This privacy policy is pending final legal review. Last updated: February 2026.

Legal

Privacy Policy

Who we are

Voxium AI provides the Lumina Systems platform — a client retention and revenue recovery service for aesthetics clinics. In the context of data protection law, we operate as a data processor under UK GDPR. The clinic using our service acts as the data controller.

What data we process

We process clinic client data solely for the purpose of delivering the Lumina Systems service. This may include:

  • Client names and contact details
  • Treatment history and appointment records
  • Consent form status and expiry dates
  • Engagement scores and retention metrics
  • Revenue data associated with client relationships

Why we process it

We process clinic client data solely for the purpose of delivering the Lumina Systems service — monitoring client relationships, calculating engagement scores, surfacing revenue recovery opportunities, and generating reports. We do not share, sell, or use clinic data for any purpose other than service delivery.

Where data is stored

All clinic client data is stored on the Lerty platform. We do not store clinic client data outside of Lerty, except temporarily during the initial import process. Local import files are deleted within 48 hours of successful import.

Sub-processors

We use the following third-party services to deliver Lumina Systems:

  • Lerty — Database hosting and platform infrastructure
  • OpenRouter — AI model routing
  • Anthropic — AI models (Claude)
  • Google — AI models (Gemini)
  • Resend — Email delivery (Illuminate and Radiate tiers only)

Where a clinic's tier includes email outreach, only client first names and email addresses are shared with Resend for the purpose of sending clinic-approved communications. No treatment data, engagement scores, or other sensitive information is shared with the email provider.

Data retention

  • On cancellation, all clinic data is exported and delivered in CSV format within 7 working days
  • The database is archived for 30 days post-termination, then permanently deleted
  • No client data is retained beyond 30 days post-cancellation
  • We may retain primary contact details for the clinic owner for up to 6 months post-cancellation for account reactivation enquiries — the clinic may opt out of this by written notice

Data subject rights

If a clinic client exercises their GDPR rights — including the right to access, deletion, or rectification — the clinic notifies us and we action the request within 5 working days.

Breach notification

In the event of a data breach affecting clinic data, we will notify the clinic within 48 hours of becoming aware, with details of what happened and what we're doing about it. A full incident report will follow within 5 working days.

Contact

Questions about how we handle data? Contact us at team@getvoxium.ai