GDPR & Data Rights

Last updated: February 7, 2026

This page explains your rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws in relation to the Darklux mobile application (the "App") operated by FLX Code ("we", "us", "our").

1. Data Controller

FLX Code is the data controller for the personal data processed through the Darklux App. We determine the purposes and means of processing your data.

Contact: flxcodelab@gmail.com

2. Legal Basis for Processing

We process data under the following legal bases:

• Consent (Art. 6(1)(a) GDPR): Analytics data is collected only after you explicitly opt in via the consent dialog on first launch. You can withdraw consent at any time in Settings.
• Contract Performance (Art. 6(1)(b) GDPR): Processing necessary to provide the App's core functionality, including wallpaper rendering and purchase verification.
• Legitimate Interest (Art. 6(1)(f) GDPR): Processing necessary for app stability (crash reporting) and security (integrity checks). These interests are balanced against your rights and do not involve personal data.

3. Data We Collect

We collect minimal data, none of which is personally identifiable:

• Anonymous device hash: A randomly generated identifier created on first launch. Not linked to your device ID, advertising ID, or any personal information.
• Anonymous analytics events: Shader previews, wallpaper selections, category browsing (only if you consent).
• Purchase tokens: Google Play purchase tokens for PRO verification. We do not receive payment details.
• Crash reports: Anonymous crash data via Firebase Crashlytics (if you consent).

4. Data Retention

• Analytics events: Retained for a maximum of 12 months, then automatically deleted.
• Device hash: Retained until you request deletion or uninstall the App.
• Purchase tokens: Retained as long as your PRO status is active.
• Crash reports: Retained for 90 days.

5. Your Rights

Under the GDPR, you have the following rights regarding your data:

• Right of Access (Art. 15): You have the right to request a copy of all data we hold about you. Since we only collect anonymous data linked to a device hash, we can provide all events associated with your hash.
• Right to Rectification (Art. 16): You have the right to request correction of inaccurate data. Since our data is automatically generated and anonymous, rectification requests are unlikely but will be honored.
• Right to Erasure (Art. 17): You have the right to request deletion of all your data. You can do this directly in the App (Settings > Delete My Data) or via our data deletion request form.
• Right to Data Portability (Art. 20): You have the right to receive your data in a structured, commonly used, machine-readable format. Contact us to request a data export.
• Right to Restriction (Art. 18): You have the right to request restriction of processing under certain conditions. Disabling analytics in Settings effectively restricts processing of usage data.
• Right to Object (Art. 21): You have the right to object to processing based on legitimate interest. Contact us to exercise this right.

6. How to Exercise Your Rights

You can exercise your data rights in the following ways:

• In the App: Go to Settings > toggle Analytics off (restriction), or Settings > Delete My Data (erasure).
• Via our website: Use the Data Deletion Request form.
• Via email: Send your request to flxcodelab@gmail.com. Include your device hash (found in Settings) so we can locate your data.

We will respond to all requests within 30 days. If we need more time (up to 60 additional days for complex requests), we will inform you within the initial 30-day period.

7. Automated Decision-Making

The App does not use automated decision-making or profiling as defined by GDPR Art. 22. All data processing serves functional purposes (analytics, purchase verification) and does not produce legal or similarly significant effects on you.

8. International Data Transfers

Anonymous analytics data is stored in Google Cloud Firestore, which may process data in data centers outside the European Economic Area (EEA). Google Cloud provides appropriate safeguards for international transfers, including Standard Contractual Clauses (SCCs) and compliance with the EU-US Data Privacy Framework.

9. Data Protection Contact

For all data protection inquiries:

FLX Code
Email: flxcodelab@gmail.com

We aim to resolve all data protection concerns directly. Please contact us first before filing a complaint with a supervisory authority.

10. Supervisory Authority

If you are not satisfied with our response to a data protection concern, you have the right to lodge a complaint with your local data protection supervisory authority. You can find your local authority at EDPB Members Directory.

11. Updates to This Page

We may update this GDPR information from time to time. The "Last updated" date at the top of this page indicates when the latest changes were made. We will notify you of material changes through the App.