← Back to LVLUP
Privacy Policy
Effective date: April 16, 2026
1. Introduction
LVLUP ("we", "our", "us") respects your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
2. Information We Collect
| Category | Examples |
|---|
| Account info | Email, username, display name, profile photo |
| Content you post | Videos, captions, comments, hashtags, location |
| Financial data | EXP balance (stored internally as USD), transaction history, bank details (for creator payouts), Apple/Google in-app purchase receipts (for refund handling), Payoneer/Tap payee identifiers |
| Device info | Device model, OS version, RAM (for adaptive quality) |
| Usage data | Session duration, screens viewed, features used |
| Authentication | Google/Apple sign-in tokens (we do not store passwords) |
3. How We Use Your Information
- Provide the Service: display your profile, journeys, and content to other users.
- Process transactions: manage EXP balances, EXP purchases, escrowed supports, refunds, and creator payouts.
- Improve performance: adapt video quality and cache behavior to your device capabilities.
- Analytics: understand how users engage with the app (via Firebase Analytics). We use this to improve the experience, not to sell ads.
- Security: detect fraud, enforce rate limits, and log sensitive actions (bank detail changes, large transfers) to a per-user audit log.
- Notifications: send push notifications for supports received, journey milestones, and messages.
4. Information Sharing
We do not sell your personal information to third parties. We share data only in these cases:
- With other users: your username, profile photo, journey content, and public stats are visible to signed-in users.
- Service providers: Firebase (Google) for hosting, authentication, storage, and analytics. These providers process data on our behalf under their own privacy policies.
- Legal requirements: if required by law, court order, or to protect the safety of our users.
5. Data Storage and Security
- Data is stored in Google Cloud (Firebase) with encryption at rest and in transit.
- Bank details are stored in Firestore with server-side-only access (the client app cannot read or modify wallet balances directly).
- Sensitive actions require recent re-authentication (within 5 minutes).
- We enforce Firebase App Check to block non-app traffic.
6. Data Retention
- Account data: retained as long as your account is active.
- Journey content: completed, time-locked journey days are permanent (this is a core feature — your journey history becomes your highlight reel).
- Transaction records: retained indefinitely for audit and legal compliance.
- Temporary uploads: auto-deleted after 24 hours via storage lifecycle rules.
- Session tracking data: retained for analytics; aggregated on your user profile.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your account and associated data (subject to legal retention requirements and the permanence of completed journey content).
- Object to or restrict processing of your data.
- Export your data in a portable format.
To exercise these rights, email support@lvlup.om.
8. Children's Privacy
LVLUP is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.
9. Cookies and Tracking
The LVLUP mobile app does not use cookies. The website (lvlup.om) uses only essential cookies for SSL and session handling. We use Firebase Analytics in the app, which collects anonymous usage data. You can opt out by disabling analytics in your device settings.
10. Third-Party Services
- Firebase (Google): authentication, database, storage, analytics, crash reporting, performance monitoring.
- Google Sign-In / Apple Sign-In: authentication only; we receive your name and email, not your password.
- Apple App Store & Apple In-App Purchase: processes EXP purchases on iOS and notifies us of refund / family-sharing revocation events so we can adjust your EXP balance.
- Google Play Billing: processes EXP purchases on Android.
- Tap Payments: processes EXP purchases on the web and creator payouts within MENA. Tap receives the payment information needed to complete the transaction.
- Payoneer: processes creator payouts for non-MENA creators. Receives payee identification and bank details.
11. International Data Transfers
Your data may be processed in countries outside Oman (Google Cloud infrastructure). By using LVLUP, you consent to this transfer. We ensure adequate protections are in place as required by applicable law.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via the app or email. Continued use after changes constitutes acceptance.
13. Contact
For privacy-related questions or requests, contact us at support@lvlup.om.