— Legal · 01 · Privacy

Privacy
Policy.

Effective · 19 April 2026
Version · 2.1
Jurisdiction · Aotearoa NZ

§ 01Who we are

AbteeX AI Labs Limited is a New Zealand-registered company based in Aotearoa and the operator of LumynaX (also known as Te Mārama). This policy describes how we collect, use, and protect personal information when you interact with our services, website, or API.

For the purposes of the New Zealand Privacy Act 2020 and the EU GDPR, AbteeX AI Labs Limited is the data controller — unless an enterprise deployment agreement assigns that role to your organisation.

§ 02What we collect

  • Account information — name, email, organisation, role, and any credentials you provide when requesting access.
  • Usage telemetry — request timestamps, model identifiers, token counts, latency measurements, and error codes, used for reliability and billing.
  • Prompts & completions — the inputs and outputs of your interactions with LumynaX, retained only as described in §8.
  • Support correspondence — emails and messages you send us, and our responses.

§ 03Why we collect it

We collect only what is needed to provide, secure, and improve the service. Specifically: to authenticate access, to operate the platform, to meet legal obligations, to investigate abuse, and to communicate with you about your account.

§ 04Training on your data

Default: we do not train on your data. Prompts, completions, and documents you submit through the API or enterprise deployments are not used to train, fine-tune, or evaluate LumynaX models — unless you opt in explicitly, in writing, and you remain able to withdraw consent at any time.

Consumer research previews may include an opt-in data contribution flag. If present, it is off by default and clearly disclosed before any data is retained for training purposes.

§ 05Data residency

LumynaX supports sovereign data residency by design. Enterprise deployments can be scoped to a specific jurisdiction — including Aotearoa New Zealand, the European Union, the United Kingdom, Australia, or the United States — with compute, storage, and inference all remaining inside the selected region.

REGIONS ........... NZ · AU · EU · UK · US
DEFAULT ........... NZ (Aotearoa)
CROSS-REGION ...... opt-in per contract
GOVERNMENT ........ isolated tenancy available

§ 06Sharing & disclosure

We do not sell personal information. We share data only with a small number of vetted infrastructure subprocessors (listed in our DPA), and only where necessary to operate the service. We disclose information in response to lawful requests only where legally compelled, and we publish an annual transparency report summarising the scope of such requests.

§ 07Your rights

You may access, correct, export, or delete personal information we hold about you. You may withdraw consent to any opt-in processing. Where GDPR applies, you may also object to or restrict processing and lodge a complaint with your supervisory authority.

To exercise any of these rights, email [email protected]. We respond within 30 days.

§ 08Retention

  • API prompts & completions — 30 days for abuse review, then deleted. Zero-retention tier available on enterprise plans.
  • Account & billing records — retained for 7 years as required by New Zealand tax law.
  • Support correspondence — retained for 3 years, then deleted.
  • Telemetry — aggregated and anonymised after 90 days.

§ 09Security

We encrypt data in transit (TLS 1.3) and at rest (AES-256). Access to production systems follows least-privilege, is logged, and is reviewed quarterly. We are working toward ISO 27001 and SOC 2 Type II — certifications are scheduled for completion in late 2026.

§ 10Contact

Privacy questions, access requests, or complaints:

AbteeX AI Labs Limited
Attn: Privacy Officer
Auckland · Aotearoa New Zealand

EMAIL ...... [email protected]
WEB ........ abteex.com

This policy may be updated from time to time. Material changes will be notified by email at least 30 days before they take effect.