Global Privacy Policy

Last updated: April 30, 2026

Executive Summary: Luxedeum LLC collects and processes personal data to operate its platforms, manage business relationships, and comply with applicable law. We maintain strong security measures aligned with ISO 27001. We do not sell personal data. We respect the rights of data subjects under GDPR, CCPA/CPRA, and other applicable privacy frameworks.

1. Introduction

Luxedeum LLC ("Luxedeum," "Company," "we," "us," or "our") is committed to protecting the privacy of individuals whose personal data we collect and process. This Global Privacy Policy describes how we collect, use, disclose, and safeguard personal data across our websites, platforms, portals, operations, and interactions.

This policy is designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable global data protection laws.

2. Scope

This policy applies to personal data that we collect:

Directly from individuals (e.g., account registration, support requests)
Indirectly from third parties or business partners (see GDPR Article 14 Notice below)
Through our platforms, APIs, and enterprise systems
In the course of commercial relationships, partnerships, and business development

3. Definitions

Personal Data: Any information relating to an identified or identifiable natural person, as defined under GDPR Article 4(1).
Processing: Any operation performed on personal data, whether automated or manual, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, or erasure.
Controller: The entity that determines the purposes and means of processing personal data. Luxedeum LLC acts as controller for the data described in this policy.
Processor: An entity that processes personal data on behalf of the controller.

4. Data We Collect

We may collect the following categories of personal data:

4.1 Identification Data. Name, username, professional title, and government-issued identifiers where required by law or regulation.

4.2 Contact Data. Email address, telephone number, and postal address.

4.3 Professional Data. Employer, job role, organizational affiliation, and professional background.

4.4 Technical Data. IP address, device information, browser and operating system details, server logs, and API usage data.

4.5 Communications Data. Emails, support tickets, meeting records, and other correspondence.

4.6 Transactional Data. Agreements, contracts, payment records, invoices, and billing history.

4.7 Inferences. Preferences, engagement patterns, and usage analytics derived from the data above.

5. Sources of Data

We obtain personal data from the following sources:

Directly from you: Account registration, platform usage, communications, and transactions.
Enterprise partners: Clients, vendors, and business counterparties who share data in the course of commercial relationships.
Public and commercial sources: Publicly available information, professional networks, and commercial databases.
Service providers: Third-party tools and platforms that assist in operating our services.
APIs and integrations: Data received through platform integrations and API interactions.

6. Purposes of Processing

We process personal data for the following purposes:

Operating and maintaining our platforms and services
Managing user accounts and authentication
Establishing and managing business relationships
Conducting due diligence on potential partners, clients, and counterparties
Improving our products, services, and AI capabilities
Ensuring security, preventing fraud, and protecting against misuse
Complying with legal and regulatory obligations
Enforcing contracts, terms of service, and other agreements

7. Legal Basis for Processing (GDPR)

Where GDPR applies, we rely on the following legal bases:

Legitimate interests (Art. 6(1)(f)): Operating, securing, and improving our platforms and business relationships, where such interests are not overridden by the data subject's rights.
Contract performance (Art. 6(1)(b)): Processing necessary to fulfill contractual obligations or to take steps at the data subject's request prior to entering a contract.
Legal obligations (Art. 6(1)(c)): Processing required to comply with applicable laws, regulations, or court orders.
Consent (Art. 6(1)(a)): Where required, we obtain the data subject's consent before processing (e.g., optional data sharing features). Consent may be withdrawn at any time.

8. AI and Data Use

Luxedeum develops and operates AI-powered platforms. With respect to AI and personal data:

Personal data is not used to train AI models without a lawful basis for such processing.
Enterprise and partner data is not used for generalized AI training unless expressly agreed in writing.
Anonymized and aggregated data may be used to improve service quality and AI capabilities.
Users are responsible for ensuring they do not input restricted, sensitive, or third-party personal data into AI-powered features without appropriate authorization.

9. Disclosure of Data

We may disclose personal data to the following categories of recipients:

Affiliates: Entities within the Luxedeum corporate group.
Employees and contractors: Personnel who require access to perform their duties, subject to confidentiality obligations.
Cloud and infrastructure vendors: Service providers who host, process, or support our platforms (e.g., Cloudflare, Stripe, upstream AI providers).
Legal and accounting advisors: Professional advisors acting under professional privilege and confidentiality.
Counterparties: Business partners and clients in the context of commercial transactions.
Regulators and authorities: Government bodies, courts, and regulatory agencies where required by law.

We do not sell personal data to advertisers, data brokers, or any third party.

10. International Transfers

Luxedeum is based in the United States. Personal data may be transferred to, stored in, or processed in countries outside the data subject's jurisdiction. Where such transfers involve data protected by GDPR or similar frameworks, we rely on:

EU Standard Contractual Clauses (SCCs) and/or the UK International Data Transfer Addendum
Contractual protections with recipients requiring equivalent safeguards
Technical measures including encryption in transit and at rest

11. EU/EEA Representative

Luxedeum LLC is not established in the European Union or European Economic Area. Pursuant to Article 27 of the General Data Protection Regulation (GDPR), we have appointed an EU representative to serve as a point of contact for data subjects and supervisory authorities in the EU/EEA regarding our processing activities.

Our EU Representative can be contacted at: eu-representative@monstergaming.ai

The EU Representative is designated solely to serve as a contact point for data protection inquiries from data subjects located in the EU/EEA and from EU/EEA supervisory authorities. The appointment of the EU Representative does not establish Luxedeum LLC in the EU/EEA and does not affect the Company's obligations under GDPR.

12. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. Retention periods vary depending on the nature of the data, our relationship with the data subject, and applicable legal obligations.

If you are located in the EU, EEA, UK, or Switzerland, you have the following rights under GDPR:

Right of access — request a copy of the personal data we hold about you.
Right to rectification — correct inaccurate or incomplete personal data.
Right to erasure ("right to be forgotten") — request deletion of your personal data.
Right to restriction — limit how we process your data in certain circumstances.
Right to object — object to processing based on legitimate interests, including profiling.
Right to data portability — receive your personal data in a structured, commonly used, machine-readable format.

To exercise any of these rights, contact us at privacy@monstergaming.ai with the subject "GDPR Request." We will respond within 30 days.

14. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you the following rights:

Right to know what categories and specific pieces of personal information we have collected, used, disclosed, or sold/shared.
Right to delete personal information we have collected from you.
Right to correct inaccurate personal information.
Right to opt out of the sale or sharing of personal information.
Right to limit use of sensitive personal information.
Right to non-discrimination for exercising any of these rights.

Sale or sharing of personal information. Monster Gaming does not sell or share your personal information as those terms are defined under the CCPA/CPRA, including for cross-context behavioral advertising. We have not done so in the past 12 months and have no plans to do so.

How to exercise your rights. Email privacy@monstergaming.ai with the subject "California Privacy Request" and tell us which right you are exercising. We will verify your identity using information already associated with your account and respond within 45 days. You may use an authorized agent; we will require written authorization. We do not charge a fee or discriminate against users who exercise these rights.

15. Security

We implement appropriate technical and organizational measures to protect personal data, including:

Encryption in transit (TLS 1.3) and at rest
Role-based access controls (RBAC)
Continuous monitoring and logging
Incident response procedures
Vendor risk management

Our security practices are aligned with ISO 27001 standards.

16. Data Breach Response

In the event of a personal data breach, Luxedeum will:

Investigate the breach promptly and assess its scope and impact
Notify affected individuals and relevant supervisory authorities as required by applicable law
Cooperate with regulatory authorities during any investigation
Implement corrective measures to prevent recurrence

17. Third-Party Services

Our platforms may integrate with or link to third-party services, tools, and providers. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you interact with through our platforms.

18. Cookies and Tracking Technologies

Monster Gaming is committed to a privacy-first approach to cookies and tracking:

Cloudflare Turnstile: We use Cloudflare Turnstile, a privacy-preserving CAPTCHA alternative, to protect our platforms from bots and abuse. Turnstile does not use cookies for tracking and does not collect personal data for advertising purposes.
Cloudflare Web Analytics: We use Cloudflare Web Analytics for understanding site usage. This service is privacy-first by design: it does not use cookies, does not track individual users across sites, and does not collect personal data.
Essential session cookies: We use strictly necessary cookies to maintain your session, remember authentication state, and ensure platform functionality. These cookies are essential for the operation of our services and cannot be disabled.

Monster Gaming does not use advertising cookies, tracking cookies, or third-party marketing pixels. We do not engage in cross-site tracking or behavioral advertising.

19. Children's Data

Monster Gaming is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 16, we will take steps to delete such data promptly.

20. Consumer Health Data

Monster Gaming does not collect, process, store, or sell consumer health data as defined under applicable state privacy laws, including the Washington My Health My Data Act and similar legislation. Our platforms and services are not designed to process health-related information, and we do not infer health conditions or statuses from the data we collect.

21. Subprocessors

We engage the following categories of subprocessors to assist in providing our services. Each subprocessor is bound by contractual obligations to protect personal data in accordance with applicable law:

Cloud Infrastructure: Cloudflare (CDN, Workers, KV storage, Access authentication)
Payment Processing: Stripe (payment handling, billing, and subscription management)
AI Model Providers: Anthropic (Claude), Google (Gemini)
Analytics: Cloudflare Web Analytics (privacy-first, no cookies, no personal data collection)
Email: To be determined

A current and complete list of subprocessors, including specific entity names and processing locations, is available upon request. Contact privacy@monstergaming.ai with the subject "Subprocessor List" to receive the most up-to-date information. We will notify users of material changes to our subprocessor list.

22. Regional Supplemental Disclosures

The following supplemental disclosures apply to users in specific jurisdictions, in addition to the rights and information provided elsewhere in this policy.

22.1 Republic of Korea (PIPA)

If you are located in the Republic of Korea, the following disclosures apply under the Personal Information Protection Act (PIPA):

Domestic Representative in Korea. Luxedeum LLC is located outside the Republic of Korea. We are in the process of appointing a domestic representative in Korea. Until a domestic representative is formally appointed, Korean users may contact us for all privacy matters at: privacy@monstergaming.ai.

Korea Domestic Representative:
Entity: Monster Gaming Korea Representative (via legal partner)
Address: To be appointed
Contact: privacy@monstergaming.ai

Your Rights under PIPA. As a data subject in Korea, you have the following rights:

Right to confirmation of whether your personal information is being processed
Right to access your personal information
Right to request correction of inaccurate personal information
Right to request suspension of processing of your personal information
Right to request deletion of your personal information
Right to designate a legal representative to exercise your rights on your behalf

To exercise any of these rights, contact privacy@monstergaming.ai with the subject "Korea Privacy Request."

International Data Transfers (PIPA Article 17). Your personal information may be transferred to and processed in the United States, where Luxedeum LLC is established. The recipients of such transfers include Luxedeum LLC (for platform operation and service delivery) and cloud infrastructure providers (for hosting and data storage). We implement appropriate safeguards, including contractual protections and encryption, to protect your personal information during and after transfer.

Korean Language Privacy Policy. A Korean-language translation of this Privacy Policy will be made available at /ko/privacy.

22.2 Japan (APPI)

If you are located in Japan, the following disclosures apply under the Act on the Protection of Personal Information (APPI):

Handling Business Operator. Luxedeum LLC is the business operator handling your personal information under APPI.

Purpose of Use. We use personal information for the purposes described in Section 6 of this policy, including operating our platforms, managing accounts, providing customer support, improving services, ensuring security, and complying with legal obligations.

Joint Use and Third-Party Provision. We may jointly use personal information with affiliates within the Luxedeum corporate group for the purposes described in this policy. When providing personal information to third parties, we do so in accordance with APPI requirements, including obtaining consent where required or relying on applicable exceptions. The categories of third-party recipients are described in Section 9 (Disclosure of Data) and Section 21 (Subprocessors) of this policy.

Your Rights under APPI. As a data subject in Japan, you have the following rights with respect to your retained personal data:

Right to request disclosure of your personal information and purpose of use
Right to request correction, addition, or deletion of inaccurate personal information
Right to request cessation of use or erasure of personal information obtained improperly or used beyond the stated purpose
Right to request cessation of third-party provision of your personal information

To exercise any of these rights, contact privacy@monstergaming.ai with the subject "Japan Privacy Request."

22.3 Brazil (LGPD)

If you are located in Brazil, the following disclosures apply under the Lei Geral de Proteção de Dados (LGPD):

Legal Bases under LGPD. We process personal data of individuals in Brazil on the following legal bases, as applicable:

Consent (Art. 7, I): Where we obtain your freely given, informed, and unambiguous consent for specific processing activities.
Contract performance (Art. 7, V): Processing necessary for the execution of a contract or preliminary procedures related to a contract of which you are a party.
Legitimate interests (Art. 7, IX): Processing necessary for our legitimate interests or those of a third party, except where your fundamental rights and freedoms prevail.
Legal or regulatory obligation (Art. 7, II): Processing necessary for compliance with a legal or regulatory obligation.
Exercise of rights (Art. 7, VI): Processing necessary for the regular exercise of rights in judicial, administrative, or arbitration proceedings.

Your Rights under LGPD. As a data subject in Brazil, you have the following rights:

Right to confirmation of the existence of processing
Right to access your personal data
Right to correction of incomplete, inaccurate, or outdated personal data
Right to anonymization, blocking, or erasure of unnecessary, excessive, or non-compliant data
Right to portability of your personal data to another service or product provider
Right to information about public and private entities with which your data has been shared
Right to information about the possibility of denying consent and the consequences of such denial
Right to withdraw consent at any time
Right to request review of decisions made solely based on automated processing of personal data that affect your interests

To exercise any of these rights, contact privacy@monstergaming.ai with the subject "Brazil Privacy Request."

International Transfers. Your personal data may be transferred to the United States for processing. We rely on EU Standard Contractual Clauses (SCCs), adapted for LGPD compliance, and appropriate contractual and technical safeguards to protect your data during international transfers.

Complaints. If you believe that your personal data has been processed in violation of LGPD, you may lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD) at www.gov.br/anpd.

23. Changes to This Policy

We may update this privacy policy from time to time. The updated version will be posted with a new effective date. Where changes are material, we will communicate them directly to affected individuals via email or platform notification.

24. Contact

For privacy inquiries, data subject requests, or complaints:

Luxedeum LLC
595 Cliff View Drive
Reno, NV 89523, USA
Email: privacy@monstergaming.ai

25. Data Protection Officer

Luxedeum LLC has designated a Data Protection Officer to oversee compliance with applicable data protection laws and to serve as a point of contact for data subjects and supervisory authorities:

Data Protection Officer
Email: privacy@monstergaming.ai

You may contact the Data Protection Officer with any questions or concerns about how your personal data is processed, or to exercise your data protection rights.

26. Governing Law

This policy shall be governed by the laws of the State of Nevada, USA, except where overridden by mandatory data protection laws applicable to the data subject (including GDPR and CCPA/CPRA).

27. Executive Summary

Luxedeum LLC collects and processes personal data to operate its platforms, manage business relationships, and comply with applicable law. We maintain strong security measures aligned with ISO 27001. We do not sell personal data. We respect the rights of data subjects under GDPR, CCPA/CPRA, and other applicable privacy frameworks. For questions or requests, contact privacy@monstergaming.ai.

For personal data not obtained directly from the data subject

Short-Form Notice: Your personal data may be collected indirectly by Luxedeum from third parties or business partners and processed for legitimate business purposes, including evaluating and managing business relationships. The Company acts as data controller and processes such data in accordance with GDPR Article 14. You have the right to access, correct, or object to processing of your data. For more information, contact privacy@monstergaming.ai.

Data Controller

Luxedeum LLC
595 Cliff View Drive
Reno, NV 89523, USA
Data Protection Officer — privacy@monstergaming.ai

Categories of Personal Data

We may process the following categories of personal data obtained from sources other than the data subject:

Identification data: Name, professional title, organizational role
Contact data: Email address, telephone number, business address
Professional data: Employer, job function, professional affiliations
Communications data: Business correspondence, meeting records, referral information
Technical data: IP address, platform usage data, API interaction logs
Transaction data: Contract details, payment records, business agreements

Sources of Data

Personal data covered by this notice may be obtained from:

Business partners and enterprise clients
Professional referrals and introductions
Public and commercially available sources (e.g., company websites, professional directories)
Professional networks and industry events
Legal, financial, and professional advisors

Purposes of Processing

We process indirectly obtained personal data for the following purposes:

Establishing and managing business relationships
Conducting due diligence on potential partners, clients, and counterparties
Performing and managing contractual obligations
Maintaining accurate business records
Ensuring security and preventing fraud
Complying with legal and regulatory obligations
Pursuing legitimate business interests

Legal Basis

Processing of indirectly obtained personal data relies on:

Art. 6(1)(f) — Legitimate interests: Business development, intellectual property protection, operational efficiency, and cybersecurity, where such interests are not overridden by the data subject's rights and freedoms.
Art. 6(1)(b) — Contract performance: Processing necessary for the performance of a contract to which the data subject is party, or to take steps at the data subject's request prior to entering into a contract.
Art. 6(1)(c) — Legal obligation: Processing necessary for compliance with legal obligations to which Luxedeum is subject.

Legitimate Interests Pursued

Where we rely on legitimate interests as a legal basis, those interests include:

Business development and relationship management
Protection of intellectual property rights
Operational efficiency and service improvement
Cybersecurity and fraud prevention

Recipients of Data

Indirectly obtained personal data may be disclosed to:

Affiliates within the Luxedeum corporate group
Employees and contractors with a need to know
Legal, financial, and professional advisors
Cloud and infrastructure service providers
Business counterparties in the context of transactions
Regulatory authorities where required by law

International Transfers

Personal data may be transferred outside the EU/EEA. Where such transfers occur, we rely on EU Standard Contractual Clauses (SCCs) and/or the UK International Data Transfer Addendum to ensure adequate protection.

Retention

We retain indirectly obtained personal data only as long as necessary to fulfill the purposes described above, unless a longer retention period is required or permitted by law.

Data Subject Rights

Under GDPR, you have the right to:

Access the personal data we hold about you
Rectification of inaccurate or incomplete data
Erasure of your personal data ("right to be forgotten")
Restriction of processing in certain circumstances
Data portability — receive your data in a structured, machine-readable format
Object to processing based on legitimate interests
Not be subject to automated decision-making, including profiling, that produces legal or similarly significant effects

Right to Object

You have the right to object to the processing of your personal data based on legitimate interests at any time. Upon receiving an objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

Right to Lodge a Complaint

You have the right to lodge a complaint with your national data protection supervisory authority if you believe that our processing of your personal data violates applicable data protection law.

Automated Decision-Making

We do not currently engage in automated decision-making or profiling that produces legal or similarly significant effects concerning individuals whose data was obtained indirectly.

Timing of Notice

This notice is provided within one month of obtaining the personal data, or at the time of first communication with the data subject, whichever is earlier. Where the data is to be disclosed to a third party, this notice is provided no later than when the data is first disclosed.

Exceptions

Certain exceptions to the obligation to provide this notice may apply under GDPR Article 14(5), including where:

The data subject already has the information
Providing the information would be impossible or involve disproportionate effort
Obtaining or disclosure is expressly required by EU or Member State law
The data is subject to professional secrecy obligations

Security Measures

We protect indirectly obtained personal data through:

Access controls and role-based permissions
Encryption in transit and at rest
Continuous monitoring and audit logging
Information security policies and procedures aligned with ISO 27001

For questions about this Article 14 notice or to exercise your rights, contact: privacy@monstergaming.ai