GDPR Policy

Effective Date: June 26, 2025

This GDPR Policy explains how Celetix complies with the General Data Protection Regulation (GDPR) and describes your rights regarding the processing of your personal data when using the Lume mobile application.

Data Controller Information

Company: Celetix
Developer: Akhmet-Davud KYZTEK
Contact Email: davud@celetix.com

Personal Data We Process

We process minimal personal data to provide our services:

  • Account Data: Email address (for account authentication only)
  • Device Information: Device model (for compatibility optimization)
  • Analytics Data: Anonymous usage data, crash reports, and performance metrics via Firebase Analytics

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of Access (Article 15): You have the right to request copies of your personal data.
  • Right to Rectification (Article 16): You have the right to request correction of inaccurate or incomplete data.
  • Right to Erasure (Article 17): You have the right to request deletion of your personal data.
  • Right to Restrict Processing (Article 18): You have the right to request that we limit the processing of your personal data.
  • Right to Object to Processing (Article 21): You have the right to object to our processing of your personal data.
  • Right to Data Portability (Article 20): You have the right to request transfer of your data to another organization.
  • Right to Withdraw Consent: You may withdraw consent for data processing at any time.

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent (Article 6(1)(a)): For analytics data collection and account creation
  • Legitimate Interests (Article 6(1)(f)): For app functionality, security, and technical optimization
  • Contract Performance (Article 6(1)(b)): For subscription management and service delivery

Data Retention

We retain personal data only as long as necessary:

  • Account Data: Until account deletion is requested
  • Analytics Data: Automatically deleted by Firebase after 26 months
  • Device Information: Processed temporarily and not stored long-term

Data Sharing and Transfers

We do not sell, trade, or share your personal data with third parties. The only data processing outside of our direct control is:

  • Firebase Analytics: Google's analytics service processes anonymous usage data within the EU/EEA or with appropriate safeguards
  • App Stores: Subscription management through Apple App Store or Google Play Store

Data Security

We implement appropriate technical and organizational measures to ensure data security, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication systems
  • Regular security assessments and updates
  • Minimal data collection principles

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: davud@celetix.com
Subject Line: "GDPR Request - [Your Right]"

We will respond to your request within one month. We may ask you to verify your identity before processing your request.

Complaints and Supervisory Authority

If you believe our processing of your personal data violates GDPR, you have the right to lodge a complaint with your local data protection authority. You can find your local authority at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Updates to This Policy

We may update this GDPR Policy from time to time. We will notify you of any material changes by updating the "Effective Date" and, where required by law, seeking your renewed consent.