Back to home

Data Protection

Effective date: February 23, 2026

This Data Protection Policy outlines how Lumiotech Private Limited ("Lumiotech," "we," "us," or "our") collects, uses, protects, and manages personal data in accordance with applicable laws, including theDigital Personal Data Protection Act (DPDPA), 2023. This Policy applies to all users of our services, products, and lumioWhisper (also known as "Whisper"), an intelligent corporate agent platform.

1. Purpose and Scope

The purpose of this Policy is to ensure that Lumiotech safeguards personal data and maintains strict compliance with relevant data protection regulations. It applies to any individual or entity accessing or using our services, including employees, contractors, partners, and end-users.

2. Definitions

  • Personal Data: Any data about an individual who is identifiable by or in relation to such data.
  • Data Principal: The individual to whom the personal data relates.
  • Data Fiduciary: Any person who alone or in conjunction with others determines the purpose and means of processing personal data.
  • Data Processor: Any person who processes personal data on behalf of a Data Fiduciary.
  • Processing: A wholly or partly automated operation or set of operations performed on digital personal data.

3. Principles of Data Processing

We adhere to the following principles when handling personal data:

  • Lawfulness, Fairness, and Transparency: Data is collected on a lawful basis (e.g., verifiable consent) and processed transparently.
  • Purpose Limitation: Data is collected for explicit, specified, and lawful purposes and not further processed in a manner incompatible with those purposes.
  • Data Minimization: Our collection is limited to what is strictly necessary to achieve the stated purpose.
  • Accuracy: We ensure that data is accurate and keep it updated where necessary.
  • Storage Limitation: Personal data is kept no longer than is necessary for the purposes for which it is processed.

4. Collection and Use of Personal Data

We collect personal data primarily to deliver the lumioWhisper services, verify user identities, provide customer support, and fulfill legal obligations. We may also acquire usage data to enhance and optimize the platform experience.

5. Lawful Basis: Consent

Our primary basis for processing personal data is the free, specific, informed, unconditional, and unambiguous consent of the Data Principal with a clear affirmative action. Consent may be withdrawn at any point, with the withdrawal mechanism being as simple as the initial consent mechanism.

6. Security Safeguards

We deploy robust organizational and technical measures to prevent personal data breaches. This includes data encryption, pseudonymization, data masking, and stringent access controls. Our safeguards are periodically reviewed and tested against emerging vulnerabilities.

7. Data Breach Management

In the event of a personal data breach, Lumiotech is committed to promptly identifying the source, containing the breach, and notifying the Data Protection Board of India, as well as every affected Data Principal, without undue delay.

8. Data Sharing and Data Processors

We do not sell personal data. We may share data with authorized Data Processors under a valid contract to provide operational services (e.g., cloud hosting, analytics). These processors are legally bound to uphold the same high standards of data protection and only act upon our documented instructions.

9. International Data Transfers

Lumiotech complies with any active restrictions on the transfer of personal data to territories outside India as prescribed by the central government. Cross-border data transfers are implemented utilizing robust transfer mechanisms to ensure comparable levels of data protection.

10. Rights of Data Principals

Data Principals whose data we handle possess the following rights:

  • Right to access: Information about personal data being processed.
  • Right to correction and erasure: To rectify inaccurate data and erase data when the purpose is fulfilled.
  • Right of grievance redressal: Prompt resolution of privacy-related complaints.
  • Right to nominate: To appoint a representative in case of death or incapacity.

To exercise these rights, individuals can reach out via the Contact Us section.

11. Children’s Data

Our services cater to enterprises. If we inadvertently collect data of individuals under 18 years of age, we mandate verifiable parental consent and prohibit processing that may cause any detrimental effect to the well-being of the child.

12. Changes to This Policy

We may update this Data Protection Policy from time to time to reflect changes in our practices or relevant laws. We will revise the "Effective Date" when updates occur.

13. Contact Us / Data Protection Officer

For inquiries, rights requests, or to reach our designated Data Protection Officer / Consent Manager for grievance redressal, please contact us at:

Lumiotech Private Limited
New Delhi, India
[email protected]

By continuing to use our services, you acknowledge that you have read and understand this Data Protection Policy and agree to its terms.