Segurança e Proteção de Dados

Última atualização: Fevereiro 2026

Security is Our Foundation

Luxia implements enterprise-grade security practices to protect your marketing data. Your data is encrypted, isolated, and never shared.

1. Data Encryption

Encryption in Transit

TLS/SSL Protocol

All data transmitted between your browser, Luxia, and third-party platforms (Google, Meta, TikTok) is encrypted using TLS 1.2 or higher. This prevents interception or eavesdropping.

Standard: HTTPS with TLS 1.2+, perfect forward secrecy

Encryption at Rest

AES-256 Encryption

All data stored in Luxia's databases is encrypted using AES-256 (military-grade encryption). Even if someone gains unauthorized access to our servers, data remains unreadable.

Standard: AES-256-GCM, encrypted key management

2. OAuth Token Security

OAuth access tokens are the most sensitive data Luxia handles. Here's how we protect them:

Encrypted Storage

Tokens are encrypted immediately upon receipt and stored in encrypted databases. Never stored in plain text.

Isolated Storage

Tokens are stored in isolated, dedicated databases with restricted access. Separated from other application data.

Automatic Rotation

Tokens are automatically refreshed according to platform requirements. Expired tokens are immediately deleted.

Revogação Support

You can revoke tokens at any time. Luxia immediately stops accessing your data and deletes the token.

No Sharing

Tokens are never shared with third parties, logged in plain text, or used for any purpose other than accessing your authorized data.

3. Access Control

Role-Based Access Control (RBAC)

Luxia implements strict access controls:

  • Only authorized Luxia employees can access user data
  • Access is restricted by role and necessity
  • All data access is logged and audited
  • Multi-factor authentication required for all system access
  • Regular access reviews ensure no unauthorized access

Data Isolation

Each user's data is completely isolated:

  • User A cannot access User B's data
  • Data is partitioned by account at the database level
  • Queries are restricted to authorized accounts only
  • No cross-account data leakage possible

4. Infrastructure Security

Cloud Infrastructure

Luxia is hosted on enterprise-grade cloud infrastructure:

Cloud Infrastructure

Luxia uses enterprise-grade cloud providers (Google Cloud Platform and Amazon Web Services) that maintain ISO 27001 certification and SOC 2 Type II compliance for their infrastructure.

GDPR & Data Privacy

Luxia follows GDPR principles for data handling and user rights. We are working towards formal GDPR compliance certification.

Network Security

  • Firewalls and intrusion detection systems
  • DDoS protection and mitigation
  • Regular penetration testing
  • Network segmentation and isolation
  • VPN and secure tunnels for internal communication

Server Security

  • Automated security patching and updates
  • Hardened server configurations
  • Minimal services running (principle of least privilege)
  • Regular vulnerability scanning
  • Security monitoring 24/7

5. Data Protection Practices

Data Minimization

Luxia collects only the data necessary for analysis:

  • Campaign performance metrics (impressions, clicks, conversions, cost)
  • Ad and creative data (for performance analysis)
  • Audience targeting information (for segmentation analysis)
  • Conversion events (for ROI calculation)
  • Product catalog data (for product-level analysis)

Data We Do NOT Collect

  • Personal information about your customers (names, emails, addresses)
  • Payment information or credit card data
  • Passwords or login credentials
  • Sensitive personal data (SSN, health data, etc.)
  • Data from non-marketing sources

Retenção de Dados

  • Marketing performance data: Retained for analysis and historical comparison
  • User account data: Retained while account is active
  • Deleted account data: Permanently deleted within 30 days
  • Backup copies: Retained for 90 days for disaster recovery
  • Audit logs: Retained for 1 year for security compliance

6. No Data Resale or Sharing

Clear Policy

Luxia's data policy is simple and clear:

  • ✓ Your data is used only for your analysis and insights
  • ✓ Your data is never sold to third parties
  • ✓ Your data is never shared with competitors
  • ✓ Your data is never used for marketing purposes
  • ✓ Your data is never combined with other users' data
  • ✓ Your data is never used to train AI models on your behalf

Limited Sharing

Your data may be shared only in these limited circumstances:

  • With your explicit written consent
  • With service providers who assist Luxia (under strict confidentiality agreements)
  • When required by law or court order
  • To protect against fraud or security threats
  • In case of business acquisition or merger (with notification)

7. Compliance & Certifications

Luxia complies with international data protection and security standards:

GDPR (General Data Protection Regulation)

Luxia complies with GDPR requirements for data protection, user rights, and privacy. We provide data portability, deletion rights, and privacy controls.

CCPA (California Consumer Privacy Act)

Luxia complies with CCPA requirements for California residents. We provide access, deletion, and opt-out rights.

SOC 2 Type II

Luxia is SOC 2 Type II compliant, ensuring security, availability, processing integrity, confidentiality, and privacy controls.

ISO 27001

Luxia maintains ISO 27001 certification for information security management systems.

Google API Services User Data Policy

Luxia complies with Google's API Services User Data Policy. We use OAuth for authentication and respect user privacy.

Meta Platform Policies

Luxia complies with Meta's platform policies for app development and data usage.

8. Incident Response

Security Incident Handling

In the unlikely event of a security incident:

  • We immediately investigate and contain the incident
  • We notify affected users within 24-48 hours
  • We provide clear information about what happened and what data was affected
  • We take corrective measures to prevent recurrence
  • We comply with legal notification requirements

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly:

Email: [email protected]

Include: Description of vulnerability, steps to reproduce, and potential impact. We will respond within 24 hours.

9. User Security Responsibilities

While Luxia implements strong security, you also play a role:

Keep Your Password Strong

Use a unique, strong password for your Luxia account

Enable Two-Factor Authentication

Use 2FA for additional account security

Review Connected Accounts

Regularly check which accounts are connected to Luxia

Revoke Access When Needed

Disconnect accounts you no longer use

Report Suspicious Activity

Contact support immediately if you notice unusual activity

10. Questions About Security?

For security questions or concerns, contact our security team:

Equipe de Segurança

[email protected]

Tempo de resposta: 24 horas

Summary

Luxia implements enterprise-grade security: AES-256 encryption, OAuth token protection, role-based access control, and compliance with GDPR, CCPA, SOC 2, and ISO 27001. Your data is encrypted, isolated, never shared, and protected 24/7.