LumièreBack to home
Draft for review by counsel — not yet legal advice.

Legal

Privacy Policy

Last updated: July 13, 2026

1. Who we are and scope

Lumière (“Lumière,” “we,” “us”) is a gala and event management platform used by event organizers (“Organizers”) to manage guest lists, seating, check-in, auctions, raffles, RSVPs, and donations. This policy explains what personal data we collect, why we collect it, and the choices and rights you have.

It applies to the Lumière web application and PWA, our public pages (including the RSVP, giving, bidding, and seat-lookup pages), and related communications. It covers two groups of people:

  • Organizers and their staff — customers who create accounts and operate events. For their data, Lumière acts as a data controller.
  • Attendees and guests— people whose information is entered by an Organizer or submitted through a public form (such as RSVP). For most attendee data, the Organizer is the data controller and Lumière acts as a processor/service provider on the Organizer’s behalf.

If you are an attendee with questions about how your data is used for a specific event, the Organizer of that event is your primary contact; we will also assist directly where we can (see Contact).

2. Data we collect

Organizer account data. When an Organizer signs up or signs in, our authentication provider (Clerk) collects account information such as name, email address, and authentication credentials or identifiers. We receive the resulting profile and session information needed to operate the account.

Attendee and guest data. Entered by Organizers (for example via guest import) or submitted by guests themselves via public pages such as RSVP:

  • Name and email address
  • RSVP status and ticket or seating tier
  • Meal preference
  • Allergy and dietary information — this is health-adjacent, potentially special-category data. We collect it solely so kitchens and event staff can keep guests safe, and we treat it with heightened care.
  • Table assignments, bid (paddle) numbers, and raffle numbers
  • Check-in status and timestamps
  • Organization or company affiliation, where provided

Donation and payment metadata. If an event accepts donations, pledges, or bids, we record amounts, the associated guest or paddle number, and transaction status. Card payments are processed by our payment processors (such as Stripe or a connected payment portal) — we never store full card numbers or other full payment credentials on our systems.

Technical data. Like most web services, our hosting and error-monitoring infrastructure processes IP addresses, browser and device information, and request logs to deliver the service, maintain security, and diagnose errors. Our error monitoring (Sentry) is configured to scrub personal data from error reports.

3. How and why we use data

  • Operate the event: guest lists, seating charts, door check-in, auctions, raffles, and RSVP collection.
  • Guest safety: surfacing allergy and dietary needs to kitchen and event staff so no plate puts a guest at risk.
  • Process donations and payments through our payment processors and provide receipts and records to Organizers.
  • Send service communications, such as RSVP confirmations or event notifications, via email (Resend) or SMS (Twilio) where an Organizer has enabled them.
  • Secure, maintain, and improve the service, including error monitoring and abuse prevention.
  • Comply with legal obligations and enforce our terms.

We do not sell personal data, and we do not use attendee data for advertising or to build marketing profiles.

4. Lawful bases (GDPR)

Where the EU/UK General Data Protection Regulation applies, we rely on the following legal bases:

  • Contract (Art. 6(1)(b)) — providing the service to Organizers under our terms, and handling RSVP submissions a guest makes.
  • Legitimate interests (Art. 6(1)(f)) — service security, error monitoring, and fraud prevention, balanced against your rights.
  • Consent (Art. 6(1)(a)) — where required, for example any future non-essential cookies or analytics, and explicit consent (Art. 9(2)(a)) where it is the appropriate basis for allergy/dietary information a guest volunteers.
  • Legal obligation (Art. 6(1)(c)) — record-keeping and responding to lawful requests.

For attendee data managed on behalf of an Organizer, the Organizer is responsible for establishing its own lawful basis (for example, its legitimate interest in running the event or the guest’s consent), and Lumière processes that data under the Organizer’s instructions.

5. Sharing and sub-processors

We do not sell or rent personal data. We share it only with the service providers (sub-processors) below, with the relevant event Organizer, or where required by law:

  • Vercel — application hosting and content delivery.
  • Neon — managed Postgres database where event and guest records are stored.
  • Clerk — authentication and account management for Organizers and staff.
  • Sentry — error monitoring, configured with personal-data scrubbing.
  • Resend — transactional email delivery.
  • Twilio — SMS delivery, where enabled by an Organizer.
  • Stripe / connected payment portal — payment processing. Card details go directly to the processor; we retain only transaction metadata.

Event Organizers can see the guest data for their own events — including RSVP responses, meal and allergy details, and donation records — because they need it to run the event. We may also disclose data if required by law, or in connection with a merger or acquisition (in which case this policy continues to apply to data collected before the change).

6. Cookies

Lumière currently uses only strictly necessary cookies: session and security cookies set by our authentication provider (Clerk) to sign Organizers in, keep sessions secure, and protect against cross-site request forgery. These are essential to operating the service and do not require consent under EU/UK rules.

We do not currently use analytics, advertising, or other non-essential cookies. If we add analytics (for example, product analytics) in the future, we will first present a consent banner and obtain your consent before setting any non-essential cookies, and we will update this policy.

7. Offline check-in data on your device

To keep door check-in working when venue connectivity drops, the check-in screen may temporarily cache check-in actions (and the service worker may cache recently viewed pages) in the browser’s local storage on the staff device being used. Queued actions are synced to our servers and cleared automatically when the connection returns. Organizers should use managed or trusted devices for door check-in and sign out of shared devices after the event.

8. Data retention

  • Event and guest data is retained while the Organizer's event and account remain active, so Organizers can run recurring galas and keep donation records.
  • When an Organizer deletes a guest, an event, or their account — or asks us to — the corresponding data is deleted from our production systems within 30 days, and from encrypted backups on the backup rotation schedule (up to 90 days).
  • Payment and donation transaction records may be retained longer where tax, accounting, or other laws require.
  • Server logs and error reports are retained for short, rolling windows appropriate to security and debugging.

9. International transfers

Our infrastructure providers are primarily based in the United States, and data may be processed in the US or other countries where our sub-processors operate. Where data of EU/UK residents is transferred internationally, we rely on appropriate safeguards, such as the EU–US Data Privacy Framework certifications held by our providers and/or Standard Contractual Clauses, as applicable.

10. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you and receive a copy (data export).
  • Correct inaccurate or incomplete data.
  • Deleteyour data (“right to erasure”), subject to legal retention requirements.
  • Restrict or object to certain processing.
  • Port your data to another service in a machine-readable format.
  • Withdraw consent at any time, where processing is based on consent.
  • Complain to your local data protection authority.

To exercise any of these rights, email us at funderburg.treyben@gmail.com (interim privacy contact). If your request concerns data an Organizer controls for a specific event, we will assist and, where appropriate, route your request to that Organizer. We respond within the timeframes required by applicable law (generally 30 days under GDPR, 45 days under CCPA/CPRA).

11. California privacy rights (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, to access and delete it, to correct it, and to not be discriminated against for exercising these rights. The categories of personal information we collect are described in Section 2; the purposes in Section 3; and the categories of recipients in Section 5.

Lumière does not sell personal information and does not shareit for cross-context behavioral advertising, as those terms are defined by the CPRA. Because we do not sell or share personal information, no “Do Not Sell or Share” opt-out is currently required; if that ever changes, we will add a prominent opt-out link before doing so. We also do not use or disclose sensitive personal information (such as dietary/health details) for purposes other than providing the service, so no separate “Limit the Use of My Sensitive Personal Information” control is required.

California requests can be submitted to funderburg.treyben@gmail.com. You may use an authorized agent; we may verify your identity before fulfilling a request.

12. Children's data

Lumière is a business tool for event professionals and is not directed to children. We do not knowingly collect personal data from children under 13 (or the equivalent minimum age in your jurisdiction). Organizers who include minors on a guest list (for example, a family gala) are responsible for having appropriate permission to do so. If you believe a child’s data has been provided to us improperly, contact us and we will delete it.

13. Security

We use industry-standard safeguards: encryption in transit (TLS) and at rest with our database provider, authentication and access controls for Organizer accounts, scoped credentials for sub-processors, and error monitoring with personal-data scrubbing. No system is perfectly secure; if a breach affects your personal data, we will notify affected Organizers and regulators as required by law.

14. Changes to this policy

We may update this policy as the service evolves. We will post the updated version here with a new “last updated” date, and for material changes we will provide more prominent notice (such as email to Organizers). Continued use of the service after changes take effect constitutes acceptance of the revised policy.

15. Contact

Interim privacy contact: funderburg.treyben@gmail.com. A dedicated privacy address and, where required, EU/UK representatives will be designated as the business formalizes.

Questions about this document? Contact funderburg.treyben@gmail.com.

Privacy Policy·Terms of Service