Data Policy

Your Data, Your Control. Last Updated: February 8, 2026

1. Purpose

This Data Policy provides a detailed, practical description of what data Luvvone processes and where it lives (on-device, message bridge, and metadata stores). It complements our Privacy Policy.

2. Data Minimization

Luvvone is designed around minimization: only data required to verify identity, pair two users, deliver messages reliably, and keep the service secure is processed.

3. Where Your Data Lives

3.1 On your device

  • Decrypted chat history (for user experience).
  • Encryption state and keys stored locally (secure storage).
  • Queued messages for offline sending/retry.

3.2 Message delivery bridge (encrypted)

Encrypted message payloads are used to deliver your messages to your partner. They are intended to be temporary and are deleted automatically after delivery acknowledgement, and/or after an expiration window if undelivered.

Practically, the app and backend use delivery/acknowledgement signals to confirm a message reached the recipient. After that acknowledgement is recorded, bridge records are designed to be removed automatically as part of normal operations.

3.3 Metadata stores

Luvvone stores account, pairing, and operational metadata needed to run the service (e.g., user profile, pairing status, streak state, device binding records, and notification tokens).

4. Data Categories (Detailed Inventory)

  • Identifiers: phone number used for sign-in; account IDs; pairing identifiers.
  • Profile info: name, email (optional), avatar URL, bio, mood.
  • App activity: timestamps needed for delivery, streaks, and operational integrity.
  • Message payloads: encrypted content and encrypted attachments used for delivery.
  • Device/diagnostics: device model/OS and security identifiers; crash logs (where enabled).

5. Encryption Keys

Luvvone uses modern end-to-end encryption patterns (Signal-style key agreement and Double Ratchet). Your private encryption keys are generated on your device and are intended to remain on your device.

6. Retention and Deletion

Message delivery bridge data is designed to be short-lived:

  • Delivered/acknowledged bridge records are deleted automatically shortly after delivery.
  • Undelivered messages expire after a limited retention period to prevent indefinite storage.

Account, pairing, and security metadata may be retained until you delete your account, unpair, or as needed for legal, security, and operational reasons.

7. App Permissions (Typical)

Depending on how you use Luvvone, the app may request device permissions such as:

  • Microphone (voice messages / audio recording).
  • Photos/Media/Files (sending attachments).
  • Notifications (message and service alerts).

You can control permissions through your device settings. Some features may not function without certain permissions.

8. Requests and Support

To request access, correction, or deletion of information, contact privacy@luvvone.com.

9. Data Safety Summary (High-Level)

This section is a plain-language summary intended to help users understand typical app store “data safety” disclosures. It does not replace the detailed sections above.

  • Message content: designed to be end-to-end encrypted; servers are intended to transport encrypted payloads only (temporary bridge).
  • Identifiers: phone number and account identifiers are used for sign-in and security.
  • App activity/metadata: limited metadata (such as delivery timestamps and pairing status) may be processed to run the service reliably.
  • Device data: device/OS and security identifiers may be processed for fraud prevention, diagnostics, and stability.
  • Sharing: data may be shared with infrastructure service providers that help operate the app, subject to safeguards.
  • Sale: we do not sell personal information.
  • Deletion: you can request deletion via privacy@luvvone.com.