LuxeList Privacy Policy

Effective Date: June 15, 2025

LuxeList ("LuxeList," "we," "our," or "us") is committed to transparency and protecting your privacy. This Privacy Policy explains how we collect, use, store, safeguard, and delete your information when you use the LuxeList app, website, and related AI-powered features ("Services").

By using LuxeList, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use.

1. Information We Collect

We collect information to operate, maintain, and improve LuxeList. This may include:

1.1 Account Information

• Name
• Email address
• Password (encrypted)
• Optional profile photo

1.2 Uploaded Content

• Clothing photos, outfit images, screenshots, lookbook entries
• Metadata you provide (colors, tags, descriptions, preferences)
• Scanning images (face, body, color, proportions) if you use scanning features

You choose what to upload. We do not collect images without your action.

1.3 Biometric Information (Scanning Features)

When you use scanning features, we may collect biometric identifiers, including:

• Facial geometry and measurements (for face shape analysis)
• Body proportions and measurements (for body type analysis)
• Skin tone analysis data (for color analysis)

IMPORTANT NOTICE FOR ILLINOIS RESIDENTS:
Under the Illinois Biometric Information Privacy Act (BIPA), we are required to inform you that:

• We collect biometric identifiers as described above
• These identifiers are used solely to provide personalized styling recommendations and analysis
• We retain biometric data only while your account is active or as needed for legal compliance
• We will not sell, lease, trade, or otherwise profit from your biometric information
• Your biometric data is stored using the same security measures as other personal information

You must provide explicit consent before using any scanning features. You may withdraw consent and request deletion of biometric data at any time by emailing privacy@luxelist.app.

1.4 Usage & Interaction Data

• Features used, selections, preferences, session duration
• Likes/dislikes on recommendations
• Closet actions (uploading, removing, editing)
• In-app navigation events
• Feedback and ratings

1.5 Device & Technical Data

• Device model, operating system, language
• App version
• IP address (at time of request)
• Crash logs, error reports, system diagnostics
• Approximate location (city-level, non-precise)

We do not collect or store precise GPS location.

1.6 Payment Information

• If you purchase through the App Store or website, your payment is processed by third-party payment providers.
• LuxeList does not store credit card numbers.

2. How We Use Your Information

We use the information we collect to:

2.1 Provide Core Features

• Store your virtual closet
• Generate AI-powered outfit recommendations
• Perform clothing classification
• Provide scanning analysis (face shape, body proportions, colors)
• Customize your experience

2.2 Improve Functionality

• Personalize recommendations
• Learn user preferences to enhance styling algorithms
• Refine scanning accuracy
• Improve app stability and performance

2.3 Communication

• Send important service announcements
• Notify you of feature changes or outages
• Respond to support requests

2.4 Security & Prevention

• Detect misuse, abusive behavior, or unsafe activity
• Prevent fraud, violations, and harmful content

2.5 Legal Compliance

• As required by law or valid legal request

We NEVER sell your personal information.
We NEVER share your data with advertisers.

3. AI Processing & Image Handling

LuxeList uses AI technologies to classify clothing, generate recommendations, and analyze images.

3.1 What We Send to AI Providers

When you use AI features, we may securely transmit:

• Clothing photos
• Outfit images
• Scanning images
• Text prompts
• Style preferences

3.2 Limited Retention

Data sent to AI processors is used only to generate your requested results. We do not allow your data to be used to train public AI models without your explicit consent.

3.3 Accuracy Disclaimer

AI outputs may be:

• Incomplete
• Inaccurate
• Subjective

Use them at your discretion.

4. Scanning Features (Face, Body, Color)

If you use scanning features, additional protections apply:

4.1 Biometric Data Collection & Use

Explicit Consent Required: You must provide explicit consent before we collect any biometric information. An in-app consent dialog will explain:

• What biometric data we collect
• How we use it
• How long we retain it
• Your right to refuse or withdraw consent

Purpose: Biometric data is collected solely for:

• Face shape analysis and styling recommendations
• Body proportion analysis for fit recommendations
• Color analysis for personalized palette suggestions

Not Used For:

• Identity verification
• Authentication
• Surveillance
• Medical diagnosis
• Sharing with third parties (except secure AI processors necessary for analysis)

4.2 Biometric Data Storage & Retention

• Biometric data is stored securely using encryption
• Retention: Only while your account is active or as required by law
• Upon account deletion, all biometric data is permanently deleted (see Section 12)
• Backups containing biometric data are purged within 90 days maximum

4.3 Your Biometric Rights

You have the right to:

• Refuse consent to biometric data collection (you can still use non-scanning features)
• Withdraw consent at any time
• Request deletion of your biometric data
• Receive a copy of your biometric data

To exercise these rights, contact: privacy@luxelist.app

4.4 Accuracy Limitations

Lighting, angles, and camera quality may affect results. Results may change or be imperfect.

4.5 Emotional Safety Disclaimer

We are not responsible for:

• Dissatisfaction with results
• Emotional impact
• Styling outcomes

All scanning results are for personal insight and entertainment.

5. Legal Basis for Processing

Depending on your region, we process your data on these bases:

• Contract: to provide the Services
• Consent: for uploading images, scanning, biometric data collection, analytics opt-in
• Legitimate Interests: improving UI/UX, app stability, security
• Legal Obligation: complying with applicable law

6. Data Storage & Retention

Your data may be stored using:

• Cloud storage
• Secure third-party infrastructure
• Firebase
• Optional local device storage (if later enabled)

6.1 Retention Periods

We retain data only as long as necessary for:

• Account functionality
• App performance
• Security
• Legal obligations

Specific Retention Periods:

• Account data: While account is active + 90 days in backups after deletion
• Biometric data: While account is active + 90 days in backups after deletion
• Transaction records: 7 years for tax/legal compliance
• Aggregated analytics: Indefinitely (anonymized, cannot identify you)

6.2 Backups

Some data may remain in temporary backups until those rotate out (maximum 90 days).

6.3 No Guaranteed Preservation

We take reasonable steps to protect and preserve your data but cannot guarantee against:

• Data loss
• Syncing issues
• App bugs
• Corruption
• Cloud outages

LuxeList is not liable for any lost or corrupted data.

7. Third-Party Services

To deliver LuxeList, we may use secure third-party providers for:

• Authentication
• Cloud storage (Firebase, AWS, or similar)
• Crash reporting (Sentry or similar)
• Analytics (anonymized)
• Payment processing (Stripe or similar)
• AI processing (OpenAI, Anthropic, or similar)

Categories of Data Shared:

• Cloud Storage: Account data, images, closet items
• AI Processors: Images, text prompts (for analysis only, not training)
• Payment Processors: Transaction amounts, timestamps (not credit card numbers)
• Analytics: Anonymized usage patterns, feature interactions

All third-party processors:

• Are bound by strict data processing agreements (DPAs)
• Use industry-standard security measures
• Are prohibited from using your data for their own purposes

For proprietary reasons, we may not publicly list all specific vendors, but we always disclose what categories of data are shared and why.

8. Cookies & Local Storage

We may use:

• Cookies (web)
• Local device storage
• Caching

These help you stay logged in and improve performance. You may clear these manually at any time.

Types of Cookies:

• Essential: Required for login and core functionality
• Performance: Help us improve app speed and reliability
• Analytics: Track anonymized usage patterns (you can opt out)

9. International Data Transfers

If you access LuxeList from outside the United States, your data may be processed in the United States or other regions where our service providers operate.

By using LuxeList, you consent to this transfer.

For EU/UK Users: We implement appropriate safeguards, including:

• Standard Contractual Clauses with third-party processors
• Encryption in transit and at rest
• Access controls and security audits

10. Children's Privacy

LuxeList is not intended for users under 16 years old.

We do not knowingly collect personal information from children under 16.

If we learn that we have collected personal information from a child under 16, we will:

• Promptly delete the account
• Permanently remove all associated data
• Notify the account email address

Parents/Guardians: If you believe your child has created an account, please contact us immediately at privacy@luxelist.app.

COPPA Compliance: We do not knowingly collect information from children under 13, as required by the Children's Online Privacy Protection Act.

11. Your Privacy Rights

11.1 General Rights

You have the right to:

• Access your data
• Download/export your data
• Update or correct inaccurate information
• Opt out of certain analytics
• Delete your account and all associated personal data

11.2 California Residents (CCPA/CPRA)

California residents have additional rights:

Right to Know:

• What personal information we collect
• How we use it
• What categories of third parties receive it

Right to Delete:

• Request deletion of your personal information (with certain exceptions)

Right to Opt-Out:

• We do not sell personal information, so there is nothing to opt out of

Right to Non-Discrimination:

• We will not discriminate against you for exercising your rights

To exercise your California rights: Email privacy@luxelist.app with subject line "California Privacy Rights Request"

11.3 European Union/UK Residents (GDPR/UK GDPR)

EU/UK residents have additional rights:

• Right to rectification: Correct inaccurate data
• Right to restriction: Limit how we process your data
• Right to data portability: Receive your data in a machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: For biometric data and other consent-based processing

To exercise your EU/UK rights: Email privacy@luxelist.app with subject line "GDPR Rights Request"

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

11.4 How to Submit Requests

Email: privacy@luxelist.app

We will respond within:

• 30 days (general requests)
• 45 days (California requests, can be extended to 90 days if complex)
• 30 days (GDPR requests, can be extended to 90 days if complex)

We may require identity verification before processing requests.

12. How to Delete Your Account & Data

12.1 Account Deletion Process

You may delete your LuxeList account at any time through the in-app settings:

LuxeList App → Settings → Account → Delete Account

When you confirm deletion, your account will be scheduled for permanent removal.

If you cannot access your account, you may request deletion by emailing: privacy@luxelist.app

For security, we may require identity confirmation before processing a manual deletion request.

12.2 What Is Deleted

When you delete your account, we permanently remove:

Account Information:

• Name
• Email address
• Optional profile photo
• Authentication records
• Account preferences and settings

Uploaded Images:

• Clothing photos
• Outfit and lookbook images
• Screenshots or moodboard items
• Any edited or enhanced images
• Scanning images (face, body, color, proportions)
• AI-generated images (virtual try-on, outfit combinations)

Biometric Data:

• Facial geometry and measurements
• Body proportion data
• Skin tone analysis data
• Any derived biometric identifiers

Closet & Preference Data:

• Closet items and metadata
• Style tags, seasons, categories, attributes
• Favorites, likes/dislikes
• Planner items and outfit history
• Scanning results and saved analyses
• Recommendation preferences and personalization models

AI Interaction Data:

• Chat prompts and conversations
• Recommendation session logs
• Classification results
• Generated outputs stored under your account

Analytics Linked to You:

• Any analytics data that can identify your account is removed or anonymized

Once deletion is complete, your account cannot be recovered.

12.3 What May Temporarily Remain

Certain information may still exist for a limited time, even after account deletion:

Backups (30-90 Days):

• For security, integrity, and disaster recovery, LuxeList uses automated backups that may include account data
• Backup files cycle out automatically
• Data in backups is inaccessible for normal use and is not processed
• Once backup rotation completes, all deleted account data is fully purged
• Maximum backup retention: 90 days after deletion request

Legal Compliance Records: We may retain minimal records if required to:

• Prevent fraud
• Comply with financial, tax, or legal obligations (e.g., transaction records for 7 years)
• Document user consent or Terms of Service acceptance
• Respond to disputes or legal proceedings

Legal retention records never include:

• User-uploaded images
• Personal styling data
• Biometric identifiers
• Closet items or preferences

Aggregated or Anonymous Data:

• Some analytics may be retained only in anonymized form, meaning it can no longer identify you
• Used solely to improve product functionality
• Examples: "80% of users use classification feature" (not "User X used this feature")

12.4 Data Deletion Timelines

Immediate Actions (0–7 Days):

• Your account becomes inaccessible immediately
• Login credentials are invalidated
• All active user data is deleted from production databases and file storage
• Cloud storage containing your images is deleted
• Biometric data is deleted from active systems

AI Processor Deletion (7–30 Days):

• We notify AI processing partners to delete any cached or temporary data
• Third-party processors delete data according to our Data Processing Agreements
• Most processors delete within 7 days; some may take up to 30 days

Backup Purge Window (30–90 Days):

• Deleted data may remain in encrypted backup systems until backups refresh
• It is never used, processed, or re-linked to an account during this retention window
• All data (including biometric data) is automatically purged when backups rotate

Total Maximum Retention: 90 days from deletion request for all data types

12.5 Deletion of Specific Data Types

You may request deletion of specific data types without deleting your entire account:

Delete Biometric Data Only:
Email privacy@luxelist.app with subject: "Delete Biometric Data"

We will:

• Delete all scanning results
• Delete facial geometry, body measurements, and color analysis data
• Retain your account and closet items
• Disable scanning features for your account

Timeline: 7 days for active data, 90 days for backups

Delete Specific Images:
You can delete individual images through the app:

• Navigate to the image
• Select "Delete"
• Confirm deletion

12.6 Data Export Before Deletion

Before deleting your account, you may request a copy of your data:

To request data export:
Email privacy@luxelist.app with subject: "Data Export Request"

We will provide:

• Account information (name, email, creation date)
• List of closet items with metadata
• Uploaded images (in downloadable format)
• AI interaction history (if requested)
• Preference settings

Format: ZIP file containing JSON data and image files
Timeline: Within 30 days of request

12.7 Deletion Confirmation

If you would like written confirmation that your account has been deleted, email: privacy@luxelist.app

Include in your request:

• Your name
• Email address associated with the account
• Type of confirmation needed

Response time:

• General confirmation: Within 7 business days
• California (CCPA) requests: Within 45 days
• EU/UK (GDPR) requests: Within 30 days
• Illinois (BIPA) requests: Within 30 days

12.8 Account Deletion Is Permanent

Once deletion is complete:

• You cannot recover your account
• You cannot recover closet items, images, outfits, or preferences
• You must create a new account to use LuxeList again
• AI personalization will not be retained
• Previous subscription benefits are not restored

We cannot restore deleted data under any circumstance.

13. Data Security

We use industry-standard measures, including:

• Encrypted storage (AES-256 or equivalent)
• Secure communication (HTTPS/TLS 1.2+)
• Access controls and authentication
• Regular security audits
• Server-side protections
• Secure deletion protocols

No Absolute Security Guarantee

No system is 100% secure. You acknowledge and accept this risk.

LuxeList is not liable for breaches beyond our reasonable control.

Data Breach Notification:
If a breach occurs that may affect your rights, we will notify you and relevant authorities as required by law (within 72 hours under GDPR).

14. User Responsibility

You are responsible for:

• Securing your login credentials
• The content you upload
• Respecting copyright and privacy rights
• Not violating laws
• Not misusing scanning or AI features
• Obtaining consent from others before uploading their images

LuxeList is not responsible for:

• User copyright infringement
• Misuse of uploaded images
• AI results generated from unsafe prompts
• Images uploaded without proper consent

15. User-Generated Content & Image Rights

15.1 Ownership

You retain ownership of all content you upload.

15.2 License to LuxeList

By uploading content, you grant LuxeList a limited, non-exclusive license to:

• Process images for AI analysis
• Store images in your closet
• Display images back to you in the app
• Generate recommendations based on your content

We do NOT:

• Share your images with other users
• Use your images for marketing without explicit permission
• Sell or license your images to third parties

15.3 Third-Party Content

Important: If you upload screenshots of clothing from brands, influencers, or social media:

• You are responsible for ensuring you have the right to use those images
• LuxeList is not liable for copyright claims
• Trademark rights belong to their respective owners

Trademark Disclaimer: All brand names, logos, and trademarks displayed in classification results are the property of their respective owners. LuxeList does not claim ownership or endorsement.

16. Changes to This Policy

We may update this Privacy Policy to reflect:

• Changes in features
• Legal requirements
• Security improvements

Notification:
Significant changes will be notified in-app or via email. Continued use indicates acceptance of updated terms.

Archived versions of this policy are available upon request.

17. Contact Us

For privacy questions, concerns, or data requests, contact us at:

Email: privacy@luxelist.app

Mailing Address (if required for legal requests):
LuxeList Privacy Team
[Your Business Address]
[City, State ZIP]

Response Time: We aim to respond within 7 business days for general inquiries, with formal deadlines for legal rights requests as outlined in Section 11.

Last Updated: January 15, 2025
Version: 2.0