Version 1.0
Effective date:November 9, 2025
Last updated:November 9, 2025

1. Who We Are

Lú ("Lú", "we", "our", or "us") is a trading name of Lu Music Technology Limited, a company registered in Northern Ireland, United Kingdom (Company No. NI692374).
Registered office: Belfast, Northern Ireland, United Kingdom
Contact email:info@lumusictech.com
Jurisdiction: United Kingdom (Northern Ireland)

This Privacy Policy explains how we collect, use, and protect your personal information when you visit[lumusictech.com]("Website") or use our software and related services ("Services").

2. Information We Collect

A. Information You Provide

• Name, email, region (for accounts or support)
• Billing info (viaMoonbase (our third‑party payment processor, which handles all payment data securely and is the only party that processes your payment information))
• Support tickets or survey responses
• Marketing opt-ins via Klaviyo (double opt-in)

B. Information Collected Automatically

• Device, browser, OS details
• IP address (approximate region only)
• Cookies and analytics data
• Plugin usage logs (activation, performance)
• Website interactions (scrolls, clicks, heat maps)

C. Third-Party Sources

We use:

• Moonbase– payment processing
• AWS / Cloudflare – hosting & security
• Klaviyo – marketing & analytics
• Google Analytics (GA4) – usage metrics
• Microsoft Clarity – heat maps
• Hotjar (optional) – UX analytics

We never store payment card details.

3. How We Use Your Data

• Provide and improve our Services
• Manage licences and user accounts
• Process transactions
• Send updates or notices
• Respond to support queries
• Conduct analytics
• Send marketing only with explicit consent

4. Legal Bases for Processing

• Consent:analytics, cookies, marketing
• Contract:providing purchased software
• Legitimate interest:security, product improvement
• Legal obligation:compliance with laws

5. Data Sharing

We share data only with trusted processors under DPA agreements:
Moonbase | AWS | Cloudflare | Klaviyo | Clarity | Google | Hotjar (optional).

Each uses SCCs or the Data Privacy Framework (DPF).
We donotsell personal data.

6. International Transfers

We comply with UK GDPR, EU GDPR, and applicable frameworks for secure data transfers:

• Standard Contractual Clauses (SCCs)
• UK Extension to the EU–US Data Privacy Framework
• Other approved mechanisms under PIPEDA and Australia’s Privacy Act

7. Data Retention

We retain personal data only as long as necessary for legal, contractual, or operational reasons, after which it is deleted or anonymised.

8. Your Rights

You may request to:

• Access, correct, or delete your personal data
• Withdraw consent
• Object to processing
• Request portability
  Contactinfo@lumusictech.comto exercise these rights.

8A. Your California Privacy Rights (CCPA/CPRA)

California residents may:

• Request access, correction, or deletion of personal data
• Opt out of the sale or sharing of personal information
• Not be discriminated against for exercising these rights

To exercise, emailinfo@lumusictech.comor visit the "Your Privacy Choices" link in our footer.

9. Children’s Privacy

Our products are not directed to anyone under 16.
If we learn a child has provided personal information, we will delete it immediately.

10. Security

Data is protected using encryption in transit and at rest, secure hosting, access controls, and continuous monitoring.

11. Updates

We may update this policy periodically.
The most recent version will always be available on this page.

12. Contact

Lu Music Technology Limited
Belfast, Northern Ireland, UK
Email:info@lumusictech.com

13. Global Scope

This Privacy Policy applies worldwide.
We comply with the UK GDPR, EU GDPR, CCPA/CPRA (U.S.), PIPEDA (Canada), and Australia’s Privacy Act.

© 2025 Lu Music Technology Limited | All Rights Reserved

Moonbase Data Processing Addendum

Moonbase acts as our payment processor and processes personal data strictly under our instructions in accordance with GDPR Article 28. Moonbase provides:

• Standard Contractual Clauses (SCCs)for international transfers
• UK Addendum to SCCsfor UK GDPR compliance
• SOC 2 Type IIaudited infrastructure
• ISO 27001-certifiedsecurity controls
• PCI-DSS Level 1compliance for card-handling systems
• Encryption of all payment data in transit and at rest

Moonbase does not store full card numbers and does not use customer data for its own purposes.

Security & Compliance (Moonbase-Specific)

Moonbase maintains:

• Network firewalls and intrusion detection
• Tokenisation for all payment details
• Annual third‑party penetration testing
• Zero-trust access controls
• Continuous monitoring of all infrastructure

We rely on these protections as part of our overall security posture.

GDPR Article 28 Processor List (Updated)

We use the following processors under legally binding Data Processing Agreements:

• Moonbase– payment processing
• AWS– hosting
• Cloudflare– security & CDN
• Klaviyo– marketing
• Google Analytics (GA4)– analytics
• Microsoft Clarity– analytics
• Hotjar(optional) – UX analytics

Each processor implements GDPR-compliant safeguards and SCCs where required.

Payments & Refunds

Payments are processed securely throughMoonbase, which acts as our authorised payment processor. By completing a purchase, you authorise Moonbase to process the transaction on our behalf. Moonbase may perform fraud checks, authentication, and transaction security assessments.

Refunds are governed by:

• UK Consumer Contracts Regulations (2013)
• EU Consumer Rights Directive (where applicable)
• Mandatory consumer-protection laws in your jurisdiction

Digital goods: By downloading or activating the Software, you agree that your 14‑day withdrawal right is waived.

Refunds may still be granted at our discretion for duplicate purchases, accidental transactions, or verified technical issues preventing use of the Software.

U.S. State Privacy Compliance (Payment Processor Disclosure)

Residents of U.S. states with enhanced privacy laws (including California, Colorado, Connecticut, Virginia, and Utah) have the right to know which third parties process their data.

Moonbase receives only the information necessary to process payments. Moonbase doesnotsell, share, or use personal information for cross-context behavioural advertising.

You may request:

• Access to your payment-related data
• Deletion of information where legally permitted
• Explanation of what data Moonbase processes

To exercise these rights, contactinfo@lumusictech.com.

Lú Cookie Policy (Global Edition)

Version 1.0
Effective date:November 9, 2025

1. What Are Cookies

Cookies are small text files stored on your device to improve your experience, remember preferences, and analyse usage.

2. Types of Cookies We Use

For California users: certain analytics and marketing cookies may qualify as a "sale" or "sharing" of personal data under the CCPA/CPRA. You can opt out anytime via the "Your Privacy Choices" link in our footer.

3. Third-Party Cookies

We use cookies from:

• Google Analytics (GA4)
• Microsoft Clarity
• Hotjar (optional)
• Klaviyo
• Moonbase
• Cloudflare

All comply with GDPR and CCPA standards.

4. Managing Cookies

On first visit, you can:

• Accept all cookies
• Reject non-essential cookies
• Adjust preferences

You can also manage cookies via your browser:

• Chrome:https://support.google.com/chrome/answer/95647
• Safari:https://support.apple.com/guide/safari/manage-cookies-and-website-data
• Firefox:https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop

5. Cookie Duration

• Session cookies:deleted when you close your browser.
• Persistent cookies:up to 2 years unless you delete or withdraw consent.

6. Global Privacy Compliance

Lú complies with UK GDPR, EU GDPR, CCPA/CPRA, PIPEDA, and Australia’s Privacy Act.
Your cookie preferences apply globally.

7. Contact

Lu Music Technology Limited
Email:info@lumusictech.com

© 2025 Lu Music Technology Limited | All Rights Reserved

Lú Terms of Service (Global Edition)

Version 1.0
Effective date:November 9, 2025
Last updated:November 9, 2025

1. About Us

Lú ("Lú", "we", "our", or "us") is a trading name of Lu Music Technology Limited, registered in Northern Ireland, United Kingdom (Company No. NI692374).

By using[lumusictech.com]("Website") and Lú software ("Software" or "Services"), you agree to these Terms of Service.

2. Eligibility

You must be 16+ to use our Services.
By using them, you confirm you meet this requirement.

3. Accounts

You agree to provide accurate information, maintain confidentiality, and accept responsibility for your account activity.
We may suspend accounts for misuse or unlawful activity.

4. Software Licence

Lú grants a non-exclusive, non-transferable, revocable licence for personal or professional use.
You may not reverse-engineer, distribute, or sublicense the Software.
All intellectual property remains with Lu Music Technology Limited.

5. Payments & Refunds

Payments are processed viaMoonbase.
Under the UK Consumer Contracts Regulations (2013) and EU Consumer Rights Directive, you may cancel within 14 days unless the Software has been downloaded or activated, in which case you waive this right.

Refunds may be granted at our discretion for duplicates or technical issues.

6. Updates & Support

We may provide updates to enhance performance or fix bugs.
For support:support@lumusictech.com

7. Privacy & Cookies

Your data is governed by ourPrivacy PolicyandCookie Policy.

8. Intellectual Property

All content and designs are owned by Lu Music Technology Limited and protected under copyright and trademark law.

9. Liability Limitation

We are not liable for indirect or consequential damages.
Total liability is limited to the purchase price of the Software.

10. Termination

We may terminate access for breach of Terms.
Termination does not affect accrued rights.

11. Governing Law

These Terms are governed by the laws of Northern Ireland, United Kingdom.

11A. International Users

Lú operates globally and complies with applicable consumer-protection and privacy laws in the regions where it offers Services.
While UK law governs these Terms, users outside the UK may be protected by mandatory laws in their jurisdiction.

12. Changes

We may revise these Terms occasionally.
Material changes will be communicated via the Website or email.

13. Contact

Lu Music Technology Limited
Belfast, Northern Ireland, UK
Email:info@lumusictech.com

© 2025 Lu Music Technology Limited | All Rights Reserved

Your Privacy Choices (U.S. Residents)

Version 1.0
Effective Date:November 9, 2025

Lú respects your privacy and does not sell personal information.

Under the California Consumer Privacy Act (CCPA/CPRA), you may opt out of the sale or sharing of your data for advertising or analytics.

You can:

• Manage your cookie and analytics preferences using ourCookie Settingstool; or
• Contact us atinfo@lumusictech.comwith "CCPA Request" in the subject line.

We honour privacy requests globally, including those under CCPA/