Privacy Policy — General Information

This Privacy Policy explains how Lumisara (operating under domain jradius.pro) collects, uses, stores and shares personal data in connection with our custom software development and operational services. It applies to data collected from clients, prospective clients, end users of solutions we deliver, and visitors to our website. Practical scenarios are used throughout to clarify how specific types of project data are handled — for example, during a migration of operational records from legacy systems into a new application. Contact and business details: Lumisara, 2450 Ang Mo Kio Avenue 8, Singapore, 569812, phone +6588178485, Business ID S4728775A. Effective date: 10-01-2026.

10-01-2026 Lumisara, Business ID S4728775A 2450 Ang Mo Kio Avenue 8, Singapore, 569812 [email protected]

Definitions

The following definitions clarify terms used in this policy and are illustrated with practical examples drawn from software delivery and operational use cases.

Personal data means any information that identifies or can reasonably identify an individual. Example: a project stakeholder's name, email and role collected to provision access to a new operational dashboard.
Processing refers to any operation performed on personal data, such as collection, storage, modification, analysis, transfer or deletion. Example: importing employee records into a role-based access control system and updating records during routine maintenance.
User refers to any individual whose personal data we process, including client contacts, end users of delivered systems, job applicants, and website visitors.
Service means the software development, integration, hosting, maintenance and support services offered by Lumisara to improve business operations, including custom dashboards, automation rules and integrations with third-party systems.
Cookies are small files placed on a device to enable site features, remember preferences, or collect analytics data. We explain cookie types and how they are used in the Cookies section.

Data We Collect

We collect data submitted directly by users, data generated automatically during use, and data obtained from third parties relevant to project delivery. Examples and scenarios are used below to show why each category is required and how it supports operational outcomes.

Data You Provide Directly

When engaging with Lumisara for a project or using our site, you may provide data to enable delivery, support and billing. Typical items include:

  • Contact details (name, business email, business phone) used to manage project communication and access for team members.
  • Company and operational data (company name, department, role, project requirements, system credentials where required for migration) supplied during discovery and implementation phases.
  • Billing and invoicing information (billing address, tax identifiers) required to issue invoices and process payments for development and support services.
  • Project content and documents (specifications, workflow diagrams, sample datasets) uploaded to our systems to facilitate development, testing and validation.
  • Support and feedback communications, including screenshots and logs you provide to troubleshoot incidents and refine operational workflows.
  • Consent records and preferences where you have explicitly agreed to communications or optional features.

Automatically Collected Data

We collect certain technical and usage data automatically to operate, secure and improve our services. Typical items and example use cases follow:

  • Device and browser information (e.g., browser type, device type) used to diagnose compatibility issues when a client reports a malfunction in a production environment.
  • IP addresses and geolocation data used for basic security, detecting anomalous access patterns, and tailoring regional deployments.
  • Usage logs and telemetry from applications we operate for clients, which help prioritize performance optimizations and reproduce incidents during post-deployment support.
  • Error reports and crash data used to fix defects in delivered software and prevent recurrence in operational scenarios.
  • Analytics data about site and application usage to guide product improvements and prioritize feature work based on real-world usage patterns.
  • Authentication and access logs to support audit trails and compliance reviews during operational audits.

Data from Third Parties

We may receive data from third parties when necessary for project delivery, integrations, or legal compliance. Typical sources include cloud providers, payment processors, and enterprise systems.

  • Cloud and hosting providers that store or process project data as part of hosting environments or backups.
  • Payment and invoicing platforms used to process client payments and manage billing records.
  • Client-authorized system integrators or enterprise systems that provide operational data feeds during integration projects.

Purposes of Processing

We process personal data for specific business and operational reasons. Each purpose below is illustrated with a scenario or case study where applicable.

  • To deliver and maintain software services, including migration, integration, and ongoing hosting — e.g., onboarding a logistics client and migrating three months of transaction history into a new system.
  • To communicate with clients and respond to support requests, including troubleshooting and security incident notifications.
  • For billing, invoicing and business administration relating to contracted services.
  • To perform analytics and continuous improvement of our products and services based on usage and performance metrics.
  • To enforce terms, manage contracts, and comply with legal obligations during audits or regulatory requests.
  • To support marketing communications where consent has been given, such as notifying prospects about case studies or events that match their operational profile.
  • For security, fraud detection and prevention to protect clients and maintain reliable operations.
  • To enable lawful business transfers (e.g., corporate reorganizations) while minimizing operational impact on clients through clear migration plans.

Legal Bases for Processing

Where applicable under local or international law, we rely on one or more legal bases to process personal data. The specific basis depends on the processing activity and its context.

  • Performance of a contract: processing needed to deliver services, such as using contact details to set up accounts and access for project stakeholders.
  • Legitimate interests: processing for security, fraud prevention, and system improvements where the interest is balanced against individual rights.
  • Consent: for optional marketing communications and non-essential cookies where explicit consent is required and recorded.
  • Compliance with legal obligations: where processing is necessary to meet regulatory, tax or audit requirements.

GDPR and Applicable Rights (where applicable)

When EU data protection rules such as the GDPR apply, individuals have specific rights. We describe those rights and how we handle requests, illustrated with practical steps and examples.

  • Right of access: you may request a copy of personal data we hold about you. Example: a client contact requests the list of user accounts and roles created for a project.
  • Right to rectification: you may ask to correct inaccurate or incomplete data, such as an incorrect billing address before invoicing.
  • Right to erasure: subject to legal restrictions and contractual requirements, requests to delete personal data will be assessed and processed where feasible without disrupting operational obligations.
  • Right to restriction of processing: you may request limitations on certain processing activities while a dispute or verification is resolved.
  • Right to data portability: where technically feasible, we can provide structured machine-readable exports of personal data you supplied in the course of using our service.
  • Right to object: you can object to processing based on legitimate interests for direct marketing; we will assess and follow up in a reasoned manner.

Cookies and Similar Technologies

We use cookies to provide site functionality, store preferences, and gather analytics. Cookies may also appear in the software we host to support session management and usage analytics relevant to operational performance.

Types include session cookies (temporary), persistent cookies (store preferences), and third-party cookies used by analytics or embedded tools. Example: a session cookie keeps a developer logged into a staging environment while testing workflows.

Categories include essential cookies (necessary for service operation), performance cookies (collect anonymized analytics), and optional cookies (used for marketing or personalization where consent is required).

You can manage cookie preferences via the cookie banner on our website and through browser settings. For application-specific cookies used in client deployments, administrators can configure retention and scope during implementation.

/cookie-policy

How We Share Data

We share data only as required to deliver services, comply with law, or with consent. Practical sharing scenarios are listed below.

  • With service providers performing hosting, backups, analytics, and payment processing under contractual controls and confidentiality obligations.
  • With client-authorized third parties and integrators when integration work requires access to source systems or data feeds.
  • With advisors and auditors to meet legal and business compliance during independent reviews.
  • In response to lawful requests from authorities, where disclosure is required by applicable law.
  • With potential acquirers or during corporate restructures, subject to confidentiality terms and measures to preserve client continuity.
  • With analytics and monitoring partners to improve platform reliability and user experience under strict data processing agreements.

International Data Transfers

Some data processing involves international transfers, for example when using global cloud providers or cross-border development teams. We document transfers in contracts and apply appropriate safeguards.

Safeguards may include standard contractual clauses, encryption in transit and at rest, access controls, and contractual commitments from subprocessors to meet protections comparable to those required by the originating jurisdiction.

Data Retention

We retain personal data only as long as necessary for the purposes described, and per legal and contractual obligations. Retention periods are based on the type of data and the operational scenario.

Account and profile information is retained for the duration of the client relationship and for a defined period after account closure to allow for dispute resolution, legal compliance, and orderly migration. Typical retention after account termination is up to 5 years unless otherwise agreed.

Support messages, emails and ticket histories are retained to provide continuity of support and to analyze recurring operational issues. Retention typically follows the account retention period, unless deletion is requested and feasible.

System logs and telemetry used for security and diagnostics are retained for operational needs and compliance. Retention periods vary by log type; security logs may be kept longer for forensic purposes and regulatory reasons.

When data is no longer required, we take steps to delete or de-identify it in our systems and backups in a manner consistent with operational continuity and legal obligations.

Security Measures

We implement technical and organizational measures to protect personal data in development, staging and production environments. Security decisions are informed by real incident scenarios and post-incident reviews, and adjusted to reduce repeat occurrences without overstating outcomes.

  • Encryption of data in transit and at rest, role-based access control, and multi-factor authentication for administrative access to production systems.
  • Regular security assessments, logging and monitoring, incident response procedures and least-privilege principles applied to project access.
  • Regular access reviews and role-based controls applied to project repositories and production systems to limit exposure to authorized personnel only; documented change logs retained for audit purposes.

User Rights and How to Exercise Them

As part of our operational engagements with clients across Singapore and the region, Lumisara recognizes the following data subject rights. We support practical, scenario-driven exercises to help clients exercise these rights and to demonstrate how requests are handled within our project workflows.

  • Right to access: you can request a copy of personal data we hold about you and a summary of processing activities related to that data.
  • Right to rectification: you may request correction of inaccurate or incomplete personal data; we document the change and notify downstream processors where applicable.
  • Right to erasure: where legally appropriate and operationally feasible, you may request deletion of personal data; we evaluate retention obligations and provide an actionable timeline for removal in response scenarios.
  • Right to restriction of processing: you may request limits on how your data is processed while preserving evidence of the request and any necessary operational exceptions.
  • Right to data portability: for structured data you provided, we can export it in common, machine-readable formats to facilitate migration to another service provider.
  • Right to object: you may object to processing based on legitimate interests or direct marketing; we record objections and adapt processing wherever no overriding lawful basis exists.
  • Right to withdraw consent: when processing is based on consent, you can withdraw consent at any time; withdrawal affects future processing and is logged in project records.
  • Right to lodge a complaint: if you believe your rights have not been respected, you can contact Lumisara or the Singapore Personal Data Protection Commission (PDPC) following local procedures.

How to make a data rights request

To submit a request regarding your personal data, provide a clear description of the right you wish to exercise and relevant identifiers (project name, email used in project records). We will verify identity and acknowledge receipt. Practical examples: (1) an employee requesting a copy of onboarding records created during a systems integration project; (2) a client contact requesting export of configuration data for transfer to an in-house platform.

[email protected]

We aim to acknowledge requests within 5 business days and complete standard requests within 30 calendar days. Complex requests that require coordination with third-party processors may take longer; we will explain expected timelines and interim steps in each case.

Marketing communications and choices

Lumisara may send product updates, case studies, and event invitations relevant to custom software development for business operations. Marketing content is tailored based on engagement history and explicit preferences collected during project intake or contact sign-up.

You can unsubscribe from marketing emails using the link in any email or by contacting [email protected]. Unsubscribe requests are actioned promptly; transactional messages about active projects will continue where necessary for service delivery.

Children's data

Our services are intended for businesses and professionals; we do not knowingly collect personal data from children under 13. If child data is encountered in client submissions, we treat it with heightened caution, remove it when requested, and notify the client engagement lead for remediation.

Third-party links

Content on jradius.pro may link to external sites and third-party services used in software implementations. These sites have separate privacy practices. We advise reviewing third-party privacy policies before submitting personal information in those environments.

Changes to this privacy notice

This privacy notice is reviewed periodically and updated to reflect operational changes, regulatory developments, or new service offerings. Revisions include case-study driven examples of processing adjustments and will be posted on jradius.pro with the effective date indicated.

Hello — this is Lumisara. How can we help with your operational software needs today?