LovUp — Privacy Policy

Document type: Privacy Policy
Version: 1.0
Effective date: June 3, 2026
Last updated: June 3, 2026

Important legal notice. This document is provided for informational and operational purposes and does not constitute legal advice. Although it has been drafted to reflect the actual data practices of the LovUp application and to align with the principal international privacy frameworks (LGPD, GDPR, UK GDPR, CCPA/CPRA, PIPEDA, Swiss FADP, Australian Privacy Act and others), review and approval by qualified legal counsel in each relevant jurisdiction is strongly recommended before production use.

---

1. Introduction

LovUp ("LovUp", the "App", the "Service") is a mobile application that helps couples celebrate and document their journey together. The App allows two paired partners to keep a shared journal of memories (including photos), answer relationship quizzes, maintain shared lists, play relationship games, complete monthly check-ups, track relationship milestones, and stay connected through profile information and optional location sharing.

This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, how long we keep it, the choices and rights available to you, and how we protect it. Please read it carefully. By creating an account or using the App, you acknowledge that you have read and understood this Privacy Policy.

2. Who We Are (Controller Identity)

The entity responsible for processing your personal information (the "Controller" under GDPR / the "Controlador" under LGPD / the "Business" under CCPA/CPRA) is:

Field	Detail
Legal entity name	KAMPLISH – DESENVOLVIMENTO DE SISTEMAS LTDA
Trade name	KAMPLISH
Company registration (CNPJ)	35.977.805/0001-74
Legal form	Sociedade Empresária Limitada (Limited Liability Company)
Registered address	Av. Marquês de São Vicente, 1619, Edif. LED Barra Funda, Conj. 1510, Várzea da Barra Funda, São Paulo – SP, CEP 01.139-003, Brazil
Privacy / data protection contact	support@lovup.app

References to "we", "us", or "our" in this Policy mean KAMPLISH – DESENVOLVIMENTO DE SISTEMAS LTDA.

3. Definitions

• Personal Data / Personal Information: any information relating to an identified or identifiable natural person.
• Processing: any operation performed on personal data (collection, storage, use, disclosure, deletion, etc.).
• Controller: the party that determines the purposes and means of processing.
• Processor / Sub-Processor: a party that processes personal data on behalf of the Controller.
• Data Subject / User / you: the natural person to whom personal data relates.
• Partner: the other person with whom a User is paired inside the App ("Couple").
• Couple: the relationship link between two paired Users, identified internally by a couple_id.
• Sensitive / Special-Category Data: data revealing racial or ethnic origin, political opinions, religious beliefs, health, sexual orientation, biometric or genetic data, and similar categories afforded heightened protection.
• Consent: a freely given, specific, informed, and unambiguous indication of the data subject's wishes.

4. Scope of This Policy

This Policy applies to personal information processed through the LovUp mobile application on iOS and Android (bundle identifier com.kamplish.lovup.app), associated back-end services, push notifications, the iOS home-screen widget, and any related support communications.

It does not apply to third-party services that you access through the App and that operate under their own privacy policies (for example, the Apple App Store, Google Play, or Google services), except to the extent we share data with them as described in this Policy.

5. Information We Collect

We collect the following categories of personal information, organized by source and purpose. We only collect what is necessary to operate the features you use.

5.1 Account and Identity Data

• Email address and authentication credentials, created when you sign up with email/password, or
• Federated sign-in identifiers when you choose Sign in with Google or Sign in with Apple (e.g., your unique account identifier, the email associated with that account, and, where you allow it, your name). With Sign in with Apple you may choose to hide your email via Apple's private relay.

5.2 Profile Data

• Name
• Date of birth (used to display age and birthday reminders)
• Gender (optional)
• Profile photo (optional; stored in our profiles storage bucket)
• Status message (short free text, up to 80 characters)
• Favorite song and artist (optional, free text)

5.3 Relationship and Pairing Data

• Relationship milestone dates: dating start date, engagement date, marriage date (all optional)
• Pairing code used to link with your Partner
• Couple identifier (couple_id) linking the two accounts
• Partner-provided information you enter or that is shared upon pairing: Partner's name, email, date of birth, and photo (see Section 8)

5.4 Journal "Memories" Content

• Memory titles, descriptions/captions, and an associated date
• Optional location text for a memory
• Photos attached to memories (up to 10 images per memory), stored in our memories storage bucket

5.5 Relationship Activity Data

• Quiz responses, including your answers, your guesses about your Partner's answers, custom answers, and quiz outcomes
• Shared lists and list items
• Games activity and results
• Monthly check-ups

5.6 Precise Location Data

• Geographic coordinates (latitude and longitude) of your device, and a human-readable location obtained via reverse geocoding, when you enable location features (see Section 9). Your coordinates may be shared with your paired Partner to power the "distance between us" feature.

5.7 Device, Technical, and Diagnostic Data

• Push notification device token (to deliver notifications)
• Device and app information collected for crash and error diagnostics: device model, operating system version, app version, language, and crash/error stack traces
• IP address and connection metadata, processed transiently by our infrastructure and diagnostic providers
• Approximate technical logs generated by our back-end and security/audit logging (audit_log)

5.8 Notification and Consent Records

• Notification preferences
• Consent records (consent_records) documenting consents you have given or withdrawn, for accountability and compliance

5.9 Subscription and Purchase Data

• Subscription status (e.g., free or "Pro"), purchase receipts, transaction identifiers, and an app-assigned (often anonymized) purchaser identifier processed via our subscription provider and the app stores. We do not collect or store your full payment-card number, CVV, or bank credentials — payments are handled by the Apple App Store and Google Play (see Section 21).

5.10 Data Stored Locally on Your Device

Some data is stored locally on your device to make the App work offline and load quickly, including a local SQLite database (lovup_db_v1.sqlite), securely stored authentication tokens (in the platform secure keystore/keychain), app preferences, an image cache, and data shared with the iOS home-screen widget through the App Group group.com.kamplish.lovup.app. This local data remains on your device and is removed when you uninstall the App (subject to platform behavior and backups you control).

6. How We Use Your Information (Purposes)

We process personal information for the following purposes:

1. Provide the Service — create and manage your account, authenticate you, render your profile, and operate core features (journal, quizzes, lists, games, check-ups, milestones).
2. Enable couple pairing — link two accounts, synchronize shared content, and display Partner information.
3. Location features — calculate and display the distance between paired Partners and attach optional location to memories.
4. Send notifications — deliver push notifications and reminders (e.g., anniversaries, quiz invitations) according to your preferences.
5. Process subscriptions — manage "Pro" entitlements, validate purchases, and prevent fraud/abuse of subscriptions.
6. Maintain, secure, and improve the App — diagnose crashes and errors, monitor performance, prevent fraud and abuse, and keep security/audit logs.
7. Communicate with you — respond to support requests and send essential service messages.
8. Comply with legal obligations — respond to lawful requests, keep records, and demonstrate compliance.

We do not sell your personal information and we do not use your content to build advertising profiles.

7. Legal Bases for Processing

Where the GDPR, UK GDPR, or LGPD applies, we rely on the following legal bases (GDPR Art. 6; LGPD Art. 7 / Art. 11):

Purpose	Legal basis (GDPR/UK GDPR)	Legal basis (LGPD)
Account creation, authentication, core features	Performance of a contract (Art. 6(1)(b))	Execution of a contract (Art. 7, V)
Couple pairing & shared content	Performance of a contract / Consent	Execution of a contract / Consent
Precise location features	Consent (Art. 6(1)(a))	Consent (Art. 7, I)
Push notifications (non-essential)	Consent	Consent
Security, fraud prevention, diagnostics	Legitimate interests (Art. 6(1)(f))	Legitimate interest (Art. 7, IX)
Subscription processing	Performance of a contract	Execution of a contract
Legal compliance, record-keeping	Legal obligation (Art. 6(1)(c))	Compliance with legal/regulatory obligation (Art. 7, II)

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms, and you may object as described in Section 15.

8. Couple Pairing and Shared Data

LovUp is built around two people sharing a connected experience. When you pair with a Partner:

• Shared content becomes visible to your Partner. Memories, quizzes, lists, games, check-ups, profile fields, milestone dates, status, and (if enabled) your location may be visible to the paired account.
• You may enter information about your Partner (such as their name, email, date of birth, or photo). You represent that you are entitled to provide this information. If your Partner objects, they may contact us at support@lovup.app to exercise their rights.
• Unpairing stops future synchronization. Content already shared with a Partner may remain in that Partner's account and on their device. To request deletion of specific shared content, contact us.

Because the Service is inherently shared between two Users, certain data cannot be made private to one partner without breaking core functionality. Please consider this before sharing sensitive content.

9. Precise Location Data

Location features are optional and require your explicit permission through your device's operating system.

• We collect precise coordinates (latitude/longitude) only when you grant location permission and use a location-dependent feature.
• Coordinates may be processed by Google Maps Platform and reverse-geocoding services to display maps and place names.
• Your location may be shared with your paired Partner to show the distance between you.
• You can disable location at any time through your device settings; doing so will turn off location-dependent features.

We treat precise location as protected information and do not use it for advertising.

10. How We Share Information

We share personal information only as described below:

• With your Partner, as required to deliver the shared couple experience (Section 8).
• With sub-processors / service providers who process data on our behalf under contract (Section 11).
• With payment and subscription providers to operate subscriptions (Section 21).
• For legal reasons — to comply with applicable law, lawful requests from public authorities, court orders, or to establish, exercise, or defend legal claims.
• In a business transfer — if we are involved in a merger, acquisition, reorganization, or sale of assets, personal data may be transferred as part of that transaction, subject to this Policy.
• With your consent — for any other purpose disclosed to you at the time.

We do not sell personal information for money, and we do not "share" it for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.

11. Third-Party Services and Sub-Processors

We rely on the following categories of third-party providers. Each operates under its own privacy terms and, where required, a data processing agreement and appropriate transfer safeguards.

Provider	Role / purpose	Data involved
Supabase	Authentication, database, file storage, and back-end functions (core hosting/infrastructure)	Account, profile, relationship, journal, activity, photos, location, logs
Google LLC — Firebase Cloud Messaging	Delivery of push notifications	Device push token, notification metadata
Google LLC — Google Sign-In	Federated authentication	Google account identifier, email, name
Google LLC — Google Maps Platform / Geocoding	Maps display and reverse geocoding	Approximate/precise location, IP
Google LLC — Google Fonts (runtime fetch)	Loading fonts used in the UI	IP address (transient, to Google font servers)
Apple Inc. — Sign in with Apple	Federated authentication	Apple account identifier, optional relay email, name
Apple Inc. — Apple Push Notification service (APNs)	iOS push delivery	Device push token
Sentry	Crash, error, and performance monitoring	Device model, OS, app version, stack traces, IP, transient diagnostic data
RevenueCat	Subscription management and entitlement validation	Purchase receipts, subscription status, app-assigned purchaser ID
Apple App Store / Google Play	Payment processing and billing	Payment data handled directly by the stores (we do not receive card data)

An up-to-date list of sub-processors is available on request at support@lovup.app.

12. International Data Transfers

We are established in Brazil, and our providers may process data in the United States, the European Union, and other countries. When personal data is transferred across borders, we use lawful transfer mechanisms, which may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission and the UK International Data Transfer Agreement / Addendum;
• Adequacy decisions, where the destination country is recognized as providing adequate protection;
• LGPD international transfer mechanisms under Arts. 33–36 (including adequacy, contractual clauses, and specific consent where applicable);
• Other safeguards required by applicable law.

You may request more information about these safeguards at support@lovup.app.

13. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, after which it is deleted or anonymized:

Data category	Retention rule
Account & profile data	While your account is active; deleted within 30 days of verified account deletion request (subject to legal exceptions)
Journal memories, quizzes, lists, games, check-ups	While your account is active or until you delete the content
Precise location	Retained only as needed for the active feature; coordinates are updated/overwritten rather than accumulated as a history
Push device tokens	Until the token becomes invalid or you disable notifications/uninstall
Diagnostic/crash data	Typically up to 90 days at our diagnostics provider
Security/audit logs	Retained as needed for security and legal accountability
Consent records	Retained for the period required to demonstrate compliance
Subscription/transaction records	Retained as required by tax, accounting, and consumer-protection law

Local on-device data is removed when you uninstall the App, subject to device backups you control.

14. Security Measures

We implement administrative, technical, and physical safeguards appropriate to the risk, including:

• Technical: encryption in transit (HTTPS/TLS); secure storage of authentication tokens in the platform keychain/keystore; row-level security (RLS) policies on our database to restrict access to a user's own and their couple's data; access controls and authentication.
• Administrative: least-privilege access, contractual confidentiality and data-processing obligations with providers, and security/audit logging.
• Physical: reliance on reputable cloud infrastructure providers that maintain physical data-center security.

No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we maintain procedures to detect, respond to, and, where legally required, notify you and the competent authority of a personal data breach without undue delay (e.g., GDPR Arts. 33–34; LGPD Art. 48).

15. Your Rights

Subject to applicable law and verification of your identity, you may exercise the following rights:

15.1 GDPR / UK GDPR (EU/EEA/UK)

• Access to your personal data
• Rectification of inaccurate data
• Erasure ("right to be forgotten")
• Restriction of processing
• Data portability
• Objection to processing based on legitimate interests or to direct marketing
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

15.2 LGPD (Brazil)

• Confirmation of the existence of processing
• Access to your data
• Correction of incomplete, inaccurate, or outdated data
• Anonymization, blocking, or deletion of unnecessary or excessive data
• Portability to another provider
• Deletion of data processed with consent
• Information about shared use and entities
• Information about the possibility of refusing consent and the consequences
• Withdraw consent and review of automated decisions

15.3 CCPA / CPRA (California)

• Right to know what personal information we collect, use, and disclose
• Right to delete personal information
• Right to correct inaccurate information
• Right to opt out of sale/share (note: we do not sell or share for cross-context advertising)
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising your rights

15.4 Other jurisdictions

Residents of Canada (PIPEDA), Switzerland (FADP), Australia, and other regions have comparable rights, which we honor to the extent required by local law.

15.5 How to exercise your rights

Email support@lovup.app, or use in-app account controls where available (including account deletion). We will respond within the timeframe required by applicable law (generally 30 days under GDPR/CCPA, extendable where permitted; LGPD requests are handled promptly). We may need to verify your identity before acting. You may use an authorized agent where the law allows.

16. Cookies and Similar Technologies

LovUp is a mobile application and does not use browser cookies for advertising or cross-site tracking. However, the App and its providers use similar technologies and local identifiers, including:

• Local device storage (SQLite database, secure keystore, app preferences, image cache) to operate the App and remember your settings;
• Mobile identifiers / tokens such as the push notification token and app-assigned purchaser identifiers;
• Diagnostic identifiers generated by our crash/error provider.

We do not use these technologies for behavioral advertising. Any web pages we may operate (such as deep-link landing or support pages) will present a cookie notice where required by the ePrivacy Directive/PECR.

17. Automated Decision-Making

We do not use solely automated decision-making that produces legal or similarly significant effects on you, and we do not use your data for profiling for advertising. Quiz outcomes and similar in-app results are entertainment features that do not produce legal effects. If this changes, we will update this Policy and provide the disclosures required by GDPR Art. 22 and LGPD Art. 20, including the right to request human review.

18. Children's Privacy

LovUp is intended for adults (18 years of age or older) and is not directed to children. We do not knowingly collect personal information from children under the age of 13 (or under 16 where a higher age of digital consent applies under local law, such as in parts of the EU/EEA).

If you believe a child has provided us personal information, contact support@lovup.app and we will take steps to delete it. We comply with COPPA and the children's-data requirements of the GDPR and LGPD.

19. Sensitive Information

LovUp does not require you to provide special-category/sensitive data. However, because the App lets you write free-text content and upload photos, you control what you share, and such content could reveal sensitive information (for example, relationship intimacy, location patterns, or imagery). We ask that you avoid uploading sensitive data you do not wish to process. Where you voluntarily provide sensitive data, you consent to our processing it to deliver the features you use. Precise location is treated as protected information (see Sections 9 and 15.3).

20. Push Notifications and Communications

With your permission, we send push notifications via Firebase Cloud Messaging (Android) and Apple Push Notification service (iOS), such as anniversary reminders and quiz invitations. You can manage notification categories in the App's notification preferences and disable notifications entirely in your device settings. We may also send essential, non-promotional service messages (for example, security or account notices).

21. Subscriptions and Payment Data

LovUp offers an optional paid subscription ("Pro"). Purchases are processed by the Apple App Store and Google Play, and subscription entitlements are validated through RevenueCat. As a result:

• We do not receive or store your full payment-card number, CVV, or bank credentials. Those are handled by the app stores under their own terms.
• We receive purchase receipts, transaction identifiers, subscription status, and an app-assigned purchaser identifier to grant and validate your "Pro" access and to prevent abuse.
• Billing, renewals, and refunds are governed by the applicable app store's policies; see the LovUp Terms of Service for additional subscription terms.

22. Third-Party Links and Content

The App may contain links to third-party websites or services (for example, music or map content). We are not responsible for the privacy practices of those third parties. Review their privacy policies before providing them personal information.

23. Data Controller and DPO / Encarregado Contact

The Controller is KAMPLISH – DESENVOLVIMENTO DE SISTEMAS LTDA (Section 2). For all privacy matters, including the role of Data Protection Officer (DPO) / Encarregado pelo Tratamento de Dados Pessoais (LGPD Art. 41), you may contact:

• Email: support@lovup.app
• Postal address: Av. Marquês de São Vicente, 1619, Conj. 1510, Várzea da Barra Funda, São Paulo – SP, CEP 01.139-003, Brazil

24. Supervisory Authorities

If you believe your rights have been violated, you may lodge a complaint with the competent authority, including:

• Brazil: Autoridade Nacional de Proteção de Dados (ANPD) — gov.br/anpd
• EU/EEA: your national Data Protection Authority (a list is maintained by the European Data Protection Board)
• United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
• California, USA: California Privacy Protection Agency (CPPA) and the California Attorney General

We would, however, appreciate the chance to address your concerns first — please contact us at support@lovup.app.

25. Region-Specific Disclosures

• Brazil (LGPD): This Policy serves as your notice under the LGPD. The legal bases used are summarized in Section 7. The Encarregado contact is in Section 23.
• EU/EEA & UK (GDPR/UK GDPR): See Sections 7, 12, 15, and 24 for legal bases, transfers, rights, and authorities.
• California (CCPA/CPRA): In the preceding 12 months we collected the categories described in Section 5 for the purposes in Section 6, disclosed them to the providers in Section 11, and did not sell or share personal information for cross-context behavioral advertising. See Section 15.3 for your rights.
• Canada (PIPEDA), Switzerland (FADP), Australia & New Zealand: We honor the access, correction, and complaint rights provided under these laws.

26. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where required by law, notify you in the App or by other appropriate means before the changes take effect. Your continued use of the App after the effective date constitutes acceptance of the updated Policy, except where additional consent is required by law.

27. How to Contact Us

KAMPLISH – DESENVOLVIMENTO DE SISTEMAS LTDA
Av. Marquês de São Vicente, 1619, Conj. 1510, Várzea da Barra Funda
São Paulo – SP, CEP 01.139-003, Brazil
CNPJ 35.977.805/0001-74
Email: support@lovup.app