Privacy Policy

Last updated: October 17, 2025

Website: luxrise.io App Name: LuxRise Company: Luxrising LLP Registered Address: 32 Kinburn Street, London, England, SE16 6DW Contact: support@luxrise.io

1. INTRODUCTION

Luxrising LLP ("we," "us," or "our") operates the LuxRise mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our App.

BY USING THE APP, YOU CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY.

If you do not agree with this Privacy Policy, you must not use the App.

Important Note: We are a small startup, and our data practices may evolve as we grow. This Privacy Policy is designed to be flexible and cover both current and future data processing activities. We will notify you of material changes as described in Section 15.

2. INFORMATION WE COLLECT

We may collect various types of information from and about users of our App, including:

2.1 Information You Provide Directly

Account Information:

• Email address
• Password (encrypted)
• Username or display name (if applicable)
• Third-party authentication credentials (Spotify, Apple Music, YouTube/YouTube Music account tokens)

User-Generated Content:

• Reviews and feedback submitted through the App or app stores
• Support inquiries and communications
• Social media content you choose to share through the App

2.2 Automatically Collected Information

Sleep and Usage Data:

• Sleep start times and wake-up times
• Alarm settings and preferences
• Music preferences and playlist selections
• Sleep cycle calculations and patterns
• App usage statistics and interaction patterns
• Monitoring of other app usage during designated sleep times (with your consent)

Device and Technical Information:

• Device type, model, and operating system version
• Unique device identifiers (such as device ID, advertising ID)
• IP address and general location data (country, city, region)
• Browser type and version (for website)
• Mobile network information
• Time zone settings
• Language preferences
• App version and build number
• Crash logs and error reports
• Performance metrics (battery usage, data consumption, etc.)

Location Information:

• Approximate location based on IP address
• Precise location data (only if you grant permission and we implement this feature)

Cookies and Tracking Technologies:

• We may use cookies, web beacons, pixels, and similar tracking technologies on our website and in the App
• We may collect information about your browsing behavior and interactions
• Third-party services may also use tracking technologies (see Section 4)

2.3 Information from Third-Party Services

Streaming Service Data: When you connect your Spotify, Apple Music, or YouTube/YouTube Music account:

• Account authentication tokens
• Profile information (username, email if provided by the service)
• Music library data and preferences
• Playback history and activity
• Any other data required by the streaming service APIs

Social Media Information: If you share content via social media platforms, we may receive information about your social media profile and activity as permitted by those platforms.

2.4 Future Data Collection

As we develop the App, we may collect additional types of information, including but not limited to:

• Biometric data (heart rate, movement patterns, sleep quality indicators)
• Health data from Apple Health, HealthKit, Google Fit, or similar services
• Voice recordings or audio data
• Photos or images
• Payment information (if we introduce paid features)
• Any other data necessary for new features or functionality

We will update this Privacy Policy and notify you before implementing any materially different data collection practices.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

3.1 Service Provision and Functionality

• Providing and maintaining the App's core features
• Creating and managing your account
• Calculating sleep cycles and setting alarms
• Connecting to and streaming music from third-party services
• Monitoring app usage to encourage healthy sleep habits
• Personalizing your experience based on preferences and usage patterns

3.2 Communication

• Sending transactional emails (account verification, password resets, security alerts)
• Sending service-related notifications (Terms updates, Privacy Policy changes, important announcements)
• Responding to your inquiries, requests, and support needs
• Sending promotional emails, newsletters, tips, and marketing communications (you may opt out)
• Conducting surveys or requesting feedback

3.3 App Improvement and Development

• Analyzing usage patterns and user behavior
• Identifying bugs, errors, and performance issues
• Testing new features and functionality
• Conducting research and development
• Training machine learning models or algorithms
• Generating aggregated, anonymized statistics and analytics

3.4 Security and Fraud Prevention

• Detecting and preventing fraud, abuse, or unauthorized access
• Protecting against security threats
• Enforcing our Terms of Service
• Investigating violations or suspicious activity
• Complying with legal obligations

3.5 Business Operations

• Managing business transactions (mergers, acquisitions, partnerships)
• Generating internal reports and analytics
• Financial record-keeping and accounting
• Legal compliance and responding to legal requests

3.6 Advertising and Marketing (Future Use)

• Displaying targeted advertisements (if we implement ads in the future)
• Creating lookalike audiences for marketing purposes
• Measuring advertising effectiveness
• Personalizing marketing messages

4. HOW WE SHARE YOUR INFORMATION

We may share your information in the following circumstances:

4.1 Third-Party Service Providers

We may share your information with third-party service providers who perform services on our behalf, including:

Infrastructure and Hosting:

• Database providers (Firebase, Supabase, Airtable, or other cloud database services)
• Cloud storage providers
• Server hosting companies
• Content delivery networks (CDNs)

Analytics and Performance:

• Analytics providers (Google Analytics, Firebase Analytics, Mixpanel, or similar services)
• Crash reporting and error tracking services (Crashlytics, Sentry, or similar)
• Performance monitoring tools
• A/B testing platforms

Communication Services:

• Email service providers
• SMS/push notification services
• Customer support platforms

Advertising Networks (Future Use):

• Ad networks and ad exchanges
• Marketing automation platforms
• Attribution and measurement providers

Payment Processing (Future Use):

• Payment processors and gateways
• Fraud detection services

These service providers are contractually obligated to protect your information and may only use it to provide services to us.

4.2 Streaming Service Platforms

We share authentication tokens and necessary data with:

• Spotify
• Apple Music
• YouTube/YouTube Music

This sharing is required for the App's core functionality. Your use of these services is governed by their respective privacy policies.

4.3 Social Media Platforms

If you choose to share content via social media, information may be shared with:

• Facebook
• Instagram
• Twitter/X
• TikTok
• Other social platforms

4.4 Business Transfers

Your information may be transferred as part of a business transaction, including:

• Mergers or acquisitions
• Sale of assets
• Bankruptcy or dissolution
• Corporate reorganization
• Partnerships or joint ventures

The successor entity will be bound by this Privacy Policy (or an equivalent policy).

4.5 Legal Requirements and Protection

We may disclose your information when required by law or to protect our rights:

• Complying with legal processes (subpoenas, court orders, legal proceedings)
• Responding to government or law enforcement requests
• Enforcing our Terms of Service
• Protecting our rights, property, or safety
• Protecting the rights, property, or safety of our users or the public
• Detecting, preventing, or addressing fraud, security, or technical issues

4.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with:

• Research institutions
• Business partners
• Advertisers and marketing partners
• Other third parties for any purpose

Important: While we make efforts to anonymize data, we cannot guarantee that de-identified information can never be re-identified. By using the App, you consent to our use and sharing of such data.

4.7 With Your Consent

We may share your information with other parties when you provide explicit consent or direct us to do so.

5. DATA STORAGE AND INTERNATIONAL TRANSFERS

5.1 Storage Locations

Your data may be stored using various cloud database providers, which may include:

• Firebase (Google Cloud Platform)
• Supabase
• Airtable
• Amazon Web Services (AWS)
• Microsoft Azure
• Other cloud infrastructure providers

Database providers and storage locations may change at any time without notice. We select providers based on factors including cost, performance, reliability, and features.

5.2 International Data Transfers

Your data may be transferred to, stored, and processed in countries outside of your country of residence, including:

• United States
• European Union member states
• United Kingdom
• Other countries where our service providers operate

These countries may have different data protection laws than your jurisdiction. Some may not provide the same level of protection as your country's laws.

By using the App, you consent to the transfer of your information to countries outside your residence, including countries that may not have adequate data protection laws.

For users in the European Economic Area (EEA), UK, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission
• Other legal mechanisms as permitted by applicable law

However, we make no guarantees regarding the adequacy of data protection in any jurisdiction.

5.3 Data Security

We rely on our database and cloud service providers for data security. Security measures may include:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of data at rest (depending on provider)
• Access controls and authentication
• Regular security updates and patches
• Monitoring for security threats

However, we do not control the security practices of third-party providers and cannot guarantee absolute security. No method of transmission or storage is 100% secure.

WE ARE NOT LIABLE FOR:

• Security breaches at our service providers
• Unauthorized access to your data
• Data loss or corruption
• Any other security incidents

For more information on our limitation of liability, see our Terms of Service.

6. DATA RETENTION

6.1 Retention Periods

We retain your information for as long as necessary to provide the App and fulfill the purposes described in this Privacy Policy, or as required by law.

General Retention Policy:

• Active accounts: Data is retained indefinitely while your account is active
• After account deletion: We will make reasonable efforts to delete your data, but we may retain certain data as described below
• Legal obligations: Some data may be retained to comply with legal, tax, or regulatory requirements
• Legitimate business purposes: We may retain data for fraud prevention, resolving disputes, enforcing agreements, or other legitimate business purposes

Specific Retention Periods:

We may retain the following data even after account deletion:

• Transaction records and payment information (if applicable): Up to 7 years for tax and accounting purposes
• Legal dispute records: Until resolution plus applicable statute of limitations
• Fraud prevention data: Up to 10 years or as required by law
• Backup copies: Up to 90 days in automated backup systems
• Aggregated/anonymized data: Indefinitely
• Logs and technical data: Up to 2 years

We retain data for the maximum period reasonably necessary or permitted by law.

6.2 Data Deletion Process

When you delete your account:

• Automated deletion processes will attempt to remove your data from our active systems
• Deletion may not be immediate and may take up to 30 days to complete
• Some data may remain in backup systems for up to 90 days
• Certain data may be retained as described in Section 6.1

IMPORTANT: We are not liable for failures in the automated deletion process. If automated deletion fails due to bugs, errors, or technical issues, you may contact us at support@luxrise.io to request manual deletion. We will make reasonable efforts to manually delete your data but make no guarantees regarding complete removal.

6.3 Retention Window and Protection

We provide ourselves a reasonable window and legal protection regarding data retention and deletion:

• We are not required to delete data immediately upon request
• Technical limitations may delay or prevent complete deletion
• We reserve the right to retain data as described in Section 6.1
• Deleted data may persist in backups, caches, or archives

By using the App, you acknowledge and accept these data retention practices.

7. YOUR RIGHTS AND CHOICES

Depending on your jurisdiction, you may have certain rights regarding your personal information.

7.1 Access and Portability

You may have the right to:

• Access the personal information we hold about you
• Request a copy of your data in a structured, machine-readable format (data portability)
• Export your sleep history, preferences, and other data

Current Status: We do not currently store significant amounts of user data, but if we do in the future, you will be able to request data access and export.

7.2 Correction and Update

You may have the right to:

• Correct inaccurate or incomplete personal information
• Update your account information

You can update certain information through the App settings. For other corrections, contact us at support@luxrise.io.

7.3 Deletion and Erasure

You may have the right to:

• Request deletion of your personal information (right to erasure/"right to be forgotten")
• Delete your account through the App settings

Important Limitations:

• We may retain certain data as described in Section 6
• Deletion may not be immediate or complete
• We are not liable for deletion failures (see Section 6.2)

7.4 Objection and Restriction

You may have the right to:

• Object to certain processing activities
• Request restriction of processing under certain circumstances
• Opt out of marketing communications (unsubscribe links provided in emails)

7.5 Withdraw Consent

If we process your data based on consent, you may:

• Withdraw consent at any time
• Disable location services or other permissions through device settings
• Revoke access to third-party services (Spotify, Apple Music, etc.)

Withdrawing consent may limit or prevent your ability to use certain App features.

7.6 Do Not Track (DNT)

We do not currently respond to "Do Not Track" browser signals. We may implement DNT support in the future.

7.7 Exercising Your Rights

To exercise any of these rights, contact us at support@luxrise.io with:

• Your name and email address
• Specific request and the right you wish to exercise
• Verification information to confirm your identity

Response Time: We will respond to requests within 30 days (or as required by applicable law). We may extend this period for complex requests.

Verification: We may require additional information to verify your identity before processing requests.

Fees: We do not charge fees for most requests, but we may charge reasonable fees for excessive, repetitive, or manifestly unfounded requests.

Limitations: We may deny requests that are:

• Manifestly unfounded or excessive
• Likely to adversely affect the rights and freedoms of others
• Required to be retained by law
• Necessary for legal claims or defense

7.8 EEA, UK, and Swiss Users

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR, including:

• Right to lodge a complaint with a supervisory authority (data protection authority in your country)
• Right to object to processing based on legitimate interests
• Right to not be subject to automated decision-making (if applicable)

UK Supervisory Authority: Information Commissioner's Office (ICO) Website: ico.org.uk

To find your local data protection authority: ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

7.9 California Residents (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

• Right to know what personal information we collect, use, and disclose
• Right to request deletion of personal information
• Right to opt out of "sale" or "sharing" of personal information
• Right to opt out of automated decision-making
• Right to non-discrimination for exercising your rights

We do not currently "sell" personal information as defined by CCPA. However, some data sharing practices (such as with advertising networks, if implemented) may be considered "selling" or "sharing" under California law.

To exercise CCPA/CPRA rights, contact us at support@luxrise.io or use the methods described in Section 7.7.

8. LEGAL BASIS FOR PROCESSING (GDPR)

For users in the EEA, UK, or Switzerland, we process your personal information based on the following legal grounds:

8.1 Performance of a Contract (Article 6(1)(b) GDPR)

Processing is necessary to provide the App and fulfill our obligations under the Terms of Service:

• Account creation and management
• Sleep cycle calculations and alarm functionality
• Music streaming integration
• Providing customer support

8.2 Consent (Article 6(1)(a) GDPR)

We process certain data based on your consent:

• Location data (if you grant permission)
• Marketing communications (if you opt in)
• App usage monitoring during sleep times (if you enable this feature)
• Cookies and tracking technologies (if you consent)
• Future features that require explicit consent

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

8.3 Legitimate Interests (Article 6(1)(f) GDPR)

We process data based on our legitimate business interests:

• Improving and developing the App
• Analyzing usage patterns and user behavior
• Detecting and preventing fraud, abuse, and security threats
• Enforcing our Terms of Service
• Conducting research and development
• Business operations and internal reporting

We have conducted legitimate interest assessments and believe our interests are not overridden by your rights and freedoms. You have the right to object to processing based on legitimate interests.

8.4 Legal Obligations (Article 6(1)(c) GDPR)

Processing is necessary to comply with legal obligations:

• Responding to legal requests and court orders
• Complying with tax and accounting requirements
• Fulfilling regulatory obligations

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 What Are Cookies

Cookies are small text files stored on your device. We and our partners may use cookies, web beacons, pixels, and similar tracking technologies.

9.2 Types of Cookies We May Use

Essential Cookies:

• Necessary for the App and website to function
• Authentication and security
• Session management

Analytics Cookies:

• Measure App usage and performance
• Understand user behavior
• Google Analytics, Firebase Analytics, or similar services

Advertising Cookies (Future Use):

• Deliver targeted advertisements
• Measure ad effectiveness
• Create audience profiles

Social Media Cookies:

• Enable social sharing features
• Track social media interactions

9.3 Third-Party Cookies

Third-party service providers may set their own cookies, including:

• Analytics providers
• Advertising networks (if implemented)
• Social media platforms
• Streaming services

We do not control third-party cookies. Refer to their privacy policies for more information.

9.4 Managing Cookies

Browser Settings: You can control cookies through your browser settings (block, delete, or receive notifications).

Device Settings: You can manage tracking preferences through device settings (e.g., "Limit Ad Tracking" on iOS or "Opt out of Ads Personalization" on Android).

Opt-Out Tools: You can opt out of certain tracking using industry tools like Network Advertising Initiative (NAI) or Digital Advertising Alliance (DAA).

Note: Disabling cookies may limit functionality of the App or website.

9.5 Do Not Track

We do not currently respond to Do Not Track signals but may do so in the future.

10. CHILDREN'S PRIVACY

10.1 Age Restriction

The App is NOT intended for use by anyone under the age of 18. We do not knowingly collect personal information from individuals under 18 years of age.

10.2 Age Verification

We require users to self-certify that they are 18 years of age or older. We do not independently verify ages. By using the App, you represent and warrant that you are at least 18 years old.

10.3 Minors' Data

If you are under 18, DO NOT use the App or provide any personal information.

If we discover that we have collected personal information from someone under 18, we will delete it as soon as reasonably practicable.

10.4 Parental Responsibility

Parents and guardians are responsible for monitoring their children's device usage and preventing access to age-restricted apps.

We are not liable if a minor lies about their age or gains unauthorized access to the App.

10.5 Reporting Underage Users

If you believe a user is under 18 years of age, please contact us immediately at support@luxrise.io with details. We will investigate and take appropriate action.

11. DATA SECURITY

11.1 Security Measures

We implement reasonable security measures to protect your information, including:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of data at rest (depending on database provider)
• Secure authentication and password hashing
• Access controls and authentication mechanisms
• Regular security monitoring (if implemented)
• Employee/contractor training on data security

However, security measures are provided primarily by our third-party database and cloud service providers. We do not directly control their security practices.

11.2 No Absolute Security

We cannot guarantee absolute security. Despite our efforts:

• No method of transmission or storage is 100% secure
• Unauthorized access, hacking, data breaches, and other security incidents may occur
• Third-party providers may experience security incidents beyond our control

11.3 Your Responsibility

You are responsible for:

• Keeping your account credentials secure
• Using strong, unique passwords
• Not sharing your account with others
• Reporting suspected security incidents immediately

11.4 Security Breaches

In the event of a data breach affecting your personal information:

• We will notify affected users as required by applicable law
• Notifications may be delayed if law enforcement requests confidentiality
• We will notify regulatory authorities as required

However, we are not liable for damages resulting from security breaches. See our Terms of Service for limitation of liability.

11.5 Team Access to Data

Authorized team members, employees, or contractors may have access to user data for:

• Technical support and troubleshooting
• App maintenance and development
• Fraud investigation and security purposes
• Legal compliance

Access is limited to what is necessary for these purposes, but we cannot guarantee that unauthorized access will never occur.

12. THIRD-PARTY SERVICES AND LINKS

12.1 Third-Party Integrations

The App integrates with third-party services:

• Spotify
• Apple Music
• YouTube/YouTube Music
• Social media platforms
• Other services (as we add features)

These services have their own privacy policies. We are not responsible for their privacy practices. We encourage you to review their policies:

• Spotify Privacy Policy: spotify.com/privacy
• Apple Privacy Policy: apple.com/legal/privacy
• YouTube Privacy Policy: policies.google.com/privacy

12.2 Third-Party Links

The App or website may contain links to third-party websites or services. We do not control these third parties and are not responsible for their content, practices, or policies.

12.3 No Endorsement

Inclusion of third-party services or links does not constitute endorsement. Your interactions with third parties are at your own risk.

13. MARKETING AND PROMOTIONAL COMMUNICATIONS

13.1 Types of Communications

We may send you marketing and promotional communications, including:

• Newsletters and App updates
• Tips and best practices for better sleep
• New feature announcements
• Special offers or promotions (if we introduce paid features)
• Surveys and feedback requests

13.2 Opt-In and Opt-Out

Opt-In: For certain marketing communications, we may require explicit opt-in consent.

Opt-Out: You may opt out of marketing emails by:

• Clicking "unsubscribe" links in emails
• Adjusting preferences in App settings
• Contacting us at support@luxrise.io

Important: You cannot opt out of transactional or service-related emails (account notifications, Terms/Privacy Policy updates, security alerts).

13.3 Response Time

We will process opt-out requests within 10 business days.

14. CALIFORNIA "SHINE THE LIGHT" LAW

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes.

Current Status: We do not currently share personal information with third parties for their direct marketing purposes. If this changes, California residents may request information once per calendar year by contacting support@luxrise.io.

15. CHANGES TO THIS PRIVACY POLICY

15.1 Right to Modify

We reserve the right to modify, update, or replace this Privacy Policy at any time at our sole discretion.

15.2 Notification of Changes

When we make material changes, we will:

• Update the "Last Updated" date at the top of this Privacy Policy
• Notify you through one or more methods: In-app notification or banner Email to your registered email address Notice on our website (luxrise.io)
• In-app notification or banner
• Email to your registered email address
• Notice on our website (luxrise.io)

15.3 Effective Date

Changes will become effective 30 days after we provide notice (or immediately for changes required by law).

Your continued use of the App after changes become effective constitutes acceptance of the modified Privacy Policy.

15.4 Review Responsibility

It is your responsibility to review this Privacy Policy periodically. If you do not agree to changes, you must stop using the App and delete your account.

16. CONTACT US

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices, contact us:

Email: support@luxrise.io Company: Luxrising LLP Address: 32 Kinburn Street, London, England, SE16 6DW Website: luxrise.io

For privacy-specific inquiries, data access requests, or exercising your rights, please include "Privacy Request" in the subject line.

17. JURISDICTION-SPECIFIC INFORMATION

17.1 European Economic Area (EEA), UK, and Switzerland

Data Controller: Luxrising LLP is the data controller for your personal information.

Legal Basis: See Section 8 for our legal bases for processing under GDPR.

Your Rights: See Section 7.8 for your rights under GDPR.

Data Protection Authority: You have the right to lodge a complaint with your local data protection authority. See Section 7.8 for contact information.

International Transfers: See Section 5.2 for information about international data transfers.

17.2 California, USA

CCPA/CPRA Rights: See Section 7.9 for your rights under California privacy law.

Categories of Personal Information: See Section 2 for categories of personal information we collect.

Purposes: See Section 3 for purposes of collection and use.

Sharing: See Section 4 for categories of third parties with whom we share information.

Do Not Sell My Personal Information: We do not currently "sell" personal information as defined by CCPA. If this changes, we will provide an opt-out mechanism.

17.3 Other Jurisdictions

If you are located in a jurisdiction with specific privacy laws (e.g., Brazil's LGPD, Canada's PIPEDA, Australia's Privacy Act), you may have additional rights. Contact us at support@luxrise.io for jurisdiction-specific information.

18. ACKNOWLEDGMENT AND CONSENT

BY USING THE LUXRISE APP, YOU ACKNOWLEDGE THAT:

• You have read and understood this Privacy Policy in its entirety
• You consent to the collection, use, disclosure, and processing of your personal information as described
• You understand that your data may be stored in various countries with different data protection laws
• You consent to international transfers of your data
• You understand that we may share your data with third parties as described
• You accept the data retention and deletion practices described
• You are at least 18 years of age
• You understand that we rely on third-party providers for data security and storage
• You acknowledge that we cannot guarantee absolute security or complete data deletion
• You will review this Privacy Policy periodically for changes

IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, YOU MUST NOT USE THE APP.

END OF PRIVACY POLICY

© 2025 Luxrising LLP. All rights reserved.

This page reproduces our published policy for transparency. It is provided for convenience and is not legal advice.