Privacy Policy

Last updated: November 26, 2025

1. Data Controller

The data controller responsible for your personal data is:

By FX GmbH
Kiel, Germany
hello@lumethic.com
Registered in Germany

2. Information We Collect

We collect several types of information from and about users of our service:

Personal information such as name and email address when you create an account
Account information including subscription details and preferences
Uploaded images (RAW and JPEG files) and associated metadata for verification purposes
Usage data and analytics to improve our service
Payment information processed through our payment provider Stripe
Transaction data for marketplace purchases and sales

3. Image and RAW File Processing

We take special care with your photographic content:

All image files are stored on Amazon Web Services (AWS) servers in Frankfurt, Germany (EU region)
Images are processed solely for verification analysis comparing RAW files to JPEG exports
Your images are never used for AI model training, machine learning, or any purpose other than providing our verification service
We store cryptographic hashes (SHA-512) of your files for integrity verification
Thumbnails are generated for display purposes and stored securely
For C2PA-signed images, verification metadata is embedded in the signed file as per the C2PA standard

4. How We Use Your Information

We use the information we collect to:

Provide and maintain our photo verification service
Improve and optimize our platform and user experience
Provide customer support and respond to your requests
Comply with legal obligations and protect our rights
Generate anonymized analytics about verification accuracy and service performance
Send service-related communications and, with your consent, marketing updates

5. Marketplace and Payment Data

When you use our marketplace features:

Seller information necessary for Stripe Connect is shared with Stripe for payment processing
Buyer transaction data is processed to fulfill purchases and maintain license records
We maintain records of marketplace transactions for legal and accounting purposes
Payment data is processed by Stripe Inc. according to their privacy policy
Purchase and license records are retained to verify license validity

6. Information Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

Trusted service providers who assist us in operating our service (see Sub-Processors section)
When required by law or to protect our rights and safety
In connection with a business transfer or acquisition
Payment processors for billing and subscription management
When you have given explicit consent to share specific information

7. Sub-Processors and Third Parties

We use the following sub-processors to provide our services:

Amazon Web Services (AWS) - Cloud hosting and storage (Frankfurt, Germany, EU region)
Stripe Inc. - Payment processing and marketplace transactions
Amazon CloudFront - Content delivery network for images

Our service may contain links to third-party websites; we are not responsible for their privacy practices

8. International Data Transfers

Your data is processed and stored within the European Union:

All primary data storage is located in AWS Frankfurt, Germany
Payment data may be transferred to Stripe's servers, which comply with EU-US Data Privacy Framework
Any transfers outside the EU are protected by appropriate safeguards including Standard Contractual Clauses

9. Data Retention

We retain your data according to the following schedule:

Account data is retained while your account is active and for 30 days after deletion request
Verification results and associated images are retained until you delete them or close your account
Anonymous verifications (without account) are deleted after 90 days
Marketplace transaction records are retained for 7 years for legal and tax compliance
You may request deletion of your account and associated data at any time

10. Your Rights

Under GDPR and other applicable privacy laws, you have the following rights:

Right to access your personal data
Right to correct inaccurate or incomplete data
Right to request deletion of your data (right to be forgotten)
Right to data portability in a machine-readable format
Right to object to processing based on legitimate interests
Right to request restriction of processing
Right to withdraw consent at any time where processing is based on consent
Right to lodge a complaint with a supervisory authority (in Germany: your state's data protection authority)

11. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
Strict access controls limit who can access your data
Continuous security monitoring and regular security audits
Incident response procedures in place for potential data breaches

12. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience:

Essential cookies required for the service to function
Functional cookies to remember your preferences
Analytics cookies to understand how you use our service
You can control cookie preferences through your browser settings

13. Children's Privacy

Our service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the 'Last updated' date. We encourage you to review this policy periodically.

15. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about our data practices, please contact us at:

For data protection inquiries, you may also contact our data protection representative at the above email address.