Lumify Pty Ltd ACN [insert ACN] of [insert registered address] trading as Lumify (“Lumify”, “we”, “us”, “our”) respects your privacy and is committed to handling personal information responsibly and in accordance with applicable privacy laws.

This Privacy Policy explains how we collect, hold, use and disclose personal information when you visit our website, enquire about our products or services, request a demo, use the Lumify platform, upload documents or billing information for analysis, interact with our team, or otherwise deal with us.

By using our website or services, you acknowledge that your personal information will be handled in accordance with this Privacy Policy.

1. Who we are

Lumify is an Australian software business providing telecommunications expense management, telco visibility, partner workflow, and related reporting, automation, reconciliation and support services for organisations, channel partners, and other business customers.   

2. The kinds of personal information we collect

The personal information we collect depends on how you interact with us, but may include:

Your name, job title, employer, business address, email address and telephone number.

Account, login and user profile details.

Enquiry, support, onboarding and communications records.

Billing, payment and transaction information.

Information you provide when booking a demo, requesting a quote, downloading content, filling in forms, or subscribing to updates.

Technical information such as IP address, browser type, device information, pages viewed, session information, referring URLs, and cookies or similar tracking data.

Information contained in documents or files you upload to us, including telecom invoices, account statements, service inventories, usage files, spreadsheets, reports, and related business records.

Any other information you choose to provide to us.

Where uploaded files or service data contain personal information about your staff, representatives, customers, contractors or end users, that information may also be collected by us as part of providing our services.

3. How we collect personal information

We may collect personal information:

Directly from you when you complete website forms, contact us, request information, sign up for updates, create an account, book a demo, engage our services, or communicate with us.

When you or your organisation upload files, invoices, reports or other data into the Lumify platform or provide them to us for analysis, onboarding, support or service delivery.

Automatically when you use our website or platform, including through cookies, analytics tools, server logs and similar technologies.

From your employer or organisation where they nominate you as a contact, administrator, authorised user, billing contact or representative.

From service providers, integration partners, publicly available sources, marketing platforms, CRM systems, analytics providers, and other third parties connected with our business operations.

From channel partners, resellers, managed service providers and referral partners where relevant to the services being provided.

4. Why we collect, hold, use and disclose personal information

We collect, hold, use and disclose personal information for purposes including:

Providing our website, software platform, products and services.

Assessing uploaded telecom bills, invoices or related files and generating reports, scorecards, visibility outputs, recommendations, analytics or other service deliverables.

Setting up, administering and supporting customer accounts.

Managing demos, proposals, onboarding, subscriptions, billing and renewals.

Communicating with customers, prospects, partners and suppliers.

Responding to enquiries, support requests and complaints.

Improving our products, services, website, user experience, reporting and internal operations.

Conducting analytics, testing, troubleshooting, product development, service optimisation and security monitoring.

Sending service-related messages, administrative notices, and, where permitted, marketing communications.

Maintaining business records, managing risk, complying with legal obligations, and protecting our legal rights and interests.

5. Cookies, analytics and website tracking

Our website may use cookies and similar technologies to operate effectively, remember preferences, understand how users engage with our website, improve performance, measure campaign effectiveness, and support advertising or remarketing activities.

These technologies may collect information such as IP address, browser type, device identifiers, pages visited, time spent on pages, referring websites and general interaction data.

You can usually control cookies through your browser settings. If you disable cookies, some website features may not function properly.

6. Direct marketing

We may use your personal information to send you marketing communications about Lumify, our services, events, updates, resources or offers where permitted by law.

You can opt out of marketing communications at any time by using the unsubscribe facility in the message or by contacting us using the details below.

Where Australian spam laws apply, we aim to send marketing messages only with the appropriate consent and to include our identity, contact details and a functional unsubscribe option. 

7. Disclosure of personal information

We may disclose personal information to:

Our employees, contractors and related entities.

Our software, hosting, cloud storage, analytics, CRM, payment, communications, security and IT service providers.

Professional advisers such as lawyers, accountants, insurers and auditors.

Channel partners, resellers, MSPs, distributors, implementation providers and support providers where relevant to the services delivered.

Third-party integration partners and data processors engaged to help us provide or improve our services.

Government agencies, regulators, law enforcement bodies, courts or other parties where required or authorised by law.

A purchaser or potential purchaser in connection with a business sale, merger, restructure, investment or asset transfer.

We do not sell personal information as a standalone data asset.

8. Overseas disclosure

Some of our service providers or technology platforms may store or process personal information outside Australia.

This may include, for example, cloud hosting, infrastructure, communications, CRM, analytics or support providers located in countries such as [insert countries, for example Australia, New Zealand, Singapore, the United States, the United Kingdom and member states of the European Economic Area].

Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles the information in a manner consistent with applicable privacy requirements.

If you want more information about the countries in which our service providers are located, please contact us.

9. How we hold and protect personal information

We hold personal information in electronic form, including in our software systems, cloud platforms, CRM systems, email systems, support tools, analytics systems and related business records. In some cases, we may also hold limited physical records.

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. These steps may include access controls, authentication measures, role-based permissions, logging, encryption where appropriate, secure hosting arrangements, staff training, contractual protections with service providers, and security monitoring and response processes.

No method of transmission over the internet or method of electronic storage is completely secure, so we cannot guarantee absolute security.

The OAIC expects organisations covered by the Privacy Act to take reasonable steps to secure personal information and, where an eligible data breach is likely to result in serious harm, to notify affected individuals and the OAIC. 

10. Data retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide our services, maintain records, comply with legal, tax, accounting and regulatory obligations, resolve disputes, and enforce our agreements.

When personal information is no longer reasonably required, we will take reasonable steps to destroy it or de-identify it, unless we are required or authorised by law to retain it. 

11. Access and correction

You may request access to the personal information we hold about you, and you may ask us to correct personal information that is inaccurate, out of date, incomplete, irrelevant or misleading.

To make a request, please contact us using the details below. We may need to verify your identity before processing your request. In some cases, the law permits us to refuse access or correction, in which case we will explain our reasons to the extent required by law.

Australian privacy guidance expects privacy policies to explain how access and correction requests can be made and to provide contact details for doing so. 

12. Complaints

If you have a complaint about how we have handled your personal information, please contact us using the details below and provide as much detail as possible.

We will review your complaint and aim to respond within a reasonable time.

If you are not satisfied with our response, you may be able to lodge a complaint with the Office of the Australian Information Commissioner.

13. Third-party sites and services

Our website or services may contain links to third-party websites, tools or services. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy policies.

14. Information provided on behalf of others

If you provide personal information to us about another person, including in uploaded billing files, service records or account data, you must ensure you are authorised to do so and that the individual has been informed, where required, that their information may be provided to us and handled in accordance with this Privacy Policy.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our business, technology, legal obligations or privacy practices. The latestversion will be published on our website and the revised version will take effect from the date of publication.