Privacy Policy

Welcome to Lustyn. Your privacy and data protection are fundamental to our service. This policy explains how Lustyn Ltd collects, uses, protects, and respects your personal data while providing our social and dating platform.

1. About This Policy

Lustyn Ltd (Company No. SC861042, Scotland) is the data controller responsible for your personal information under UK GDPR and the Data Protection Act 2018. This Privacy Policy applies to all users of Lustyn's web-based services.

2. Information We Collect

2.1 Account & Profile Information

• Username, email address, encrypted password, and date of birth (to confirm you are 18+)
• Profile content: photos, bio, interests, lifestyle and relationship preferences
• Age verification information processed via Didit, a certified age verification partner (we receive only a verification confirmation token, not your identity documents or sensitive personal details)
• Optional general location for matching (only when you enable location features in your settings)

2.2 Communications & Content

• User-generated posts, images, videos, and public interactions
• Private messages protected with RSA-2048 end-to-end encryption (encryption keys stay on your device — we cannot read your messages)
• Support communications, feedback, and user reports
• Safety reports submitted through our reporting system

2.3 Technical & Security Data

• IP address, device type, browser type, operating system
• Usage analytics, feature interactions, and performance metrics
• Security logs, authentication data, crash/error reports
• Fraud prevention and abuse detection data

3. How We Use Your Information

• Provide and personalise Lustyn's core social and dating features
• Enable profile creation, discovery matching, messaging, and content sharing
• Moderate content using Clarifai AI and human review to remove illegal or harmful material
• Enforce our Terms of Service and community guidelines
• Detect, prevent, and report criminal, fraudulent, or abusive activity
• Comply with legal duties including age verification, online safety requirements, and law enforcement cooperation
• Improve platform performance, security, and user experience
• Provide customer support and respond to inquiries

4. Legal Basis for Processing (UK/EU)

• Contract: Processing necessary to deliver Lustyn services to you (account management, matching, messaging, content delivery)
• Legitimate Interests: Operating a secure, user-safe social platform, preventing fraud and abuse, improving our services
• Consent: Optional features like marketing communications, cookies, location sharing, or adult content visibility
• Legal Obligation: Compliance with online safety, fraud prevention, and law enforcement requirements

5. Information Sharing & Disclosure

5.1 Service Providers

We share limited data with trusted service providers who help us operate Lustyn:

• Cloud hosting and infrastructure providers
• Content moderation tools (Clarifai AI for NSFW detection)
• Identity verification partners (Didit for age verification)
• Customer support platforms and communication tools
• Security and fraud prevention services

All service providers are bound by strict confidentiality and data-protection agreements. They can only use your data to provide services to Lustyn and are prohibited from using it for their own purposes.

5.2 Legal Disclosures & Online-Safety Reporting

• We may disclose information if required by law, court order, or valid legal process
• All uploaded images and videos are automatically scanned using Microsoft PhotoDNA, an industry-standard technology that detects known Child Sexual Abuse Material (CSAM) by comparing content against databases maintained by the National Center for Missing & Exploited Children (NCMEC), Internet Watch Foundation (IWF), Canadian Centre for Child Protection (CCA), and Child Helpline International (CIH). PhotoDNA uses digital fingerprinting and does not store or view the actual image content.
• If CSAM is detected, the content is immediately blocked and deleted from our platform, the user account is permanently suspended, and the incident is reported to the National Crime Agency (NCA) and other relevant law enforcement authorities as required by UK law. Content evidence is preserved securely for law enforcement investigation purposes.
• We cooperate with lawful investigations into fraud, abuse, threats, terrorism, or serious safety risks
• Emergency disclosures may be made to prevent imminent harm or danger to life

5.3 Business Transfers

If Lustyn undergoes a merger, acquisition, or restructuring, your data may be transferred to the new entity. You will be notified of any such transfer, and appropriate safeguards will be maintained to protect your information.

We never sell or trade personal data for advertising or marketing purposes. Your information is not a commodity.

6. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy or as required by law:

• Active Account Data: Kept while your account is active
• Deleted Accounts: Personal data deleted within 30 days after account closure (some data may remain in backups for up to 90 days before permanent deletion)
• Security Logs: Kept for 12–24 months for fraud prevention and security investigations
• Safety Reports & Moderation Records: Retained for at least 12 months (longer if legally required or under active investigation)
• Legal Investigations: Data involved in lawful investigations retained until resolution and any appeals period has expired
• CSAM Evidence: Content reported to law enforcement is preserved securely in accordance with legal requirements for criminal investigations
• Anonymised Analytics: May be retained indefinitely as it cannot identify you

7. Security & Encryption

We implement industry-leading security measures to protect your data:

• End-to-End Encryption: Private messages use RSA-2048 encryption; we cannot read your messages
• TLS/SSL Encryption: All data transmitted between your device and our servers is encrypted
• Secure Password Storage: Passwords are hashed using bcrypt with strong salt values
• Access Controls: Strict internal access controls limit who can view your data
• Regular Security Audits: Ongoing vulnerability testing and security reviews
• Data Minimization: We collect only data necessary for platform operation

While we implement strong security measures, no system is completely secure. You should use strong passwords, enable two-factor authentication when available, and protect your account credentials.

8. Cookies & Tracking Technologies

We use cookies and similar technologies to provide and improve our services.

Essential Cookies (Required)

• Authentication and session management
• Security and fraud prevention
• Site functionality and preferences

Analytics Cookies (Optional)

• Performance monitoring and error tracking
• Usage patterns and feature adoption (aggregated, non-personal data)
• Platform improvement insights

You can disable non-essential cookies through your browser settings. Essential cookies are required for the site to function properly and cannot be disabled without affecting core functionality.

9. Your Rights

Under UK GDPR, you have comprehensive rights regarding your personal data:

• Right of Access: Request a copy of all personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete information
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restriction: Limit how we process your data in certain circumstances
• Right to Object: Object to processing based on legitimate interests
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Withdraw Consent: Withdraw consent for optional processing at any time
• Right to Opt-Out of Public Display: Control whether your profile appears on public-facing pages (such as our welcome page) through your privacy settings
• Right to Lodge a Complaint: File a complaint with the UK Information Commissioner's Office (ICO)

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (1 month) as required by law. Identity verification may be required to protect your privacy.

10. International Transfers

Your data is primarily processed and stored within the United Kingdom and European Economic Area (EEA). If data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place:

• EU Commission Standard Contractual Clauses (SCCs)
• Adequacy decisions from the UK government
• Additional technical and organisational security measures

All international transfers maintain GDPR-equivalent protection standards. We do not transfer data to countries without adequate data protection safeguards.

11. Age Verification & Child Protection

• Only individuals aged 18 years or older may use Lustyn
• Age verified through trusted, certified partners (Didit) before platform access
• Verification process uses minimal data and does not store sensitive identity documents on Lustyn servers
• Any suspected under-18 account is immediately suspended and investigated
• We fully comply with UK online safety, age assurance standards, and child protection laws
• If we discover an account belongs to someone under 18, we permanently delete it and report as required by law

12. Content Controls & User Safety

Lustyn gives you complete control over what you see and how you interact:

• Adult Content Blurred by Default: All adult content is automatically detected by Clarifai AI and hidden/blurred unless you actively enable it through your privacy settings
• Granular Content Filtering: Choose exactly what types of content appear in your feed
• Location Sharing: Always opt-in and can be disabled at any time without affecting other features
• Privacy Settings: Control who can see your profile, contact you, and view your content
• Blocking Tools: Instantly block users to prevent all future contact
• Safe Experience Guarantee: You can use Lustyn's full features without ever encountering adult content if you choose

13. Automated Systems & Moderation Transparency

Lustyn uses automated systems and human moderation to maintain community safety:

• Clarifai AI NSFW Detection: Automatically identifies adult content (images/videos) and blurs it by default
• Content Flagging: AI flags potentially problematic content for human review
• User Reporting System: Easy-to-use reporting with categories including Child Safety, Hate, Harassment, Violence, Privacy, Spam, Extreme Content, and Impersonation
• Daily Human Review: All reports are reviewed daily by trained staff, with child safety reports receiving immediate priority
• Transparent Actions: Users are notified of moderation decisions and can appeal through our appeals process

These systems are designed to protect users, comply with legal safety duties, and maintain a positive community environment while respecting user privacy and freedom of expression.

14. Updates to This Policy

• We may update this Privacy Policy for legal, regulatory, or service improvement reasons
• The current version is always available at lustyn.com/privacy
• Material changes will be communicated via email or prominent in-app notice with at least 7 days' advance notice
• Continued use after updates indicates acceptance of the revised policy
• You can review the "Last Updated" date at the top of this page to see when changes were made

15. Contact & Data Protection Officer

• Data Controller: Lustyn Ltd, 22 Mayfield Road, Hamilton, ML3 9LN, Scotland, UK
• Privacy Officer: [email protected]
• General Support: [email protected]
• Safety & Reporting: [email protected]
• Appeals: [email protected]
• Compliance & Regulatory: [email protected]

UK Data Protection Authority

If you believe your data protection rights have been violated, you may lodge a complaint with:

• Information Commissioner's Office (ICO)
• Website: ico.org.uk
• Helpline: 0303 123 1113
• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Your privacy and trust are the foundation of Lustyn. We are committed to maintaining transparency, safety, and respect for every user's personal information.