1. Identity of the data controller
TLL TECH SAS
28 avenue du Parmelan, 74000 Annecy, France
Email: contact@luminiz.app
Privacy Policy
Last updated: March 29, 2026
TLL TECH SAS ("Luminiz", "we") places great importance on the protection of personal data. This policy describes the processing carried out in connection with the use of the Luminiz platform and the luminiz.app website.
2. Data collected and legal bases
| Processing | Data | Legal basis | Retention period |
|---|---|---|---|
| Client account creation and management | Last name, first name, email, phone, company | Performance of contract (art. 6.1.b) | Duration of contract + 3 years |
| Billing | Billing details, IBAN (tokenized by GoCardless) | Legal obligation (art. 6.1.c) | 10 years (accounting obligations) |
| Support and communication | Email, content of exchanges | Legitimate interest (art. 6.1.f) | 3 years |
| Audience measurement (Google Analytics) | Anonymized browsing data | Consent (art. 6.1.a) | 13 months |
| ANTAI driver designation | Title, last name, first name, role/function, date of birth, place of birth, email, postal address, driving licence number, licence issue date and place, licence nationality, SIRET (legal entities) | Legal obligation — art. L. 121-6 French Road Code (art. 6.1.c) | Duration of contract + 3 years, then permanent deletion |
3. Data recipients
Your data is processed by Luminiz and its technical subcontractors:
- Amazon Web Services (AWS) — data hosting and transactional emails (Amazon SES), EU region
- GoCardless — SEPA direct debit processing (bank data not stored by Luminiz)
- ANTAI (Agence Nationale de Traitement Automatisé des Infractions) — recipient of driver data as part of the mandatory designation process (French public authority)
No data is sold or transferred to third parties for commercial purposes.
4. Transfers outside the EU
Data is hosted within the European Union (AWS eu-west). GoCardless, based in the United Kingdom, processes direct debit data under appropriate safeguards (European Commission standard contractual clauses).
5. Security
Luminiz implements the following measures: encryption of sensitive data at rest (AES-256), encrypted communications (TLS), role-based access control, access logging, daily backups.
6. Your rights
Under the GDPR, you have the rights of access, rectification, erasure, restriction, objection and portability.
To exercise them: contact@luminiz.app
You may also lodge a complaint with the CNIL: www.cnil.fr
7. Specific note — fleet driver data
As part of the ANTAI designation feature, driver data (title, last name, first name, role/function, date and place of birth, email, postal address, driving licence number, licence issue date and place, licence nationality, SIRET where applicable) is processed by Luminiz as a processor on behalf of the client company, which remains the data controller with respect to its drivers. The client company is required to inform its drivers of this processing in accordance with Articles 13 and 14 of the GDPR.