Lustyn Privacy Policy

Your privacy matters to us. This policy explains what information we collect, how we use it, and your rights.

1. Who We Are

Lustyn Ltd (Company No. SC861042) is the data controller responsible for your personal information under UK GDPR and the Data Protection Act 2018.

We're registered with the UK Information Commissioner's Office (ICO).

2. What Information We Collect

Account Information:

• Username, email address, password (encrypted)
• Date of birth (to verify you're 18+)
• Age verification confirmation from Didit (we receive only a "verified" token, not your ID documents)

Profile Information:

• Profile photos, bio, interests, preferences
• General location (city/area) - only if you choose to enable location features

Content You Create:

• Posts, photos, videos, comments
• Messages you send to other users
• Reports you submit

Technical Information:

• IP address, device type, browser type
• How you use the platform (pages visited, features used)
• Error logs and performance data

3. How We Use Your Information

We use your information to:

• Provide the service: Create your account, show you content, enable messaging, match you with others
• Keep you safe: Detect and prevent abuse, harassment, scams, and illegal content
• Comply with laws: Age verification, CSAM detection and reporting, cooperation with lawful investigations
• Improve Lustyn: Fix bugs, improve features, understand how people use the platform
• Communicate with you: Respond to support requests, send important updates about the service

4. Legal Basis (UK GDPR)

• Contract: Processing necessary to provide Lustyn's services (account, matching, messaging)
• Legitimate Interests: Platform security, fraud prevention, service improvement
• Consent: Optional features like location sharing, marketing emails (if we add them)
• Legal Obligation: Age verification, CSAM reporting, law enforcement cooperation

5. Who We Share Information With

Service Providers We Trust:

• AWS (Amazon Web Services): Hosts our platform and stores your data securely
• AWS Rekognition: Detects adult content to blur it by default
• Microsoft PhotoDNA: Scans images/videos for known CSAM (compares against law enforcement databases)
• Didit: Verifies your age (they don't share your ID documents with us)
• MongoDB: Database where we store your information

All service providers are contractually required to protect your data and can only use it to provide services to Lustyn.

Law Enforcement & Safety Reporting:

• CSAM Detection: If PhotoDNA detects child sexual abuse material, we immediately:
  • Block and delete the content
  • Permanently ban the account
  • Report to the National Crime Agency (NCA)
  • Preserve evidence for law enforcement investigation
• Legal Requests: We may disclose information if required by court order, warrant, or lawful legal process
• Emergency Situations: We may disclose information to prevent imminent harm, danger to life, or serious crimes

We NEVER:

Sell or trade your personal data to advertisers, data brokers, or third parties for marketing. Your information is not for sale.

6. How We Protect Your Information

• Secure Storage: Data is stored on secure AWS servers with encryption
• HTTPS/TLS: All data transmitted between your device and our servers is encrypted
• Password Security: Passwords are hashed using bcrypt (we cannot see your actual password)
• Access Controls: Limited access to user data - only when necessary for support, safety, or legal compliance
• PhotoDNA: Automatic scanning for CSAM before content is even uploaded

Important: Messages are stored securely but are NOT end-to-end encrypted. Lustyn can access messages if needed for safety investigations or legal compliance. Don't share sensitive information (passwords, financial details) in messages.

7. How Long We Keep Your Information

• Active Account: We keep your information while your account is active
• Deleted Account: Most data is deleted within 30 days. Some data may remain in backups for up to 90 days before permanent deletion
• Safety & Moderation Records: Reports, moderation actions, and safety incidents kept for 12+ months
• CSAM Evidence: Content reported to law enforcement is preserved securely as required by law for criminal investigations
• Legal Holds: Information involved in lawful investigations retained until resolution
• Anonymized Data: Aggregated, anonymized analytics may be kept indefinitely (cannot identify you)

8. Your Rights (UK GDPR)

You have the right to:

• Access: Request a copy of all personal data we hold about you
• Correction: Fix inaccurate or incomplete information
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Restriction: Limit how we process your data in certain circumstances
• Objection: Object to processing based on legitimate interests
• Portability: Receive your data in a machine-readable format
• Withdraw Consent: Withdraw consent for optional features anytime (like location sharing)
• Complain: Lodge a complaint with the ICO if you believe your rights have been violated

To exercise these rights: Email [email protected]. We'll respond within 30 days as required by law. We may need to verify your identity to protect your privacy.

9. Cookies

Essential Cookies (Required):

• Login sessions and authentication
• Security and fraud prevention
• Site functionality

Analytics Cookies (Optional):

• Understanding how people use Lustyn
• Improving features and fixing bugs

You can disable non-essential cookies through your browser settings. Essential cookies are required for the site to work.

10. Age Verification & Child Protection

• 18+ Only: You must be 18 or older to use Lustyn
• ID Required: Age verified through Didit using government-issued ID
• Zero Tolerance: Any suspected under-18 account is immediately suspended and investigated
• PhotoDNA: Automatic CSAM detection and blocking on all uploaded images and videos
• Mandatory Reporting: Confirmed CSAM is reported to the National Crime Agency

11. Adult Content Controls

You have complete control over adult content:

• Blurred by Default: AWS Rekognition automatically detects and blurs adult content
• Opt-In: You must actively enable adult content visibility in your privacy settings
• Safe Experience: You can use Lustyn's full features without ever seeing adult content
• Location Privacy: Location sharing is always optional and can be disabled anytime

12. International Data Transfers

Your data is primarily stored in the UK and European Economic Area. If data is transferred outside the UK/EEA:

• We use EU Standard Contractual Clauses (SCCs)
• We ensure adequate data protection safeguards
• All transfers maintain GDPR-equivalent protection

13. Changes to This Policy

We may update this Privacy Policy for legal, regulatory, or service reasons. Changes will be posted at lustyn.com/privacy.

Significant changes will be communicated via email or prominent notice at least 7 days in advance.

Check the "Last Updated" date at the top to see when changes were made.

14. Contact Us

Privacy Questions: [email protected]

Data Requests: [email protected]

Safety Concerns: [email protected]

General Support: [email protected]

Registered Office:
Lustyn Ltd
22 Mayfield Road
Hamilton, ML3 9LN
Scotland, United Kingdom
Company No. SC861042

UK Data Protection Authority

If you believe your data protection rights have been violated, you can complain to:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Your privacy and safety are the foundation of Lustyn. We're committed to transparency and protecting your personal information.