Privacy Policy

Last updated: June 2026 · Lux Lucis Consulting SARL-S

1. Who we are

Lounbreck is operated by Lux Lucis Consulting SARL-S, a company incorporated in Luxembourg. We provide compliance intelligence software for Luxembourg SMEs employing cross-border workers (frontaliers).

Data controller: Lux Lucis Consulting SARL-S, Luxembourg.
Contact: privacy@lounbreck.com

2. What data we collect

Lounbreck collects the minimum data required to perform compliance calculations:

  • Employee names, email addresses, nationality, and country of residence
  • Employment corridor (LU-FR, LU-BE, LU-DE) and contract type
  • Daily work location logs (home / office / holiday / sick leave)
  • Organisation account information (via Clerk authentication)

We do not collect salary data, personal income information, or any data beyond what is necessary for frontalier compliance monitoring.

3. Legal basis for processing

We process personal data on the following legal bases under GDPR (Regulation (EU) 2016/679):

  • Contract performance — to provide the compliance monitoring service you have subscribed to
  • Legal obligation — to support your compliance with EU Reg. 883/2004 and Luxembourg bilateral tax treaties
  • Legitimate interest — to improve the service and prevent misuse

4. Data processor relationship

Lounbreck acts as a data processor. Your organisation (the SME employer) is the data controller for your employees' personal data. A Data Processing Agreement (DPA) is available on request and governs our processing on your behalf.

5. Data storage and security

All data is stored in the European Union (Neon PostgreSQL, EU region). We use industry-standard encryption in transit (TLS 1.3) and at rest. Access is restricted to authenticated organisation members via Clerk.

6. Data retention

Employee compliance data is retained for the duration of your subscription plus 12 months, after which it is permanently deleted. You may request immediate deletion at any time by contacting us.

7. Your rights

Under GDPR, you and your employees have the right to access, rectify, erase, and port personal data. To exercise these rights, contact privacy@lounbreck.com.

8. Third-party processors

  • Clerk — authentication and user management (US, with EU Standard Contractual Clauses)
  • Stripe — payment processing and subscription billing (US, PCI-DSS compliant, SCCs)
  • Neon — database hosting (EU region, Frankfurt)
  • Vercel — application hosting (EU edge network)
  • Resend — transactional email

9. Contact

For privacy enquiries or DPA requests: privacy@lounbreck.com