Privacy Policy
Last updated: 3 July 2026
This document is pending legal review.
This Privacy Policy explains how personal information is handled when you use Lumière. We are committed to protecting personal information in line with South Africa’s Protection of Personal Information Act, 2013 (POPIA).
1. Who we are
Lumière (“we”, “us”, “our”) is a gallery delivery platform for professional photographers, operated from South Africa. We act as the responsible party for the account information photographers provide to us, and as an operator (processor) on behalf of photographers for the client records and photographs they upload and manage through the service.
2. Information we collect
We collect and process the following categories of personal information:
- Photographer account data — name, business name, email address, password (stored hashed), profile details, brand settings, and billing information handled by our payment provider.
- Client contact records — the names, email addresses, and notes photographers choose to store about their own clients within their account.
- Uploaded photographs — the images and associated metadata photographers upload to deliver to their clients.
- Gallery activity — aggregate view and download counters, and download logs (including the email address a visitor supplies to download photos).
- Cookies and local storage — session authentication cookies for the portal, gallery PIN-access cookies that record that a visitor has entered a valid gallery PIN, and browser local storage used to remember a visitor’s favourited photos. Favourites are never sent to or stored on our servers.
3. How we use information
We use personal information to:
- provide, operate, and secure the Lumière service;
- authenticate photographers and protect access to private galleries;
- deliver galleries and enable downloads and favourites;
- process subscriptions and payments;
- send transactional email such as verification, password reset, and account notices;
- maintain gallery view and download statistics for photographers; and
- comply with our legal obligations.
4. Sub-processors
We rely on a small number of trusted service providers to run Lumière. Each processes personal information only as needed to provide their service to us:
- Neon — managed PostgreSQL database hosting.
- Cloudflare R2 & CDN — photograph storage and delivery.
- Resend — transactional email delivery.
- Upstash Redis — rate limiting and short-lived operational data.
- Vercel — application hosting.
- Our payment provider — subscription billing and card processing.
5. International transfers
Some of our sub-processors host or process data in the United States, the European Union, or other regions. Where personal information is transferred outside South Africa, we take reasonable steps to ensure it is protected in a manner consistent with POPIA, including relying on providers that offer adequate contractual and technical safeguards.
6. Your POPIA rights
Subject to applicable law, data subjects have the right to access their personal information, request correction of inaccurate information, request deletion, and object to certain processing. Photographers can exercise many of these rights directly within the portal. Clients of a photographer should contact that photographer first, as they control their own client records; where we act as operator we will assist the photographer in responding.
To exercise a right or raise a concern, contact our Information Officer at eternitysoftwaresolutions.16@gmail.com.
7. Retention
We retain account and gallery data for as long as an account is active. When an account is deactivated, a 30-day grace period applies during which the portal and galleries remain accessible. After the grace period, the portal is locked and galleries go dark, but data is retained unless you request deletion. You may request deletion of your data at any time via the contact above.
8. No sale of personal information
We do not sell personal information. We share information only with the sub-processors described above and where required by law.
9. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last updated” date above.