Privacy Policy

This is a boilerplate scaffold pending legal review. Do not rely on this text for compliance until counsel has reviewed and edited it.

1. Who we are

Nova Lux Labs LLC ("Nova Lux Labs", "we", "us") operates the website novaluxlabs.net and the products described below. You can reach us at info@novaluxlabs.net.

2. Scope

This Privacy Policy covers all Nova Lux Labs products: 1+1, ideastage, and Vibeshield. Each section below details the data each product processes.

3. Information we collect

3.1 1+1 (mobile app)

• Account information: email, phone number (if provided), profile attributes (age, interests, photos, intent).
• Device identifiers and push notification tokens for messaging.
• Usage data: matches viewed, messages sent (encrypted in transit, stored locally and in Firebase).
• Payment records via the Apple App Store or Google Play; Nova Lux Labs does not see card data.

3.2 ideastage (web platform)

• Account information: email, name (optional), authentication providers used.
• Submitted ideas and AI-generated outputs.
• Subscription and billing data via Stripe; Nova Lux Labs does not store full card numbers.
• Usage analytics tied to your account (queries, exports).

3.3 Vibeshield (web platform)

• Account information: email, organization details.
• Code, API endpoints, dependency manifests, and free-text submitted for scanning.
• Scan results, vulnerability records, and remediation actions.
• Subscription and billing data via Stripe.

4. How we use information

• To provide, secure, and improve each product.
• To communicate about the service (account, security, billing).
• To detect abuse, fraud, and policy violations.
• To comply with legal obligations.

5. Sharing

We share data only with service providers that support our products (Firebase, Supabase, Stripe, Apple App Store, Google Play, model providers for AI features) and as required by law. We do not sell personal data.

6. International transfers

Data may be processed in jurisdictions other than yours, including the United States. Where required, we rely on standard contractual clauses or equivalent safeguards.

7. Data retention

We retain personal data for as long as your account is active and for a limited period thereafter for legal and operational reasons. Specific retention windows per product are documented at /account-deletion.

8. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, port, or restrict use of your data. To exercise these rights, see /account-deletion or email info@novaluxlabs.net.

9. Children's privacy

Our products are intended for users 18 and older. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us.

10. Security

We use encryption in transit and at rest, scoped access controls, and least-privilege infrastructure. No system is perfectly secure; we cannot guarantee absolute security.

11. Changes to this policy

We may update this policy. Material changes will be communicated via the website or, where appropriate, in-app notification. The "Last updated" date above always reflects the current version.

12. Contact

Questions or requests: info@novaluxlabs.net.