Lux Pro ("we", "our", "us") is the data controller for the Lux Pro Android application. We are established in Luxembourg and operate under the General Data Protection Regulation (GDPR) and Luxembourg data-protection law. This policy explains what personal data we collect, why we collect it, how it is stored and protected, and what rights you have as a data subject.
1. Data We Collect
We collect only the data necessary to operate the app. We do not collect billing or card details, contacts, calendar data, audio files, or web-browsing history.
Account identifiers (Firebase Authentication)
When you sign up, we collect your phone number (required for OTP-based phone
sign-up) and/or your email address (required for email/password sign-up). We also
store the Firebase User ID assigned to your account. Phone number is optional if
you choose the email/password sign-up path.
Profile data
You may optionally provide a display name, profile photo/avatar, biography, sport
interests, spoken languages, and age range. This information is stored against your
account and is visible to other users of the app according to your privacy settings.
Photos and media
You may optionally upload a profile photo, a club banner image, or attachments to
match posts. No videos or audio files are collected.
In-app messages and activity
If you use in-app chat (within matches or clubs), the messages you send are stored.
Chat is optional — if you never use it, no messages are collected. We also record
the matches, clubs, and events you join or create, and other user-generated content
such as match results and club posts.
Device location
We request location permission to enable venue and activity filtering. Both
approximate location (city-level) and precise location are optional and
permission-gated — the app functions without location access, and you can deny or
revoke the permission at any time in your device settings. Precise location is only
accessed when you explicitly opt in to a location-dependent feature.
FCM push token (device identifier)
We collect the Firebase Cloud Messaging (FCM) token assigned to your device to
deliver push notifications (e.g. match invitations, club updates). This identifier
is tied to your account and replaced when you reinstall or reset the app.
Crash logs and diagnostics
We collect crash reports and diagnostic data via Firebase Crashlytics to identify
and fix bugs. This data includes stack traces, device model, OS version, and app
version. It does not include the content of your messages or profile fields.
2. Why We Collect It
Account management and authentication — to create, secure, and recover your account (name, email, phone number, Firebase UID, FCM token).
App functionality — to let you find and join nearby clubs, matches, and community events; to display your profile to other members; to deliver in-app notifications; and to enable chat within matches and clubs.
Location-based features — to filter matches and venues by proximity. Location is requested only when you use a feature that needs it, and only with your prior permission.
Crash diagnostics and stability — to detect and resolve application errors, improving the experience for all users.
3. Where Data Is Stored and Who Processes It
All data is stored on Google Firebase infrastructure (Firebase Authentication, Firestore, Cloud Storage, Cloud Functions, Firebase Cloud Messaging, and Firebase Crashlytics). Location-related features use the Google Maps Platform (Maps SDK and Places API). Google acts as our data processor under a Data Processing Agreement with Google LLC.
Google is our only third-party processor. We do not use advertising SDKs, analytics platforms other than those listed above, or any other third-party service. We do not sell your data.
Encryption in transit: all communication between the app and Firebase or Google Maps services uses HTTPS. No unencrypted network connections are made.
Encryption at rest: data stored in Firestore and Cloud Storage
is encrypted at rest by Google's default infrastructure. On-device preferences are
stored using EncryptedSharedPreferences.
4. Data Retention
We retain your personal data for as long as your account is active. When you delete your account (see Section 6), your data is removed from our systems within approximately 30 days of the deletion request being processed. Crash logs retained by Firebase Crashlytics follow Google's standard retention settings.
5. Your GDPR Rights
As a data subject under the GDPR you have the following rights, which you may exercise by contacting us at privacy@lux-pro.app:
Right of access — you may request a copy of the personal data we hold about you.
Right to rectification — you may ask us to correct inaccurate or incomplete personal data.
Right to erasure ("right to be forgotten") — you may request deletion of your personal data. The in-app account-deletion flow (see Section 6) is the fastest way to exercise this right.
Right to restriction of processing — you may ask us to limit how we use your data in certain circumstances.
Right to data portability — you may request your personal data in a structured, commonly used, machine-readable format.
Right to object — you may object to processing of your personal data where we rely on legitimate interests as the legal basis.
You also have the right to lodge a complaint with a supervisory
authority. The competent authority in Luxembourg is the
Commission nationale pour la protection des données (CNPD):
15, Boulevard du Jazz, L-4370 Belvaux, Luxembourg.
Website: cnpd.public.lu
6. How to Delete Your Data
In-app deletion (recommended): open the app and go to
Settings → Account → Delete account. Confirming this action
triggers the deleteUserAccount Cloud Function, which
permanently deletes your Firestore document, all Storage uploads (profile photo,
club banners, match attachments), and your Firebase Authentication account. This
cascade runs automatically and cannot be undone.
By email: if you cannot access the app, send a deletion request to privacy@lux-pro.app from the email address associated with your account. We will process the request and confirm deletion within 30 days.
7. Children
Lux Pro is intended for users aged 16 and older. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has registered, please contact us at privacy@lux-pro.app and we will delete the account promptly.
8. Changes to This Policy
We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. We will notify users of material changes through an in-app notice or by updating this page.
9. Contact
Data controller: Lux Pro
Privacy enquiries and GDPR data-subject requests:
privacy@lux-pro.app