Privacy Policy

1. Who We Are

Luna LLC operating as Lyra is committed to protecting your privacy. We are a consulting and AI agency based in Houston, Texas, United States.

Contact Information:

• Email: hello@lyra.agency
• Phone: +1 832 836 3506
• Address: Houston, TX, USA

Data Protection Officer (DPO): Benedikt Thomas — benedikt@lyra.agency

2. Data We Collect

We collect information necessary to provide our services and improve your experience:

• Contact Information: Name, email address, phone number, company name, and other details you provide when contacting us or engaging our services.
• Service Usage Data: Information about how you interact with our website and services, including pages visited, time spent, and features used.
• Payment Data: Payment information is processed securely through Stripe and Wise. We do not store full payment details ourselves.
• Cookies and Tracking Technologies: We use cookies and similar technologies to enhance your experience, manage preferences, and analyze usage patterns (see our Cookie Policy).
• Communication Data: Records of emails, messages, and inquiries you send to us.

3. Legal Basis for Processing (GDPR Article 6)

We process your data based on the following legal grounds under GDPR:

• Consent (Art. 6(1)(a)): For marketing communications, analytics, and non-essential cookies — only with your explicit consent.
• Contract (Art. 6(1)(b)): To fulfill our consulting and service delivery obligations to you.
• Legitimate Interests (Art. 6(1)(f)): To operate our business, improve services, prevent fraud, and comply with legal obligations.
• Legal Obligation (Art. 6(1)(c)): To comply with applicable laws and regulatory requirements.

4. How We Use Your Data

We use your information for the following purposes:

• Delivering consulting services and fulfilling service agreements
• Processing payments and managing billing
• Communicating with you about your engagement, updates, and support
• Analytics and improving our website and services (with consent)
• Marketing and promotional communications (with consent only)
• Compliance with legal obligations and regulatory requirements
• Detecting, preventing, and addressing fraud or security issues

5. Data Sharing

We only share your data with trusted partners necessary to provide our services:

• Stripe: Payment processor for secure transaction handling (see Stripe's Privacy Policy for details).
• Wise: For international bank transfers and financial services (see Wise's Privacy Policy for details).
• Hosting Providers: Servers and infrastructure partners that host our website and services.
• Analytics Providers: Tools to understand usage patterns (only with your consent).

We do not sell your personal data to third parties. We will never monetize your information through data sales or broker arrangements.

6. International Data Transfers

As a US-based company serving international clients, we may transfer your data internationally. For transfers to countries outside the European Economic Area:

• We rely on Standard Contractual Clauses (SCCs) to ensure adequate data protection.
• We maintain safeguards consistent with GDPR requirements.
• You have the right to request further information about transfer mechanisms by contacting our DPO.

7. Data Retention

We retain your personal data for as long as necessary to:

• Maintain our business relationship with you
• Fulfill our contractual and legal obligations
• Resolve disputes and enforce agreements
• Comply with applicable laws (e.g., tax and accounting records — typically 7 years)

Once your relationship ends, we retain data only as required by law or legitimate business needs. You can request deletion of your data (subject to legal requirements) by contacting our DPO.

8. Your Privacy Rights

Under GDPR, you have the following rights:

• Right of Access (Art. 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16): Correct inaccurate or incomplete data.
• Right to Erasure (Art. 17): Request deletion of your data (subject to legal exceptions).
• Right to Data Portability (Art. 20): Receive your data in a portable, machine-readable format.
• Right to Restrict Processing (Art. 18): Limit how we use your data in certain circumstances.
• Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw consent for processing at any time without affecting prior processing.

To exercise these rights, contact our DPO at benedikt@lyra.agency. We will respond within 30 days of your request.

9. Supervisory Authority and Complaints

If you believe we have violated your data protection rights, you have the right to lodge a complaint with your local data protection authority (e.g., your country's DPA). You do not need to exhaust your remedies with us before contacting a supervisory authority.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. For detailed information about the cookies we use, categories, and how to manage them, please see our Cookie Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and updating the "Effective" date. Your continued use of our services constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: hello@lyra.agency
• Data Protection Officer: benedikt@lyra.agency
• Phone: +1 832 836 3506
• Address: Houston, TX, USA