Privacy Policy

Last updated: June 2026 · Lux Lucis Consulting SARL-S

1. Who we are

Lounbreck is operated by Lux Lucis Consulting SARL-S, a company incorporated in Luxembourg. We provide compliance intelligence software for Luxembourg SMEs employing cross-border workers (frontaliers).

Data controller: Lux Lucis Consulting SARL-S, Luxembourg.
Contact: privacy@lounbreck.com

2. What data we collect

Lounbreck collects the minimum data required to perform compliance calculations:

  • Employee names, email addresses, nationality, country of residence, and Luxembourg matricule national (used solely as the unique identifier for compliance filings)
  • Employment corridor (LU-FR, LU-BE, LU-DE) and contract type
  • Daily work location logs (home / office / holiday / sick leave)
  • Organisation account information (via Clerk authentication)

We do not collect salary data, personal income information, or any data beyond what is necessary for frontalier compliance monitoring.

3. Legal basis for processing

We process personal data on the following legal bases under GDPR (Regulation (EU) 2016/679):

  • Contract performance — to provide the compliance monitoring service you have subscribed to
  • Legal obligation — to support your compliance with EU Reg. 883/2004 and Luxembourg bilateral tax treaties
  • Legitimate interest — to improve the service and prevent misuse

4. Data processor relationship

Lounbreck acts as a data processor. Your organisation (the SME employer) is the data controller for your employees' personal data. A Data Processing Agreement (DPA) is available on request and governs our processing on your behalf.

5. Data storage and security

All data is stored in the European Union (Neon PostgreSQL, EU region) and application compute runs in the EU (Vercel, Frankfurt region). We use industry-standard encryption in transit (TLS 1.3) and at rest. Access is restricted to authenticated organisation members via Clerk.

6. Data retention

Employee compliance data is retained for the duration of your subscription plus 12 months, after which it is permanently deleted. You may request immediate deletion at any time by contacting us.

7. Your rights

Under GDPR, you and your employees have the right to access, rectify, erase, and port personal data. To exercise these rights, contact privacy@lounbreck.com.

8. Third-party processors

  • Clerk — authentication and user management (US, with EU Standard Contractual Clauses)
  • Stripe — payment processing and subscription billing (US, PCI-DSS compliant, SCCs)
  • Neon — database hosting (EU region, Frankfurt)
  • Vercel — application hosting (US company, SCCs; compute and data routing pinned to the Frankfurt EU region)
  • Resend — transactional email (US, with EU Standard Contractual Clauses)

If you configure Slack, Microsoft Teams, or custom webhook notifications in your settings, alert content (including employee names) is sent to the endpoints you choose. You are responsible for those destinations as data controller.

9. Cookies

Lounbreck uses only strictly necessary cookies: session authentication cookies set by Clerk to keep you signed in. We do not use analytics, advertising, or tracking cookies of any kind, which is why no cookie consent banner is shown — strictly necessary cookies are exempt under the ePrivacy Directive.

10. Contact

For privacy enquiries or DPA requests: privacy@lounbreck.com

Privacy Policy — Lounbreck — Lounbreck