1. Who We Are

LumenForge Studios ("we," "us," "our") operates at lumenforge.studio. We are an AI-powered brand creation studio providing design and branding services to startups and technology companies globally. For GDPR purposes, LumenForge Studios acts as a Data Controller for personal data collected through our website and service engagements.

For privacy inquiries, contact us at: [email protected]

2. Information We Collect

2.1 Information You Provide

• Contact & Inquiry Data: Name, email address, company name, and project details submitted via our contact form or email.
• Project Materials: Brand briefs, existing assets, company information, and other materials you share during a project engagement.
• Payment Information: Billing details processed through our secure payment processor (Stripe). We do not store card numbers or CVVs.
• Communications: Emails, call notes, and other correspondence during our engagement.

2.2 Information Collected Automatically

• Usage Data: Pages visited, time on site, referral source, and browser/device type via privacy-respecting analytics.
• Cookies: Functional cookies required for site operation and, with your consent, analytics cookies. No advertising or tracking cookies are deployed.

3. How We Use Your Information

We use your data exclusively for the following purposes:

• To respond to your inquiries and manage the project engagement
• To deliver the services described in our project proposals and contracts
• To process payments and issue invoices
• To send project-related communications, updates, and deliverables
• To improve our website and service offering through aggregated analytics
• To comply with applicable legal obligations

We do not use your data for advertising, profiling, or selling to third parties.

4. Responsible AI Use Policy

4.1 Our AI Technology

LumenForge Studios uses a combination of proprietary AI generation tools and licensed third-party AI services. All AI-generated creative outputs are reviewed and refined by human designers before delivery to clients.

4.2 Client Data & AI Training

We operate under a strict data containment policy for AI processing:

• Client briefs and project data are used solely to complete the commissioned project.
• No client data is used to train, retrain, or fine-tune any AI model, internal or external.
• Where we use third-party AI APIs, we select providers with appropriate data processing agreements and opt-out of data sharing for model training by default.
• AI-processed data is not retained by third-party AI services beyond the duration of the API call.

4.3 Human Review Requirement

All AI-generated creative work undergoes mandatory human review by a qualified designer before being presented to or delivered to the client. We clearly communicate which elements have AI-generation origins in our project documentation.

4.4 Bias & Fairness

We are actively committed to monitoring and mitigating bias in our AI generation systems. We review outputs for unintended stereotyping, cultural insensitivity, or discriminatory patterns. Clients may request a human-only design process for their project at any time.

5. Data Protection & Security

5.1 Security Measures

We implement technical and organizational security measures appropriate to the nature of the data processed, including:

• End-to-end encryption for all file transfers and client communications
• TLS/HTTPS encryption for all web traffic
• Role-based access controls — only team members with project involvement can access your data
• Secure cloud storage with AES-256 encryption at rest
• Regular security audits and penetration testing

5.2 Data Retention

We retain project materials and communications for a period of 3 years following project completion, to support any post-delivery queries or revision requests. After this period, data is securely deleted unless retention is required by law. You may request early deletion of your project data at any time (subject to our legal obligations).

6. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with:

• Project team members who need access to deliver your services
• Payment processors (Stripe) for transaction processing under their privacy policy
• Cloud storage providers for secure file hosting, under data processing agreements
• Legal authorities if required by law, regulation, or court order

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data (subject to our legal obligations).
• Portability: Request your data in a machine-readable format.
• Objection: Object to certain processing activities.
• Restriction: Request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies

We use strictly necessary cookies for site functionality (session management, security). With your consent, we use privacy-respecting analytics cookies (aggregated, non-personal data only). We do not use advertising cookies, cross-site tracking cookies, or third-party behavioral targeting cookies.

You may withdraw cookie consent at any time by adjusting your browser settings. This will not affect the legality of any processing already carried out.

9. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal information, we will take immediate steps to delete such data.

10. International Transfers

LumenForge Studios operates globally. Where personal data is transferred outside of the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will notify existing clients of material changes via email. The "Last Updated" date at the top of this page indicates when the Policy was last revised.

12. Contact & Complaints

For any privacy-related questions or concerns: [email protected]

If you are located in the EEA and believe we have not addressed your concern, you have the right to lodge a complaint with your local data protection supervisory authority.