PermisLux Privacy Policy
1. Introduction
This Privacy Policy (“Policy”) explains how PermisLux (“we”, “us”, or “our”) collects, uses, and protects personal data of users (“you”) of the PermisLux mobile application (“App”). We comply with the EU General Data Protection Regulation (GDPR) and applicable Luxembourg privacy laws.
2. Data Controller
PermisLux manages your data as the data controller. You can reach us at julien.kessels.dev@gmail.com.
3. Data We Collect
| Category | Examples | Purpose |
|---|---|---|
| Identifiers | Email address, nickname, avatar seed | Account creation, personalization |
| Usage data | Progress, quiz scores, modules completed | Learning analytics, guided pathway features |
| Technical data | Device identifier (anonymized), app version | Crash reporting, security, performance metrics |
| Transaction data | In-app purchase receipts, subscription status | Billing management, customer support |
| Optional data | Promo code, preferred driving school | Referral programs, sponsor features |
4. Legal Bases for Processing
- Contract performance: delivering the App’s core functionalities.
- Legitimate interests: ensuring security, preventing abuse, improving UX.
- Consent: marketing communications, optional notifications.
- Legal obligation: complying with accounting or regulatory requirements.
5. Data Sharing
We share data only with:
- Technical providers (hosting, analytics, crash reporting) located in the EEA or offering adequate safeguards such as Standard Contractual Clauses (SCCs).
- Payment processors (Apple, Google) for in-app purchases and subscriptions.
- Sponsorship partners (e.g., driving schools) solely if you consent to sharing contact details or using referral codes.
- Public authorities when required by law or to protect our rights.
6. Hosting and Transfers
Data is primarily hosted within the European Economic Area. If data must be transferred outside the EEA, we rely on adequacy decisions, SCCs, or other GDPR-compliant safeguards.
7. Retention
- Account data: kept while your account is active, then deleted within 24 months.
- Usage data: retained for 24 months, then aggregated or anonymized.
- Billing records: stored for 10 years to meet legal obligations.
- Technical logs: generally kept for up to 12 months unless needed for security investigations.
8. Your Rights
You have the right to access, rectify, erase, restrict, or object to processing, as well as data portability and the right to withdraw consent. Contact us at julien.kessels.dev@gmail.com to exercise these rights. You may also lodge a complaint with the Commission nationale pour la protection des données (CNPD) in Luxembourg.
9. Security
We implement technical and organizational measures, including encryption, access controls, and incident response procedures, to protect your data. No system is completely secure, so we encourage you to choose a strong, unique password.
10. Third-Party Services
The App integrates with third-party services such as Firebase (backend), RevenueCat (subscriptions), and Superwall (paywall management). Each provider operates under its own privacy policy and must meet our GDPR compliance standards.
11. Minors
The App is not intended for children under 16 without parental consent. If you believe a minor has provided data without authorization, contact us so we can remove it promptly.
12. Notifications and Marketing
- Push notifications can be enabled or disabled in your device settings.
- Email marketing is sent only with your consent. Each message includes an unsubscribe option.
13. Changes to This Policy
We may update this Policy to reflect legal, technical, or operational changes. Significant updates will be announced in the App or via email, and continued use signifies acceptance of the revised Policy.
14. Contact
If you have any questions about this Policy or our data practices, contact us at julien.kessels.dev@gmail.com.