Legal
Privacy Policy
We are transparent about how we handle your information. This policy explains what we collect, how we use it, your rights as a Data Principal, and how to raise grievances under applicable Indian law.
Last updated: 9 July 2026 · Effective: 9 July 2026
Introduction and Scope
This Privacy Policy ("Policy") describes how Lumiotech Private Limited("Company", "we", "us", or "our") collects, uses, stores, shares, and protects personal data when you access or use the website lumiocap.com and related services operated under the brand Lumio Capital("Lumio Capital").
This Policy applies to visitors, founders, entrepreneurs, and any individual who submits a pitch, contacts us, or otherwise interacts with our website. It does not apply to third-party websites linked from our platform, which are governed by their own privacy policies.
This Policy is framed in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and other applicable Indian laws as amended from time to time.
Definitions
- "Personal Data" means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDP Act.
- "Data Principal" means the individual to whom the personal data relates — typically you.
- "Data Fiduciary" means Lumiotech Private Limited, which determines the purpose and means of processing personal data collected through this website.
- "Data Processor" means any entity that processes personal data on our behalf, such as hosting or form processing providers.
- "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
Data Fiduciary and Contact
Lumiotech Private Limited, with its principal place of business in New Delhi, India, is the Data Fiduciary for personal data collected through Lumio Capital.
For privacy-related queries, rights requests, or grievances, contact us at legal@lumiocap.com. For general inquiries, contact info@lumiocap.com. We will acknowledge grievances promptly and aim to resolve them within the timelines prescribed under applicable law.
Categories of Personal Data We Collect
We collect only personal data that is adequate, relevant, and limited to what is necessary for the purposes described in this Policy.
- Identity and contact information: full name, email address, LinkedIn or professional profile URL (if voluntarily provided).
- Pitch submission data: founder names, company name, email, pitch summary, problem statement, team background, pitch deck URL, and any other information you voluntarily provide
- Technical and usage data: IP address, browser type and version, device identifiers, operating system, referring URLs, pages viewed, session duration, and similar data collected through server logs, cookies, or analytics tools (where enabled).
- Communications: content of emails or messages sent to us, including attachments and metadata.
- Consent records: records of acknowledgements you provide when submitting forms, including acceptance of our legal policies.
We do not intentionally collect sensitive personal data (such as biometric data, health records, or financial account credentials) through the pitch form. Please do not submit information you are not comfortable sharing or that you are not authorised to disclose.
How We Collect Data
- Directly from you when you complete the pitch submission form, email us, or otherwise communicate with us.
- Automatically through cookies, log files, and similar technologies when you browse our website.
- From publicly available professional profiles you reference or link to in your submission.
Purposes and Legal Bases for Processing
We process personal data for the following purposes:
- Reviewing and evaluating pitch submissions and potential investment opportunities.
- Communicating with founders, co-founders, and authorised representatives regarding submissions.
- Conducting preliminary due diligence and internal investment assessment.
- Operating, securing, maintaining, and improving our website and related systems.
- Complying with applicable legal, regulatory, tax, and law-enforcement obligations in India.
- Establishing, exercising, or defending legal claims and preventing fraud or misuse.
- Maintaining business records in accordance with our retention practices.
Depending on the context, processing is carried out based on: (a) your consent, where required under the DPDP Act; (b) performance of steps at your request prior to entering into a potential commercial or investment arrangement; and/or (c) legitimate uses permitted under applicable law, including compliance with legal obligations and prevention of unlawful activity.
Where we rely on consent, you may withdraw consent at any time by contacting legal@lumiocap.com. Withdrawal does not affect the lawfulness of processing prior to withdrawal, and we may continue processing where another lawful basis applies.
Notice Under the DPDP Act
In accordance with the DPDP Act, we provide this notice informing you that:
- Personal data listed in this Policy is collected for the purposes stated herein.
- You have the rights described in the section on Data Principal rights below.
- You may contact us to exercise those rights or raise grievances regarding our processing.
- If your grievance is not resolved satisfactorily, you may escalate the matter to the Data Protection Board of India once constituted and empowered under the DPDP Act.
Third-Party Processors
Pitch submissions submitted through our website may be transmitted to and stored in third-party systems, including Google Sheets via Google Apps Script, when you use our online form. These providers process data on our behalf and may store data on servers located in India or abroad, subject to their own terms and security practices.
We require processors to implement appropriate security measures and process data only for specified purposes. However, we are not responsible for the independent privacy practices of third-party platforms you voluntarily link to (such as external pitch deck hosts).
Cross-Border Data Transfers
Personal data is primarily processed in India. Where personal data is transferred outside India — for example, through cloud hosting, email, or productivity tools — we will ensure such transfers comply with the DPDP Act and applicable rules regarding cross-border transfer, including transfers to jurisdictions permitted by the Central Government or transfers made with appropriate safeguards and contractual protections.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including:
- Active evaluation of a pitch or ongoing investment discussions.
- Maintenance of records for legal, regulatory, audit, or dispute-resolution purposes.
- Enforcement of our agreements and protection of our legal rights.
Pitch submissions that do not proceed to investment may be retained for an internal evaluation period (typically up to twenty-four (24) months) unless a shorter or longer period is required by law or legitimate business need, after which data may be deleted or anonymised.
Anonymised or aggregated data that cannot reasonably identify you may be retained indefinitely for analytics and business insight.
Security Measures
We implement reasonable technical and organisational security measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure, consistent with the SPDI Rules and industry practices. These measures may include access controls, encryption in transit where supported, secure hosting environments, and restricted internal access on a need-to-know basis.
No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of any credentials or links you share with us.
Data Breach Notification
In the event of a personal data breach that is likely to affect your rights, we will take reasonable steps to investigate, mitigate harm, and notify affected Data Principals and relevant authorities as required under the DPDP Act and applicable rules.
Rights of Data Principals
Subject to applicable law, including the DPDP Act, you may have the following rights:
- Right to obtain information about personal data we process about you and how we process it.
- Right to access and obtain a copy of your personal data, where applicable.
- Right to correction of inaccurate or incomplete personal data.
- Right to erasure of personal data, subject to legal retention obligations and legitimate business needs.
- Right to withdraw consent where processing is consent-based.
- Right to grievance redressal in respect of our processing of your personal data.
- Right to nominate another individual to exercise your rights in the event of your death or incapacity, as permitted under the DPDP Act.
To exercise any of these rights, email legal@lumiocap.com with sufficient detail to verify your identity and specify your request. We will respond within thirty (30) days, or such other period as prescribed under applicable law. We may request additional information to confirm your identity before fulfilling certain requests.
Grievance Redressal
If you have concerns about how we handle your personal data, please contact us first at legal@lumiocap.com. We will investigate and endeavour to resolve your grievance within thirty (30) days of receipt.
If you are not satisfied with our response, you may have the right to lodge a complaint with the Data Protection Board of India or other competent authority once available and applicable under the DPDP Act.
Children's Privacy
Our website and services are not directed at individuals under eighteen (18) years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact legal@lumiocap.com and we will take steps to delete such information promptly.
Automated Decision-Making
We do not use solely automated decision-making, including profiling, that produces legal or similarly significant effects concerning Data Principals in connection with pitch evaluations. Investment decisions involve human review and judgement.
Changes to This Policy
We may update this Policy from time to time to reflect changes in law, technology, or our practices. The "Last updated" date at the top indicates when this Policy was last revised. Material changes will be posted on this page. Your continued use of the website after changes become effective constitutes acknowledgement of the updated Policy, subject to applicable law.
Governing Law and Jurisdiction
This Policy is governed by the laws of India. Subject to applicable law, any dispute arising out of or relating to this Policy shall be subject to the exclusive jurisdiction of the competent courts at New Delhi, India.