Privacy Policy

Last updated: June 13, 2026

This Privacy Policy explains what data Lusya collects, why we collect it, how we use it, when we share it, and what choices you have. Lusya is an adults-only social dating and chat game available through the web and related services.

We use privacy-first principles: data minimization, purpose limitation, security by design, and clear user controls. Some data is required to run Lusya safely; other data is optional and depends on the features you choose to use.

For privacy, safety, law-enforcement, or child-safety requests, contact us at support@lusya.app.

1. Scope and controller

This Policy applies to Lusya websites, web app pages, account features, chat, matching, media, purchases, support, moderation, and related services. It also applies when you contact us or submit a report.

References to "Lusya", "we", "us", and "our" mean the operator of the Lusya service. References to "you" mean a visitor, account holder, user, or other person whose data is processed through Lusya.

If a local legal notice, app-store listing, invoice, or official operator page identifies a specific legal entity or representative for Lusya, that notice supplements this Policy for operator identity and contact details.

2. Adults-only service

Lusya is only for adults who are at least 18 years old, or older if the law where you live requires a higher age. We do not knowingly allow minors to create accounts or use Lusya.

If we learn or reasonably suspect that a user is underage, we may restrict, suspend, or delete the account, request age-related information where lawful, preserve evidence where required, and take additional safety or legal action.

3. Data we collect

The data we collect depends on how you use Lusya. The main categories are listed below.

  • Account and authentication data: Firebase user ID, email address, authentication provider, Google profile data if you sign in with Google, login status, account creation and sign-in events.
  • Profile data: display name, age, gender, selected avatar, profile photo, language, preferences, mood, premium status, coins, favorites, blocked users, and profile settings.
  • Location data: location you allow through your browser or device, approximate location derived from IP address, language and country signals, and location-related matching data.
  • Chat, game, and social data: matches, invitations, chat IDs, messages, translated messages, message status, reactions, gifts, media unlocks, timestamps, reports, blocks, and other interaction records.
  • User content: profile photos, gallery items, chat photos, videos, audio messages, text, screenshots or images attached to reports, and related metadata such as file type, size, upload path, timestamps, and technical identifiers.
  • Payments and subscriptions: RevenueCat customer ID, product identifiers, entitlement status, subscription status, purchase or restore events, coin balances, paid feature usage, and related transaction metadata. We do not store full card numbers.
  • Notifications: push token, notification permission status, delivery preferences, and device/browser data needed to deliver notifications.
  • Analytics and product events: only if you allow analytics, we may collect app surface, screen views, onboarding events, chat and media event categories, paywall events, purchase events, and similar product usage signals.
  • Security, moderation, and support data: IP address, user agent, browser and device type, App Check/reCAPTCHA signals, error logs, support messages, complaint category, complaint text, target user, evidence, and enforcement history.
  • Cookies and local storage: language, consent choice, sign-in/session state, onboarding draft, translator toggle, media gate state, and similar local settings needed for the web app to work.

4. How we collect data

We collect data directly from you when you create an account, complete onboarding, update your profile, send messages, upload media, make purchases, contact support, submit reports, or change settings.

We collect some data automatically from your browser, device, Firebase services, RevenueCat, analytics tools used with your consent, security tools, and logs needed to operate and protect the service.

We may receive limited data from third parties that help us run Lusya, such as authentication, hosting, payment, analytics, fraud prevention, security, moderation, support, and legal-compliance providers.

5. How we use data

  • To create and manage accounts, authenticate users, remember settings, and keep sessions secure.
  • To provide matching, invitations, chat, translations, media sharing, gifts, favorites, blocking, notifications, premium features, coins, and other product functionality.
  • To process purchases, subscriptions, restores, entitlements, refunds where applicable, fraud checks, accounting, tax, and payment support.
  • To protect users, enforce our Terms, investigate reports, detect spam, scams, abuse, exploitation, illegal content, underage use, CSAM, and other safety risks.
  • To preserve relevant records, respond to lawful requests, report suspected illegal activity where required or permitted by law, and defend legal claims.
  • To fix bugs, monitor service performance, prevent security incidents, understand product usage with your analytics consent, and improve Lusya.
  • To communicate with you about your account, safety, support, legal notices, product changes, purchases, and settings.

7. Analytics, cookies, and local storage

Necessary cookies and local storage are used for language, sign-in, security, account settings, onboarding continuity, consent choices, and core web-app behavior.

Optional analytics is off until you choose to allow it. If you allow analytics, we use it to understand feature usage, improve performance, fix rough edges, and measure product events. You may decline analytics and continue using necessary features.

We do not use analytics consent to allow personalized advertising cookies. If advertising or marketing cookies are added later, we will update this Policy and request consent where required.

8. When we share data

We do not sell your personal data. We share data only as needed to operate, secure, improve, monetize, support, moderate, and legally protect Lusya.

  • Service providers: Firebase/Google services for authentication, database, storage, functions, analytics if allowed, App Check, reCAPTCHA, hosting, and cloud infrastructure.
  • Payment and subscription providers: RevenueCat and relevant payment or app-store providers for purchases, subscriptions, entitlements, restores, and payment support.
  • Trust, safety, and moderation providers: where available and appropriate, providers that help detect fraud, scams, abuse, illegal content, child-safety risks, CSAM, and other serious violations.
  • Translation and cloud-function providers: messages or text may be processed through translation infrastructure when the translation feature is used.
  • Law enforcement, regulators, courts, and designated reporting bodies: when required or permitted by law, to protect users, to report suspected illegal activity, to respond to lawful requests, or to defend legal claims.
  • Business transfers: if Lusya is involved in a merger, acquisition, financing, restructuring, sale, or transfer of assets, data may be shared under appropriate confidentiality and legal safeguards.

9. Safety, moderation, and illegal content

Lusya is an adult service, but it is not a place for illegal content, abuse, exploitation, harassment, scams, or non-consensual sexual content. User content and communications may be reviewed when reported, flagged, required for safety, required by law, or necessary to enforce our Terms.

We may use manual review, technical signals, automated systems, hashes, classifiers, risk scores, and specialized providers where available to detect, review, restrict, remove, preserve, or report prohibited content and conduct. Safeguards reduce risk but cannot guarantee that prohibited content will never appear.

If we become aware of apparent child sexual abuse material, grooming, child sexual exploitation, trafficking involving minors, or other serious child-safety risks, we may preserve relevant data, restrict accounts, remove content, and report relevant information to law enforcement, NCMEC/CyberTipline, or another designated reporting body where required or permitted by law.

10. Retention and deletion

We keep data only as long as reasonably needed for the purposes described in this Policy, including providing Lusya, account management, safety, fraud prevention, moderation, legal compliance, accounting, tax, dispute resolution, and legal claims.

When you delete your account, Lusya attempts to remove or anonymize profile data, photos, settings, favorites, blocked lists, invites, and other account-linked data. Some records may be retained or transformed where necessary for safety, anti-abuse, legal compliance, accounting, purchase records, audits, dispute resolution, or legal claims.

Chat and media records may remain temporarily or in limited form in backups, logs, partner-side chat history, moderation records, legal holds, or backend cleanup queues. We do not promise instant deletion from every backup, cache, provider system, or legal archive.

Firebase Auth records, purchase history, complaint records, security logs, and evidence related to abuse or illegal activity may be retained where reasonably necessary to prevent repeat abuse, enforce bans, comply with law, cooperate with authorities, or defend legal claims.

11. Security

We use technical and organizational measures intended to protect data, including Firebase security rules, App Check/reCAPTCHA where configured, access controls, limited permissions, encryption in transit, provider security controls, and abuse-prevention processes.

No internet service can guarantee absolute security. You are responsible for your account credentials, browser/device security, and what you choose to share with other users.

12. Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, object to, or withdraw consent for certain processing of your personal data. You may also have the right to complain to a data protection authority.

To exercise privacy rights, contact support@lusya.app. We may need to verify your identity before acting on a request. Some rights are subject to limits, including safety, legal compliance, purchase/accounting requirements, fraud prevention, and legal claims.

13. Children and minors

Lusya is not directed to children and does not knowingly collect personal data from minors. If you believe a minor is using Lusya or that content involving a minor has been shared, report it immediately in the app and contact us at the child-safety contact listed in our Child Safety Standards.

14. International transfers

Lusya and its providers may process data in countries other than where you live, including the United States, the European Economic Area, and other locations where our infrastructure, providers, support, security, or moderation teams operate.

Where required, we use appropriate safeguards for international transfers, such as contractual protections, provider data-processing terms, adequacy mechanisms, or other lawful transfer tools.

15. Changes and contact

We may update this Policy when the service, legal requirements, providers, or safety processes change. The updated version will show a new last-updated date. If changes are material, we will provide notice where required.

Questions, privacy requests, safety reports, or legal notices can be sent to support@lusya.app.