Privacy Policy

Altrera Industries ("we", "us") is committed to protecting your personal data. This policy explains what information we collect, how we use it, and your rights regarding that information when you use Lustre.

We collect information you provide directly:

• —Account details — name, email address, password hash
• —Business information — company name, address
• —Client and job data you enter into the Service
• —Property access credentials — alarm codes, key safe combinations, gate codes, and entry instructions stored against client properties (encrypted at rest; accessible only to authorised personnel)
• —Payment information (handled by Stripe — we do not store card details)

We also collect information automatically:

• —Log data — IP address, browser type, pages visited, timestamps
• —Device information — operating system, screen size
• —Usage analytics via PostHog (see §6)

• —Provide, operate, and improve the Service
• —Process transactions and send related notices
• —Respond to support requests
• —Send product updates and marketing (you may opt out at any time)
• —Detect and prevent fraud or abuse
• —Comply with legal obligations

We process your personal data under the UK GDPR and the Data Protection Act 2018. Our legal bases are: contract performance (to provide the Service), legitimate interests (security, analytics), consent (marketing), and compliance with a legal obligation.

We do not sell your personal data. We share data only with service providers acting on our behalf (see our Subprocessors list) and when required by law.

We use PostHog for product analytics. PostHog may set cookies and process usage data to help us understand how the Service is used. You can opt out via our Cookie Policy.

We retain your data for as long as your account is active or as needed to provide the Service. After account deletion we purge personal data within 90 days, except where retention is required by law.

Access audit logs — records of who viewed property access credentials and when — are retained for a minimum of 24 months to support security incident investigation and compliance obligations.

Under the UK GDPR you have the right to access, rectify, erase, or restrict processing of your personal data, as well as the right to data portability and to object to processing. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. Submit data requests to privacy@altrera.com.

We use cookies and similar technologies. See our Cookie Policy for details.

Your data may be transferred to and processed in countries outside the UK. Where required, we rely on the UK International Data Transfer Agreement (IDTA) or another mechanism approved by the ICO.

We may update this policy periodically. We will notify you of material changes by email or in-app notice.

For privacy enquiries contact us at privacy@altrera.com.