Introduction

LUXISOFT is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when accessing and using our software projects, applications, games, and other content available on this site. By using our products, you agree to this policy.

1. Information Collected

Through the public website (luxisoft.com) we do not collect personally identifiable information, except when users voluntarily provide it through contact methods or specific interactions, such as inquiries, support, or registrations on product platforms. When you authenticate into a LUXISOFT application using Google Sign-In, we receive Google user data from Google as described in detail in sections 2.1 and 2.2 of this policy.

2. Authentication via Google Sign-In (Google OAuth 2.0 / Firebase Authentication)

LUXISOFT applications (including but not limited to LuxiChat, LuxiSoft Pages, MegaPunch and other LUXISOFT branded apps) offer 'Sign in with Google' as an authentication option. This feature is implemented using Google OAuth 2.0 through Firebase Authentication, a service provided by Google. The Google scopes requested are limited to the basic, non-sensitive identity scopes: openid, email and profile. We do NOT request any restricted or sensitive Google scopes (Gmail, Drive, Calendar, Contacts, YouTube, etc.).

2.1 Google User Data We Access (Data Accessed)

When you sign in with your Google Account, LUXISOFT and Firebase Authentication access, collect, and store the following specific Google user data:

1. Google Account email address — used as your unique identifier inside LUXISOFT applications.
2. Verified email status — a flag provided by Google indicating whether your email is verified.
3. Basic profile information: full name (given name and family name) and the public display name set on your Google Account.
4. Profile picture URL — the public avatar associated with your Google Account.
5. Locale and language preference — when provided by Google, used to display the application in your preferred language.
6. Google Account unique identifier (Google sub / user ID) — a stable opaque identifier we use to recognize returning users.
7. OAuth/OpenID identity tokens — short-lived tokens issued by Google that we exchange with Firebase Authentication to verify your identity. These tokens are processed in transit and are not retained beyond what Firebase needs to maintain an active session.

2.2 How We Use Google User Data (Data Usage and Purpose)

The Google user data described in section 2.1 is used, processed, and handled exclusively for the following purposes related to operating LUXISOFT applications:

1. Account creation and login: your Google email and Google user ID are used to create and authenticate your user account inside our applications, so you can access features that require an authenticated session.
2. User identification inside the app: your name and profile picture are displayed inside the application (for example, in your profile screen, in chat messages, or in user lists) so other authenticated users and you can recognize the account.
3. Personalization: locale/language information is used to display the user interface in your preferred language when available.
4. Security and fraud prevention: identity tokens issued by Google are validated through Firebase Authentication to prevent impersonation, abuse, and unauthorized access.
5. Service operation: account data is stored in Firebase Authentication and Firebase Realtime Database (Google Cloud Platform, project ID 'luxisoft', project number 456853307907) so the application can recognize you on subsequent logins and maintain features such as chat history, settings, or in-app preferences linked to your account.
6. Customer support: when you contact us through support channels, your Google Account email may be used to identify your account and respond to your request.

LUXISOFT complies with the Google API Services User Data Policy, including the Limited Use requirements. We do NOT sell Google user data, do NOT use Google user data for advertising, do NOT use it to train AI or machine-learning models, and do NOT transfer or share Google user data with third parties for purposes unrelated to the operation of LUXISOFT applications. Google user data is only shared with sub-processors strictly required to operate the service, namely Google Firebase / Google Cloud, under their own terms. 2026

2.3 Data Retention, Revocation and Deletion

Google user data is retained for as long as your account remains active in LUXISOFT applications. You can revoke LUXISOFT's access to your Google Account at any time from https://myaccount.google.com/permissions. To request deletion of your account and all associated Google user data, send an email to [email protected] from the same Google Account email registered in our service, or use the in-app account deletion option when available. Upon receiving a verified request, LUXISOFT will delete the associated personal data from Firebase Authentication and Firebase Realtime Database within thirty (30) days, except for information we are required to retain to comply with legal obligations.

3. Use of Information

The personal information you provide (including the Google user data described in section 2) will be used exclusively for the purposes described in this policy: authentication, providing the application functionality, customer support, and product improvement. It will not be used for commercial purposes, advertising, or training AI models, and will not be shared with third parties without your consent, except for the sub-processors strictly necessary to provide the service or where required by law.

4. Protection of Information (Data Protection Mechanisms)

LUXISOFT applies technical, administrative, and organizational security measures to protect the confidentiality, integrity, and availability of the personal information we collect, including all Google user data obtained through Google Sign-In. The specific data protection mechanisms we implement are:

1. Encryption in transit: all communications between user devices, LUXISOFT applications, and Google/Firebase services are transmitted exclusively over HTTPS/TLS 1.2+, protecting data against interception by third parties.
2. Encryption at rest: Google user data and account information are stored in Firebase Authentication and Firebase Realtime Database (Google Cloud Platform), where data is encrypted at rest by Google using AES-256 encryption as part of Google Cloud's default security infrastructure.
3. Authentication and identity verification: identity is delegated to Google through Firebase Authentication using OAuth 2.0 / OpenID Connect. Identity tokens issued by Google are cryptographically signed and validated server-side to prevent impersonation, replay attacks, and unauthorized access.
4. Access control and least privilege: access to production systems and Firebase databases is restricted to authorized LUXISOFT personnel through individual Google accounts protected with strong passwords and two-factor authentication (2FA). Firebase security rules enforce that each authenticated user can only access data linked to their own Google user ID.
5. Limited OAuth scopes: LUXISOFT requests only the basic, non-sensitive Google scopes (openid, email, profile). We do NOT request restricted or sensitive scopes (Gmail, Drive, Calendar, Contacts, YouTube), which significantly reduces the surface of data that could be exposed.
6. Secure infrastructure: production workloads run on Google Cloud Platform (project ID 'luxisoft', project number 456853307907), which provides physical security, network isolation, DDoS protection, and SOC 2 / ISO 27001 / ISO 27017 / ISO 27018 certified data centers operated by Google.
7. Secrets and credential management: API keys, service account credentials, and configuration secrets are stored outside source code in protected environments and are rotated when a compromise is suspected.
8. Monitoring and logging: authentication events, suspicious activity, and access attempts are monitored through Firebase Authentication logs and Google Cloud audit logs to detect anomalous behavior and potential abuse.
9. Data minimization and retention: we collect only the Google user data strictly necessary to operate the service (described in section 2.1) and retain it only while the account remains active. Verified deletion requests are processed within thirty (30) days.
10. Internal policies and personnel access: access to user data by LUXISOFT staff is limited to operational, support, and legal needs, under confidentiality obligations and the principle of least privilege.

Despite these measures, no system on the internet can be guaranteed to be 100% secure; however, LUXISOFT works to continuously improve its security practices. If you suspect that the security of your account or your Google user data has been compromised, please contact us immediately at [email protected]. 2026

5. Cookies and Similar Technologies

This site uses cookies and similar technologies to enhance the user experience. Cookies are small files stored on your device that allow us to remember preferences and personalize the interaction with the site. If you do not wish to use cookies, you can configure your browser to reject their use, although some site features may not be available.

6. Links to Third Parties

This site may contain links to third-party websites. LUXISOFT is not responsible for the privacy practices of these sites and recommends reading their privacy policies before providing any personal information.

7. Modifications to the Privacy Policy

LUXISOFT reserves the right to modify or update this Privacy Policy at any time. Any changes will be posted on this page, and the date of the last update will be indicated at the end of this policy. Continued use of our products after any modification constitutes acceptance of the changes.

8. Governing Law

This Privacy Policy will be governed by the laws of Colombia, and any dispute related to the management of personal information will be resolved in the competent courts of Colombia.

9. Contact

If you have any questions or concerns about our Privacy Policy, or wish to exercise your data rights (including the deletion of Google user data), you can contact us using the following methods:

1. Email: [email protected]
2. Social media: Links to social media