Privacy policy

Last updated: April 2026

1. Who we are

Luvbug (“we”, “us”, or “our”) operates the website at luvbug.io (the “Site”). This policy explains how we collect, use, store, and protect personal information you provide when joining our waitlist or otherwise interacting with the Site. It applies only to data collected through the Site and does not cover data collected once the luvbug application launches.

By using the Site and submitting your information, you agree to this policy. If you do not agree, please do not submit your information.

2. Data we collect

We collect only what is necessary to operate the waitlist and referral programme.

Information you provide

  • Email address — to notify you when luvbug is available and to send you updates you consent to receive.
  • Role — whether you are joining as a couple or a vendor, so we can tailor our communications.
  • Referral code — if you were referred by another user, we record the referring code so we can credit them appropriately.
  • Consent record — the date and time you agreed to this policy, as required by applicable data protection law.

Information collected automatically

  • Server logs — our hosting infrastructure (Fly.io) automatically records standard web server logs, including IP address, browser type, and request timestamps. These are retained for security and operational purposes and are not used for marketing or profiling.

3. How we use your data

We use the data we collect for the following purposes only:

  • To add you to the waitlist and maintain your position on it.
  • To send you launch announcements and material updates about luvbug — no more frequently than necessary.
  • To attribute referrals and credit referring users in accordance with our referral programme.
  • To detect and prevent abuse, spam, and fraudulent submissions.
  • To comply with our legal obligations and enforce our Terms of service.

We do not use your data for advertising, profiling, or automated decision-making. We do not sell your data to any third party.

4. Legal basis for processing

Where the General Data Protection Regulation (GDPR) or equivalent legislation applies, we rely on the following legal bases:

  • Consent (Art. 6(1)(a) GDPR) — you explicitly tick the consent checkbox before submitting the form. You may withdraw consent at any time by emailing hello@luvbug.io.
  • Legitimate interests (Art. 6(1)(f) GDPR) — to prevent fraud, abuse, and to secure our systems.

5. Referral programme

If you share your referral link and another person signs up through it, we record the association between your referral code and their waitlist entry. We do not share your email address or name with the person you referred, nor do we share the referee’s email address or name with you. The connection is maintained via anonymous referral codes only.

Referral data is processed on the same lawful basis as waitlist data and is subject to the same retention and deletion rules.

6. Data sharing and processors

We do not sell, rent, or trade your personal data. We may share your data only in the following limited circumstances:

  • Infrastructure providers — our hosting provider (Fly.io) processes data on our behalf under a data processing agreement. Data is stored in the region selected for our application.
  • Email service providers — if we use a third-party provider to send launch or update emails, that provider will process your email address under a data processing agreement and is prohibited from using it for their own purposes.
  • Legal requirements — we may disclose your data if required to do so by law, court order, or to protect the rights, property, or safety of luvbug, our users, or others.

Any third-party processor we engage is bound by contractual obligations equivalent to those in this policy.

7. Data security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, disclosure, or destruction. These include:

  • All data in transit is encrypted using TLS.
  • Database access is restricted to authorised application services and personnel only.
  • Passwords and secrets are never stored in plaintext.
  • Access to production infrastructure is controlled and logged.

No method of transmission or storage is 100% secure. If we become aware of a security breach that affects your data, we will notify you as required by applicable law.

8. Data retention

We retain your waitlist data for as long as it is necessary to fulfil the purposes described in this policy, or until you request deletion. If luvbug does not launch as a product, we will delete all waitlist data within 90 days of that determination.

Server logs are retained for a maximum of 90 days for security purposes, after which they are deleted.

9. Your rights

Depending on your location, you may have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data. We will action this within 30 days.
  • Restriction — ask us to pause processing of your data while a dispute is resolved.
  • Portability — request your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — withdraw your consent to receive communications at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, email hello@luvbug.io. We will respond within 30 days. If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority.

10. California residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect about you, to request deletion of that information, and to non-discriminatory treatment for exercising your rights. We do not sell personal information as defined by the California Consumer Privacy Act. To exercise your rights, contact us at hello@luvbug.io.

11. Cookies and tracking

The luvbug marketing site does not use advertising cookies, tracking pixels, or third-party analytics scripts. We do not run Google Analytics, Meta Pixel, or equivalent trackers on this site.

We may set a strictly necessary session cookie for security and form-submission purposes only. This cookie does not track you across sites and is not used for any commercial purpose.

12. International data transfers

Your data may be stored and processed in data centres outside your country of residence, including in the United States, as part of our use of Fly.io infrastructure. Where transfers outside the European Economic Area occur, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission, or equivalent mechanisms under applicable law.

13. Children’s privacy

The Site is not directed at children under the age of 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has submitted their information to us, please contact us at hello@luvbug.io and we will delete the data promptly.

14. Changes to this policy

We may update this policy from time to time. If we make a material change, we will update the “Last updated” date at the top of this page and, where appropriate, notify waitlist members by email. Continued use of the Site after a change constitutes acceptance of the revised policy.

15. Contact

For questions about this policy or to exercise your data rights, email us at hello@luvbug.io. We aim to respond within five business days.