We host our core components in Germany and operate in line with the GDPR. No advertising trackers, no data sales, no behavioural profiles.
What we store
LUVEX stores only what the platform needs to function:
| Data type | Purpose | Where |
|---|---|---|
| Account data (email, name) | Login + contact | PostgreSQL (Germany) |
| Profile data (bio, avatar — optional) | Expert profile display | PostgreSQL + object storage (Germany) |
| Forum posts + RFQs | Community contributions | PostgreSQL (Germany) |
| Newsletter subscription | Mailing list | PostgreSQL (Germany) |
| Saved simulator configurations | Reusing your designs | PostgreSQL (Germany) |
| Manufacturer-directory data | Public knowledge base | PostgreSQL (Germany) |
No behavioural tracking cookies. No third-party advertising pixels. No disclosure to third parties for marketing purposes.
Where our servers are located
Primary hosting location: Germany.
Specifically:
- Application server (SvelteKit web app) — server in Germany
- Database (PostgreSQL for accounts / forum / manufacturer directory / knowledge hub) — same server
- File storage (object storage for article images, manufacturer logos, profile avatars) — same server
- UV Simulator (separate application at
simulator.luvex.tech) — same server
This means the core data (everything you actively enter or upload as a user) is physically located in Germany and falls directly under German data-protection law.
External components — what we make transparent
Not every building block runs inside our German hosting. Wherever we use external services, we document this openly:
Email delivery
- Service: Google Workspace SMTP (delivery of newsletter confirmations and system notifications)
- Location: Google Ireland (EU)
- Legal basis: Data processing agreement with Google. Email addresses are passed to Google at the moment of delivery.
- Alternative: If you want to avoid this — please do not subscribe to the newsletter, and check forum replies by visiting the platform directly instead of relying on email notifications.
Sign in with Google (optional)
- Service: Google OAuth 2.0
- What happens: If you choose the "Sign in with Google" button, you authenticate with Google and Google confirms your email address to LUVEX. We receive email, name and profile-picture URL — nothing more.
- Alternative: Classic email/password sign-in — no contact with Google.
Fonts and icons
- Service: no third-party fonts (Google Fonts or similar). We use system fonts and our own brand typeface (JetBrains Mono).
- Icons: inline SVG, no external icon fonts.
What we do not do
- No behavioural tracking — we do not measure which pages you visit in which order, how long you stay on a page, or what you click. No heatmaps, no session recording.
- No advertising tracking — no Facebook pixels, no Google Ads conversion trackers, no LinkedIn Insight tags.
- No data sales — we do not sell email addresses, forum posts or profile data to third parties. Full stop.
- No third-country transfer of core data — the database is located in Germany, and any replicas, should they ever be created, remain within the EU.
Your GDPR rights
Under the GDPR you have, at any time, the right to:
- Access — find out what we have stored about you (Art. 15 GDPR)
- Rectification — have inaccurate data corrected (Art. 16 GDPR)
- Erasure — have your account and data deleted (Art. 17 GDPR, the "right to be forgotten")
- Restriction — have processing paused (Art. 18 GDPR)
- Data portability — receive your data as an export (Art. 20 GDPR)
- Objection — object to processing (Art. 21 GDPR)
- Complaint — lodge a complaint with the competent supervisory authority (Art. 77 GDPR)
Please send requests by email to support@luvex.tech. We respond within the statutory time limit — under Art. 12(3) GDPR this is one month, extendable by a further two months for complex requests.
Cookies and sessions
LUVEX uses strictly necessary cookies for:
- Session cookie (
luvex.session_token) — login status for the.luvex.techdomain. Shared cross-subdomain withsimulator.luvex.techso you do not have to sign in twice.
No marketing, tracking or third-party cookies.
This is why there is also no cookie banner in the classic sense — if you are signed in, you know a session cookie is set; if you are not, there are no cookies to accept.
Changes to this page
We are continuously extending LUVEX (forum, knowledge platform, manufacturer directory, expert articles). When new components introduce new data processing, we document it here transparently and communicate it to active users by email.
Last updated: 2026-05-01.
Contact
- Data-protection requests: support@luvex.tech
- Controller within the meaning of Art. 4(7) GDPR: see the legal notice
- Supervisory authority (complaint under Art. 77 GDPR): depends on the German federal state of your residence — list available on the BfDI website.
Cross-references
- Standards & Certifications — regulatory framework across UV engineering
- Welcome to UV Engineering — orientation for the LUVEX knowledge base
Sources
- Regulation (EU) 2016/679 (General Data Protection Regulation), EUR-Lex — authoritative text of Articles 12, 15–18, 20, 21 and 77 cited above.