At Luafy, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered Luau script generation service. Please read this policy carefully.
1. Information We Collect
1.1 Information You Provide to Us
When you create an account or use Luafy, we collect:
| Data Type | Examples | Purpose |
|---|---|---|
| Account Information | Email address, username, password (encrypted) | Account creation and authentication |
| Profile Information | Display name, avatar (optional) | Personalization and community features |
| Payment Information | Billing details (processed by Stripe) | Subscription management |
| Communications | Support tickets, feedback, emails | Customer support and service improvement |
1.2 Information We Collect Automatically
When you use Luafy, we automatically collect certain information:
- Usage Data: Features used, prompts submitted, code generated, generation frequency
- Device Information: Browser type, operating system, device type, screen resolution
- Log Data: IP address, access times, pages viewed, referring URLs
- Cookies and Similar Technologies: Session data, preferences, authentication tokens
- Analytics Data: User interactions, feature engagement, performance metrics
1.3 Information from Third Parties
We may receive information from third-party services:
- Authentication Providers: Google, Discord (if you use social login)
- Payment Processors: Stripe (transaction data, payment status)
- Analytics Services: Google Analytics, Mixpanel (aggregated usage data)
2. How We Use Your Information
We use the collected information for the following purposes:
2.1 Service Delivery
- Provide, operate, and maintain Luafy's services
- Process and generate Luau code based on your prompts
- Authenticate your account and manage sessions
- Process payments and manage subscriptions
- Deliver customer support and respond to inquiries
2.2 Service Improvement
- Improve and optimize our AI models and algorithms
- Analyze usage patterns to enhance user experience
- Develop new features and capabilities
- Train our AI on aggregated, anonymized data
- Monitor and improve system performance
2.3 Communication
- Send service-related notifications and updates
- Provide important announcements about Luafy
- Send promotional emails (with your consent, opt-out available)
- Respond to your comments and questions
- Request feedback and conduct surveys
2.4 Safety and Security
- Detect and prevent fraud, abuse, and violations of our Terms
- Monitor for malicious activity and security threats
- Enforce our policies and legal rights
- Comply with legal obligations and law enforcement requests
- Protect the safety of our users and community
3. AI Training and Code Usage
3.1 How We Use Your Prompts and Generated Code
Important: We may use your prompts and generated code to improve our AI models, but we take steps to protect your privacy:
- Training Data: Prompts and code may be used to train and improve our AI models
- Anonymization: Personal identifiers are removed before training
- Aggregation: Data is combined with other users' data in our training sets
- Opt-Out: You can request to opt out of training data usage (contact support)
3.2 What We Don't Do
- ❌ We don't sell your prompts or generated code to third parties
- ❌ We don't share your specific code with other users
- ❌ We don't claim ownership of your generated code
- ❌ We don't use your code for purposes unrelated to service improvement
4. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
4.1 Service Providers
We share information with trusted third-party service providers who help us operate Luafy:
- Hosting Providers: AWS, Cloudflare (infrastructure and CDN)
- Payment Processors: Stripe (payment processing)
- Email Services: SendGrid, Mailgun (transactional emails)
- Analytics: Google Analytics, Mixpanel (usage analytics)
- Customer Support: Zendesk, Intercom (support tickets)
These providers are bound by confidentiality agreements and only use your data to perform services on our behalf.
4.2 Legal Requirements
We may disclose your information if required to do so by law or in response to:
- Valid legal processes (subpoenas, court orders, warrants)
- Government or regulatory requests
- Protection of our rights, property, or safety
- Prevention of fraud or illegal activity
- Enforcement of our Terms of Service
4.3 Business Transfers
If Luafy is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
4.4 With Your Consent
We may share your information for other purposes with your explicit consent.
5. Data Retention
We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:
- Active Accounts: Data retained while your account is active
- Deleted Accounts: Most data deleted within 30 days of account deletion
- Legal Requirements: Some data retained longer to comply with legal obligations
- Anonymized Data: May be retained indefinitely for analytics and AI training
- Backups: Data in backups deleted according to our backup retention schedule (typically 90 days)
6. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
6.1 Access and Portability
- Request a copy of your personal data
- Download your data in a machine-readable format
- Export your generated code and prompts
6.2 Correction and Deletion
- Update or correct inaccurate information
- Request deletion of your personal data ("right to be forgotten")
- Delete your account at any time through account settings
6.3 Opt-Out and Restriction
- Opt out of marketing emails (unsubscribe link in emails)
- Opt out of AI training data usage (contact support)
- Disable cookies through browser settings
- Restrict processing of your data for certain purposes
6.4 How to Exercise Your Rights
To exercise any of these rights, contact us at privacy@luafy.ai. We will respond within 30 days.
7. Security
We implement industry-standard security measures to protect your information:
7.1 Technical Safeguards
- Encryption: HTTPS/TLS for data in transit, AES-256 for data at rest
- Authentication: Secure password hashing (bcrypt), optional 2FA
- Access Controls: Role-based access, principle of least privilege
- Monitoring: Continuous security monitoring and intrusion detection
- Backups: Regular encrypted backups with secure storage
7.2 Organizational Safeguards
- Employee training on data privacy and security
- Confidentiality agreements with all personnel
- Regular security audits and penetration testing
- Incident response procedures
7.3 Limitations
While we use reasonable security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.
8. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience:
8.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, session management, security | Session/1 year |
| Functional | User preferences, settings, language | 1 year |
| Analytics | Usage statistics, performance monitoring | 2 years |
| Marketing | Personalized content, ad measurement (if applicable) | 1 year |
8.2 Managing Cookies
You can control cookies through:
- Browser settings (block all cookies or third-party cookies)
- Our cookie consent banner (customize preferences)
- Opt-out tools provided by advertising networks
Note: Disabling essential cookies may affect service functionality.
9. Children's Privacy
Luafy is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you are between 13 and 18, you must have parental consent to use our services.
If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly.
Parents or guardians who believe we may have collected information from a child under 13 should contact us at privacy@luafy.ai.
10. International Data Transfers
Luafy is operated in [Your Country]. If you access our service from outside [Your Country], your information may be transferred to, stored, and processed in [Your Country] or other countries where our service providers operate.
These countries may have data protection laws that differ from your jurisdiction. By using Luafy, you consent to the transfer of your information to these countries.
For users in the European Economic Area (EEA), we comply with GDPR requirements and use Standard Contractual Clauses or other appropriate safeguards for international transfers.
11. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request disclosure of personal information collected, sold, or shared
- Right to Delete: Request deletion of personal information (with certain exceptions)
- Right to Opt-Out: Opt out of sale of personal information (we don't sell personal info)
- Right to Non-Discrimination: Not receive discriminatory treatment for exercising CCPA rights
To exercise these rights, contact us at privacy@luafy.ai with "CCPA Request" in the subject line.
12. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):
12.1 Legal Basis for Processing
We process your personal data based on:
- Contractual Necessity: To provide our services under our Terms of Service
- Legitimate Interests: Service improvement, security, fraud prevention
- Consent: Marketing communications, optional features
- Legal Obligations: Compliance with applicable laws
12.2 GDPR Rights
- Right to access, rectification, erasure ("right to be forgotten")
- Right to data portability and restriction of processing
- Right to object to processing and automated decision-making
- Right to withdraw consent at any time
- Right to lodge a complaint with your supervisory authority
13. Third-Party Links and Services
Luafy may contain links to third-party websites, plugins, or services (such as Roblox, payment processors, or social media platforms). This Privacy Policy does not apply to third-party services.
We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing any personal information.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
We will notify you of material changes by:
- Posting a notice on our website
- Sending an email to your registered address
- Displaying a notification in your account
The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of Luafy after changes take effect constitutes acceptance of the updated policy.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Privacy Email: privacy@luafy.ai
- General Support: support@luafy.ai
- Data Protection Officer: dpo@luafy.ai
- Website: https://luafy.ai
We will respond to your inquiry within 30 days.
Your privacy matters to us. We are committed to being transparent about our data practices and protecting your personal information. If you have any concerns, please don't hesitate to reach out.