Skip to main content

LEGAL

Privacy Policy

Last updated: 15 April 2026

1. Who we are

Lumorrow ("Lumorrow," "we," "our," or "us") operates an AI-native programmatic ad exchange. We are the data controller for information collected on this website and the data processor for bid-request and auction data processed on behalf of publishers and demand partners who use our platform.

Our contact address for privacy matters is info@lumorrow.com.

2. Scope of this policy

This policy applies to:

  • This website (lumorrow.com) — covering visitors who browse, read our blog, or submit contact enquiries.
  • The Lumorrow platform — covering publishers and demand partners who hold accounts and use our services.
  • Auction and bid-request processing — covering technical data processed through our exchange infrastructure on behalf of platform participants.

It does not govern the privacy practices of publishers or demand partners who use Lumorrow to serve advertising to end users on their own properties. Those parties are independent data controllers and are responsible for their own end-user disclosures.

3. Data we collect

3.1 Website visitors

  • Contact form submissions: company name, email address, role, and any information voluntarily provided in the message field.
  • Technical log data: IP address, browser type, referring URL, pages visited, and timestamps. This data is collected automatically by our web server and supporting analytics tooling.
  • Analytics and tag-management data: we use Google Tag Manager to deploy Google Analytics on this website. Google Analytics may collect pseudonymous identifiers (for example, client IDs), page interactions, approximate geolocation, and device/browser information.
  • Cookies and similar technologies: see our Cookie Policy for detail.

3.2 Platform accounts (publishers and demand partners)

  • Account data: company name, authorised contact name(s), email address(es), billing details, and tax identification numbers where required.
  • Integration configuration: domain lists, ad unit configuration, endpoint URLs, and related technical settings.
  • Support and communications: records of correspondence, support tickets, and call notes.

3.3 Auction and bid-request data

When a bid request flows through the Lumorrow exchange, it may contain:

  • IP address and derived geolocation (country, region, city)
  • Device identifiers (where provided and consented in accordance with applicable law)
  • User-agent strings and inferred device attributes
  • Page URL, content category, and IAB taxonomy signals
  • Publisher-supplied audience segments and contextual signals
  • IAB TCF v2.2 consent strings and GPP strings, where applicable

This data is processed transiently for auction decisioning purposes. Aggregated and anonymised auction event data is retained for reporting and optimisation.

Where the General Data Protection Regulation (GDPR) applies, we rely on the following legal bases:

  • Contract (Art. 6(1)(b)): processing necessary to perform our publisher and demand partner agreements, including account management, auction operation, and payment.
  • Legitimate interests (Art. 6(1)(f)): operating a secure and reliable exchange, fraud and invalid-traffic detection, product analytics, and responding to enquiries. We have assessed that these interests are not overridden by data-subject rights.
  • Legal obligation (Art. 6(1)(c)): retaining financial and transaction records as required by law.
  • Consent (Art. 6(1)(a)): where we send optional marketing communications, or where end-user consent is required under the ePrivacy Directive for cookie or identifier-based processing.

5. How we use data

  • Operate, maintain, and improve the Lumorrow ad exchange platform
  • Process bid requests and run auction logic in real time
  • Measure website traffic and engagement through Google Analytics reporting
  • Provide reporting dashboards and yield analytics to publishers and demand partners
  • Detect, investigate, and prevent invalid traffic, fraud, and abuse
  • Communicate service updates, technical notices, and support responses
  • Manage billing, invoicing, and financial reconciliation
  • Comply with legal and regulatory obligations
  • Maintain supply-chain transparency via sellers.json and related IAB standards

6. Data sharing and disclosure

We do not sell personal data. We may share data with:

  • Demand partners: bid request data is transmitted to participating demand partners as part of the auction process. This is inherent to the operation of the exchange and is governed by demand partner agreements that include appropriate data-processing obligations.
  • Analytics and tag-management providers: Google Ireland Limited and Google LLC, as processors/sub-processors for Google Tag Manager and Google Analytics services used on lumorrow.com.
  • Infrastructure and cloud providers: hosting, database, monitoring, and CDN services operating under data-processing agreements.
  • Payment processors: for billing and financial transaction purposes only.
  • Professional advisers: lawyers, accountants, and auditors, subject to professional confidentiality obligations.
  • Regulators and law enforcement: where required by applicable law, court order, or regulatory request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, where the successor entity is bound by terms no less protective than this policy.

7. International data transfers

Our infrastructure may be located in jurisdictions outside the European Economic Area (EEA) or United Kingdom. Where we transfer personal data internationally, we ensure an adequate level of protection through one or more of the following mechanisms:

  • EU Standard Contractual Clauses (SCCs) adopted by the European Commission
  • UK International Data Transfer Agreements (IDTAs) or addenda
  • Adequacy decisions issued by the relevant supervisory authority

You may request a copy of the relevant transfer mechanism by contacting us at info@lumorrow.com.

8. Data retention

  • Contact enquiries: retained for up to 2 years from the date of last contact.
  • Platform account data: retained for the duration of the account relationship and for up to 7 years thereafter for legal and financial compliance purposes.
  • Auction event data (aggregated): retained for up to 25 months for reporting, reconciliation, and model training. Raw bid-level logs containing personal data are purged on a shorter rolling cycle consistent with our data minimisation obligations.
  • Website log data: retained for up to 90 days.

9. Your rights

Under GDPR (EEA / UK residents)

You have the right to: access your personal data; rectify inaccurate data; erasure ("right to be forgotten") where no overriding legitimate purpose exists; restriction of processing; data portability; and to object to processing based on legitimate interests. You also have the right to lodge a complaint with your local supervisory authority.

Under CCPA / CPRA (California residents)

You have the right to know what personal information we collect and how it is used; to delete your personal information (subject to exceptions); to correct inaccurate personal information; to opt out of the sale or sharing of personal information (we do not sell or share personal information as defined under CCPA); and to non-discrimination for exercising your rights.

Exercising your rights

To exercise any of the above rights, email info@lumorrow.com with sufficient detail to identify your request. We will respond within 30 days (or within the statutory period required by applicable law). We may ask you to verify your identity before processing the request.

10. Children's data

The Lumorrow website and platform are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, contact us immediately and we will delete it.

11. Security

We implement technical and organisational measures appropriate to the risk, including TLS encryption in transit, access controls, audit logging, and regular security reviews. No method of transmission or storage is completely secure; we cannot guarantee absolute security but commit to notifying affected parties and regulators in the event of a breach as required by applicable law.

12. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email to platform account holders and by a prominent notice on this page. The "last updated" date at the top reflects the most recent revision. Continued use of our services after the effective date of any change constitutes acceptance.

13. Contact

For any privacy-related questions, requests, or complaints, contact us at:

Lumorrow
info@lumorrow.com