Privacy Policy
Last updated: June 20, 2026 — Sparkle5, LLC — Version 1.1
This Privacy Policy explains how Luvu, operated by Sparkle5, LLC (“we”, “us” or “our”), collects, uses, and protects your personal data. We are the data controller for the purposes of the GDPR and equivalent legislation.
What changed on June 20, 2026: we expanded the sub-processor table to reflect new mobile-app capabilities — Firebase Cloud Messaging (push notifications), Google Maps & Geocoding (location messages in chat), Google Play Billing (Android purchases), and Singular (install & in-app event attribution measurement on Android). A new § 11 covers mobile-specific data handling and how to control it from your device.
1. Special Category Data — Dating App (GDPR Art. 9)
Luvu is a dating service. When you create a profile you may share information that reveals your sexual orientation, sexual preferences or relationship intentions. Under GDPR Art. 9 this is special category data requiring explicit consent. By creating a profile and completing your dating preferences you explicitly consent to us processing this data to deliver match suggestions and operate the service. You may withdraw consent at any time by deleting your account (Profile → Settings → Delete Account).
2. Data We Collect
- Account data: email address, password hash, date of birth, gender.
- Profile data: display name, photos, bio, headline, and dating preferences (age range, distance, gender sought, relationship goals, lifestyle attributes).
- Usage data: swipes, likes, matches, message metadata, login timestamps, device type, IP address.
- Location data: approximate GPS coordinates sent each session (with your permission) for match distance calculation, and — only when you choose to send a location message in chat — precise GPS coordinates that are stored with the message and rendered as a static map image.
- Mobile-app data (new): device push token (Firebase Cloud Messaging on Android, Apple Push Notification service on iOS), device model and OS version, app version, and — for marketing attribution — your device’s advertising identifier (Google Advertising ID on Android, IDFA on iOS) when you allow tracking at the OS level. See § 11.
- Voice & audio: when you record and send a voice message, the audio file is uploaded and stored alongside the message. Files are deleted automatically 1 hour after first playback by the recipient (or after the chat retention window if never played).
- Payment data: subscription status, transaction IDs, amounts, and the currency/country of the transaction. We never store card numbers — payments are handled entirely by Stripe, Apple, or Google.
- Verification data: camera selfie taken with the in-app camera for the Live badge; reviewed by human moderators and stored securely.
- Communications: messages you send and receive, stored to operate the messaging feature and to enable safety reviews.
3. Legal Basis for Processing (GDPR)
- Contract performance (Art. 6(1)(b)): account management, match delivery, messaging, billing, push delivery of transactional alerts (matches, messages), processing of in-app purchases.
- Explicit consent (Art. 9(2)(a)): processing of special category data (dating preferences, orientation); precise location for location-message rendering; device-identifier-based attribution measurement (where ATT/Android Privacy permission is granted).
- Legitimate interests (Art. 6(1)(f)): safety, fraud prevention, abuse detection, aggregate product analytics, debug logs, and operational telemetry.
- Legal obligation (Art. 6(1)(c)): retaining financial records and responding to lawful requests.
4. How We Use Your Data
- Delivering match suggestions based on your preferences and location.
- Operating and improving the service and user experience.
- Safety, fraud prevention, content moderation, and abuse investigation.
- Billing, subscription management, and payment confirmation — including transmitting Google Play / App Store receipts for validation.
- Delivering push notifications about matches, messages, likes, and other transactional events to your mobile device.
- Rendering location messages in chat (static map image + reverse-geocoded city label).
- Measuring how new users discover Luvu (marketing attribution) so we can pay our advertising partners accurately and reduce wasted ad spend. This is the only purpose for which a device advertising identifier is processed.
- Sending transactional emails (match alerts, security notifications).
- Aggregate, anonymised analytics — we never sell individual data.
5. Data Processors & Sub-processors
We share data with the following sub-processors solely to operate the service. All are bound by data processing agreements. US and Australian processors operate under EU Standard Contractual Clauses (SCCs).
| Processor | Country | Purpose | Data shared |
|---|---|---|---|
| Google LLC — Sign-In & Identity | USA ¹ | Sign in with Google (SSO); ID-token verification | OAuth ID token, email, name |
| Google LLC — Firebase Cloud Messaging | USA ¹ | Delivering push notifications to your Android / iOS device | Device push token (FCM/APNs), notification payload (which may include the sender’s display name and a short message preview) |
| Google LLC — Google Play Billing & Developer API | USA ¹ | Validating Android subscription and in-app purchase receipts; reporting the price actually charged in your country | Purchase token, package name, product ID, price & currency at the time of purchase |
| Google LLC — Maps Static API & Geocoder | USA ¹ | Generating the static map image and city label shown on location messages in chat | Precise GPS coordinates at the moment you send a location message |
| Apple Inc. | USA ¹ | Sign in with Apple (SSO); In-App Purchase validation; Apple Push Notification service | Auth token, email (first sign-in), purchase receipts, APNs device token |
| Stripe, Inc. | USA ¹ | Web subscription payment processing | Email, subscription details, transaction IDs (no card numbers stored by us) |
| Singular Labs, Inc. | USA / Israel ¹ | Install & in-app event attribution measurement (so we can pay the right advertising partner accurately) | Device advertising ID (GAID / IDFA — only when you allow tracking at the OS level), install referrer, OS & app version, in-app event timestamps (registration, login, photo upload, subscription, purchase including amount), Luvu user ID linked to the attribution session |
| Hetzner Online GmbH | Germany (EU) | Profile photo, verification selfie, voice message, and chat-image storage (S3-compatible object storage) | Photo files, voice audio files, chat images |
| Mailgun Technologies (Sinch) | Germany (EU) | Transactional email delivery — processed exclusively on Mailgun EU servers (Frankfurt) | Email address, email content |
| SMTP2GO Pty Ltd | EU (servers) | Transactional email delivery (secondary provider) — processed on EU infrastructure | Email address, email content |
| Giphy Inc. | USA ¹ | GIF search & trending content in messages | Search query text only |
¹ Transfer to the USA / Israel is covered by EU Standard Contractual Clauses (SCCs). Hetzner Online GmbH, Mailgun (EU servers), and SMTP2GO (EU servers) process data within the EU — no SCC required for those processors.
6. Data Sharing & Disclosure
We do not sell your personal data. We may disclose data:
- To the sub-processors listed above, only as necessary.
- To another Luvu user, only as part of the matching, chat, or block-report features.
- To authorities when required by law, court order, or to prevent serious harm.
- In the event of a business sale or acquisition, subject to equivalent privacy commitments by the successor.
7. Data Retention
We retain personal data only as long as needed for the purposes described above:
- Account & profile data: until you delete your account, then irreversibly removed within 30 days (except where law requires longer retention — e.g. financial records, 10 years).
- Voice messages: removed 1 hour after the recipient’s first playback, or after the chat retention window if never played.
- Push tokens: removed when you log out, uninstall the app, or revoke notifications.
- Attribution-event records (Singular): aggregated after 90 days; identifiers removed on account deletion.
- Server logs (including hashed IPs): 90 days.
8. Your Rights (GDPR — EU/EEA Users)
- Right to access, rectify, or delete your data.
- Right to data portability — you can request an export from Settings.
- Right to restrict or object to processing.
- Right to withdraw consent (for the special category data described in § 1, and for advertising attribution).
- Right to lodge a complaint with a supervisory authority.
9. Security
We use industry-standard encryption (TLS 1.3 in transit, AES-256 at rest), photo URLs are short-lived signed S3 links, passwords are hashed with bcrypt, and we operate read-only admin defaults to limit accidental data exposure. Voice and image files in S3 are stored with private ACLs and only delivered via short-lived signed URLs.
10. Self-Hosted Analytics
We run our own self-hosted analytics on infrastructure we control (currently Plausible Analytics; we reserve the right to switch to a self-hosted Matomo instance under the same configuration). No data is sent to Google Analytics, Facebook Pixel, or any other third-party tracker. Marketing-attribution data sent to Singular (see § 5 and § 11) is separate from product analytics and is only collected when you allow tracking at the OS level.
11. Mobile App: Push Notifications, Location Messages, and Attribution
Three mobile-app capabilities involve specific personal-data flows that you can control from your device:
- Push notifications — Required for delivering match alerts, message previews, and security notifications. Disable from your device’s Settings → Notifications → Luvu. Disabling there removes the active push token from our records on the next session.
- Location messages — Optional. When you send a location message we transmit your precise GPS coordinates to Google Maps (for the static map image) and Geocoder (for the city label), and store them on the message row so the recipient sees the map. To disable, simply don’t use the location-message feature. The general distance-based matching uses a coarser location signal collected only at app startup.
- Marketing attribution — We use the Singular SDK to measure which advertising campaign brought you to Luvu, and which in-app events you complete (so we can pay our advertising partners only when ads actually convert). On iOS, this only happens if you allow tracking in the App Tracking Transparency prompt. On Android, this only happens when you have not opted out of personalised ads in Settings → Google → Ads. You can revoke either at any time from your OS settings.
12. Contact
Sparkle5, LLC — privacy@luvu.plus.