Privacy policy

How we handle your data on this site.

A cybersecurity and GDPR compliance firm, we apply to our own website the same requirements we demand from our clients. Last updated on April 29, 2026.

1. Data controller

Lux Gap S.à r.l. (VAT LU30886939), 2 rue de l'École, L-8376 Kahler, Luxembourg. Contact: dpo@luxgap.com · +352 621 583 116. Our internal DPO is reachable at the same address with "DPO" as subject.

2. What processing do we run on this website?

We have five distinct processing operations. For each, we specify the purpose, legal basis (GDPR Article 6), data collected, retention and recipients.

2.1 Contact form

  • Purpose: replying to your inquiry, sending a commercial proposal upon request.
  • Legal basis: legitimate interest (Article 6.1.f) and pre-contractual measures (Article 6.1.b) if you request a quote.
  • Data collected: name, company, email, phone, topic, free-text message, source page, language, technical IP, user-agent.
  • Retention: 24 months without a contract, contract duration + 5 years otherwise.
  • Recipients: Luxgap team only. MySQL storage at OVH (Luxembourg / France).

2.2 AI assistant chat

  • Purpose: instantly answering your questions on our services. Powered by a conversational AI (Claude by Anthropic).
  • Legal basis: legitimate interest (Article 6.1.f).
  • Data collected: your messages, optional name and email, session ID, language, page, IP, user-agent.
  • Retention: 12 months.
  • Recipients: Luxgap (internal) and Anthropic PBC (United States) as a processor for the AI service. Anthropic does not retain API data beyond processing. Framed by the European Commission's Standard Contractual Clauses.
  • Important: do not enter sensitive or confidential personal data in the chat. It is a pre-qualification tool, not a secure channel for critical data.

2.3 Dark Web scan (homepage)

  • Purpose: free preview of public exposure of your email or domain on public leak sources.
  • Legal basis: legitimate interest in fulfilling an explicit request you initiate.
  • Data collected: the email or domain you submit, IP, user-agent, request timestamp.
  • Retention: 30 days for technical audit, then deleted. Processed by our dedicated infrastructure at devis.luxgap.com (Luxembourg).
  • Passwords: we never ask for a password and never display any in clear text.

2.4 Articles (authors)

  • Purpose: publication of editorial articles by our staff (public byline). No public comments enabled at this time.
  • Legal basis: employment contract / mandate.
  • Data collected: author's name and role (public), publication date.
  • Retention: while published. Removable on author's request.

2.5 Technical logs and cookies

  • Server logs: IP, URL, user-agent, HTTP code. 30-day retention. Legal basis: legitimate interest (security).
  • Cookies: only a technical session cookie (CSRF). No tracking cookies, no advertising cookies, no Google Analytics.
  • Analytics: when enabled, we use Matomo in cookieless mode (aggregate stats, no user identification).

3. Your rights

Under GDPR Articles 15 to 22, you have the right to access, rectify, erase, restrict, object, and to portability of your data. Email dpo@luxgap.com with "DPO" as subject.

You can also lodge a complaint with the Luxembourg CNPD: cnpd.public.lu.

4. Data security

The site is served exclusively over HTTPS. Servers are hosted in Luxembourg or France (OVH). Backups are encrypted. Admin access is protected by strong authentication and logged.

5. Processors and recipients

  • OVHcloud (France/Luxembourg) — web hosting and database.
  • Anthropic PBC (United States) — AI engine of the chat. Framed by Standard Contractual Clauses.
  • Lux Gap S.à r.l. (Luxembourg) — site operator, dedicated infrastructure for the Dark Web scan.

No other transfers. No data resale.

6. Changes

We may update this policy to reflect site changes or regulatory updates. The date is shown at the top of this page.

2 rue de l'École, L-8376 Kahler, Luxembourg · Contact page