Privacy Policy - Luxmia AI

Effective Date: January 12, 2026

1. Introduction

Suizhou Yilan Network Technology Co., Ltd. (referred to herein as "we," "us," "our," or the "Company") is the operator and data controller of the Luxmia AI mobile application (the "Application" or "App"). This Privacy Policy (the "Policy") constitutes a legally binding agreement between you and the Company regarding the collection, processing, storage, disclosure, and protection of your personal information and data when you access, download, install, or use the Application and related services (collectively, the "Service").

This Policy is designed to comply with applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy legislation. We are committed to maintaining the highest standards of data protection and privacy.

By accessing, downloading, installing, or using the Service, you acknowledge that you have read, understood, and unconditionally agree to be bound by the terms and conditions set forth in this Policy. If you do not agree with any provision of this Policy, you must immediately discontinue all use of the Service and uninstall the Application from your device.

2. Definitions

For the purposes of this Policy, the following terms shall have the meanings ascribed to them:

"Personal Information" means any information relating to an identified or identifiable natural person, including but not limited to name, email address, device identifiers, IP address, and biometric data.
"Processing" means any operation performed on Personal Information, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, alignment, combination, restriction, erasure, or destruction.
"Data Controller" means the entity that determines the purposes and means of processing Personal Information.
"Data Processor" means the entity that processes Personal Information on behalf of the Data Controller.

3. Information We Collect

3.1 Information You Provide

We may collect and process the following categories of Personal Information that you voluntarily provide to us:

Account registration information, including but not limited to username, email address, and password (encrypted);
User-generated content, including photographs, images, videos, and other media files that you upload or create through the Service;
Communications and correspondence with our support team;
Payment and billing information, processed through secure third-party payment processors;
Preferences and settings that you configure within the Application.

3.2 Automatically Collected Information

When you use the Service, we may automatically collect certain technical information, including:

Device information, including device model, operating system version, unique device identifiers, mobile network information, and hardware specifications;
Usage data, including features accessed, time spent on the Service, interaction patterns, and performance metrics;
Log data, including Internet Protocol (IP) addresses, browser type, access times, pages viewed, and referring website addresses;
Location data, if you grant permission for location services (collected with your explicit consent);
Crash reports and error logs to facilitate troubleshooting and improve service stability.

3.3 Biometric and Facial Data

Facial Recognition Data Collection: When you utilize certain features of the Application that require facial analysis (such as face-swapping, face-morphing, or similar face effects), we process biometric data extracted from photographs you submit. This processing is limited to:

Detection and analysis of facial feature points (including but not limited to eye position, nose position, mouth position, and facial contours);
Temporary processing necessary to generate the requested effect or functionality;
No creation or maintenance of facial recognition databases;
No storage of facial templates for identification or authentication purposes;
Automatic deletion of facial data upon completion of processing, subject to the retention periods specified in Section 5 below.

4. Legal Basis for Processing

We process your Personal Information based on the following legal grounds:

Consent: Where you have provided explicit, informed, and freely given consent to the processing of your Personal Information for specific purposes;
Contractual Necessity: Where processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract;
Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject;
Legitimate Interests: Where processing is necessary for our legitimate business interests, such as improving the Service, preventing fraud, or ensuring security, provided that such interests are not overridden by your fundamental rights and freedoms;
Vital Interests: Where processing is necessary to protect the vital interests of you or another natural person.

5. How We Use Your Information

We use the Personal Information we collect for the following purposes:

To provide, maintain, operate, and improve the Service and its features;
To process your transactions and manage your account;
To communicate with you regarding the Service, including responding to your inquiries and providing customer support;
To send you administrative information, such as updates to this Policy or our Terms of Use;
To detect, prevent, and address technical issues, security breaches, fraud, or other illegal activities;
To comply with legal obligations and enforce our legal rights;
To conduct analytics and research to improve user experience and develop new features;
To personalize your experience and provide content and features tailored to your preferences.

6. Data Retention

We retain your Personal Information only for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. Our retention practices are as follows:

Account information: Retained for the duration of your account's active status and for a period of thirty (30) days following account deletion, unless legal obligations require longer retention;
User-generated content: Retained until you delete such content or your account is terminated, subject to backup retention periods not exceeding ninety (90) days;
Facial and biometric data: Deleted immediately upon completion of processing, with temporary storage not exceeding seventy-two (72) hours for technical processing purposes;
Log data and analytics: Retained for a period of twelve (12) months, after which it is anonymized or deleted;
Payment information: Retained as required by applicable financial regulations and tax laws, typically for a period of seven (7) years.

7. Data Sharing and Disclosure

7.1 Third-Party Service Providers

We may engage third-party service providers, contractors, and business partners (collectively, "Service Providers") to perform functions on our behalf, including:

Cloud storage and hosting services (including Amazon Web Services);
Payment processing services;
Analytics and performance monitoring services;
Customer support and communication platforms;
Content delivery networks and infrastructure providers.

These Service Providers are contractually bound to process Personal Information solely for the purposes specified by us, to maintain appropriate security measures, and to comply with applicable data protection laws. They are prohibited from using your Personal Information for any other purpose.

7.2 Legal Requirements

We may disclose your Personal Information if required to do so by law or in response to valid requests by public authorities, including but not limited to:

Compliance with court orders, subpoenas, or other legal processes;
Responding to government or regulatory agency requests;
Enforcing our Terms of Use or other agreements;
Protecting our rights, property, or safety, or that of our users or others;
Preventing or investigating potential fraud, security threats, or illegal activities.

7.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets, your Personal Information may be transferred to the acquiring entity, subject to the same privacy protections set forth in this Policy.

8. Data Security

We implement industry-standard technical and organizational security measures designed to protect your Personal Information against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

Encryption of data in transit using Transport Layer Security (TLS) protocols;
Encryption of sensitive data at rest using Advanced Encryption Standard (AES) algorithms;
Regular security assessments and penetration testing;
Access controls and authentication mechanisms;
Secure coding practices and vulnerability management;
Employee training on data protection and privacy;
Incident response procedures and breach notification protocols.

Notwithstanding these measures, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your Personal Information, we cannot guarantee absolute security. You acknowledge and agree that you provide Personal Information at your own risk.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your Personal Information:

Right of Access: You may request access to and receive a copy of your Personal Information that we hold;
Right to Rectification: You may request correction of inaccurate or incomplete Personal Information;
Right to Erasure: You may request deletion of your Personal Information, subject to legal retention requirements;
Right to Restrict Processing: You may request that we limit the processing of your Personal Information in certain circumstances;
Right to Data Portability: You may request that we transfer your Personal Information to another service provider in a structured, commonly used, and machine-readable format;
Right to Object: You may object to processing of your Personal Information based on legitimate interests or for direct marketing purposes;
Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
Right to Lodge a Complaint: You may file a complaint with a supervisory authority in your jurisdiction if you believe that our processing of your Personal Information violates applicable data protection laws.

To exercise any of these rights, please contact us using the information provided in Section 13 below. We will respond to your request within thirty (30) days, or as required by applicable law.

10. Cookies and Tracking Technologies

The Application may utilize cookies, web beacons, pixel tags, and similar tracking technologies (collectively, "Tracking Technologies") to collect information about your use of the Service. While we do not intentionally deploy first-party cookies, third-party services integrated into the Application may use Tracking Technologies for the following purposes:

Authentication and session management;
Performance monitoring and analytics;
Fraud prevention and security;
Service functionality and personalization.

You may configure your device or browser settings to refuse or limit Tracking Technologies. However, doing so may affect the functionality and availability of certain features of the Service.

11. Children's Privacy

The Service is not intended for, and we do not knowingly collect Personal Information from, individuals under the age of 13 (or the applicable age of majority in your jurisdiction). If we become aware that we have collected Personal Information from a child under the age of 13 without verifiable parental consent, we will take immediate steps to delete such information from our systems.

If you are a parent or legal guardian and believe that your child has provided Personal Information to us, please contact us immediately using the contact information provided in Section 13. We will investigate and take appropriate action to remove such information.

12. International Data Transfers

Your Personal Information may be transferred to, and processed in, countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. We ensure that appropriate safeguards are in place to protect your Personal Information in accordance with this Policy, including:

Standard contractual clauses approved by relevant data protection authorities;
Certification under recognized data protection frameworks;
Other legally recognized transfer mechanisms.

13. Changes to This Privacy Policy

We reserve the right to modify, amend, or update this Policy at any time to reflect changes in our data processing practices, legal requirements, or the Service. Material changes will be communicated to you through:

In-application notifications;
Email notifications to the address associated with your account;
Prominent notice on our website or within the Application;
Other reasonable methods as required by applicable law.

The "Effective Date" at the top of this Policy indicates when the most recent changes were made. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Policy. If you do not agree to the changes, you must discontinue use of the Service and delete your account.

14. Contact Information

If you have any questions, concerns, requests, or complaints regarding this Privacy Policy or our data processing practices, please contact us at:

Email: huangwenjie@szyanlan.icu

Company: Suizhou Yilan Network Technology Co., Ltd.

We will make commercially reasonable efforts to respond to your inquiry within thirty (30) business days and in accordance with applicable data protection laws.