Last updated: May 24, 2026. This policy describes how Lumiknox, Inc. collects, uses, and protects information through this website and in the course of providing services. PHI handling under client engagements is governed separately by executed Business Associate Agreements.
Lumiknox, Inc. (“Lumiknox,” “we,” “us,” or “our”) is a Delaware corporation with principal offices at 1209 Orange Street, Wilmington, DE 19801, United States. Lumiknox operates delivery centers in Hyderabad, India and Manila, Philippines under data processing agreements consistent with HIPAA and applicable cross-border data transfer requirements.
When you submit a contact form, pilot request, careers application, or newsletter subscription, we collect the information you provide — typically your name, business email, phone number, employer, role, and any free-text context you choose to share. We do not request and you should not transmit Protected Health Information (PHI) through public-facing website forms. PHI exchange occurs only after a Business Associate Agreement is executed and via dedicated secure channels.
Like most websites, we collect technical information including IP address (truncated for storage), browser type and version, operating system, referring URL, pages visited, and timestamps. We use first-party analytics only and do not deploy third-party advertising cookies. A small number of strictly necessary cookies maintain your session and form state.
We use the information collected to:
We do not sell personal information, share it with advertisers, or use it for purposes incompatible with the original context of collection.
When Lumiknox processes Protected Health Information on behalf of a Covered Entity or another Business Associate, that processing is governed by the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule, and is the subject of the executed Business Associate Agreement between Lumiknox and the relevant client. This Privacy Policy does not modify those agreements. PHI is logically segregated by client tenant, encrypted in transit and at rest, and access-logged at the user and keystroke level.
We retain website-form submissions for up to 36 months following last interaction, unless a longer period is required by law or contract. Newsletter subscriptions are retained until you unsubscribe. PHI retention is governed by client BAAs and applicable laws.
Depending on your jurisdiction, you may have rights to access, correct, delete, port, or restrict processing of your personal information, and to object to certain processing. To exercise these rights, contact privacy@lumiknox.com. California residents have rights under the CCPA/CPRA; EU/UK residents under the GDPR; Indian residents under the DPDPA, 2023.
Because Lumiknox operates delivery centers in India and the Philippines, personal information may be processed in or transferred to those jurisdictions. We use Standard Contractual Clauses and equivalent safeguards where required. Cross-border PHI transfer is permitted only where authorized under the relevant BAA and applicable law.
We maintain administrative, technical, and physical safeguards including SOC 2 Type II-attested controls, multi-factor authentication, encryption (AES-256 at rest, TLS 1.2+ in transit), least-privilege access, formal security awareness training, and a documented incident response program. No method of transmission or storage is perfectly secure; we do not guarantee absolute security but commit to industry-leading practice and prompt notification in the event of a breach.
This website is not directed to children under 16, and we do not knowingly collect personal information from children.
We may update this policy from time to time. Material changes will be communicated by updating the “Last updated” date above and, where appropriate, by direct notice.
Privacy questions or requests: privacy@lumiknox.com
General contact: hello@lumiknox.com
Mailing address: Lumiknox, Inc., 1209 Orange Street, Wilmington, DE 19801, USA