1. Introduction
Welcome to Lusapp ("we," "our," or "us"). Lusapp is a mobile application for endurance athletes to discover races, track participation, connect with the community, and join groups. We are committed to protecting your personal information and your right to privacy.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our iOS and Android mobile application.
2. Information We Collect
Information You Provide Directly
- Account Information: Email address, display name, and password (encrypted)
- Profile Information: Profile photo, bio, location (city/country), favorite sport, and athlete statistics
- Race Activity: Races you add to your calendar, races you mark as completed, race goals and notes
- Social Content: Posts, comments, likes, and group messages you create
- Group Data: Groups you create or join, gear lists, and group chat messages
- Direct Messages: 1-on-1 messages exchanged with other users
Automatically Collected Information
- Device Information: Device type (iOS/Android) and operating system version
- Usage Data: App features you use and timestamps of activity
- Authentication Tokens: Secure tokens used to keep you signed in
We do not collect precise GPS location, contacts, browsing history, financial information, or health/fitness sensor data.
3. How We Use Your Information
We use your information solely to operate and improve Lusapp:
- Create and manage your account
- Display your profile to other users of the app
- Show race recommendations and filter results
- Enable social features (following, posts, comments, likes)
- Power group creation, membership, chat, and gear lists
- Deliver direct messages between users
- Send you account-related emails (verification, password reset)
- Detect and prevent abuse or fraudulent activity
- Improve the app experience over time
4. How We Share Your Information
Public Within the App
- Your display name, profile photo, bio, location, and favourite sport are visible to all Lusapp users
- Your posts, race activity, and group memberships (in public groups) are visible to other users
- Messages in public group chats are visible to all members of that group
Third-Party Service Providers
We use the following trusted services to operate Lusapp. They process your data only as instructed by us:
- Firebase (Google): Email authentication, password management, and account verification
- Cloudinary: Secure cloud storage for profile photos and group banner images
- Render.com: Backend server hosting and PostgreSQL database storage
Legal Requirements
We may disclose your information if required by law, court order, or government authority, or to protect the rights, property, and safety of Lusapp, our users, or the public.
We do not sell, rent, or trade your personal information to any third party. We do not use advertising networks or analytics trackers.
5. Data Security
We implement industry-standard security measures to protect your information:
- All data in transit is encrypted via HTTPS/TLS
- Passwords are hashed using bcrypt — we never store plain-text passwords
- Authentication uses secure Firebase ID tokens (JWT)
- Database access is restricted to our backend server only
- Profile images are stored on Cloudinary with access controls
No system is 100% secure. If you believe your account has been compromised, please contact us immediately.
6. Your Privacy Rights
You have the following rights regarding your personal data:
- Access: You can view all profile information directly in the app
- Update: You can edit your profile information at any time in the app
- Delete Account: You can permanently delete your account and all associated data from the Profile settings screen. Deletion is processed within 30 days
- Withdraw Consent: You can stop using the app and request deletion at any time
- Data Portability: Contact us to request a copy of your personal data
For users in the European Economic Area (EEA) or United Kingdom, you also have rights under GDPR including the right to object to processing and to lodge a complaint with your local data protection authority.
7. Data Retention
- Active accounts: We retain your data for as long as your account is active
- Deleted accounts: All personal information is permanently removed within 30 days of account deletion
- Messages: Direct messages and group messages are deleted when you delete your account
- Legal obligations: Certain data may be retained longer if required by applicable law
- Anonymized data: We may retain non-identifiable, aggregated statistics for app improvement
8. Children's Privacy
Lusapp is not intended for children under 13 years of age (or under 16 in the EEA). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has created an account, please contact us and we will promptly delete the account and associated data.
9. International Data Transfers
Your information is stored and processed in the United States (via Render.com servers). By using Lusapp, you consent to the transfer of your information to the United States. We ensure that all service providers maintain adequate data protection standards.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will update the "Last Updated" date at the top of this page and notify you within the app. Your continued use of Lusapp after any changes constitutes your acceptance of the updated policy.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: