab.com [SUPPORT EMAIL]
2. What data we collect and why
- Your name and email address — to deliver the guide, send your download link/receipt, and provide support. Email is also used for marketing only if you separately opt in.
- Billing country and limited payment details — collected and handled by our payment provider to process your purchase, calculate any applicable tax (e.g. VAT), and prevent fraud. We do not see or store your full card number.
- Basic transaction records — order ID, product, amount, and date, which we need to keep for accounting and tax purposes.
We do not knowingly collect data from anyone under 18 making a purchase (see our Terms).
3. Who processes your data (processors)
We use trusted third parties to run the shop. Depending on the checkout in use, payment is handled either directly through a payment processor (such as Stripe) or through a "Merchant of Record" platform (such as Lemon Squeezy or Gumroad), which sells the product on our behalf and handles tax. The active provider is [PAYMENT PLATFORM].
- Payment / checkout provider — [PAYMENT PLATFORM] (e.g. Stripe, Lemon Squeezy, or Gumroad): processes your payment, billing country, and contact details. Where a Merchant of Record is used, that platform may act as an independent controller for the payment itself under its own privacy policy.
- Email / file delivery provider — [PAYMENT PLATFORM] or a separate email service is used to send your download link, receipt, and any updates.
These providers may process data outside the EU/EEA; where they do, they rely on safeguards such as Standard Contractual Clauses. Please also review the privacy policy of the active provider for full details.
4. Lawful bases
- Performance of a contract — to take your order, deliver the guide, and provide support.
- Legal obligation — to keep tax and accounting records.
- Consent — for any marketing emails; you can withdraw consent at any time.
- Legitimate interests — to keep the site secure and prevent fraud, balanced against your rights.
5. How long we keep it (retention)
We keep transaction and accounting records for as long as required by Latvian/EU tax law (typically several years). Support emails are kept only as long as needed to resolve your request. Marketing contacts are kept until you unsubscribe or ask us to delete them.
6. Your rights
Under the GDPR, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your data (subject to legal retention duties).
- Portability — receive your data in a portable, machine-readable format.
- Restriction and objection — limit or object to certain processing, including marketing.
- Withdraw consent — at any time, where processing is based on consent.
You also have the right to lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija) or your local EU supervisory authority.
7. We don't sell your data
We do not sell, rent, or trade your personal data. We share it only with the processors named above, strictly to deliver your order and run the shop, and only when required by law.
8. Cookies and analytics
We currently do not use tracking cookies or third-party analytics on lumafit.org. Our payment provider may set cookies that are strictly necessary to process your checkout securely. If we introduce analytics or marketing cookies in the future, we will update this policy and request your consent first, as required by EU law.
9. How to exercise your rights or ask questions
Email edgars@ideajetlab.com [SUPPORT EMAIL] with your request. We may need to verify your identity before acting, and we'll respond within the timeframe required by the GDPR (normally within one month).
A note on this page: this is general information, not legal advice. Before launch, have this policy reviewed by a qualified professional familiar with the GDPR and Latvian law, and confirm the named processors match the tools you actually use.