Login Register
menu
Login

Privacy Policy

This Privacy Policy (hereinafter – “Policy”) describes how Luxium.io (hereinafter – “Luxium”, “we” or “our”) collects, uses, stores, and protects your personal data. This Policy applies to all users who use our platform for virtual asset issuance, rights acquisition, and future property rights. We are committed to ensuring the highest level of protection for your data in accordance with Georgian legislation, GDPR principles, and international best practices. By using the platform, you agree to this Policy.

 

1. Notice Regarding Access to Personal Data

 

1.1. This notice concerns the existing protection mechanisms at Luxium.io regarding unauthorized access to personal data, through which Luxium ensures the protection of your personal data. The latter includes information that Luxium obtains during the provision of services to you, which, in accordance with Georgian legislation, may also be used subsequently for direct marketing purposes. The purpose of the notice is to provide you with information about our working principles in processing personal information and the mechanisms for your legal protection.

 

1.2. Luxium assumes responsibility to:

   - 1.2.1. Care for the security and protection of your personal data;

   - 1.2.2. Not use your data unlawfully;

   - 1.2.3. Provide you at any time with complete and exhaustive information regarding the processing of your personal data.

 

1.3. In accordance with the promise to protect the confidentiality of personal data, such data is protected by the Georgian law on personal data protection, as well as international standards such as GDPR and NIST Privacy Framework.

 

1.4. In accordance with the legislation, you have the right to request information about the processing of your data. You have the right to receive the following information:

   - 1.4.1. Which data is being processed about you;

   - 1.4.2. The purpose of data processing;

   - 1.4.3. The legal basis for data processing;

   - 1.4.4. How your data was collected;

   - 1.4.5. To whom your data was transferred;

   - 1.4.6. The basis and purpose for issuing the data;

   - 1.4.7. Data portability (transfer of data to another controller).

 

1.5. You can request a copy of the information processed by us free of charge, once a year. Additional copies may be subject to a fee.

 

1.6. In accordance with the legislation, you have the right to request the correction, update, addition, blocking, deletion, or destruction of your personal data if they are incomplete, inaccurate, not updated, or if their collection and processing was carried out contrary to the law. We act in accordance with Georgian legislation, which may prevent us from immediately deleting your personal data. Such obligations may arise from tax legislation, consumer rights protection, and other relevant legislation, including AML/KYC requirements.

 

1.7. The obligation to provide this information to you arises for Luxium upon your request. We have the right to use personal data only if there is a specific contractual and/or legal basis for it.

 

1.8. Luxium has a legal basis for using your information, which implies the existence of a business-related and/or commercial purpose. It is important that in this case, the processing of information by Luxium is not aimed at infringing your interests.

 

2. Types of Collected Information

 

2.1. We collect two types of information about our users: personally identifiable information (“Personal Information”) and non-personally identifiable information.

 

2.2. Personally identifiable information is information through which a specific user is identified. When engaging in activities through our website, we may ask you to provide certain information about yourself. Such activities include:

   - 2.2.1. Opening an account;

   - 2.2.2. Ordering a product or service from us or our partners, including acquiring rights to virtual assets;

   - 2.2.3. Sending information and/or posting any information on the discussion page;

   - 2.2.4. Participating in contests, surveys sponsored by us or our partners;

   - 2.2.5. Posting a comment, sharing your opinion with us or our partners;

   - 2.2.6. Requesting information about our services;

   - 2.2.7. Submitting an application for employment with us;

   - 2.2.8. Registering for special offers presented by third parties through our website (collectively referred to as “Identification Activities”);

   - 2.2.9. Conducting financial transactions, including payment method data (which are not stored on our servers but processed through secure partners).

 

2.3. Participation in identification activities is not mandatory for you. However, if you decide to engage in identification activities, we may ask you to provide certain personal information about yourself, such as your first and last name, email address, gender, and date of birth, as well as other additional information about yourself, the completion of which is voluntary. When you order products or services, we may also ask you to provide your credit card number, expiration date, authentication code, or other information. The latter is not stored on our website, as payment is made on our partner bank's security server. Therefore, we do not have access to your credit card information. Depending on the type of activity you engage in, providing some information will be mandatory, while others will be voluntary. If you do not provide the mandatory information for a specific activity, you will not be able to engage in that activity.

 

2.4. Non-personally identifiable information is information that does not identify a specific user. This type of information may include such circumstances as the "Uniform Resource Locator" “URL” of the webpage you accessed before entering our website, the “URL” of the webpage you will access after leaving our website, the type of browser you are using, and your Internet Protocol “IP” address. We and/or our authorized third-party service providers and advertisers may automatically receive this information when you use our website. This is done through electronic mechanisms such as “Cookies”, “Web Beacons”, “Pixel Tags”.

 

2.5. On our website, we collect information through cookies, user navigation on the website, and behavior, specifically:

   - 2.5.1. IP address, device type, operating system, and browser from which the website is accessed;

   - 2.5.2. Information about the pages opened on our website, session duration, and various session parameters;

   - 2.5.3. Information about actions that occurred on our website: filling out forms, using interactive elements of the website, etc.;

   - 2.5.4. The process, time, and form of filling fields on the website;

   - 2.5.5. Transaction metadata, such as time and type, regarding the acquisition of rights (without personal identification).

 

3. Purposes of Data Processing

 

3.1. The use of collected personal information is for:

   - 3.1.1. Communicating with you;

   - 3.1.2. Increasing the intensity of using the website;

   - 3.1.3. Satisfying your requests, developing new ways of cooperation, and developing our business;

   - 3.1.4. Developing and implementing effective marketing activities;

   - 3.1.5. Studying how customers use our products and services;

   - 3.1.6. Obtaining advice or recommendations regarding our products and services;

   - 3.1.7. Developing/managing our brands, products, and services;

   - 3.1.8. Providing our products and services, including registration and management of virtual asset rights;

   - 3.1.9. Implementing and managing customer payments;

   - 3.1.10. Detecting, reporting, and preventing financial crimes, including AML/KYC checks;

   - 3.1.11. Managing our and our customers' risks;

   - 3.1.12. Complying with relevant laws and regulations for us;

   - 3.1.13. Responding to complaints and finding ways to resolve them;

   - 3.1.14. Efficiently and properly managing our business, which includes our financial position, business capability, planning, communications, and corporate governance;

   - 3.1.15. Implementing assumed rights and obligations;

   - 3.1.16. Producing website statistics for optimizing processes, fields, and website design;

   - 3.1.17. Protecting website users and preventing fraudulent activities;

   - 3.1.18. Controlling user flow on the website and evaluating the effectiveness of marketing campaigns;

   - 3.1.19. Adapting the website and its components;

   - 3.1.20. Detecting and responding to security incidents.

 

3.2. The purpose of collecting personal information is:

   - 3.2.1. Updating data, identifying products and services of interest to you, and providing this information to you;

   - 3.2.2. Developing products and services;

   - 3.2.3. Defining customer focus groups for offering new products or services;

   - 3.2.4. Effectively fulfilling our legal duties and contractual obligations;

   - 3.2.5. Ensuring compliance with relevant regulations for us;

   - 3.2.6. Managing and confirming virtual asset rights.

 

4. Sources of Data Collection

 

4.1. We can obtain personal information about you from Luxium provided by you and from the sources listed below.

 

4.2. We receive data from you in the following cases:

   - 4.2.1. When you contact us to receive our products or services;

   - 4.2.2. When communication is carried out via telephone and/or email;

   - 4.2.3. When you use our websites, mobile applications, and web chat;

   - 4.2.4. When you send letters in both material and electronic form;

   - 4.2.5. From public sources, such as public registers, for AML checks.

 

5. Cookies and Similar Technologies

 

5.1. We use Cookies and monitor user behavior on our website to ensure we offer the best experience on our website and to continuously improve service quality. We use cookie files to determine how users access our website and to produce Google Analytics reports.

 

5.2. Before starting to use the website, you have the opportunity to agree to cookies and the notice about monitoring user behavior by clicking the “Consent” button. If you do not agree to the “Cookie Policy”, but continue to use the website, this action will still be considered your consent to the above action.

 

5.3. We do not use cookie files and data obtained from monitoring user behavior for the purpose of collecting personal information. If you wish to restrict cookie files or block them on our website, you can do so by changing your browser settings. However, please note that some services offered by us will not function if you block or delete cookie files.

 

5.4. We use the following types of cookies:

   - 5.4.1. Essential cookies: Necessary for the functioning of the website (e.g., session management);

   - 5.4.2. Analytical cookies: Used for traffic analysis (e.g., Google Analytics);

   - 5.4.3. Marketing cookies: For personalized advertising (with your consent).

 

5.5. You can manage cookie settings at any time in the profile section.

 

6. Data Security Measures

 

6.1. We use advanced security technologies to protect your data, including:

   - 6.1.1. End-to-end encryption for data transmission and storage (AES-256 standard);

   - 6.1.2. Two-factor authentication (2FA) and multi-factor authentication (MFA) for account access;

   - 6.1.3. Firewalls, DDoS protection, and regular security audits (by third-party experts);

   - 6.1.4. Role-based access control (RBAC) to restrict access to data;

   - 6.1.5. Privacy-Enhancing Technologies (PETs), such as zero-knowledge proofs (ZKPs) for transaction verification without disclosure;

   - 6.1.6. Data minimization: We collect only necessary data and use pseudonyms for identification;

   - 6.1.7. Incident response plan: Notification within 72 hours in case of data breach.

 

6.2. We regularly conduct security trainings for employees and use ISO/IEC 27001 standards.

 

7. Data Sharing and Transfer

 

7.1. Sharing your personal data may be required in cases defined by Georgian legislation, as well as with other organizations that must provide the product or service you have selected or offer certain services, provided that before sharing such information, the mentioned parties must obligatorily declare consent to store your data securely and confidentially.

 

7.2. We reserve the right, in cases strictly defined by law, to give law enforcement agencies access to your personal data for the performance of official powers, including for the purpose of detecting, investigating, and preventing crime.

 

7.3. If you do not wish to provide personal information, it may delay or make it impossible for us to fulfill our obligations to you, including using the account or receiving relevant services.

 

7.4. Sharing your personal data may occur as a result of company reorganization and/or merger. In this case, our legal successor will obtain all the information we have, including your personally identifiable information. Nevertheless, this information protection policy will apply without any restrictions to your personally identifiable information.

 

7.5. We reserve the right to disclose your personally identifiable information in cases where it is required by legislation and when we deem it necessary to protect our rights and/or for any court process regarding the website, court decision/determination, or other type of legal process. We also reserve the right to disclose your information for the following purposes: compliance with and implementation of this policy; compliance with and implementation of the terms and conditions of using our website or other agreements; protection of the website, its users, or others' rights, property, or safety.

 

7.6. International transfer: If data is transferred outside Georgia, we ensure adequate protection through standard contractual clauses or other mechanisms.

 

8. Protection of Minors

 

8.1. Persons under 18 years of age are prohibited from using Luxium.io. We do not intentionally store or collect information from persons under 18. Protecting the personal information of minors is very important to us. Accordingly, if we learn that a user is a person under 18 years of age, we will take appropriate measures to delete this user's personal information from our database. By using Luxium.io, you hereby confirm that you are at least 18 years old.

 

9. Data Retention

 

9.1. We store your personal data throughout the entire period of your service, as well as up to 10 years after the end of the service for the following reasons:

   - 9.1.1. To answer questions and complaints;

   - 9.1.2. To prove that we treated you fairly;

   - 9.1.3. To maintain records in compliance with relevant regulations/rules.

 

9.2. We may retain your personal information for more than 10 years if we cannot delete it for legal or regulatory reasons. If you believe that any data we hold about you is incorrect or incomplete, please contact us to record your doubts. We will take all reasonable measures to check and correct this deficiency. You have the right not to agree to our use of your personal data, or to request their deletion, removal, or cessation of use, if we do not have a legal basis for retaining them.

 

10. Marketing and Communication

 

10.1. We may use your personal data to introduce you to specific products and offers.

 

10.2. We have access to your personal data within the scope that you share with us, or that we collect during the process of providing services to you using the means available to us.

 

10.3. We will study your data to understand what you need, what interests you, or what desires you may have. This way, we decide which product, service, or offer may be suitable for you.

 

10.4. We use your personal data and send marketing messages only when we have a legitimate interest in doing so. We promise that our activities will never be unfair, incorrect, or directed against your interests.

 

10.5. You have the right to contact us at any time and request the cessation of sending marketing messages. We respect your wishes and, upon receiving such a message, will stop using your personal data for direct marketing purposes.

 

11. Policy Changes

 

11.1. We reserve the right to change this information protection policy at any time. Any changes made to the information protection policy will be immediately published on the information protection page through publication. In addition, you will be notified of any significant changes made to the protection policy by email or by posting a corresponding notice on our main page 30 days in advance. It is your obligation to periodically check the information protection policy.

 

12. Contact

 

12.1. In case of questions related to the information protection policy, our general rights-obligations, or the processing of your data by us, please contact us using the following communication channels:

   - Email: support@luxium.io;

   - Address: Tbilisi, Shota Rustaveli avenue, N14.

 

12.2. You can contact our Data Protection Officer (DPO) on any issue.

 

**Last Update:** December 12, 2025.