Legal

Safety & Security FAQ

Last Updated: 9 March 2026

At Luvart, your digital life is your own. We have built a privacy-first platform from the ground up — not adapted one from a template designed to monetise your attention. This FAQ explains how we protect you, your data, and your community's cultural heritage.

Privacy & Encryption
1. Are my private messages actually private?

Yes. Luvart uses End-to-End Encryption (E2EE) based on the Signal Protocol — widely considered the global gold standard for private communication.

  • What this means: Your messages are encrypted on your device before they leave it. They are only decrypted on your recipient's device. No one in between — including Luvart — can read them.
  • What we see: Nothing. Our servers act as a delivery post office. We carry the sealed envelopes. We do not have the keys to open them.
  • What we cannot do: We cannot read your messages, hand them to advertisers, or produce their contents in response to requests we are not legally compelled to fulfil.

Note: End-to-End Encrypted messaging is a Premium feature currently in development. It will be available to Premium subscribers after launch. Standard in-app interactions use TLS 1.3 encryption in transit in the meantime.

2. How is my profile and personal data protected?

Most platforms store user data in plain text, meaning a breach exposes everything. Luvart encrypts sensitive profile fields using AES-GCM-SIV — a high-integrity encryption standard — before data ever reaches our storage.

  • Encryption at rest: Your personal data is encrypted before it is written to our servers.
  • What AES-GCM-SIV means for you: The SIV (Synthetic Initialisation Vector) component eliminates a class of common cryptographic vulnerabilities, making your stored data resistant to sophisticated attacks even in the event of a breach.
  • What a breach would yield: Encrypted strings. Without the keys — which are stored separately and never co-located with user data — your information is unreadable and useless to an attacker.
3. Does Luvart track my location?

Only when you explicitly choose to share it. We do not track your location in the background, build movement profiles, or sell location data to advertisers.

If you choose to share your location for a post or to use LuvMap, that data is used only for the purpose you shared it for, encrypted and handled with the same rigour as your personal data, and never sold or shared with third parties for advertising purposes.

4. Is my data encrypted while it is being sent?

Always. Every connection between your device and Luvart's servers uses TLS 1.3 — the current industry standard for secure data transmission. This means your activity cannot be intercepted even on public Wi-Fi networks.

5. Why did you build your own infrastructure instead of using Firebase or Google?

To give you genuine data sovereignty. Third-party platforms like Firebase are convenient, but they come with a cost: your usage patterns, metadata, and cultural connections pass through infrastructure owned by companies whose business model depends on data. We chose not to accept that trade-off.

By building Luvart's backend ourselves, your data stays within the Luvart ecosystem, no third-party tech company has access to your cultural connections, and we are accountable to our community — not to an advertising marketplace.

6. What happens if Luvart's servers are breached?

Because of our encryption-at-rest architecture, an attacker who gains access to our storage would find only encrypted data. Without the encryption keys — stored separately using hardware-backed key management — your photos, posts, personal details, and cultural content remain unreadable.

In the event of a confirmed breach affecting user data, we will notify affected users in accordance with our obligations under applicable law, including South Africa's POPIA and relevant regulations in our other operating markets.

Cultural Safety
7. How does Luvart protect cultural content from exploitation?

Your cultural stories, indigenous language recordings, and community contributions are not data to be harvested.

  • Anti-scraping infrastructure: We have technical measures in place to prevent automated bots from extracting community content for external AI training or commercial data collection.
  • No third-party AI training: Luvart community content is not used to train external AI models without explicit community consent. This is a firm policy, not a preference.
  • Circle privacy controls: You control who sees your content. Cultural Circles can be set to community-only visibility.
8. How does Luvart handle content involving cultural nudity or traditional ceremonies?

We recognise that many traditional ceremonies, attires, and cultural practices involve forms of nudity that are non-sexual and carry deep cultural significance. We do not treat all nudity the same way.

When such content is flagged, it enters our Cultural Review Process:

  1. Automated screening assesses the content against our safety models.
  2. Human review is conducted by a reviewer with relevant cultural and linguistic context before any enforcement action is taken. We aim to complete reviews within 24 hours for standard cases and 4 hours for widely reported content or content involving a minor.
  3. The member who posted the content is notified of the outcome and the reason for any action taken.
  4. All decisions are appealable — see the Appeals section below.
Moderation & Appeals
9. How do I report content or a user?

Use the Report button available on every post, comment, and profile in the app. Reports are reviewed by our moderation team. You will receive a notification when action has been taken.

For urgent safety concerns — including content involving a minor or imminent harm — contact us directly at khomotjo.ngobeni@luchsia.com with the subject line URGENT SAFETY.

10. How do I appeal a moderation decision?

If your content was removed or your account was suspended and you believe the decision was incorrect, you have the right to appeal.

To submit an appeal:

  1. Email khomotjo.ngobeni@luchsia.com with the subject line APPEAL — [your username]
  2. Include a brief explanation of why you believe the decision was incorrect
  3. Include any relevant context, including cultural context if applicable

What happens next: We will acknowledge your appeal within 48 hours. Appeals are reviewed by a human moderator who was not involved in the original decision. You will receive a final decision within 7 days.

11. What are my rights regarding my personal data?

You have the right to access, correct, request deletion of, and receive a portable copy of your personal data, as well as object to certain types of processing. To exercise any of these rights, contact us at khomotjo.ngobeni@luchsia.com with the subject line DATA REQUEST — [your username]. We will respond within 30 days.

Data Retention
12. How long does Luvart keep my data?
Data TypeRetention Period
Account and profile dataDuration of your account, plus 30 days after deletion
Posts, comments, and cultural contentDuration of your account. Deleted content removed within 30 days
Private messages (E2EE — Premium)Never stored on our servers in readable form
Moderation and audit recordsUp to 3 years
Security and access logsUp to 12 months
Indigenous language recordingsGoverned by your community consent settings
Security Research
13. I found a security vulnerability. What do I do?

We take security seriously and welcome responsible disclosure from the security research community. Please report it to us privately before disclosing it publicly.

Email khomotjo.ngobeni@luchsia.com with subject line SECURITY DISCLOSURE. Include a description of the vulnerability, steps to reproduce it, and the potential impact as you understand it.

We will acknowledge your report within 72 hours. We will not take legal action against researchers who follow this process in good faith.

Security is a practice, not a product. At Luvart, we are committed to protecting your data, your privacy, and your community's cultural heritage — not as a feature, but as a foundation.

Questions not answered here?
Contact us at khomotjo.ngobeni@luchsia.com or visit luvart.luchsia.com