Introduction

Luxora ("we," "our," or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our skincare ingredient analysis application and website (collectively, the "Service").

This policy complies with the General Data Protection Regulation (GDPR) and other applicable European Union and local privacy laws.

Data Controller

For the purposes of GDPR, Luxora is the data controller. You can contact us at:

Email: privacy@luxora.app
Address: [Company Address - TBD]

Information We Collect

Information You Provide

Account Information: Email address, name (if provided), preferences
Scanned Products: Images and data from skincare products you scan (stored locally on your device by default)
Communications: Messages you send to us, feedback, support requests
Marketing Preferences: Your choices regarding marketing communications

Information Automatically Collected

Usage Data: How you interact with our Service, features used, time spent
Device Information: Device type, operating system, unique device identifiers
Log Data: IP address, browser type, access times, pages viewed
Analytics Data: Aggregated usage statistics (anonymized)

Information from Third Parties

Authentication Services: Information from social login providers (if used)
Payment Processors: Transaction data (we do not store payment card information)

How We Use Your Information

We process your personal data for the following purposes:

Service Provision (Contractual Basis)

Providing ingredient analysis and safety scores
Maintaining your account and preferences
Processing transactions
Providing customer support

Legitimate Interests

Improving our Service and developing new features
Analyzing usage patterns to enhance user experience
Preventing fraud and ensuring security
Conducting research and analytics

Legal Compliance

Complying with applicable laws and regulations
Responding to legal requests and court orders
Protecting our rights and interests

Consent (Where Required)

Marketing communications (you can opt-out at any time)
Optional data collection for enhanced features
Cookies and tracking technologies

Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

Service Providers

We may share data with trusted third-party service providers who assist in operating our Service, such as cloud hosting, analytics, and payment processing. These providers are contractually bound to protect your data.

Legal Requirements

We may disclose information if required by law, regulation, or legal process, or to protect the rights, property, or safety of Luxora, our users, or others.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

Aggregated Data

We may share anonymized, aggregated data for research, industry analysis, or other business purposes.

Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Account Data: Until you delete your account, plus 30 days for backup recovery
Usage Data: Typically 2 years for analytics purposes
Marketing Data: Until you unsubscribe or object
Legal Requirements: As required by applicable law

After the retention period, we securely delete or anonymize your personal data.

Your Rights Under GDPR

If you are located in the European Union, you have the following rights:

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances.

Right to Restrict Processing

You can request that we limit how we process your personal data.

Right to Data Portability

You can request a copy of your data in a machine-readable format.

Right to Object

You can object to processing based on legitimate interests or for marketing purposes.

Right to Withdraw Consent

You can withdraw consent for processing based on consent at any time.

To exercise these rights, contact us at privacy@luxora.app. We will respond within 30 days.

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Encryption in transit and at rest
Regular security assessments and updates
Access controls and authentication
Employee training on data protection
Incident response procedures

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

International Data Transfers

Your data may be transferred to and processed in countries outside the European Union. We ensure adequate protection through:

Adequacy decisions by the European Commission
Standard Contractual Clauses (SCCs)
Binding Corporate Rules
Other approved transfer mechanisms

Cookies and Tracking

We use cookies and similar technologies to enhance your experience. You can control cookies through your browser settings. Essential cookies are necessary for the Service to function.

For detailed information about our cookie practices, see our Cookie Policy.

Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will delete the data promptly.

Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "last modified" date.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@luxora.app
Subject Line: "Privacy Inquiry"

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal data appropriately.