Privacy Policy

Effective date: 07 November 2025

Luarc Technology Private Limited ("Luarc", "we", "us", or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit www.luarc.com (the "Site"), use our products and services—including our video management platform (VMS), Automatic Number Plate Recognition (ANPR), traffic violation detection, radar/speed enforcement analytics, smart city integrations, and related mobile/desktop applications (collectively, the "Services").

By using the Site or Services, you agree to the practices described in this Privacy Policy. Where required by law, we will seek your consent separately. If you do not agree, please do not use the Site or Services.

1. Who we are

Controller/Entity: Luarc Technology Private Limited
Registered office: H No 265, Goncoi, Aldona, Goa 403508, India. Contact (general privacy): privacy@luarc.com
Data Protection Officer / Grievance Officer (India): Clivert Britto, dpo@luarc.com / grievance@luarc.com

2. Scope

This Policy applies to:

  • Visitors to our Site.
  • Prospective, current, and former customers, partners, vendors, and their personnel.
  • End-users of our applications and dashboards.
  • Individuals whose personal information may be processed by our customers through our Services (e.g., vehicle occupants, drivers, pedestrians captured by customer-controlled cameras and sensors). For these deployments, Luarc typically acts as a data processor/service provider and our customers act as the controller/business. We process such data only on documented instructions from the customer, pursuant to our Data Processing Addendum ("DPA").

This Policy does not apply to third-party websites, services, or integrations that we do not own or control.

3. Information we collect

3.1 Information you provide to us directly

  • Account and profile data: name, email, phone, role, organization, login credentials, multi-factor authentication data.
  • Business and contract data: billing details, GST/VAT numbers, addresses, signatures, purchase orders, support tickets.
  • Communications: emails, chats, meeting recordings where you consent and applicable law permits.
  • Recruitment: CV/resume, qualifications, references, interview notes.

3.2 Information we process for customers (processor context)

Depending on how the customer configures the Services, data may include:

  • Video and images from customer-controlled cameras (fixed/mobile bodycams, dashcams), including footage of public spaces.
  • ANPR/ALPR outputs (vehicle number plates, confidence scores, timestamps, geolocation, lane/segment metadata).
  • Traffic enforcement analytics (red-light/stop-line violations, overspeeding events, no-helmet, seatbelt, wrong-way, etc.), including cropped evidentiary frames.
  • Sensor/IoT telemetry (radar returns, loop detectors, LiDAR/RF, edge-device logs), device identifiers, and health metrics.
  • Event logs (user activity, audit trails, configuration changes) and case files generated within the VMS.

Important: Our customers are responsible for configuring notice signage, defining retention, enabling privacy safeguards (masking, low-light privacy, zones), and ensuring a lawful basis for processing. Luarc provides features (e.g., privacy zones, hashing, role-based access) to support compliance but does not control how customers use them.

3.3 Information we collect automatically (controller context)

  • Usage data: pages viewed, links clicked, referring/exit pages, timestamps.
  • Device and network data: IP address, device type, OS, browser, mobile identifiers, language, approximate location.
  • Cookies and similar technologies: pixels, SDKs, local storage. See the Cookies section below.

3.4 Information from third parties

  • Partners and providers: identity verification, fraud prevention, analytics, payment processors, cloud hosting providers.
  • Public and regulatory sources: corporate registries, government databases, sanction lists (for KYC if applicable).

4. How we use personal information

4.1 When we act as controller

We use your information to:

  • Provide, secure, and improve the Site and our direct-to-user features.
  • Respond to inquiries, provide demos, proposals, and support.
  • Manage accounts, contracts, billing, and collections.
  • Send administrative messages, product updates, and—with your consent or as permitted by law—marketing communications.
  • Detect, investigate, and prevent security incidents, fraud, abuse, and violations of our terms.
  • Comply with legal obligations and exercise/defend legal claims.

4.2 When we act as processor/service provider

We process personal information only to deliver the Services under our agreements with customers, including to:

  • Ingest and analyze footage and telemetry for ANPR, traffic enforcement, and safety analytics.
  • Generate alerts, case files, evidence packages, and chain-of-custody artifacts.
  • Provide role-based access control, audit logging, and system administration.
  • Monitor performance, reliability, and security of the platform.
  • Train or fine-tune models only where expressly permitted by contract and subject to de-identification or consent as applicable. By default, we do not use customer data to train foundation models or for unrelated product development.

4.3 Legal bases (GDPR/UK GDPR)

  • Performance of a contract (Art. 6(1)(b))
  • Legitimate interests (Art. 6(1)(f))—e.g., to secure our Services, prevent abuse, and improve features (balanced against your rights).
  • Consent (Art. 6(1)(a))—for certain cookies/marketing or where required by local law.
  • Legal obligations (Art. 6(1)(c)).
  • Public interest (Art. 6(1)(e)) where applicable for law-enforcement deployments controlled by public authorities.

4.4 Grounds under India’s Digital Personal Data Protection Act, 2023 (DPDP)

We rely on consent or legitimate uses under applicable rules/notifications. When acting as a data fiduciary, we honor data principal rights described below.

5. Sharing and disclosure

We may share personal information with:

  • Service providers/sub-processors that host, store, analyze, or support the Services (e.g., cloud infrastructure, CDN, support tooling). We require contractual safeguards, confidentiality, and security. A current list of sub-processors is available at www.luarc.com/subprocessors.
  • Customers and their authorized users (in processor context), consistent with their role/permissions.
  • Partners and integrators involved in delivering a joint solution, under appropriate agreements.
  • Professional advisors (lawyers, auditors, insurers) under confidentiality.
  • Authorities where required by law, lawful process, or to protect rights, safety, and property. We challenge unlawful or overbroad requests.
  • Corporate transactions: if we undergo a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of the transaction, subject to continuity of protections.

We do not sell personal information. We do not share information for cross-context behavioral advertising without your consent where required by law.

6. International data transfers

Your information may be transferred to and processed in countries other than your own (e.g., India, the EU, the UK, the United States). Where required, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs), UK Addendum, or other transfer mechanisms, plus technical and organizational measures.

7. Data retention

  • In processor deployments, retention is controlled by the customer’s configuration or applicable law/contract. We delete or return customer data at contract end or upon documented request, subject to legal holds.
  • In controller contexts (e.g., website analytics, account data), we retain information only as long as necessary for the purposes set out in this Policy, to comply with legal obligations, resolve disputes, and enforce agreements. Typical periods range from 90 days to 7 years, depending on record type.

8. Security

We apply industry-standard administrative, technical, and physical safeguards, including: role-based access controls, encryption in transit and at rest (where applicable), network segmentation, secure development practices, vulnerability management, logging/monitoring, and employee training. No system is perfectly secure; if we detect a breach impacting your data, we will notify you and regulators as required by law and contract.

9. Your rights

Your rights depend on your location and role:

9.1 If we are the controller for your data

You may have rights to access, correct, delete, restrict, object, port, or withdraw consent. To exercise these, contact privacy@luarc.com. We may verify your identity and may deny requests where exceptions apply.

9.2 If we are the processor

Please direct requests to the relevant customer/controller (e.g., your municipality, police department, or organization). We will support the controller in fulfilling verified data subject requests pursuant to our DPA.

9.3 Jurisdictional details

  • EU/UK GDPR: You may lodge a complaint with your supervisory authority.
  • India (DPDP 2023): You may appeal to our Grievance Officer at grievance@luarc.com. If unresolved, you may escalate per applicable rules/Board mechanisms when notified by the Government of India.
  • California (CCPA/CPRA): Residents have rights to know, delete, correct, and opt out of "sale"/"sharing" of personal information. Luarc does not sell personal information.

10. Cookies & similar technologies

We use cookies, SDKs, and similar technologies to operate the Site, remember preferences, measure performance, and secure the Services. Where required, we obtain consent via a banner or settings panel. You can manage cookie preferences in your browser or our Cookie Settings link. Blocking some cookies may impact functionality.

Types:

  • Strictly necessary (authentication, load balancing, security)
  • Functional (preferences, localization)
  • Analytics (usage measurement, product improvement)
  • Marketing (with consent, for Luarc campaigns only)

11. Children’s privacy

Our Site and Services are not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact privacy@luarc.com to request deletion.

12. Product- and deployment-specific notices

Depending on your configuration, additional terms may apply:

  • CCTV signage & notice obligations: Customers must deploy legally compliant signage and notices at capture points. Luarc can provide templates.
  • Privacy features: masking/obfuscation, retention schedules, hashing, case redaction, export watermarks, role-based access, and geo-fencing can be enabled by the customer.
  • Law‐enforcement/e-Governance: Where required by law, captures may be matched with vehicle registries to generate challans/citations. Controllers must ensure lawful basis and proportionality.
  • Edge processing: In many deployments, analytics occur on-device or within the customer’s network to minimize data transfer and exposure.

13. Third-party services and links

Our Site may link to third-party sites and services. Their privacy practices are governed by their own policies. We are not responsible for their content or privacy actions.

14. Changes to this Policy

We may update this Policy from time to time. The "Effective date" above reflects the latest version. Material changes will be notified via the Site, email, or in-product notices. Your continued use after the update means you accept the revised Policy.

15. Contact us

For questions or requests:

Email: privacy@luarc.com
Postal: Privacy Office, Luarc Technology Private Limited, [Insert address], Goa, India 403XXX

16. Addenda

16.1 India (DPDP 2023) Addendum

  • Data fiduciary: Where Luarc determines the purpose and means of processing (e.g., website analytics), we are a data fiduciary and honor data principal rights under DPDP.
  • Consent & legitimate use: We obtain consent where required (e.g., marketing/certain cookies) and rely on legitimate uses recognized by rules/notifications for security and fraud prevention.
  • Grievance redressal: Contact grievance@luarc.com; we aim to respond within 15 days.
  • Storage limitation: We apply retention aligned with purpose limitation and legal requirements.

16.2 EU/UK GDPR Addendum

  • Controller/Processor roles: Defined in Section 2.
  • Transfers: SCCs/UK Addendum in place where applicable.
  • Data Subject Requests: Submit to privacy@luarc.com; we respond within 30 days (extendable where allowed).

16.3 California (CCPA/CPRA) Notice at Collection

  • Categories collected: identifiers (e.g., IP, device IDs), internet activity (usage data), geolocation (approximate), professional information (account/contract data), inference data (for analytics), and—when processed for customers—audio/visual information (video/images) as a service provider.
  • Purposes: as outlined in Sections 4 and 10.
  • Retention: as outlined in Section 7.
  • Sale/Share: We do not sell or share personal information for cross-context behavioral advertising.
  • Sensitive personal information: processed only as necessary to provide the Services or as permitted by law.

17. Glossary (plain language)

  • Controller / Data fiduciary: Entity that decides why and how personal information is processed.
  • Processor / Service provider: Entity that processes personal information on behalf of a controller/fiduciary.
  • Personal information / Personal data: Any information that identifies or relates to an identifiable individual.
  • Special category data / Sensitive personal data: Data that requires additional protection under law (e.g., biometrics). Luarc does not intentionally process biometrics unless expressly agreed and lawful.

18. Data Processing Addendum (DPA)

For customer deployments, our standard DPA (including sub-processor list and security controls) is available upon request at legal@luarc.com or via your account executive. Customers may execute the DPA to meet GDPR/UK/DPDP/CCPA requirements.

This Privacy Policy is intended to provide transparency about our practices and does not constitute legal advice. For legal interpretation or compliance planning, please consult your counsel.