1. Overview
This Luxion Privacy Policy (this “Policy”) explains how Luxeon, LLC d/b/a Luxion (“Luxion,” “we,” “us,” or “our”) collects, uses, protects, discloses, and retains information in connection with Luxion’s websites, beta software platform, account creation, paid beta subscriptions, demos, forms, support communications, billing, and related services (collectively, the “Service”).
For purposes of this Policy, “Customer Data” means Customer Content, Personal Information, account information, billing metadata, support communications, usage activity, configuration data, security logs, and other information submitted to, generated in, or processed through the Service for a Customer or its users. “Customer Content” means the project, product, workflow, file, prompt, quote, submittal, linecard, cross-reference, feedback, and similar business content that Customers submit to or generate through the Service. “Personal Information” means information that identifies, relates to, or can reasonably be linked to an identifiable individual.
Luxion is generally a controller or business for website, account, sales, demo, billing, security, and business-contact information. Luxion generally acts as a processor or service provider for Customer Content and Customer-uploaded project information that Luxion processes on behalf of a business Customer under the applicable agreement.
Luxion is built for lighting product search, fixture crossing, quote workflows, submittals, project tracking, linecard management, CRM-related workflows, and related construction-sales operations. Customer trust is central to the Service. We take data privacy and security seriously and design our handling of Customer Data around limited access, operational necessity, confidentiality, and protection of customer-specific work product.
This Policy should be read together with the Luxion Beta Terms of Service, Luxion Paid Beta Subscription & Payment Terms, any applicable Beta Checkout Agreement, and any signed order form, data processing addendum, or customer-specific agreement.
2. Key Customer Data Commitments
Luxion makes the following privacy and data-use commitments for business customers and organization users:
No sale of Customer Data. Luxion does not sell Customer Data, Customer Content, project data, linecards, crosses, quotes, submittals, feedback, usage history, account data, or personal information.
No sharing with other customers. Luxion will not share Customer project data, crosses, quotes, submittals, linecards, product schedules, customer-specific feedback, project records, bid activity, opportunity data, or organization-specific outputs with other customers without Customer’s express consent.
No public identification without permission. Luxion will not publicly identify Customer, Customer clients, Customer projects, Customer quotes, Customer submittals, Customer crosses, or Customer feedback without express written consent, except where legally required.
Limited service-provider access. Luxion may use vetted service providers, such as authentication, hosting, database, payment, security, analytics, communications, email, AI, support, legal, tax, and accounting providers, only as needed to operate, secure, support, bill, analyze, and improve the Service. These providers are not permitted to use Customer Data for their own independent marketing, resale, or data-brokerage purposes.
AI provider training restriction. Luxion does not permit third-party artificial intelligence providers to use Customer Content or Customer Confidential Information to train or improve their general-purpose or shared models. Luxion will use providers and configurations that contractually or technically prohibit such use.
Product improvement without exposing identity. Luxion may use feedback, corrections, usage patterns, error reports, and operational signals to improve the Service, but we will not disclose who provided the feedback or expose customer-specific project details to other customers.
Organization-specific improvement. Luxion may use Customer’s own data and activity to improve results, configuration, linecard quality, recommendations, and workflow performance within that Customer’s own organization.
De-identified and aggregated improvement. Luxion may use aggregated or de-identified information derived from Service usage to improve accuracy, reliability, performance, workflows, analytics, security, and product quality, provided the information cannot reasonably be used to identify Customer, Customer users, Customer clients, Customer projects, specific crosses, specific quotes, or specific submittals.
3. Information We Collect
3.1 Account and Contact Information
We may collect information that Customer, users, administrators, prospects, or representatives provide directly to us, including name, business email address, company name, title, phone number, billing contact information, organization name, user role, account preferences, demo requests, support requests, and communications with Luxion.
3.2 Organization, Product, and Workflow Information
Customers may submit or generate information through the Service, including fixture schedules, product schedules, linecards, represented manufacturers, manufacturer preferences, project records, product data, specification information, uploaded files, prompts, inputs, crosses, product matches, recommendations, quotes, submittals, project notes, CRM-related records, workflow activity, corrections, validations, and feedback (“Customer Content”). Customer Content is a category of Customer Data.
Customer Content may include proprietary business information. Luxion treats Customer Content as confidential under the applicable Luxion agreements and this Policy. Customer remains responsible for ensuring that it has the right to submit Customer Content to the Service and for avoiding upload of information that is prohibited by contract, law, regulation, project requirement, or customer policy.
3.3 Billing and Payment Information
Payment information may be collected and processed by Stripe or another payment processor. Luxion may receive or store billing metadata such as billing name, company, email, billing address, subscription status, invoice IDs, payment status, plan, seat count, tax information, tax IDs where applicable, payment confirmation, failed-payment notices, and transaction records. Luxion does not need to store full payment-card numbers to operate ordinary Stripe billing workflows.
3.4 Authentication and Security Information
Luxion uses Clerk for authentication and account access workflows. Authentication-related information may include account identifiers, email addresses, login timestamps, session information, device/browser signals, account status, two-factor authentication or multi-factor authentication configuration, access logs, security events, and related metadata needed to operate secure account access.
3.5 Automatically Collected Information
We may automatically collect information about devices, browsers, and Service usage, including IP address, browser type, operating system, device identifiers, pages visited, referring pages, time and date of visit, session duration, feature usage, clicks, error logs, performance logs, diagnostic data, and similar technical information.
3.6 Cookies and Similar Technologies
Luxion may use cookies, local storage, pixels, analytics tools, and similar technologies in the following categories: essential authentication and session technologies; security, fraud-prevention, and abuse-detection technologies; preference and functionality technologies; and basic operational analytics used to understand performance, reliability, and product usage.
Luxion does not currently use advertising or remarketing cookies for the website or Service. Users can manage certain cookie settings through their browser, although disabling essential cookies may affect Service functionality. Where applicable law requires consent for nonessential cookies or similar technologies, Luxion will use an appropriate consent mechanism before activating those technologies.
4. How We Use Information
Luxion may use information for the following purposes:
Provide and operate the Service, including account creation, organization setup, linecard configuration, product search, fixture crossing, quote workflows, submittals, project tracking, support, billing, and related features.
Configure Customer’s organization, including represented manufacturers, user access, permissions, onboarding, product data coverage, and customer-specific workflow settings.
Generate, display, store, support, and improve Customer-specific outputs, including crosses, quotes, submittals, recommendations, project records, and workflow results.
Improve the Service, including product accuracy, crossing quality, linecard quality, search relevance, recommendation logic, quote workflows, submittal formatting, CRM-related workflows, user experience, reliability, security, and performance.
Create and use properly aggregated or de-identified signals for product improvement, analytics, reliability, security, and business operations.
Use feedback and corrections to improve the product, while not publicly identifying the customer or user who provided the feedback without consent.
Communicate with Customer and users about account setup, support, billing, product updates, demos, beta changes, legal notices, security notices, and service-related information.
Process payments, administer subscriptions, calculate taxes where configured, manage invoices, respond to payment issues, and maintain business records.
Detect, prevent, investigate, and respond to fraud, abuse, unauthorized access, credential sharing, security incidents, misuse, policy violations, and legal or compliance risks.
Comply with legal obligations, enforce agreements, protect rights, preserve evidence, respond to lawful requests, and defend Luxion, customers, users, and the Service.
5. How We Do Not Use Customer Data
The following restrictions apply unless Customer gives express written consent or unless a disclosure is required by law:
We do not sell Customer Data or personal information.
We do not share Customer crosses, quotes, submittals, project records, linecards, fixture schedules, product schedules, project activity, bid activity, opportunity data, or Customer-specific outputs with other customers.
We do not disclose which customer provided a specific piece of feedback, correction, validation, cross, quote, submittal, project record, or workflow example to other customers.
We do not use Customer Content for another customer’s private project file, quote, submittal, or customer-specific deliverable.
We do not permit advertisers, data brokers, or unrelated third parties to use Customer Data for their independent marketing, resale, or data-brokerage purposes.
Luxion does not permit third-party artificial intelligence providers to use Customer Content or Customer Confidential Information to train or improve their general-purpose or shared models. Luxion will use providers and configurations that contractually or technically prohibit such use.
Luxion does not treat pseudonymized, tokenized, hashed, or otherwise linkable information as unrestricted de-identified information when it can reasonably be linked back to Customer, a user, a client, a project, a quote, a submittal, a cross, or a linecard.
6. Product Improvement, Feedback, and De-Identified Data
Luxion may use Customer feedback, corrections, validation notes, support issues, product-selection patterns, search signals, crossing outcomes, quote workflow activity, submittal workflow activity, error reports, usage patterns, and other operational information to improve the Service. This includes improving crossing accuracy, product-finder logic, manufacturer mapping, linecard quality, quote and submittal workflows, document formatting, onboarding, user experience, security, and beta performance.
Luxion may use Customer Content and usage activity to improve results within Customer’s own organization. For example, Luxion may use Customer’s linecard corrections, product preferences, represented manufacturers, prior validations, and workflow activity to improve Customer’s own future matches, searches, crosses, quotes, submittals, and project workflows.
Luxion may create and use aggregated or de-identified data for product improvement, analytics, benchmarking, reliability, security, and business operations when the data cannot reasonably be used to identify Customer, Customer users, Customer clients, specific projects, specific crosses, specific quotes, specific submittals, or specific linecards.
Pseudonymized, tokenized, hashed, or generalized information that can reasonably be linked back to a Customer, user, client, project, quote, submittal, cross, or linecard remains Customer Data or Personal Information, as applicable. Luxion will handle that information under this Policy and the applicable Luxion agreement unless and until it has been properly de-identified or aggregated.
Luxion will not intentionally identify Customer, Customer users, Customer clients, specific projects, specific crosses, specific quotes, specific submittals, or specific linecards in public disclosures, customer-facing examples, or shared benchmarks without express consent.
7. Service Providers and Limited Disclosures
Luxion may disclose limited information to service providers, vendors, and subprocessors who help us operate, secure, support, bill, analyze, and improve the Service. These may include authentication providers such as Clerk, payment processors such as Stripe, cloud hosting and database providers, analytics providers, artificial intelligence providers, communication and email providers, support tools, security tools, document-signature tools, legal/tax/accounting advisors, and other operational vendors.
Service providers may process information only for the purposes of providing services to Luxion or Customer, subject to contractual, technical, or professional obligations where applicable. Luxion does not authorize service providers to sell Customer Data or use Customer Content for their independent marketing, resale, or data-brokerage purposes.
Luxion will maintain a public subprocessor page or trust notice listing material provider categories and material subprocessors used for authentication, payments, hosting/database, analytics, AI, email, support, and similar operational services, and will update that notice when material subprocessors change.
For Customer Content and Customer Confidential Information processed by third-party artificial intelligence providers, Luxion will use providers and configurations that contractually or technically prohibit use of that information to train or improve the provider’s general-purpose or shared models.
Luxion may also disclose information: (a) when required by law, subpoena, court order, regulator request, or lawful process; (b) to protect rights, safety, security, property, or the integrity of the Service; (c) in connection with payment disputes, fraud prevention, sanctions screening, tax compliance, or enforcement of agreements; or (d) in connection with a merger, acquisition, financing, corporate restructuring, sale of assets, or similar transaction, provided the recipient is bound to protect the information consistent with this Policy or applicable law.
8. Data Security
Luxion uses commercially reasonable administrative, technical, and organizational safeguards designed to protect information against unauthorized access, use, disclosure, alteration, loss, and destruction. Security is an ongoing process, and no beta software platform, internet transmission, cloud environment, or electronic storage method can be guaranteed to be completely secure.
Luxion’s safeguards may include, as applicable and available:
Authentication through Clerk, including support for two-factor authentication or multi-factor authentication capabilities through Clerk account workflows.
Role-based access, organization-level account separation, and user-permission controls where available in the Service.
Encryption in transit using standard transport security for web traffic.
Cloud hosting and database infrastructure with access controls and provider security controls.
Internal access limitations, least-privilege principles where practical, and confidentiality expectations for personnel and contractors with access to customer environments.
Logging, monitoring, diagnostic records, and security-event review to help detect unauthorized access, abuse, errors, and account issues.
Manual authorization and organization setup processes during beta, including linecard configuration and account activation controls.
Third-party AI, hosting, analytics, authentication, and support provider configurations and contracts designed to protect Customer Confidential Information and restrict unrelated provider use, including AI provider model-training restrictions described in this Policy.
If Luxion becomes aware of a security incident involving Customer Data, Luxion will investigate, take reasonable containment and remediation steps, and provide notice to affected Customers, users, regulators, or other parties when required by applicable law or agreement. Luxion will not delay required notice solely to complete a full investigation, but notice timing and content may depend on the facts, law-enforcement needs, legal requirements, and available information.
Customers and users are responsible for maintaining the confidentiality of login credentials, enabling available security features, using strong authentication practices, limiting internal access, and promptly notifying Luxion of suspected unauthorized access, credential compromise, account sharing, or security issues.
9. Account Access, Credentials, and User Responsibility
Each Luxion account is intended for the named user assigned to that account. Users must not share passwords, authentication credentials, two-factor authentication codes, sessions, API keys, or account access with unauthorized persons. Customer is responsible for activity under its organization account and for ensuring that users access the Service only for authorized internal business purposes.
Luxion may monitor, log, investigate, suspend, or restrict accounts when we reasonably believe there is unauthorized access, credential sharing, abuse, security risk, suspicious activity, or violation of Luxion agreements.
10. Data Retention and Deletion
Luxion retains information only for as long as needed for the purposes described in this Policy, Luxion agreements, legal and tax requirements, security needs, dispute resolution, product operation, and legitimate business functions. Current retention criteria include the following schedule unless a longer retention period is required or permitted by law, contract, security need, backup integrity, dispute, or compliance obligation.
Active Customer Content is retained for the duration of the applicable subscription, account, beta, trial, or customer relationship.
Customer Content from deleted or terminated accounts is ordinarily deleted from active production systems within 30 to 90 days after verified deletion, termination, or written administrator request, subject to legal holds, account disputes, unpaid invoices, security investigations, or contractual obligations.
Backups and disaster-recovery copies are overwritten according to Luxion’s backup cycles and are not used for ordinary production access. Backup deletion may occur after active-system deletion as backup cycles expire.
Billing, payment, tax, accounting, and transaction records are retained for the period required or permitted by applicable law and ordinary business recordkeeping obligations.
Security logs, access logs, diagnostic records, and abuse-prevention records are generally retained for an operational security period, typically 12 to 24 months, unless needed longer for security, fraud prevention, legal, compliance, or dispute-resolution purposes.
Demo, sales, marketing, and lead records are reviewed periodically and are ordinarily deleted, archived, or refreshed after 24 months of inactivity unless the contact remains an active prospect, customer, user, business contact, or legal/business record.
Customers may request deletion of account information or Customer Content by contacting Luxion. Luxion will review deletion requests and respond as required by applicable law and contractual obligations. Some information may be retained where necessary for legal, tax, accounting, security, backup, fraud prevention, dispute resolution, compliance, or enforcement purposes.
Aggregated or de-identified information that cannot reasonably identify Customer, users, clients, projects, crosses, quotes, submittals, or linecards may be retained and used for product improvement, analytics, security, and business operations. Pseudonymized or otherwise linkable information is not treated as unrestricted de-identified information.
11. International and Cross-Border Processing
Luxion is based in the United States. Customer Data and personal information may be processed, hosted, transmitted, supported, accessed, or stored in the United States, Canada, or other jurisdictions where Luxion or its service providers operate. Data processed in another jurisdiction may be subject to the laws and lawful-access requests of that jurisdiction.
Customers are responsible for ensuring they have all rights, notices, permissions, consents, and lawful bases needed to submit information to the Service, including information relating to employees, contractors, clients, project owners, consultants, manufacturers, suppliers, and other third parties.
Enterprise, Canadian, UAE, UK, EU, or other regulated customers may request a data processing addendum, cross-border transfer terms, or customer-specific privacy and security terms where appropriate for the Customer’s use case and jurisdiction.
12. Sensitive and Restricted Information
Unless Luxion expressly approves otherwise in writing, customers and users must not upload or submit sensitive personal information or restricted information to the Service. This includes Social Security numbers, Social Insurance Numbers, passport numbers, driver-license numbers, payment-card numbers, bank-account numbers, protected health information, biometric identifiers, children’s information, criminal-history information, precise geolocation data unrelated to business operations, classified information, controlled unclassified information, export-controlled information, defense information, sanctioned-party information, government-secret information, embassy-sensitive information, or other legally restricted information.
If Customer believes a project, customer, jurisdiction, contract, government entity, or data category requires special security, privacy, procurement, export-control, controlled-goods, or regulatory treatment, Customer must notify Luxion before uploading such information or using the Service for that purpose.
13. User Rights and Requests
Depending on location and applicable law, individuals may have rights to request access, correction, deletion, portability, restriction, objection, or information about how personal information is used. Users may also opt out of marketing communications by following instructions in those communications or contacting Luxion.
To submit a privacy request, contact Drew Engard, Luxion’s Privacy Officer, at Drew@Luxion.AI. Luxion may need to verify identity, authority, account ownership, or organization affiliation before responding.
For Customer Content and organization-managed accounts, end users should generally submit access, correction, deletion, export, or similar requests through the Customer administrator or account owner. Customer administrators may submit requests to Luxion by identifying the organization, affected user or record, requested action, and their authority to act for the organization.
Where Luxion acts as a processor or service provider, Luxion will assist the Customer in responding to valid user requests as required by the applicable agreement and law, but the Customer remains responsible for instructions, notices, and responses to its own users, clients, employees, contractors, and other data subjects.
Luxion will respond to privacy requests as required by applicable law. Some requests may be limited by legal, tax, security, backup, contractual, operational, or legitimate business requirements.
14. Canadian Privacy Notice
For Canadian users and business customers, Luxion’s handling of personal information may be subject to Canadian federal or provincial privacy laws, depending on Customer location, activity, and the nature of the information. Luxion collects, uses, discloses, and retains personal information for the purposes identified in this Policy, Luxion agreements, checkout materials, invoices, order forms, support communications, and related notices.
Drew Engard is Luxion’s designated Privacy Officer for Canadian privacy inquiries and complaints. Canadian users or Customers may contact the Privacy Officer at Drew@Luxion.AI to request access, correction, information about retention or cross-border processing, or to submit a privacy complaint.
Luxion will review Canadian privacy complaints, verify identity and authority where appropriate, investigate the concern, and provide a response as required by applicable law. If a complaint is not resolved, individuals may have the right to contact the Office of the Privacy Commissioner of Canada or an applicable provincial privacy regulator.
Luxion remains accountable for personal information under its control, including personal information transferred to service providers for processing. Luxion uses contractual, technical, and organizational measures designed to require service providers to protect personal information and process it only for authorized purposes.
Customer is responsible for providing required notices and obtaining required consents for personal information Customer submits to the Service, including personal information relating to Customer’s users, employees, contractors, clients, project owners, consultants, manufacturers, suppliers, and other third parties.
15. Children and Consumer Use
The Service is intended for business, commercial, professional, and internal operational use. It is not directed to children and is not intended for personal, family, household, consumer, employment-screening, public resale, service-bureau, or regulated government use unless Luxion expressly approves that use in writing.
16. Third-Party Links and Services
Luxion websites, outputs, support communications, or documentation may contain links to third-party websites, manufacturer websites, product pages, specification sheets, payment processors, authentication services, document-signature tools, or other third-party services. Luxion is not responsible for the privacy practices, content, security, or policies of third-party websites or services that are not controlled by Luxion. Users should review applicable third-party privacy notices before providing information to those parties.
17. Changes to This Policy
Luxion may update this Policy from time to time. Updated versions may be posted, provided during checkout, attached to a DocuSign packet, made available in the Service, sent by email, or otherwise communicated. Each version will identify its effective date, last updated date, and version number.
For material changes that meaningfully affect how Luxion collects, uses, discloses, or retains Customer Data or Personal Information, Luxion will provide advance or direct notice when reasonably practicable and when required by applicable law or agreement. Non-material updates may become effective on the stated effective date.
18. Contact Information
Billing and account requests: Gianni Fontana, Gianni@Luxion.AI.
Technical support: support@luxion.ai.
Legal/formal notices: Luxeon, LLC d/b/a Luxion, Attn: Drew Engard, 2345 E Thomas Rd Ste 100 #406, Phoenix, AZ 85016, United States, Email: legal@luxion.ai.
End of Luxion Privacy Policy.