PRIVACY POLICY

FiduciaryHub

Provided by Luminaflo LLC

Effective Date: 07/22/2025
Last Updated: 07/22/2025

---

1. INTRODUCTION

This Privacy Policy describes how Luminaflo LLC ("we," "us," or "our") collects, uses, and protects information when you use FiduciaryHub ("Service"). This policy applies to all users of our Customer Relationship Management platform designed for fiduciaries, trustees, and guardians.
By using FiduciaryHub, you consent to the practices described in this Privacy Policy.

---

2. INFORMATION WE COLLECT

2.1 Account Information

When you register for FiduciaryHub, we collect:

• Name and contact information (email, phone, address)
• Professional credentials and licensing information
• Payment information (processed through PayPal or Paddle)
• Username and password

2.2 Client Data You Upload

As a fiduciary management platform, users may upload sensitive client information including:

• Client names, addresses, and contact information
• Social Security Numbers
• Banking and financial account information
• Insurance policy details and information
• Medical and health information
• Legal documents and court orders
• Asset and investment information
• Other sensitive personal and financial data

2.3 Usage Information

We automatically collect:

• Log data (IP addresses, browser type, operating system)
• Usage patterns and feature interactions
• Session duration and frequency of use
• Error logs and system performance data
• Device information and screen resolution

2.4 Cookies and Tracking Technologies

We use:

• Session cookies to maintain user login status

---

3. HOW WE USE YOUR INFORMATION

3.1 Primary Uses

We use collected information to:

• Provide and maintain the FiduciaryHub platform
• Process account registration and authentication
• Enable data storage and retrieval features
• Process billing and payments through PayPal
• Provide customer support and technical assistance
• Send important Service announcements and updates

3.2 Data Processing for Client Information

For client data you upload:

• Store securely in encrypted databases
• Enable search, organization, and reporting features
• Facilitate data export in CSV format
• Process backup and recovery operations
• Ensure data integrity and availability

3.3 Analytics and Improvement

We may use aggregated, non-identifying information to:

• Analyze usage patterns and improve Service features
• Monitor system performance and reliability
• Develop new functionality and enhancements
• Generate statistical reports on platform usage

---

4. DATA SHARING AND DISCLOSURE

4.1 No Sale of Personal Information

We do not sell, rent, or trade personal information or client data to third parties.

4.2 Limited Sharing Circumstances

We may share information only in these specific situations:

Service Providers

• Cloud hosting providers for data storage and processing
• Payment processors (PayPal or Paddle) for billing
• Technical support vendors for system maintenance
• Security providers for threat monitoring

Legal Requirements

• When required by law, subpoena, or court order
• To comply with regulatory investigations
• To protect our legal rights and interests
• To prevent fraud or security breaches

Business Transfers

• In connection with merger, acquisition, or sale of our business
• Data would be transferred subject to equivalent privacy protections

4.3 Third-Party Service Providers

Our service providers are contractually required to:

• Use information only for specified purposes
• Maintain confidentiality and security standards
• Delete or return information when services end
• Comply with applicable privacy laws

---

5. DATA SECURITY

5.1 Security Measures

We implement industry-standard security practices:

• End-to-end encryption for data transmission
• Encrypted storage of sensitive data at rest
• Multi-factor authentication requirements
• Regular security audits and vulnerability assessments
• Access controls and role-based permissions
• Secure backup and disaster recovery procedures

5.2 Security Limitations

Important: No system is completely secure. While we implement robust security measures:

• We cannot guarantee absolute security
• Users should implement additional security practices
• Highly sensitive data should be stored with appropriate additional protections
• Users are responsible for maintaining secure passwords and access credentials

---

6. YOUR PRIVACY RIGHTS

6.1 Access and Control

You have the right to:

• Access your personal information and client data
• Update or correct inaccurate information
• Export your data
• Delete your account and associated data
• Opt out of non-essential communications

6.2 Data Deletion

Upon account termination:

• You may request immediate deletion of all data
• If immediate deletion is not requested, data is retained per our standard practices
• Deleted data is removed from active systems but may persist in backups for operational purposes
• Some information may be retained as required by law

6.3 California Privacy Rights (CCPA)

California residents have additional rights:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale (we don't sell information)
• Right to non-discrimination for exercising privacy rights

---

7. SENSITIVE DATA HANDLING

7.1 Health Information

HIPAA Disclaimer: While users may upload health-related information, we do not operate as a HIPAA-covered entity. Users who upload HIPAA-protected health information do so at their own responsibility and must ensure their own HIPAA compliance.

7.2 Financial Information

• Financial data is encrypted and stored securely
• Access is limited to authorized personnel only
• We comply with applicable financial privacy regulations
• Users should verify regulatory compliance for their specific use cases

7.3 Social Security Numbers

• SSNs are encrypted using advanced encryption standards
• Access is logged and monitored
• SSNs are never used for marketing or non-essential purposes
• Strict access controls limit who can view this information

---

8. CHILDREN'S PRIVACY

FiduciaryHub is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will delete it promptly.

---

9. INTERNATIONAL USERS

9.1 US-Only Service

FiduciaryHub is currently available only to users in the United States. We do not intentionally collect information from users outside the US.

9.2 Data Storage Location

All data is stored on servers located in the United States and is subject to US privacy laws.

---

10. COOKIES AND TRACKING

10.1 Cookie Types

• Essential Cookies: Required for platform functionality

10.2 Cookie Management

You can control cookies through your browser settings:

• Disable non-essential cookies
• Clear existing cookies
• Set preferences for future cookies

Note: Disabling essential cookies may limit platform functionality

---

11. DATA RETENTION

11.1 Account Data

• Account information retained while account is active
• Deleted within 30 days of account termination (unless immediate deletion requested)
• Some data may be retained longer as required by law

11.2 Client Data

• Client data retained as long as user maintains account
• Deleted upon user request or account termination
• Backup copies may persist for operational recovery purposes

11.3 Usage Data

• Log files and usage data retained for 12 months
• Aggregated analytics data may be retained indefinitely
• Personal identifiers removed from long-term analytics data

---

12. THIRD-PARTY LINKS

Our Service may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party sites. Users should review the privacy policies of any third-party services they access.

---

13. PRIVACY POLICY UPDATES

13.1 Notification of Changes

• We will notify users of material changes via email or platform notification
• Continued use after changes constitutes acceptance
• Users who disagree with changes may terminate their accounts

13.2 Review Frequency

This Privacy Policy is reviewed annually and updated as needed to reflect:

• Changes in our practices
• New legal requirements
• User feedback and concerns

---

14. CONTACT INFORMATION

14.1 Privacy Questions

For questions about this Privacy Policy or our privacy practices:
Luminaflo LLC
Privacy Officer
Email: Sebastian@fidhub.net
Phone: 772-872-2229
Address: 13520 Bernoulli Way

14.2 Data Subject Requests

To exercise your privacy rights or request data access/deletion:
Email: Sebastian@fidhub.net
Include: Full name, account email, and specific request details
Response time: Within 30 days of verified request

---

15. COMPLIANCE AND LEGAL BASIS

15.1 Legal Basis for Processing

We process personal information based on:

• Contractual necessity to provide our services
• Legitimate business interests in improving our platform
• Legal compliance requirements
• User consent where required

15.2 Regulatory Compliance

We strive to comply with applicable privacy laws including:

• California Consumer Privacy Act (CCPA)
• Relevant state privacy regulations
• Federal privacy requirements for financial services
• Industry-specific fiduciary regulations

---

This Privacy Policy is effective as of the date listed above and governs our collection, use, and protection of your information when using FiduciaryHub.
For the most current version of this Privacy Policy, please check our website regularly.