Privacy Policy

This Privacy Policy describes how user data is processed by the online service for recovering photos and videos encrypted in MIUI Gallery ("Service"), accessible at https://lsadecrypt.online. By using the Service, you ("User") agree to the terms of this Policy. This Policy applies to all data collected through the Service, including data obtained via third-party authentication providers such as Google OAuth.

1. General Provisions

The Service Administration ("Administration") respects User privacy and commits to protecting their data in accordance with this Policy, the General Data Protection Regulation (GDPR), and the Google API Services User Data Policy.

The Service is not intended to collect personal data except as specified in this Policy. Data is collected solely for the purpose of providing, maintaining, and improving the Service.

2. Data Processing

2.1 Technical Data Collection

• IP address and browser information for security purposes
• Session cookies for authentication (30-day validity)
• Usage patterns for service improvement
• System logs for troubleshooting (retained for 30 days)
• reCAPTCHA response tokens for abuse prevention

2.2 Google User Data

• Email address — used for account creation, authentication, and user identification. Your email serves as your unique login identifier and is used to send essential account-related communications (e.g., password resets).
• Full name (given name, family name) — used to personalize your account profile within the Service. Displayed on your account page for identification purposes only.
• Profile picture URL — used to display your avatar within the Service interface. The image is referenced by URL and is not downloaded or stored separately on our servers.
• Google user ID (OpenID) — used as a unique identifier to link your Google account to your Service account. This ensures secure authentication and prevents duplicate account creation.

2.3 File Processing Data

• File metadata (size, type, creation date)
• Processing status and results
• Temporary processing tokens
• Encryption keys (deleted immediately after processing)

2.4 Payment Information

• Transaction IDs from payment processors
• Credit purchase and usage history
• Refund and dispute records
• Payment timestamps and amounts
• Subscription status and renewal dates
• No credit card details are stored on our servers

2.5 Log Data

• Service performance metrics
• Error and debugging information
• Security audit logs
• User activity logs (anonymized after 30 days)
• System health monitoring data

3. Data Sharing and Disclosure

The Administration is committed to protecting your data. The following outlines our data sharing practices:

• We do NOT share any user data with advertisers or advertising networks.
• Payment processors (Stripe, PayPal) receive only the information necessary to process your payment. They do NOT receive any Google user data.
• Infrastructure providers (DigitalOcean S3, RabbitMQ) process only file decryption tasks. They do NOT have access to Google user data or personal account information.
• Google reCAPTCHA is used solely for bot prevention. No Google user account data is shared with the reCAPTCHA service.
• We may disclose user data only when required by law, court order, or governmental regulation, or when necessary to protect the rights, property, or safety of the Administration, its Users, or others.
• In the event of a data breach, we will notify affected Users and relevant authorities as required by applicable law.

4. Third-Party Services

The Service uses the following third-party providers. Each provider receives only the minimum data necessary for its specific function:

4.1 Authentication Providers (Google OAuth)

Facebook OAuth

• Purpose: Alternative user authentication and account creation
• Data received: email, name, profile picture

4.2 Infrastructure Providers

DigitalOcean Spaces (S3)

• Temporary file storage for file processing
• File encryption in transit and at rest
• 24-hour retention policy with automatic deletion
• No Google user data is stored or processed by this service

RabbitMQ

• Processing queue management for file decryption
• Real-time status updates during processing
• Message encryption in transit
• No Google user data is transmitted through message queues

4.3 Payment Processors

Payment processors handle payment transactions only. They do NOT receive Google user data (email, name, profile picture, or Google user ID).

Stripe

• Credit card processing
• Payment authentication (3D Secure)
• Fraud prevention and detection

PayPal

• Alternative payment processing
• Transaction verification
• Payment dispute handling

4.4 Security Services

Google reCAPTCHA

• Bot prevention and automated abuse detection
• Suspicious activity detection
• IP address verification
• No Google user account data is shared with reCAPTCHA

Logtail

• System health monitoring
• Error tracking and diagnostics
• Performance analytics (anonymized)

5. Data Retention and Deletion

5.1 Google User Data Retention

5.2 File Storage

• Uploaded files: maximum 24 hours
• Processed files: maximum 24 hours
• Preview files: maximum 24 hours
• All files are automatically deleted after the retention period

5.3 Account Data Retention

• Active accounts: data retained until account deletion is requested
• Inactive accounts: reviewed after 12 months of inactivity
• Deleted accounts: all data removed within 30 days
• Payment records: retained as required by applicable tax and financial law

5.4 Technical Data Retention

• Session data: 30 days
• Error logs: 30 days
• Usage statistics: anonymized after 90 days
• Security logs: 1 year

5.5 Deletion Procedures

• Automatic file deletion: All uploaded and processed files are automatically purged after 24 hours with no user action required.
• Account deletion request: Users may request complete account deletion by contacting us at the email address listed in the Contact Information section. Upon request, all personal data — including Google user data — is permanently removed within 30 days.
• Google OAuth revocation: Users can revoke the Service's access to their Google data at any time via Google Account permissions.
• Backup purge: Deleted data is also removed from backups within the standard backup rotation cycle (up to 30 days).

6. Data Storage and Security

6.1 Encryption and Protection

• All data in transit is encrypted using TLS/HTTPS.
• Database connections are encrypted. Account data, including Google user data, is stored in PostgreSQL with encryption at rest and in transit.
• Google user data receives the same level of protection as all other user data and is subject to the same security measures described here.
• The Administration does not retain uploaded and processed files beyond the 24-hour automatic deletion window.

6.2 Access Control

• Access to user data is restricted to authorized personnel only, on a need-to-know basis.
• Administrative access requires multi-factor authentication.
• Users are responsible for maintaining the security of their devices and network connections when using the Service.

6.3 Infrastructure

• Data is processed and stored on servers located in secure data centers with industry-standard physical and logical security controls.
• Technical data is stored for the minimum time necessary to achieve processing purposes.
• In the event of a data breach affecting User data, the Administration will notify affected Users within 72 hours in accordance with GDPR requirements.

7. User Rights

In accordance with applicable data protection laws including the GDPR, Users have the right to:

7.1 Access and Portability

• Access: Know what personal data is collected and processed about them, including Google user data.
• Data portability: Request a copy of their personal data in a structured, machine-readable format.
• Rectification: Request correction of inaccurate personal data.

7.2 Deletion and Erasure

• Erasure: Request deletion of all personal data where applicable. This includes all Google user data associated with their account.
• Restriction: Request restriction of data processing under certain circumstances.
• Objection: Object to data processing based on legitimate interests.

7.3 Cookie Management

• Cookie control: Opt out of non-essential cookie usage through browser settings.

7.4 Account Closure

• Account deletion: Request complete account deletion, which permanently removes all associated data including Google user data.
• Google access revocation: Revoke the Service's access to Google account data at any time via Google Account permissions.

To exercise any of these rights, please contact us at the email address provided in the Contact Information section below.

8. Policy Updates

8.1 Changes to This Policy

The Administration reserves the right to modify this Policy at any time. Updated versions of the Policy will be published on the Service website with a revised effective date.

8.2 Notification

Material changes will be communicated via email or a prominent notice on the Service. Continued use of the Service after changes constitutes acceptance of the updated Policy.

9. GDPR and Legal Compliance

9.1 GDPR Compliance

9.2 Google API Services User Data Policy Compliance

10. Contact Information

For privacy and data processing inquiries, data access or deletion requests, or questions about Google user data handling, Users can contact the Service Administration at:

10.1 Data Protection Officer

The Data Protection Officer can be reached using the contact details below. All data-related inquiries are handled in accordance with GDPR timelines.

10.2 Email Contact

Email:info@lsadecrypt.online

We will respond to all data-related inquiries within 30 days of receipt.