Privacy
Policy

Account Data

When you register, we collect your email address, username, date of birth (to verify you are 18 or older), and any profile information you choose to provide — display name, bio, profile photo.

Identity & KYC Data (Creators & Payout Recipients)

To pay creators and meet anti-money-laundering obligations, we collect government-issued ID documents, your full legal name, address, date of birth, and may collect a selfie or short video for biometric face matching against your ID. KYC is performed by a third-party identity verification provider on our behalf. Biometric data is processed solely for identity verification, is not used for marketing, and is retained only as required by law (typically 5 years from your last transaction). Submission of KYC data is optional unless you wish to receive payouts.

Payment Data

Payment transactions are processed by Stripe, PayPal, or our other payment partners. We do not store full card numbers or bank account details. We retain transaction identifiers, amounts, currencies, timestamps, and limited billing information for accounting, payouts, fraud prevention, and tax compliance.

Camera, Microphone & Media Content

If you broadcast a live stream, participate in video chat, send voice messages, or upload media, we process the camera and microphone input to deliver that content to other users in real time. Live streams may be recorded for moderation, replay, and abuse-prevention purposes. You can revoke camera and microphone access at any time in your device settings; doing so will disable broadcasting features.

Location Data

With your consent, we collect approximate location (and, if you grant precise location permission, fine location) to:

• Suggest nearby creators and members
• Surface location-tagged streams and local events
• Power region-based content discovery and recommendations
• Apply region-specific legal compliance (age limits, content rules, currency)

Location is collected only while you are actively using the app and is never used for advertising. You can revoke location access at any time in your device settings.

User-Generated Content

Chat messages, direct messages, comments, profile content, gifts sent, posts, and any other content you create on the Service. Some content (such as private messages) is end-to-end transit-encrypted but accessible to Lovezii staff for safety, moderation, legal compliance, and abuse investigation.

Push Notification Tokens

If you enable push notifications, we collect a device-specific notification token via Firebase Cloud Messaging (FCM) and OneSignal in order to deliver alerts (new messages, live notifications, gift events, account activity).

Usage & Analytics Data

We collect information about how you use the Service — pages visited, streams watched, time spent, features used, gifts sent, search queries, clicks, and similar interactions — to operate, improve, and personalise the Service.

Technical & Device Data

IP address, approximate location derived from IP, browser type and version, operating system, mobile device model and identifiers (such as Android Advertising ID, where permitted), language settings, time zone, app version, crash and diagnostic logs, and cookies used for session management and security.

Communications

If you contact our support team, we retain your messages and our responses for service-quality and dispute-resolution purposes.

The Lovezii Android app requests the following permissions. You can review and revoke any of these at any time in your device's app-settings screen.

Camera

Why: To broadcast live video streams, participate in video chat, take a profile photo, and capture images for messages or posts.

Microphone (Record Audio)

Why: To capture audio for live broadcasts, video chat, voice messages, and adjust audio routing during streams.

Location (Approximate & Precise)

Why: To suggest nearby creators, show location-tagged streams and events, and provide regional content recommendations. Location is requested only when you opt in.

Notifications

Why: To deliver real-time alerts for new messages, live-stream notifications, gift events, and important account activity.

Internet & Network Access

Why: Required for all online features — login, content delivery, live video, messaging, and payments.

Foreground Service, Wake Lock & Vibrate

Why: To keep your live streams running smoothly while the app is open and to deliver responsive notifications.

Receive Boot Completed

Why: To re-register for push notifications after your device restarts.

Advertising IDs (Topics, Attribution, Ad ID)

Why: Used by Google Play Services for fraud prevention, install attribution, and (where you have not opted out) measurement of campaign performance. We do not display third-party banner advertising in the current version of the app.

• To create and operate your account, including age verification
• To deliver core features — live streaming, video chat, messaging, browser games, gifts, and creator tools
• To process payments, gifts, subscriptions, withdrawals, and creator payouts
• To verify creator identity (KYC) and comply with anti-money-laundering and tax obligations
• To personalise the Service — recommended creators, suggested streams, location-relevant content
• To send account-related notifications and security alerts
• To send marketing communications (only with your explicit consent — you can withdraw consent at any time)
• To moderate content, enforce our Terms of Service, and investigate abuse, fraud, or violations
• To prevent harm to users, including detecting underage users, harassment, and illegal activity
• To comply with legal obligations, court orders, and law-enforcement requests
• To measure and improve the Service, including analytics and crash reporting

If you are in the EEA, UK, or Switzerland, the General Data Protection Regulation requires us to identify a legal basis for each category of processing. We rely on the following:

• Performance of a contract (Art. 6(1)(b)): account creation, delivering features you request, processing payments and payouts, providing customer support.
• Consent (Art. 6(1)(a)): location collection, marketing communications, optional analytics cookies, biometric face matching for KYC (Art. 9(2)(a)). You may withdraw consent at any time.
• Legitimate interests (Art. 6(1)(f)): platform safety and abuse prevention, fraud detection, security monitoring, network and infrastructure security, defending legal claims, and improving the Service through aggregated analytics. We balance these interests against your rights and freedoms.
• Legal obligation (Art. 6(1)(c)): tax record-keeping, financial-services compliance, KYC/AML obligations, responding to lawful government requests, content-removal obligations.
• Vital interests (Art. 6(1)(d)): in rare cases, to protect a person's life or physical safety (e.g. self-harm escalation).

We use the following types of cookies and similar technologies (such as device identifiers and local storage):

• Strictly necessary — login sessions, security tokens, fraud prevention. These cannot be disabled.
• Functional — remembering your preferences (language, region, accessibility settings).
• Analytics (with your consent) — Google Analytics 4 and Firebase Analytics, used to understand aggregate usage patterns.
• Performance & crash reporting — Firebase Crashlytics, used to detect and resolve technical issues.

You can manage cookie preferences in your account settings on the website. On mobile, similar tracking can be controlled via Android's Settings → Privacy → Ads menu, where you can reset or delete your Advertising ID.

We do not sell your personal data. We share data only with the following categories of recipients, each bound by a written data-processing agreement and only for the purposes listed below:

• Payment processors — Stripe, PayPal, and other regional partners — for transaction processing, payouts, and fraud prevention.
• Identity verification (KYC) providers — for creator identity verification, biometric face matching against ID, and AML compliance.
• Streaming & storage infrastructure — Cloudflare (CDN, R2 object storage, Cloudflare Stream for live video) — for content delivery and media hosting.
• Push notification providers — Google Firebase Cloud Messaging and OneSignal — to deliver push notifications to your device.
• Analytics & performance — Google Analytics 4, Firebase Analytics, and Firebase Crashlytics — for aggregate usage analysis and crash diagnostics.
• Google Play Services — for install attribution, ad-fraud prevention, and integrity checks (via the Topics, Attribution Reporting, and Ad ID APIs).
• Communication providers — transactional email providers — to send account, security, and support emails.
• Customer support tooling — to manage and respond to your support requests.
• Affiliates & advertisers — only aggregate, de-identified statistics. Where you participate in the affiliate program, your payout details are shared with our payment processor.
• Law enforcement and authorities — when required by valid legal process or to prevent imminent harm.
• Successors — in the event of a merger, acquisition, or asset sale, your data may transfer to the successor entity, subject to this policy.

For a current list of named sub-processors, contact ceo@lovezii.com.

Lovezii operates globally and uses cloud infrastructure (including Cloudflare, Google, and Amazon Web Services) that may store and process your data in the United States, European Union, United Kingdom, or other regions where our service providers are located.

When personal data of users in the EEA, UK, or Switzerland is transferred outside those regions, we rely on appropriate safeguards as required by applicable law, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Agreement (IDTA) or UK Addendum to the SCCs
• Adequacy decisions, where applicable
• Supplementary technical measures such as encryption in transit and at rest

You may request a copy of these safeguards by contacting ceo@lovezii.com.

• Account data is retained while your account is active.
• If you delete your account, personal data is removed within 30 days, except where longer retention is required by law or legitimate interest (see below).
• Payment and transaction records are retained for 7 years as required by financial and tax regulations.
• KYC documents and biometric verification data are retained for 5 years from your last transaction, as required by anti-money-laundering law.
• Live-stream recordings retained by Lovezii for moderation purposes are typically kept for up to 90 days unless flagged for an active investigation.
• Chat & message history is retained while your account is active, and for up to 12 months after deletion for safety and legal-claim purposes.
• Safety-related records (bans, abuse reports, fraud markers) may be retained for the lifetime of the platform to prevent re-offence and protect other users.
• Server logs (IP addresses, access logs) are retained for up to 12 months for security and abuse investigation.
• Marketing-consent records are retained as evidence of consent for the duration of your subscription plus 3 years.

GDPR — EEA & UK Users

CCPA — California Users

You have the right to know what data we collect, request deletion, and opt out of sale. We do not sell personal data.

To exercise any right, contact us at ceo@lovezii.com

Lovezii is intended exclusively for users aged 18 years or older. We do not knowingly collect personal data from anyone under 18.

If you are under 18, you may not register an account, broadcast on, watch streams on, send messages on, send or receive gifts on, or otherwise use Lovezii.

If we become aware that we have collected personal information from a person under 18, we will delete that information promptly. If you believe a minor is using Lovezii, please report it to ceo@lovezii.com immediately.

We use industry-standard encryption (TLS 1.3 in transit, AES-256 at rest where supported), secure authentication, bcrypt password hashing, two-factor authentication, and strict access controls to protect your data. We conduct regular security reviews and operate a responsible-disclosure programme for vulnerability reports.

No system is 100% secure. If you believe you've found a security issue, please contact ceo@lovezii.com. In the event of a personal-data breach affecting your rights, we will notify you and the relevant supervisory authority within the timeframes required by applicable law (within 72 hours under GDPR).

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you via email and / or an in-app notice prior to the change taking effect
• For material changes affecting your rights, request renewed consent where required

We encourage you to review this policy periodically. Your continued use of the Service after a change indicates your acceptance of the updated policy, except where consent is required.

For privacy questions, data requests, or concerns, reach out directly: