← Back

Privacy Notice

Version 2026-05-22

1. Who we are

Applied Synergy Plus Consulting LLC ("Applied Synergy", "we", "us") is the controller of personal data processed in connection with the Lumen platform ("Service"). This notice explains what data we collect, why, how we share it, and the rights you have.

2. Data we collect

  • Account data: name, work email, password hash, organisation, role.
  • Workspace content: financial data, files, journals, and reports you upload.
  • Support data: messages, attachments, and metadata you send us.
  • Usage and device data: log events, IP address, browser/OS, timestamps, feature usage.
  • Cookies: essential cookies for authentication and security; limited analytics cookies.
  • Billing identifiers: customer ID and subscription status received from Paddle. Payment-card data is collected and stored by Paddle, not by us.

3. Why we process it (purposes & legal basis)

  • Provide and operate the Service, fulfil our contract with you — performance of a contract.
  • Authenticate users, prevent fraud, secure the platform — legitimate interests and legal obligation.
  • Customer support — performance of a contract.
  • Improve the product and aggregate analytics — legitimate interests.
  • Send service notices — legitimate interests; marketing email only with consent, which you can withdraw at any time.
  • Comply with tax, accounting, and other legal obligations — legal obligation.

4. How we share data

  • Paddle.com — our Merchant of Record. Paddle handles payments, subscription management, tax compliance, invoicing, refunds, and related customer service, and processes the billing identifiers and contact data needed for those purposes.
  • Subprocessors — cloud hosting, database, email delivery, error monitoring, and analytics providers acting on our instructions under contractual data-protection terms.
  • Professional advisers — auditors, lawyers, and accountants under duties of confidentiality.
  • Authorities — where required by law, court order, or to protect rights and safety.
  • Successors — in connection with a merger, acquisition, or sale of assets, with notice to affected users.

We do not sell personal data.

5. International transfers

Personal data may be processed outside your country of residence, including in the United States and the European Economic Area. Where required, we rely on adequacy decisions or Standard Contractual Clauses, together with appropriate technical and organisational safeguards.

6. Retention

We retain account and workspace data for as long as your subscription is active. After termination, data is retained for 30 days to allow export and then deleted or anonymised, except where longer retention is required for legal, tax, accounting, or dispute-resolution purposes (typically up to 7 years for invoicing records held by Paddle).

7. Your rights

Subject to applicable law (including GDPR, UK GDPR, and CCPA), you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, to withdraw consent, and to lodge a complaint with a supervisory authority. We will respond to verified requests within one month. Contact us through the Service or via the email address listed on our website.

8. Security

We use industry-standard technical and organisational measures, including TLS 1.2+ in transit, AES-256 at rest, role-based access controls, database-enforced row-level security per workspace, encrypted backups, and monitored logging.

9. Cookies

We use a small number of essential cookies for authentication and security and limited first-party analytics cookies to understand product usage. You can control cookies through your browser settings; disabling essential cookies will prevent sign-in.

10. Changes

We may update this notice from time to time. Material changes will be notified through the Service or by email.

Terms of ServiceRefund Policy