Privacy Policy for Luxeon Last Updated: June 15, 2026 Luxeon ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered creative visual tool ("App" or "Service"), including features such as image stylization, AI dance, face swapping, and image-to-video generation. Please read this policy carefully. By using the Service, you consent to the practices described herein. If you do not agree, please do not use the Service. 1. Information We Collect We collect the following categories of information to provide and improve our Service: a. Information You Provide Directly: Account Information: When you create an account, we collect your email address, username, and password. User-Uploaded Content: Images, photos, and videos you upload for processing, including those containing facial features. Communication Data: Information you provide when contacting our support team (e.g., email subject, message content). b. Information Collected Automatically: Device Information: Device type, operating system, unique device identifiers, IP address, browser type and version, and mobile network information. Usage Data: App features used, frequency and duration of use, interaction patterns, and performance data. Location Information: Approximate location derived from your IP address. c. Face Data (Sensitive Data — See Section 2): Facial Feature Data: We process facial landmark data extracted from images you upload for features such as face swapping, AI dance, and image-to-video generation. This data is processed solely for the purpose of delivering the requested service and is not used for identification, surveillance, or any purpose unrelated to your request. 2. Face Data Processing (Important Notice) This section specifically and exclusively addresses how Luxeon handles face-related data. a. What Face Data Does the App Collect? When you upload an image or video for processing through our AI features (face swapping, AI dance, and image-to-video generation), our algorithms temporarily detect and extract the following facial feature data from the uploaded media: - Facial Landmarks: Coordinates of key facial feature points, including the position of eyes, nose, mouth, jawline, and overall face contour. - Facial Geometry: The spatial relationships and structural measurements between facial landmarks, such as inter-eye distance, nose-to-mouth ratio, and face shape parameters. - Expression Mapping Data: Motion vectors and expression parameters used to map facial movements onto generated content (applicable to AI dance and image-to-video features). We explicitly DO NOT collect or process: - Biometric identifiers as defined under applicable law. - Facial recognition data for identification or authentication purposes. - Any persistent facial signature, faceprint, or biometric template that could be used to uniquely identify an individual across sessions or services. b. Complete Explanation of All Planned Uses of Face Data: Face data is used exclusively and solely for the following purposes, and only within the scope of the specific feature you activate: - Face Swapping: To detect and map the facial region in your uploaded image so that it can be seamlessly blended with the target image. The system identifies facial boundaries, key landmarks, and skin tone parameters to produce a natural-looking result. - AI Dance Generation: To extract facial expression parameters and head pose information from the source image, then map them onto animated character models, creating the illusion that the animated character is performing the dance with the user's facial characteristics. - Image-to-Video Generation: To analyze facial structure and expression data in the source image so that realistic facial movements can be synthesized in the generated video output. All face data processing occurs in a single session and is task-specific. Once the requested output is generated, the face data extraction for that task is immediately concluded. Face data from one feature is never reused for another feature or for any other purpose. We do NOT use face data for: - User identification or authentication. - Biometric analysis or facial recognition. - Behavioral tracking or profiling. - Marketing, advertising, or cross-context behavioral advertising. - Training or improving our AI models (unless explicitly authorized by the user through a separate opt-in mechanism). - Any purpose not directly related to fulfilling the user's immediate creative request. c. Sharing of Face Data with Third Parties: We do NOT sell, rent, trade, or otherwise disclose face data to any third party for their own purposes. Face data may be processed by the following categories of trusted service providers, solely on our behalf and under strict contractual obligations: - Cloud Computing Providers (e.g., AWS, Google Cloud): Face data is processed on secure cloud servers to perform the AI computations required for the requested feature. These providers are contractually bound to process data only per our instructions and are prohibited from retaining, sharing, or using the data for any other purpose. - AI Model Inference Services: Where applicable, face data is transmitted to secure API endpoints for model inference. Data is transmitted over encrypted channels (TLS 1.2+) and is not stored by the inference provider beyond the duration of the inference request. All third-party service providers are: - Bound by Data Processing Agreements (DPAs) that restrict data use to the specific service being provided. - Required to implement security measures at least as protective as those described in this policy. - Prohibited from retaining face data after processing is complete. - Subject to regular compliance reviews. d. Where Is Face Data Stored? - Processing Servers: Face data is processed on cloud servers located in the United States (or [specify region if different]). Data in transit is encrypted using TLS 1.2+. Data at rest on processing servers is encrypted using AES-256. - No Persistent Storage: Face data is held in volatile memory (RAM) during processing and is not written to persistent storage. Once the AI generation task is complete and the output is returned to you, the extracted face data is immediately purged from active memory. - User-Uploaded Content: The original images and videos you upload are temporarily stored on encrypted servers only for the duration necessary to complete processing. Unless you choose to save the output, all uploaded content and intermediate processing data (including face data) are automatically deleted immediately after the generation task completes. - Saved Outputs: If you elect to save a generated output (e.g., a styled image or generated video), the final output file is stored in your account until you delete it or your account is closed. Saved outputs are rendered images/videos that do not contain extractable raw facial landmark data. e. How Long Is Face Data Retained? Face data is retained only for the minimum duration necessary to complete the specific AI processing task you have requested: - Real-Time Processing: Face data is extracted, processed, and discarded in real time during the AI generation task. The entire extraction-to-deletion lifecycle typically lasts only seconds to a few minutes, depending on processing complexity. - No Post-Processing Retention: Immediately upon delivering the generated output, all extracted facial landmark data, facial geometry data, and expression mapping data are permanently and irreversibly deleted from our servers. - Original Uploaded Content: Unless you choose to save the output, uploaded images and videos are automatically deleted within 24 hours of processing completion. If you save the output, the final generated file is retained until you delete it. - Legal Holds: In the rare event that we are required by law to retain certain data, we will notify you unless prohibited by law. 3. How We Use Your Information We use the collected information for the following purposes: To Provide the Service: Process images, videos, and face data to deliver AI features (e.g., style transfer, face swap, dance generation, image-to-video). To Improve the Service: Analyze anonymized usage patterns to enhance AI algorithms, user experience, and performance. To Communicate: Send account-related notifications (e.g., password reset, feature updates) and respond to support inquiries. To Ensure Security: Detect and prevent fraud, abuse, or unauthorized access. To Comply with Law: Fulfill legal obligations, such as responding to lawful requests from authorities. We do not use your personal data for automated decision-making that produces legal effects concerning you. 4. Information Sharing We may share your information only in the following circumstances: With Your Consent: When you explicitly agree to share data with third parties. Service Providers: With trusted vendors (e.g., cloud hosting, analytics, customer support) who process data on our behalf under strict confidentiality agreements. Legal Requirements: When required by law, court order, or governmental regulation. Business Transfers: In connection with a merger, acquisition, or sale of assets, where your data may be transferred as part of the transaction. Aggregated/De-identified Data: We may share anonymized or aggregated data that cannot identify you. We do not sell your personal data to third parties for their own marketing purposes. 5. Data Security We implement industry-standard technical and organizational measures to protect your data, including: Encryption: Data in transit is encrypted using TLS 1.2+; data at rest is encrypted using AES-256. Access Controls: Role-based access and strict authentication for employees and contractors. Regular Audits: Periodic security assessments and penetration testing. Incident Response: A documented process to address data breaches, including notification to affected users and authorities as required by law. However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. 6. Data Retention We retain your personal data only as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law. Account Data: Retained until you delete your account or for 12 months after account inactivity. User-Uploaded Content (including face data): Deleted immediately after processing is complete, unless you choose to save the output. Saved outputs are retained until you delete them or your account is closed. Usage Data: Retained for up to 24 months for analytical purposes, then anonymized or deleted. Legal Holds: Data may be retained longer if required by applicable law or for pending legal proceedings. 7. Your Rights Depending on your jurisdiction (e.g., GDPR for EEA users, CCPA for California users), you have the following rights: Right to Access: Request a copy of the personal data we hold about you. Right to Rectification: Correct inaccurate or incomplete data. Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal exceptions. Right to Restrict Processing: Limit how we use your data in certain circumstances. Right to Data Portability: Receive your data in a structured, commonly used format. Right to Object: Object to processing based on legitimate interests or direct marketing. Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of prior processing. Right to Non-Discrimination (CCPA): We will not discriminate against you for exercising your rights. To exercise your rights, contact us at xiazeba05@outlook.com. We will respond within the timeframes required by law (generally 30 days for GDPR, 45 days for CCPA). Verification of identity may be required. 8. Children's Privacy Our Service is not intended for individuals under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete it immediately. If you believe a child has submitted data, please contact us. 9. Third-Party Services Our App may integrate with third-party services (e.g., cloud storage providers, analytics tools). These services have their own privacy policies, and we are not responsible for their practices. We encourage you to review their policies. We require all third-party service providers to comply with applicable data protection laws. 10. Policy Changes We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. For material changes, we will provide prominent notice (e.g., email notification or in-app alert). Your continued use of the Service after changes constitutes acceptance of the revised policy. 11. Contact Us If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Email: xiazeba05@outlook.com