Privacy Policy

§ 1Who We Are

LusoNexus LLC is a Wyoming limited liability company providing bespoke software development, full stack web development, Microsoft Business Central extensions, and limited business consulting services. Our principal place of business is in Cheyenne, Wyoming, United States.

For purposes of EU/UK GDPR, LusoNexus acts as a data controller with respect to personal data collected through our website and client engagement process. Where LusoNexus processes personal data on behalf of clients as part of delivering software services, it acts as a data processor, governed by the terms of the applicable client agreement.

Contact: reach@lusonexus.com  |  Cheyenne, WY 82001, United States

§ 2What We Collect

2.1 Information You Provide Directly

• Contact form submissions: name, email address, company name, service area of interest, and any message content you choose to include.
• Client engagement: business contact information, project requirements, and other information you share during the course of an engagement (governed primarily by our EULA and any applicable Data Processing Agreement).
• Email and direct communications: correspondence you initiate with us.

2.2 Information Collected Automatically

• Server logs: IP address, browser type and version, operating system, referring URL, pages visited, and date/time of visits. This is standard web server logging used for security and operational diagnostics only.
• No analytics trackers: We do not currently use third-party analytics services (such as Google Analytics) on our website.

2.3 Information We Do Not Collect

We do not collect payment card information directly. We do not knowingly collect sensitive personal data (such as health, biometric, or government ID information) through our website. We do not purchase or receive marketing lists.

§ 3How We Use It

We use the information we collect for the following purposes:

• Responding to inquiries: To respond to your contact form submission or other communications.
• Providing services: To deliver, support, and improve the software development, web development, Business Central, and consulting services you engage us for.
• Business operations: Internal record-keeping, invoicing, project management, and legal compliance.
• Security and fraud prevention: To monitor for and protect against unauthorized access, abuse, or illegal activity.
• Legal obligations: To comply with applicable laws, regulations, and lawful government requests.

We do not sell, rent, or trade your personal information. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

§ 4Legal Bases for Processing (GDPR)

For individuals in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process personal data under the following legal bases:

• Legitimate interests (Art. 6(1)(f) GDPR): Responding to inquiries, operating and securing our website, and conducting our business. Our legitimate interests do not override your fundamental rights and freedoms.
• Performance of a contract (Art. 6(1)(b) GDPR): Processing necessary to fulfill a contract with you or take pre-contractual steps at your request (e.g., evaluating a project inquiry).
• Legal obligation (Art. 6(1)(c) GDPR): Processing required to comply with applicable law.
• Consent (Art. 6(1)(a) GDPR): Where we have obtained your explicit consent (e.g., for specific marketing communications, if any). You may withdraw consent at any time without affecting the lawfulness of prior processing.

§ 5Who We Share Information With

We do not sell or share your personal information with third parties for their own marketing purposes. We may share information only in the following limited circumstances:

• Service providers: Third-party vendors who assist us in operating our business (e.g., email hosting, server infrastructure), bound by contractual obligations to use information only for the services they provide to us.
• Legal compliance: When required by applicable law, regulation, court order, or lawful government or regulatory request.
• Business transfers: In connection with a merger, acquisition, or sale of assets, in which case we will notify you and require the successor entity to honor this policy.
• Protection of rights: Where necessary to enforce our agreements, protect our rights or property, or protect the safety of our users or others.

Our current email infrastructure is hosted by Hostinger (SMTP). Contact form submissions are transmitted via our server to our business email. No form data is stored in a marketing database or CRM.

§ 6International Data Transfers

LusoNexus is based in the United States. If you are located outside the United States, your personal data will be transferred to and processed in the United States, which may not provide the same level of data protection as your home jurisdiction.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on appropriate safeguards, including:

• EU Standard Contractual Clauses (SCCs) as approved by the European Commission, where applicable to data processor relationships;
• UK International Data Transfer Agreements (IDTA) for UK-to-US transfers where required;
• Other legally recognized transfer mechanisms as applicable.

You may request a copy of the relevant transfer safeguards by contacting us at reach@lusonexus.com.

§ 7Cookies & Tracking Technologies

Our website uses only technically necessary session-level behavior and does not set persistent tracking cookies. We do not use third-party advertising cookies, retargeting pixels, or fingerprinting technologies.

Standard browser-level server logs (IP address, browser metadata) are retained for security diagnostics. These are not shared with third-party analytics platforms.

§ 8Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law:

• Contact form inquiries: Retained in our email inbox and operational records for up to three (3) years from the date of last contact, unless an ongoing engagement begins, in which case client records are retained as described below.
• Client engagement records: Retained for seven (7) years after the close of an engagement to comply with tax, accounting, and legal obligations, and then securely deleted or anonymized.
• Server logs: Retained for up to ninety (90) days for security and diagnostic purposes, then deleted.

You may request earlier deletion of your data; see §10 for your rights.

§ 9Security

We implement commercially reasonable technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These include encrypted communications (HTTPS/TLS), access controls, and secure server configurations.

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security and encourage you to use caution when transmitting sensitive information.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and applicable supervisory authorities as required by law.

§ 10Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data. To exercise any of these rights, contact us at reach@lusonexus.com. We will respond within the timeframe required by applicable law (generally 30 days).

10.1 Right to Access

You may request a copy of the personal data we hold about you and information about how it is processed.

10.2 Right to Correction / Rectification

You may request that we correct inaccurate or incomplete personal data.

10.3 Right to Erasure / Deletion

You may request that we delete your personal data where we no longer have a legal basis to retain it. Certain data may be exempt from deletion where required for legal compliance (e.g., tax records).

10.4 Right to Restriction and Objection (GDPR)

You may request that we restrict processing of your data or object to processing based on legitimate interests. We will honor such requests unless we have compelling legitimate grounds that override your interests.

10.5 Right to Data Portability (GDPR)

Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format.

10.6 Right to Opt Out of Sale / Sharing (CCPA)

We do not sell or share personal information as those terms are defined under CCPA. If this changes, we will provide a "Do Not Sell or Share My Personal Information" mechanism.

10.7 Right to Lodge a Complaint

If you are in the EEA, you have the right to lodge a complaint with your local data protection supervisory authority. In the UK, the relevant authority is the Information Commissioner's Office (ICO). In Canada, you may contact the Office of the Privacy Commissioner (OPC).

§ 11Regional Notices

11.1 European Economic Area & United Kingdom

The data controller for EU/UK purposes is LusoNexus LLC, reachable at reach@lusonexus.com. As we are a small US-based firm currently serving a limited number of EU/UK clients, we do not currently have an EU or UK representative, but will appoint one if required by applicable law. We process EEA/UK personal data under the legal bases identified in §4.

11.2 California Residents

Under the CCPA, California residents have the rights described in §10. We do not sell personal information. We do not discriminate against consumers who exercise their CCPA rights. To submit a verifiable consumer request, email reach@lusonexus.com with the subject line "California Privacy Request."

11.3 Canada

We collect, use, and disclose personal information in accordance with PIPEDA and applicable provincial privacy legislation. Our collection is limited to what is necessary for the purposes identified in §3. You may withdraw consent at any time, subject to legal or contractual restrictions. To exercise your rights under PIPEDA, contact reach@lusonexus.com.

11.4 Other Jurisdictions

If you are located in another jurisdiction with applicable privacy laws (including Brazil's LGPD, Australia's Privacy Act, or similar frameworks), you may still contact us to exercise applicable rights. We will respond in accordance with the applicable legal requirements.

§ 12Children's Privacy

Our website and services are directed to businesses and individuals aged 18 and older. We do not knowingly collect personal data from children under the age of 16 (or the applicable minimum age in your jurisdiction). If we become aware that we have collected personal data from a child without appropriate parental consent, we will delete it promptly. If you believe we may have collected data from a child, please contact us at reach@lusonexus.com.

§ 13Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

Continued use of our website or services after a policy update constitutes acceptance of the updated terms. If you object to any changes, you may discontinue use and contact us to request deletion of your data.

§ 14Contact Us

For any privacy-related questions, requests, or complaints, please contact us:

• Email: reach@lusonexus.com
• Mail: LusoNexus LLC, Cheyenne, WY 82001, United States

We aim to respond to all privacy inquiries within 30 days. For complex requests, we may require up to an additional 60 days and will inform you of the extension and reason within the initial 30-day window.

If you are not satisfied with our response, you have the right to lodge a complaint with your applicable data protection authority (see §10.7).