Privacy Policy
Data We Process
When Client uses LuxeDetect™, we process the following data. Content data includes text content submitted for evaluation via API or integrated systems. Evaluation data includes scoring results, tier classifications, reason codes, and enforcement actions. Configuration data includes benchmark settings, thresholds, and routing rules configured by Client. Usage data includes API requests, timestamps, and system interactions. Account data includes user credentials, roles, and permissions.
Content data is processed solely for evaluation purposes and is not used to train models or shared with third parties except as necessary to provide the service.
Data Retention
LuxeDetect™ retains data according to the following schedule.
Content data submitted for evaluation is retained for 90 days by default. Client may configure retention from 30 days to 365 days.
Evaluation results including scores, tiers, and reason codes are retained for 180 days by default. Client may configure retention from 90 days to 730 days.
Audit logs documenting evaluations, exceptions, and overrides are retained for 7 years to support compliance and governance requirements.
Account data is retained for the duration of service plus 30 days.
Technical logs are retained for 30 days.
Data is deleted or anonymised at the end of the retention period unless legally required to retain.
Security Overview
LuxeDetect™ is built on the principle that brand protection infrastructure must itself be protected to the highest standard. Security is embedded into every layer of our platform — from architecture and development practices to deployment and ongoing operations. We operate a defence-in-depth model, ensuring that no single control failure can compromise Client data or service integrity.
All data transmitted to and from LuxeDetect™ is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Encryption keys are managed through a dedicated key management service with automatic rotation and strict access policies. Client data is logically segregated at all layers to prevent cross-tenant access. Content submitted for evaluation is processed in isolated environments and never used for model training.
LuxeDetect™ runs on enterprise-grade cloud infrastructure hosted on AWS. Our environment employs network segmentation, firewall controls, and intrusion detection systems to monitor and protect against unauthorised access. Access to systems and Client data is governed by the principle of least privilege, requiring multi-factor authentication and role-based authorisation.
We conduct regular automated vulnerability scanning and annual penetration tests by independent third-party firms. LuxeDetect™ maintains a documented incident response plan. In the event of a security incident affecting Client data, we notify impacted clients within 72 hours of confirmed discovery, consistent with GDPR and contractual obligations.
We welcome responsible disclosure of security vulnerabilities. For security inquiries, audits, or to report a vulnerability, contact security@luxefactor.ai.
Compliance
LuxeDetect™ is designed to support Client compliance with applicable regulations and internal governance requirements.
For regulatory alignment, we align data processing practices with GDPR requirements and provide Data Processing Agreements. Our deterministic methodology supports traceability and auditability requirements for AI systems under the EU AI Act. We maintain SOC 2 Type II certification.
For audit support, LuxeDetect™ provides audit trails documenting evaluations, tier classifications, enforcement actions, exceptions, and overrides. Audit data supports regulatory inquiries, internal reviews, and compliance reporting.
Clients are responsible for their own regulatory compliance. LuxeDetect™ provides tools and documentation to support compliance efforts.