Luxara

Privacy Policy

Last updated: March 8, 2026 · Effective: March 8, 2026

Summary for Luxara: This app requires no sign-up, no account, and no personal information. All your data is stored locally on your device. The only network request the app makes is a one-time font download from Google Fonts. We do not track you, profile you, or sell any data.

1. Who We Are

Luxara ("the App") is developed and published by Kelthos ("we," "us," or "our"). Luxara is part of the Kelthos suite of privacy-first utility applications.

Developer: Kelthos
Contact Email: legal@kelthos.com
Support Email: support@kelthos.com
Website: https://kelthos.com
App-Specific Page: https://luxara.kelthos.com

2. What This App Does

Luxara is a Flashlight & Screen Light application. It is designed as a utility tool that works instantly without requiring any user registration, login, email verification, or personal information of any kind.

3. No Account Required — Zero Personal Data Collection

We do not collect, store, process, or transmit any personally identifiable information (PII).

Specifically, Luxara does NOT collect:

Names, email addresses, phone numbers, or mailing addresses
Account credentials or passwords
Device identifiers used for tracking (Advertising ID, Android ID)
Location data (unless explicitly listed in Permissions below)
Contacts, call logs, SMS, or calendar data
Photos, videos, or files (unless explicitly listed in Permissions below)
Browsing history, search queries, or app usage patterns
Financial or payment information
Health, fitness, or biometric data
IP addresses or network information for tracking purposes

4. Data Stored Locally On Your Device

Luxara stores the following data exclusively on your device using the Android SharedPreferences API (a standard, sandboxed, local key-value store):

Flashlight settings (brightness, SOS pattern), theme preference

Purpose: Remember your preferred flashlight settings between sessions.

4.1 How Local Storage Works

Data is stored in the app's private, sandboxed directory on your device
Other apps on your device cannot access this data
Data is never transmitted to our servers or any third party
Data is automatically deleted when you uninstall the app
You can manually delete all app data at any time via: Settings → Apps → Luxara → Storage → Clear Data

4.2 Data Backup by Android

Android may include Luxara's local data in your device's automatic backup (Google Drive backup) if you have enabled this feature in your device Settings. This backup is governed by Google's Privacy Policy, not ours. You can disable auto-backup for this app in your device settings.

5. Device Permissions

Luxara requests the following device permissions to provide its core functionality. Each permission is used solely for the stated purpose and never for data collection, tracking, or surveillance:

Permission	Purpose	Data Sent Off Device?
Camera `android.permission.CAMERA`	Required to control the device's camera flash LED for flashlight/torch functionality. The camera sensor itself is never activated — only the flash LED is used. No images are captured.	No — never

Device Sensors Used

Camera flash LED: Used as a flashlight/torch. No camera images are captured.

6. Third-Party Services & SDKs

We believe in full transparency about every piece of software that runs within our app. Below is a complete and exhaustive list of all third-party components, what they do, and what data (if any) they access.

6.1 Google Play Store (Distribution Platform)

Provider	Google LLC
Purpose	App distribution, updates, and installation
Data collected by Google	Google may collect device identifiers, app install/uninstall events, crash reports (if enabled by you in device settings), and usage statistics as part of their Google Play Services. This data collection is governed entirely by Google's Privacy Policy and is outside our control.
Data we receive	We may receive aggregated, anonymized statistics through the Google Play Console (e.g., total installs by country, crash rates, Android version distribution). We do not receive any personally identifiable information.
Privacy Policy	https://policies.google.com/privacy

6.2 Google Fonts API (Typography)

Provider	Google LLC
Purpose	Download the "Inter" font family used throughout the app's user interface. This is a one-time download per device — the font is cached locally after first retrieval.
Network requests	On first app launch (or after cache is cleared), the app makes HTTPS requests to `fonts.googleapis.com` and `fonts.gstatic.com` to download font files.
Data transmitted to Google	When the font is fetched, the following information is transmitted to Google's servers: • Your device's IP address • The font name requested ("Inter") • Standard HTTP headers (User-Agent, which may include your device model and Android version) Google states that font API requests are not logged or stored alongside other authenticated Google services. See Google's Google Fonts Privacy FAQ.
Data retention by Google	According to Google: CSS font requests are cached by the browser/device and are not logged. Font file requests are cached for 1 year to improve performance.
Privacy Policy	https://policies.google.com/privacy Google Fonts Privacy FAQ

6.3 Flutter Framework (App Runtime)

Provider	Google LLC (open-source)
Purpose	Cross-platform application framework used to build this app
Network requests	None. Flutter itself does not make any network requests or phone home. It is compiled into native code.
Source code	https://github.com/flutter/flutter (BSD-3 license)

6.4 Riverpod (State Management)

Package	`flutter_riverpod` v2.6.1
Purpose	In-app state management — manages how data flows within the app
Network requests	None. Pure Dart code running entirely on your device.
Source	pub.dev/packages/flutter_riverpod

6.5 SharedPreferences (Local Storage)

Package	`shared_preferences` v2.3.4
Purpose	Stores app settings and data as key-value pairs in the device's local storage (Android SharedPreferences / iOS NSUserDefaults)
Network requests	None. All data is stored exclusively on your device's local file system.
Source	pub.dev/packages/shared_preferences

6.7 Wakelock Plus (Screen Wake Lock)

Package	`wakelock_plus` v1.2.10
Purpose	Keep the device screen on while the app is actively in use (e.g., during flashlight use or counting)
Network requests	None. Uses the Android PowerManager WakeLock API only.
Source	pub.dev/packages/wakelock_plus

6.8 Kelthos Cloud Sync (Optional — Future Feature)

Provider	Kelthos (self-hosted via Cloudflare R2)
Purpose	An optional, opt-in feature that may be introduced in a future update to allow you to sync app data across multiple devices
Current status	Not yet active. If/when enabled, it will be strictly opt-in and never activated without your explicit consent.
How it will work	If you choose to enable cloud sync, your app data will be encrypted and uploaded to our servers via `sync.kelthos.com`. Data is stored on Cloudflare R2 (part of Cloudflare's global network). Your device ID will be hashed (SHA-256) before storage — we will never store your raw device identifier.
Data stored	Only the specific app data you choose to sync (notes, settings, preferences). No personal information, no analytics, no usage tracking.
Data deletion	You will be able to delete all synced data at any time through the app's settings.
Infrastructure	Cloudflare R2 (Western Europe region). Subject to Cloudflare's Privacy Policy.
This policy will be updated	Before any cloud sync feature is released, this Privacy Policy will be updated with specific details about what data is synced, how it is encrypted, and how to delete it.

6.9 Complete SDK Inventory Confirmation

The list above represents the complete and exhaustive inventory of all third-party code included in this app. We do not use any advertising SDKs, analytics SDKs, social media SDKs, crash reporting SDKs, A/B testing SDKs, attribution SDKs, or any other tracking technology not listed above.

Specifically, this app does NOT include:

Google Analytics / Firebase Analytics
Google AdMob or any advertising network
Facebook SDK / Meta SDK
Firebase Crashlytics or any crash reporting service
Any social media login or tracking SDK
Any user behavior analytics or heatmap tool
Any data broker or marketing SDK

7. Network Requests Summary

For complete transparency, here is every network request Luxara makes:

When	Destination	What's Sent	Purpose
First launch (one-time)	`fonts.googleapis.com` `fonts.gstatic.com`	Font name ("Inter"), your IP address, HTTP User-Agent header	Download the Inter font for the app's UI
That's it. No other network requests are made. The app functions fully offline after the initial font download.

8. Data Sharing

We do not share, sell, rent, or trade any user data with any third party. Period.

The only data that leaves your device is:

The one-time Google Fonts request (IP address + font name, as detailed above)
Any data you explicitly choose to share using the system share sheet (which is your voluntary action)

9. Data Retention

Since all data is stored locally on your device:

We retain zero data — we have no servers storing your information
Your data persists on your device until you clear app data or uninstall the app
Google Fonts cache is stored locally on your device for up to 1 year to avoid re-downloading

10. Data Security

Because we do not collect, transmit, or store your data on any server:

There is no risk of server-side data breaches affecting your Luxara data
Your data is protected by your device's own security (screen lock, encryption, secure boot)
Android's app sandboxing prevents other apps from accessing Luxara's data
On Android 10+, the app uses scoped storage for additional filesystem isolation

11. Children's Privacy (COPPA & Age Requirements)

Luxara does not collect personal information from any user of any age, including children under 13 (as defined by COPPA — Children's Online Privacy Protection Act) or under 16 (as defined by GDPR).

Because no personal data is collected, no parental consent mechanism is needed. The app is safe for users of all ages.

12. Your Rights Under GDPR (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

Right to Access (Art. 15): All your data is stored locally on your device and is accessible to you at all times. We hold no data about you.
Right to Rectification (Art. 16): You can edit your data directly within the app at any time.
Right to Erasure (Art. 17): Clear all data via Android Settings → Apps → Luxara → Clear Data, or by uninstalling the app.
Right to Data Portability (Art. 20): Where the app supports export/share features, you can export your data freely.
Right to Object (Art. 21): There is no data processing to object to, as we process no personal data.
Right to Restrict Processing (Art. 18): There is no server-side processing to restrict.

Legal Basis for Processing (Art. 6): The minimal data processing that occurs (local storage on your device) is based on legitimate interest — the app cannot function without storing your settings and content locally. The Google Fonts network request is based on legitimate interest in providing a consistent, accessible user interface.

Data Protection Inquiries: Contact legal@kelthos.com

13. Your Rights Under CCPA (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights. Because we do not collect personal information:

Right to Know: We do not collect, use, or disclose personal information.
Right to Delete: You can delete all local data as described in Section 9.
Right to Opt-Out of Sale: We do not sell personal information. Ever.
Right to Non-Discrimination: All users receive the same experience regardless of privacy choices.

14. International Data Transfers

Since we do not collect or transmit personal data to servers, there are no international data transfers by our app. The Google Fonts request (Section 6.2) may be routed to Google servers globally, which is governed by Google's own data processing practices and their Privacy Policy.

15. Google Play Data Safety Declaration

In accordance with Google Play's Data Safety requirements, here is our declaration for Luxara:

Data shared with third parties	No data is shared with third parties
Data collected	No user data is collected
Data encrypted in transit	Yes (HTTPS for Google Fonts request)
Users can request data deletion	Yes (clear app data or uninstall)
Committed to Play Families Policy	The app does not collect data from users of any age

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

The "Last updated" date at the top will be revised
Material changes will be communicated through the app's Google Play Store listing update notes
The updated policy will be published at https://luxara.kelthos.com/privacy
Significant changes (such as introducing data collection) will require your affirmative consent within the app before taking effect

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or Luxara's data practices, please contact us:

Email (Legal/Privacy): legal@kelthos.com
Email (Support): support@kelthos.com
Website: https://kelthos.com
Response Time: We aim to respond to all privacy inquiries within 30 days

Our Privacy Commitment: Luxara is built on a simple principle — your tools should work for you, not spy on you. No accounts, no tracking, no data harvesting, no ads. Just a useful app that respects your privacy completely.