Privacy Policy

The data controller is:

• Company Name: Lua CRM OÜ
• Registration Country: Estonia
• Registered Address: Harju maakond, Lasnamäe linnaosa, Sepapaja tn 6, Tallinn, Estonia
• Email: [email protected]

Depending on the contractual relationship, different Lua CRM entities (Armenia, Bulgaria, Estonia) may act as the data controller or data processor.

This Privacy Policy applies to:

• Visitors of our websites
• Registered users of Lua CRM
• Customers, partners, and their authorized users
• Data processed through Lua CRM on behalf of customers

Lua CRM may act as:

• Data Controller for its own business data
• Data Processor for customer-uploaded data

3.1 Account & User Data

• Full name
• Email address
• Phone number
• Login credentials (encrypted)

3.2 Company & Business Data

• Company name
• Number of employees
• Business contacts and clients
• Internal notes, tasks, CRM records

3.3 Customer & End-User Data (Processed on Behalf of Clients)

Depending on how customers use Lua CRM, this may include:

• Names and contact details
• Appointment and service information
• Uploaded documents and files
• CRM communication history

3.4 Medical & Sensitive Data

When used by medical or dental organizations, Lua CRM may process:

• Dental charts and tooth-related information
• Medical notes and treatment data
• Other health-related information entered by customers

Such data is processed only under customer instructions and subject to enhanced security measures.

3.5 Billing & Payment Data

Payments are processed via third-party providers (e.g. Stripe, Paddle, or local operators). Lua CRM does not store full payment card details.

3.6 Technical & Usage Data

• IP address
• Device and browser information
• Log files
• Usage analytics
• Cookies and similar technologies

We use personal data to:

• Provide and operate the Service
• Create and manage user accounts
• Process payments and subscriptions
• Enable CRM, automation, and AI features
• Store and process uploaded data
• Improve system performance and security
• Comply with legal obligations

Lua CRM uses artificial intelligence and automation technologies to:

• Analyze CRM data
• Generate insights, recommendations, and automations
• Assist users with workflows and reporting

AI processing is performed:

• Only within the scope of user authorization
• Without selling or training public AI models on customer data
• With safeguards to prevent unauthorized access

We process personal data under the following legal bases:

• Performance of a contract
• Legitimate business interests
• User consent (where required)
• Legal obligations

We may share data with trusted service providers, including:

• Cloud infrastructure providers (e.g. Hetzner – Germany)
• Payment processors (Stripe, Paddle, local providers)
• Authentication services (Google OAuth)
• Communication services (email, notifications)
• Security and infrastructure providers (e.g. Cloudflare)

All third parties are bound by contractual data protection obligations.

Data may be processed within the European Economic Area (EEA) or transferred to other jurisdictions with appropriate safeguards, including:

• Standard Contractual Clauses (SCCs)
• GDPR-compliant security measures

We retain personal data:

• As long as the account is active
• As required to fulfill contractual and legal obligations
• Until deletion is requested, where legally permitted

Customers control retention of data uploaded into their CRM accounts.

We apply technical and organizational security measures, including:

• Encrypted data transmission (HTTPS)
• Access control and authentication
• Secure hosting in Germany (Hetzner)
• Regular system monitoring and backups

Depending on applicable law, users have the right to:

• Access their personal data
• Correct inaccurate data
• Request deletion ("right to be forgotten")
• Restrict or object to processing
• Data portability
• Withdraw consent

Requests can be sent to: [email protected]

Lua CRM uses cookies and similar technologies to:

• Ensure proper system functionality
• Improve user experience
• Analyze platform usage

Users can manage cookie preferences via browser settings.

Lua CRM is used by:

• Businesses (B2B)
• Individual professionals (B2C)
• Government and public institutions (B2G)

Each customer remains responsible for compliance with data protection laws regarding their own end-users.

Lua CRM is not intended for minors. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. The updated version will be published on our website with a revised "Last updated" date.

For privacy-related questions or requests, contact: