Privacy Policy

Effective Date: Sep 4, 2025

This Privacy Policy explains how Astro Smart Tech LLC (“LustxAI”, “we”, “our”, or “us”) collects, uses, and protects your information when you use LustxAI, a platform that allows users to generate AI-powered images and videos, including adult or NSFW content.

By using our website or services, you agree to the collection and use of your information in accordance with this Privacy Policy.

1. Information We Collect

We collect the following types of information:

a. Account Information

  • Email address
  • Username
  • Password (hashed)

b. Generated Content

  • Generated images and videos
  • Associated metadata (e.g., tags, timestamps)

c. Usage Data

  • Log data (IP address, browser type, device information)
  • Session activity (e.g., clicks, views, time on page)
  • Interaction with content and features

d. Optional Information

  • Profile preferences, such as favorite styles or tags
  • Feedback, messages, or support requests

2. How We Use Your Information

We use your information to:

  • Provide and improve our AI generation services
  • Store and manage your generated content
  • Personalize recommendations and user experience
  • Ensure compliance with legal and platform guidelines
  • Monitor abuse, misuse, or violations of our terms
  • Contact you with updates, security alerts, or support messages

We do not sell or share your personal information as defined under the California Consumer Privacy Act (CCPA/CPRA). We disclose data only to service providers/processors under contract. We do not engage in cross-context behavioral advertising or host ads.

AI Moderation and Content Filtering

We use OpenAI’s API to help automatically detect and prevent the generation of harmful, illegal, or unsafe content. This means that user inputs and system outputs may be temporarily processed by OpenAI for moderation and safety purposes.

OpenAI acts as our processor. As of the effective date, OpenAI does not use API data to train its models and may retain API data for up to 30 days for abuse monitoring, unless a zero-retention setting is enabled. OpenAI processes this data solely to provide services as directed by us.

For more information, see OpenAI’s API Data Usage Policy.

3. Storage & Data Security

  • Encryption in transit (HTTPS/TLS) and at rest where supported by our providers.
  • Least-privilege access controls, role-based permissions, and administrative logging.
  • Private, access-controlled storage for generated content (served via signed URLs or secure tokens).
  • Vulnerability management, regular dependency updates, and security monitoring.
  • Incident response processes to investigate, mitigate, and notify when legally required.

4. Data Retention

We retain personal and generated data as long as necessary to provide services, comply with legal obligations, and enforce our terms. Users may request account deletion, after which data is deleted or anonymized within 30 days unless legally required otherwise.

Retention Periods

  • Account Information: Retained while account is active; deleted within 30 days of account deletion.
  • Generated Content: Stored while account is active; deleted with account deletion.
  • Usage/Log Data: Retained for up to 2 years for analytics, security, and service improvement.
  • Legal/Safety Records: Retained as required by law or for legitimate business interests.

Deletion & Backups

When you delete your account, we begin deletion of your personal data and generated content. Some anonymized statistics may be retained. Routine system backups may retain data for up to 30 days on a rolling basis and are purged thereafter.

5. NSFW and Sensitive Content

Because our platform allows the generation of adult content:

  • All users must affirm they are at least 18 years old or the age of majority in their jurisdiction.
  • NSFW content is opt-in and gated behind age/consent verification steps.
  • Users are prohibited from sharing, downloading, or redistributing generated content without explicit permission (see Terms of Service).

6. User Control & Your Rights

You may:

  • Access your data upon request
  • Delete your account and associated content
  • Request the removal of your information by contacting us at info@lustxai.com

Note: Generated images and videos are for viewing purposes only and cannot be downloaded or saved locally. All content remains on our secure servers and can only be accessed through our platform.

7. Data Subject Rights (EU/UK GDPR and California CCPA/CPRA)

If you are located in the European Union, United Kingdom, or California, you have additional rights under data protection laws, including:

🔒 Your Legal Rights

  • Right to Know/Access: What personal data we collect, use, and disclose, and to obtain a copy.
  • Right to Correction: Request correction of inaccurate personal data.
  • Right to Deletion: Request deletion of your personal data.
  • Right to Object/Opt Out: Object to certain processing (e.g., profiling) or opt out of sale/sharing (we do not sell/share).
  • Right to Data Portability: Request transfer of your data in a portable format.
  • Right to Restrict Processing (EU/UK): Request limitation of processing under certain conditions.
  • Right to Appeal (CPRA/US state laws): Appeal a denial of your request.

How to Exercise Your Rights

Contact privacy@lustxai.com with:

  • Your specific request and the right you wish to exercise
  • Verification of your identity (email address associated with your account)
  • Any additional information needed to process your request

We will respond within 30 days (EU/UK) or 45 days (California), with extensions where allowed by law. If we deny your request, you may appeal by replying to our decision email with “Appeal” in the subject line.

Complaints and Supervisory Authorities

EU Users: You may lodge a complaint with your local data protection authority.

UK Users: You may contact the Information Commissioner’s Office (ICO).

California Users: You may contact the California Attorney General regarding CCPA/CPRA compliance.

Legal Basis for Processing (EU/UK)

We process your personal data based on:

  • Contract Performance: To provide our services as agreed
  • Legitimate Interests: Service improvement and security
  • Consent: Optional features and communications (where applicable)
  • Legal Compliance: To meet our legal obligations

8. International Data Transfers (EU/UK)

Your information may be transferred to and processed in countries outside your region (including the United States). Where we transfer personal data from the EU/EEA or UK to a country without an adequacy decision, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) and, for the UK, the UK Addendum/IDTA. We also implement supplementary measures where appropriate.

9. Third-Party Services

We use trusted service providers for hosting, analytics, payments, and safety tooling. These providers act as processors/service providers under contract and may access limited data to perform their services. We do not serve advertising and do not engage in cross-context behavioral advertising.

For transparency, we may maintain an up-to-date list of subprocessors here: Subprocessors.

10. Cookies and Tracking

We may use cookies and similar technologies for analytics, functionality, and security. For EU/UK users, non-essential cookies (e.g., analytics) may rely on your consent. Some functionality may be limited if cookies are disabled. We do not use cookies for advertising.

Types of Cookies We Use

  • Essential: Required for login and security
  • Analytics: Understand how users interact with the platform
  • Functional: Remember preferences and settings
  • Security: Protect against fraud and unauthorized access

Managing Your Preferences

You can control cookies through:

  • Your browser settings (Chrome, Firefox, Safari, etc.)
  • Our cookie preference center (when available on the platform)
  • Third-party opt-out tools (for analytics where available)

Where legally required, we honor Global Privacy Control (GPC) signals as an opt-out of sale/sharing and targeted advertising. We also respect applicable Do Not Track requirements where mandated by law.

Third-Party Analytics

We may use analytics services (e.g., privacy-centric analytics or Google Analytics) to understand platform usage. These services are subject to their own privacy policies and may offer opt-out mechanisms.

11. Automated Decision-Making and Profiling

We use automated systems to personalize recommendations and improve content generation. You may request to opt out of non-essential personalization by contacting privacy@lustxai.com. This may affect your experience.

12. CPRA Disclosures (Sell/Share and Sensitive Personal Information)

  • No Sale or Sharing: We do not sell or share personal information as defined under CPRA.
  • Sensitive Personal Information (SPI): We do not use or disclose SPI for purposes requiring a “Limit the Use” link (e.g., we do not collect government IDs, precise geolocation, or financial account numbers).
  • Notice of Changes: If our practices change, we will update this policy and provide a “Do Not Sell or Share My Personal Information” link as required.

13. Law Enforcement and Legal Requests

We may disclose information to comply with applicable laws, legal processes, or governmental requests. We review requests to ensure they are valid and proportionate and will notify affected users where legally permitted and feasible.

14. Children’s Privacy

Our services are not directed to individuals under 18, and we do not knowingly collect personal data from minors. If you believe we have collected data from a minor, please contact us so we can delete it. We maintain a zero-tolerance policy for CSAM and report it to NCMEC and relevant authorities where required.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. If we make material changes, we will provide additional notice as required by law.

16. Contact Us

If you have any questions or concerns about this Privacy Policy, or if you wish to exercise your rights, please contact:

Astro Smart Tech LLC (Data Controller)

Email: privacy@lustxai.com

Contact Information

If we appoint an EU/UK representative or Data Protection Officer, we will update this section with their contact details.

17. Definitions

  • Personal data/personal information: Information that identifies or can reasonably be linked to an individual.
  • Processing: Any operation performed on personal data (e.g., collection, use, storage, disclosure).
  • Service provider/processor: A third party that processes personal data on our behalf under contract.
  • Sell/Share (CPRA): Disclosing personal information for monetary or other valuable consideration or for cross-context behavioral advertising.