SECTION 1 - INTRODUCTION
LUXVERIFY respects your privacy and is committed to protecting your Personal Information. This Privacy Policy explains how we collect, use, store, and disclose information when you use our luxury authentication services (the "Services") through our website and mobile applications.
By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our Services.
Our Services are intended for users aged 18 and older. We do not knowingly collect information from children under 13. If you are under 18, please have a parent or guardian use our Services on your behalf.
SECTION 2 - INFORMATION WE COLLECT
We collect various types of information to provide and improve our authentication services. The Personal Information you provide directly includes your account information such as name, email address, phone number, mailing address, username, and password. We also collect payment information including credit card details and billing address, though these are processed securely through third-party payment processors and we do not store full payment card numbers. Additionally, we collect item information which encompasses photos of luxury items including watches, bags, jewelry, and other categories, along with brand names, model numbers, serial numbers, and item descriptions. We maintain records of your communications with our customer service team.
We also automatically collect certain information when you use our Services. This includes device information such as your IP address, browser type, operating system, and device identifiers. We gather usage data including pages visited, time spent on site, click patterns, and referral sources. We collect general geographic location based on your IP address, though we do not collect precise GPS location data. We use cookies and similar technologies to enhance user experience and analyze site traffic, which is discussed in more detail in Section 8 of this policy.
SECTION 3 - HOW WE USE YOUR INFORMATION
We use your Personal Information for several specific purposes. For service provision, we use your information to authenticate luxury items, generate reports, and deliver certificates, which constitutes the performance of our contract with you. For payment processing, we use your information to charge for selected authentication tiers, also under the performance of contract basis. We use your contact information for communication purposes including sending order confirmations, delivering reports, and requesting resubmissions when necessary, based on legitimate interest or your consent. For quality assurance, we review photo compliance and use feedback to improve authentication accuracy, which serves our legitimate interest in maintaining service quality. We process information for legal compliance purposes including fraud prevention, dispute resolution, and meeting regulatory requirements, which constitutes a legal obligation. For marketing purposes, we may send promotional emails only with your explicit consent, and you may withdraw this consent at any time.
We do not use your item photos for commercial endorsement purposes without obtaining your explicit written consent.
SECTION 4 - PHOTO DATA AND INTELLECTUAL PROPERTY
Regarding photo submission, you retain ownership of all photos you submit to our platform. By submitting photos, you grant us a limited license to use them solely for authentication purposes. You warrant that all photos are original, unaltered, and correspond to a single item, and you agree that you will not engage in "photo collaging" or submitting photos from multiple items to mislead the authentication process.
We retain authentication records including photos for seven years to comply with legal obligations and support potential dispute resolution. Certificate-related information cannot be deleted upon account closure due to business and legal requirements that mandate retention of authentication records.
SECTION 5 - INFORMATION SHARIN AND DISCLOSURE
We do not sell your Personal Information to third parties under any circumstances. We may share your data with service providers who assist us with payment processing through providers such as Stripe, PayPal, or Braintree, cloud hosting services such as AWS, and email or SMS delivery services. We may share information with authentication partners who are third-party experts consulted for complex cases, and all such sharing occurs under strict confidentiality agreements. We may disclose information to legal authorities when required by law, court order, or to protect our rights and safety. In the event of a business transfer such as a merger, acquisition, or asset sale, your information may be transferred as part of the business assets, though we will notify you of any such change in control.
All third-party service providers are contractually obligated to maintain confidentiality and security standards consistent with this policy and applicable data protection laws.
SECTION 6 - YOUR PRIVACY RIGHTS
Depending on your location, you may have various rights regarding your Personal Information. All users have the right to access their Personal Information and request a copy of the data we hold about them. You have the right to correct inaccurate or incomplete information in your profile. You may request deletion of your account and data, subject to legal retention requirements that mandate we maintain certain records. You have the right to opt-out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly.
California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). These include the right to know what Personal Information is collected, used, shared, or sold, the right to delete Personal Information subject to certain exceptions, the right to opt-out of the sale of Personal Information (though we do not sell your data), the right to non-discrimination for exercising your privacy rights, the right to correct inaccurate Personal Information, and the right to limit the use of sensitive Personal Information. California residents may exercise these rights by contacting us at luxverifyonline@gmail.com
European Union residents have rights under the General Data Protection Regulation (GDPR) including the right to data portability, the right to restrict processing under certain circumstances, the right to object to processing based on legitimate interests, the right to withdraw consent at any time, and the right to lodge a complaint with a supervisory authority.
Canadian residents have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) including the right to access their Personal Information, the right to challenge the accuracy of their information, and the right to know the purposes for which their information is being used.
SECTION 7 - DATA SERITY
We implement industry-standard security measures to protect your information. We use SSL/TLS encryption for data in transit and AES-256 encryption for data at rest. We maintain strict access controls with role-based access limited to authorized personnel who require access to perform their job functions. We conduct regular security audits including vulnerability assessments and penetration testing. In the event of a data breach, we have an incident response plan that includes notifying affected users within 72 hours and complying with all applicable breach notification laws.
While we take these precautions, no internet transmission is 100% secure. You are responsible for maintaining the confidentiality of your account credentials and should notify us immediately if you suspect unauthorized access to your account.
SECTION 8 - COOKIES AND TRACKING TECHNOLLOGIES
We use essential cookies that are required for basic site functionality and cannot be disabled without affecting your ability to use our Services. We use analytics cookies through Google Analytics to understand site usage patterns, and we have configured these tools to anonymize IP addresses. We use preference cookies to remember your settings and preferences for future visits.
You can manage cookie preferences through your browser settings. Disabling certain cookies may affect site functionality, particularly the essential cookies required for authentication and payment processing.
SECTION 9 - INTERNATIONAL DATA TRANSFERS
Your information may be processed in the United States where our primary servers are located in the AWS US-East region, and in Canada where we maintain backup servers. For users in the European Union or European Economic Area, we ensure adequate protection of your data through Standard Contractual Clauses approved by the European Commission or through adequacy decisions where applicable.
SECTION 10 - THIRD-PARTY LINKS
Our Services may contain links to third-party websites such as brand websites or payment processors. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit through links on our platform.
SECTION 11 - CHANGES TO THIS POLICY
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Material changes will be communicated to you via email notification to your registered email address, through a prominent notice on our website, and by updating the "Last Updated" date at the top of this policy. Your continued use of our Services after such changes constitutes your acceptance of the revised policy.