Privacy Policy
How Luvia handles your information.
Effective date: April 22, 2026 · Last updated: April 22, 2026
Luvia (“Luvia”, “we”, “our”, “us”) is a personal knowledge
and productivity application. This Privacy Policy explains what information we
collect when you install or use Luvia on Android (package
com.kuddusclank.luvia) or the associated web services hosted at
luvia.page, why we collect it, how long we keep it, and the
choices you have. If anything here is unclear, write to
abdulquddusakanbi42@gmail.com.
1. Who this policy covers
This policy applies to everyone who uses Luvia on Android and the web services it connects to. It does not cover third-party services you reach through Luvia — those services have their own policies. When Luvia integrates with Google Workspace (Drive, Gmail, Calendar, Tasks, Contacts), your use of those services remains governed by Google’s Privacy Policy.
2. Data we collect
2.1 Account information
When you sign in with Google, email + password, or as a guest (anonymous account), we store in our Firebase backend:
- Your user identifier (Firebase UID)
- Email address (if provided)
- Display name and profile photo URL (Google sign-in only, inherited from your Google account)
- Whether your account is anonymous
- Timestamps of account creation and last sign-in
- The list of sign-in methods you have connected (Google, password, passkey)
- Firebase Cloud Messaging (FCM) device tokens for push notifications
2.2 Content you create
Notes, documents, flashcards, annotations, tasks, calendar events, ink drawings, web clips, databases, canvases, workspaces, and every piece of content you create in Luvia is:
- Stored locally on your device using the Luvia app's database.
- Optionally synchronized to our Firebase Firestore backend under a path scoped to
your user identifier (
users/<your-uid>/…), if you choose to enable sync. You can disable sync in Settings at any time. - Optionally end-to-end encrypted on your device via the Luvia Vault, using a key that is derived from your unlock credentials. The Vault key never leaves your device, so neither we nor any attacker with backend access can read the contents.
2.3 Diagnostic data
To keep Luvia reliable we collect, via Firebase Crashlytics and Firebase Analytics:
- Crash stack traces and non-fatal exception reports
- Device model, OS version, app version, locale, and coarse country
- Anonymous usage events (for example: “note created”, “feature-gate hit”, “screen viewed”) tied to a random installation identifier, not your email
You can opt out in Settings. Opting out stops future events from being collected. Historical events are deleted as part of account deletion (Section 7).
2.4 Purchase and subscription data
If you buy a subscription or one-time upgrade, we receive from Google Play:
- The purchase token
- The product ID (for example
luvia_pro) - Subscription state (active, in grace period, on hold, cancelled)
- Expiry timestamp
We do not receive or store your card number, billing address, or any other payment instrument detail — those stay with Google Play.
2.5 Shared content metadata
When you share a note via a Stakeholder Portal link or invite a collaborator to a Shared Workspace, we store the share token, the recipient email (if you specified one), the access count, and any comments that stakeholders submit on the shared page.
3. Google account data (OAuth scopes)
Luvia integrates with Google Workspace services only after you explicitly authorize each scope. The consent sheet that Google shows you names each scope by its permission — you can decline any of them and the rest of Luvia continues to work. Here is exactly what Luvia does with each scope, and what we do not do.
| Scope | What Luvia does with it | What Luvia does not do |
|---|---|---|
drive.file |
Read and write only the files you explicitly pick via the Drive file picker, or files Luvia itself created. Used for importing PDFs/EPUBs from your Drive and exporting annotated documents back. | List, read, or modify files you did not pick. |
drive.appdata |
Store encrypted Luvia backups in a hidden per-app folder on your Drive. The folder is invisible to other apps. | Access any of your other Drive files. |
calendar.events |
Read, create, and modify events on calendars you own so your Luvia calendar mirrors your Google Calendar. | Modify calendar-level settings (sharing, ACLs, calendar list). |
tasks |
Two-way sync between Luvia’s Task & Kanban and Google Tasks. Create, update, complete tasks you own. | Read tasks from task lists you haven’t connected. |
contacts.readonly |
Autocomplete contact names and emails when you invite a collaborator to a shared workspace or stakeholder portal. Contacts you select are cached on your device during the session; the cache is cleared on sign-out. | Modify, delete, or share your contacts. Upload contacts to our servers. |
gmail.metadata |
Display a picker of your email inbox (subject line, sender, date) so you can save an email as a Luvia note or inbox item. Reads subject/from/date only, not the message body. | Send mail, modify or delete messages, read the message body. |
gmail.readonly (optional, Phase 2) |
If you confirm you want to save the body of a specific email, Luvia reads that single message and stores it as a Luvia note on your device and, if sync is on, under your Firestore path. | Send mail, modify or delete messages, read messages you haven’t selected. |
You can revoke any scope at any time from Luvia (Settings → Connected Google services) or from your Google Account (myaccount.google.com/permissions). Revocation immediately removes Luvia’s server-side refresh token and wipes the cached access token from your device. We do not retain a copy of Google user data after revocation beyond what you have explicitly saved as a Luvia note or other in-app content.
4. How we use your data
We use the data described above to:
- Let you sign in and recognise you across your devices.
- Sync your content between devices so what you create on a phone shows up on a tablet the next time you sign in.
- Provide the features you turn on — AI writing assistance, Google Workspace integrations, collaboration, sharing, flashcard spaced repetition, and so on.
- Verify your Pro or Team subscription through Google Play and apply the corresponding access.
- Diagnose crashes, investigate reliability problems, and decide which features to improve based on anonymous usage trends.
- Send push notifications you have opted into — study reminders, collaboration updates, stakeholder portal comments, calendar reminders.
- Prevent abuse and enforce our Terms of Service.
5. Legal basis for processing (GDPR / UK GDPR)
If you are in the European Economic Area, United Kingdom, or Switzerland, our lawful bases are:
- Contract performance — we process account data and the content you store with Luvia because you asked us to provide the service.
- Consent — Google Workspace scopes and push notifications are processed only after you opt in. You can withdraw consent at any time.
- Legitimate interest — anonymous diagnostic telemetry used to keep the app stable, and fraud prevention on subscriptions.
- Legal obligation — responding to lawful requests from authorities, record-keeping for tax on paid subscriptions.
6. How we share your data
We do not sell or rent personal information. We share data only with the infrastructure providers we use to operate Luvia and, where you explicitly initiate it, with other people you invite to your content.
6.1 Subprocessors
| Provider | What it does | Location |
|---|---|---|
| Google / Firebase (Google LLC) | Hosts Firebase Authentication, Firestore, Cloud Storage, Cloud Functions, Firebase Analytics, Firebase Crashlytics, Firebase Remote Config, Firebase Cloud Messaging, and Google Cloud Secret Manager. | United States & global Google Cloud regions |
| Google Play (Google LLC) | Processes subscription payments and notifies us of renewal events via Real-Time Developer Notifications. | Per Google Play’s own regions |
| Google Workspace APIs (Google LLC) | Delivers the Drive, Gmail, Calendar, Tasks, and People API responses you request through Luvia’s integrations. | United States |
We review every new subprocessor against the same bar: they must match or exceed the security and privacy posture described in this policy.
6.2 People you choose to share with
When you create a Stakeholder Portal link or add a member to a Shared Workspace, the recipient of the link (or invited user) can read the content you shared. That is the whole point of sharing. Sharing is always initiated by you and can be revoked from inside Luvia.
6.3 Legal process
We may disclose data if legally required to (court order, subpoena, valid law- enforcement request). When we can, we will notify you first unless the law prohibits us from doing so.
6.4 Business transfers
If Luvia is acquired or merges with another company, your data transfers to the new entity under the same protections described here. You will receive notice in-app and by email before any change of control takes effect.
7. Retention and deletion
We retain your account and content for as long as your account is active. You can delete everything at any time:
- Open Luvia → Settings → Account & sign-in → Delete account.
- Type your email to confirm. Your account is marked for deletion and all content becomes read-only.
- For 30 days after the request, you can still sign in and choose Keep my account to restore everything. This grace period prevents accidental loss.
- After 30 days, a scheduled job permanently erases your Firestore data, Cloud Storage files, OAuth refresh tokens, push notification tokens, Firebase Auth user record, and every other server-side reference to your account. On-device copies are removed when you uninstall the app.
Certain records we are legally required to keep (for example, paid-subscription invoice history for tax purposes) are retained only for the minimum period required by law, and are never used for any other purpose.
8. How we secure your data
- Transport encryption. All client ⇄ server traffic uses TLS. Firebase SDKs verify certificates using Android’s system trust store.
- At-rest encryption. Firestore, Cloud Storage, and Secret Manager encrypt data at rest using Google-managed keys.
- Optional client-side encryption. The Luvia Vault uses AES-256-GCM with a device-bound Android Keystore key. When you store content in the Vault, neither we nor anyone who compromises our backend can read it.
- OAuth token protection. Google access tokens are cached on your device in an AES-GCM-encrypted DataStore with a hardware-backed Keystore key. Refresh tokens stay on our server, encrypted at rest by Google Secret Manager, never transmitted to your device.
- Firestore Security Rules. All user content paths are scoped by UID. Our Cloud Functions use a service account; users’ client SDKs only ever read or write their own data.
- Firebase App Check. Backends accept only requests from genuine Luvia installs.
No system is perfectly secure. If we learn of a breach affecting your data we will notify you within the timeframe required by applicable law (72 hours under GDPR).
9. Your rights
Depending on where you live, you may have some or all of these rights:
- Access. Receive a copy of the data we hold about you.
- Correction. Ask us to fix data that is wrong.
- Deletion. Ask us to erase your data. You can do this from the app; you can also email us if the app flow is unavailable.
- Portability. Receive your content in a machine-readable format. Luvia’s in-app export produces this automatically.
- Restriction / objection. Ask us to limit or stop processing based on legitimate interest.
- Consent withdrawal. Turn off any feature you previously opted into, including Google scope grants and push notifications.
- Complaint. File a complaint with a supervisory authority (for example, your national data-protection agency in the EEA/UK).
California residents have additional rights under the CCPA / CPRA, including the right to know what personal information we collect and the right to opt out of “sale” or “sharing” of personal information. Luvia does not sell or share personal information for cross-context behavioural advertising; no opt-out is needed.
To exercise any right, email abdulquddusakanbi42@gmail.com. We verify requests by matching the email against the one on your Luvia account.
10. Children
Luvia is not directed to children under 13 (or the equivalent minimum age in your country). We do not knowingly collect personal information from children. If you believe a child has created a Luvia account, email us and we will delete the account.
11. International transfers
Luvia runs on Google Cloud infrastructure with data primarily stored in the United States. If you use Luvia from outside the United States, your data is transferred to the US for processing. Google Cloud relies on the EU-US Data Privacy Framework and standard contractual clauses to move data lawfully; we rely on those same mechanisms as a Google Cloud customer.
12. Changes to this policy
We may update this policy as Luvia evolves. We will post the new version here and update the “Last updated” date at the top. Material changes that reduce your rights will be announced in the app at least 30 days before they take effect and will require your affirmative acceptance where applicable law requires it.
13. Contact
Questions, concerns, or privacy rights requests: abdulquddusakanbi42@gmail.com.
Our current website is https://luvia.page. When Luvia moves to a custom domain, this policy will be re-hosted there without otherwise changing the protections above.
© 2026 Luvia. This document is maintained alongside the application source
at apps/web/static/privacy.html.
Report typos or inaccuracies by email.