Smart Luxy ("we", "us", "our") operates the Smart Luxy mobile application. This policy describes what personal data we collect, how we use it, and your rights regarding that data.
1. Data We Collect
Account Information — When you register and use the app, we collect:
First name, last name
Email address
Phone number
Personal identification number (ID)
Password (stored in hashed form only)
Profile photo (if you choose to upload one)
Residential Information — To link you to your apartment:
Residential complex and apartment selection
Apartment role (owner, resident, tenant)
Payment Information — When you make payments through the app:
Payment amounts, dates, and monthly billing periods
Payment status (pending, completed, failed)
Order identifiers
We do not collect or store your credit card number, bank account details, or any financial card data. All payment transactions are processed securely through our third-party payment provider (Bank of Georgia). We only receive a transaction confirmation status.
Door Access Data — When you open a door or elevator via the app:
IP address and User-Agent string (logged for security)
Door access timestamp and result
Device & Session Data — For authentication:
Device information string (provided by your device during login)
Authentication token (securely hashed)
Last login timestamp
2. How We Use Your Data
Authentication — To verify your identity and manage your account sessions.
Apartment Linking — To associate you with the correct residential complex, apartment, and building for service access.
Payments — To process monthly service fees, track payment history, and display billing status.
Door & Elevator Access — To grant or deny physical access based on your apartment's payment and access status.
Notifications — To send you SMS verification codes for password reset or phone number changes.
Approval Workflow — To allow apartment owners to approve or reject new resident requests.
Security — To log door access attempts and enforce rate limits for abuse prevention.
3. Data Sharing
We share your data only with the following parties and only as necessary:
Bank of Georgia (BOG) — Payment processing. They receive the payment amount and order ID. They do not receive your personal details from us.
SmsOffice — SMS delivery for verification codes. They receive your phone number and the message content only.
We do not sell, rent, or trade your personal data to any third parties for marketing or advertising purposes.
4. Data Visible to Other Users
Within the same apartment, co-residents may see:
Your first name, last name, phone number, and email
Your role in the apartment (owner/resident/tenant)
Apartment owners can see pending approval requests that include the requester's name, phone, email, and personal ID.
5. Data Retention
Account data is retained for as long as your account is active.
Payment records are retained for billing and accounting purposes.
Door access logs are retained for security auditing.
Verification codes (SMS OTPs) expire within minutes and are deleted after use.
Session tokens expire after 30 days of inactivity.
6. Data Security
Passwords are stored using one-way cryptographic hashing (bcrypt).
Authentication tokens are stored as SHA-256 hashes; the raw token is only visible to you at login.
All communication between the app and our servers is encrypted via HTTPS/TLS.
Payment credentials (bank API keys) are never exposed to clients.
7. Your Rights
You have the right to:
Access your personal data through the app's profile section.
Update your profile photo, phone number, and password within the app.
Logout from all active sessions to revoke all authentication tokens.
Request deletion of your account by contacting us at the email below.
8. Children's Privacy
Our service is not directed to individuals under 18. We do not knowingly collect data from children.
9. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Continued use of the app after changes constitutes acceptance.
10. Contact Us
If you have questions or requests about your personal data, contact us at: