Last updated: April 23, 2026
TLL TECH SAS ("Luminiz", "we") places great importance on the protection of personal data. This policy describes the processing carried out in connection with the use of the Luminiz platform and the luminiz.app website.
TLL TECH SAS
28 avenue du Parmelan, 74000 Annecy, France
Email: contact@luminiz.app
No data protection officer (DPO) has been officially designated. For any question or request relating to the protection of your personal data, please contact contact@luminiz.app.
| Processing | Data | Legal basis | Retention period |
|---|---|---|---|
| Client account creation and management | Last name, first name, email, phone, company | Performance of contract (art. 6.1.b) | Duration of contract + 3 years |
| Billing | Billing details, IBAN (tokenized by GoCardless) | Legal obligation (art. 6.1.c) | 10 years (accounting obligations) |
| Support and communication | Email, content of exchanges | Legitimate interest (art. 6.1.f) | 3 years |
| Audience measurement (Google Analytics) | Anonymized browsing data | Consent (art. 6.1.a) | 13 months |
| ANTAI driver designation | Title, last name, first name, role/function, date of birth, place of birth, email, postal address, driving licence number, licence issue date and place, licence nationality, SIRET (legal entities) | Legal obligation — art. L. 121-6 French Road Code (art. 6.1.c) | Duration of contract + 3 years, then permanent deletion |
| Fleet document and media storage | Files uploaded by the client's account administrators (driving licences, vehicle registration cards, certificates, operating authorisations, incident photos, and any other document useful to fleet management or to be produced to authorities during controls) | Processing on behalf of the client (art. 28 GDPR) — the client defines the applicable legal basis according to its sector-specific regulations (ARS, DREAL, prefecture, employer obligations, etc.) | Duration of contract + legal archiving period applicable to the client according to its sector; deletion at any time upon client request |
| Technical and security logs | IP address, user-agent, connection dates, actions performed within the application | Legitimate interest (art. 6.1.f) — platform security, abuse and fraud prevention | 12 rolling months |
Your data is processed by Luminiz and its technical subcontractors:
No data is sold or transferred to third parties for commercial purposes.
Data is hosted within the European Union (AWS, eu-west region). GoCardless, based in the United Kingdom, processes direct debit data under the European Commission adequacy decision of 28 June 2021, which recognises the United Kingdom as providing a level of protection equivalent to the GDPR.
Luminiz implements appropriate technical and organisational measures to protect your data: encrypted communications (TLS), encryption at rest of hosted files, application-level encryption of sensitive identifiers in the database, secure password storage via cryptographic hashing, network isolation of the database within a private environment, role-based access control, sensitive document access via time-limited signed URLs, access logging, daily backups.
Under the GDPR, you have the rights of access, rectification, erasure, restriction, objection, portability, and withdrawal of consent at any time for processing based on consent.
Luminiz does not implement any automated decision-making producing legal effects concerning you within the meaning of Article 22 of the GDPR, and does not process any special categories of data within the meaning of Article 9 (health, biometric, origin, opinions, etc.).
To exercise your rights: contact@luminiz.app. We may request proof of identity in case of reasonable doubt about your identity. A response will be provided within a maximum of one month of receipt of your request, extendable by two months for complex requests in accordance with Article 12 of the GDPR.
You may also lodge a complaint with the CNIL: www.cnil.fr
As part of the ANTAI designation feature, driver data (title, last name, first name, role/function, date and place of birth, email, postal address, driving licence number, licence issue date and place, licence nationality, SIRET where applicable) is processed by Luminiz as a processor on behalf of the client company, which remains the data controller with respect to its drivers. The client company is required to inform its drivers of this processing in accordance with Articles 13 and 14 of the GDPR.
Administrators of the client account may upload various documents to Luminiz (driving licences, vehicle registration cards, certificates, operating authorisations, incident photos, etc.) for fleet management purposes and to be produced to the competent authorities during controls (ARS, DREAL, police, prefecture, etc.).
These files are processed by Luminiz as a processor on behalf of the client company, which remains the data controller. It is the client's responsibility to determine the applicable legal basis for each document according to its sector-specific regulations and to inform the data subjects in accordance with Articles 13 and 14 of the GDPR.
Documents are hosted within the European Union. Access is restricted to authorised users and they are not indexable by search engines.
The luminiz.app website uses the following cookies and storage technologies:
| Cookie / tracker | Purpose | Legal basis | Duration |
|---|---|---|---|
cookie-consent (localStorage) | Stores your consent preferences | Strictly necessary (art. 82 French Data Protection Act) | Until deletion by the user |
Google Analytics (_ga, _ga_*) | Audience measurement, anonymised browsing statistics | Consent (art. 6.1.a) | 13 months |
Google Ads (_gcl_au and related) | Advertising performance measurement, conversion attribution | Consent (art. 6.1.a) | 90 days |
No third-party profiling, advertising tracking outside Google Ads, or social network cookies are placed without your explicit consent.
You can modify your preferences at any time via the "Change my cookie preferences" button at the bottom of this page, or withdraw your consent by clearing your browser's local storage for this site.
This policy may be updated to reflect legal, technical, or organisational changes. The date of the last update is indicated at the top of this page. In the event of a material change affecting the processing activities or your rights, we will notify you by email or via a visible in-app notification before the changes take effect.