Draft notice: This Privacy Policy is provided for review and will be finalized prior to public paid service launch. Questions or feedback: [email protected].
1. Who we are
LuzardoFax is a US-based online fax service based in Miami, FL. This Privacy Policy explains what personal information we collect when you use luzardofax.com (the "Service"), how we use it, and your rights regarding it.
2. Information we collect
Account information
When you sign up, we collect: your name, email address, company name, industry, and password (stored as a bcrypt hash). We never see your plaintext password.
Payment information
Billing is processed by our payment provider (Stripe). LuzardoFax does not see or store your full credit card details. We store only billing metadata (last 4 digits, brand, expiration) and Stripe customer/subscription IDs.
Fax content
Fax PDFs that you send or receive are stored in encrypted form on our infrastructure. We treat fax content as your data — we don't read, mine, or use it for any purpose other than providing the Service. See our BAA for HIPAA-specific commitments regarding Protected Health Information.
Usage data
To operate the Service, we log: IP addresses, browser user agent, timestamps of logins and fax events, audit log entries (account changes, settings changes), and aggregated usage metrics (number of pages sent/received per month).
Communications
If you contact us by email or form, we keep a record of the message and our reply, indexed by your email address, for support history.
3. How we use your information
- To provide the Service — sending and receiving faxes, sending notifications, providing the user interface and account management
- To bill you — issuing invoices, processing payments via Stripe
- To support you — responding to your questions and troubleshooting issues
- To improve the Service — analyzing aggregated usage data (never individual fax content) to identify reliability issues and feature opportunities
- To comply with law — responding to subpoenas, court orders, regulatory requests where legally required
- To maintain security — investigating fraud, abuse, and security incidents
4. What we do NOT do
- We do not sell your personal information to anyone
- We do not share your data with advertisers or marketing networks
- We do not read the content of your faxes
- We do not train AI models on your fax content or PHI
- We do not use tracking pixels or third-party analytics that build behavioral profiles
5. Subprocessors
To provide the Service, we share specific data with the following service providers:
- Vultr (cloud infrastructure, US) — stores encrypted data at rest
- Telnyx (fax transport, US) — receives fax payloads in transit to/from PSTN
- SendGrid (transactional email, US) — sends notification emails on our behalf
- Stripe (payment processing, US) — handles your billing details
- Cloudflare (CDN / DDoS protection, global edge) — caches static assets only; never caches PHI or fax content
- Anthropic (AI chat assistant on luzardofax.com) — receives only your chat messages with the landing page assistant. Never receives faxes, account data, or PHI.
6. Data retention
- Account data — retained while your account is active, plus 30 days read-only after cancellation
- Faxes and audit logs — 7 years (HIPAA standard) from the transmission date
- Billing records — 7 years for tax and accounting
- Support emails — 3 years for support history
- Logs (server logs without PHI) — 90 days
7. Your rights
You have the right to:
- Access your personal information — request a copy by emailing us
- Correct inaccurate information — most account data is editable in your settings
- Delete your account — one-click cancellation in your settings
- Export your fax history and audit logs in CSV format
- Restrict processing in certain circumstances
- Lodge a complaint with a data protection authority (where applicable)
To exercise any of these rights, email [email protected].
8. Security
We implement administrative, physical, and technical safeguards to protect your information. See our Security page for full details: AES-256 encryption at rest, TLS 1.3 in transit, audit logging, role-based access controls, optional 2FA, and US-based data storage.
9. Children's privacy
The Service is intended for business users 18 and older. We do not knowingly collect information from children under 13. If you believe a child has provided personal information, contact us at [email protected] and we will delete it.
10. International users
LuzardoFax operates primarily in the United States and Canada. Data is stored in US-based data centers (Miami, FL). If you access the Service from outside the US/Canada, you consent to the transfer of your information to the US.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email at least 30 days before taking effect. The "Last Updated" date at the top of this page indicates the most recent revision.
12. Contact us
For privacy questions, data requests, or concerns:
- Email: [email protected]
- Mail: LuzardoFax · Miami, FL · United States