Privacy policy

end.works built LoveLust with privacy as its foundation. This policy explains what data we collect, how we use it, and the rights you have under the General Data Protection Regulation (GDPR).

LoveLust is intended for users who are 18 years of age or older.

1. Data We Collect

Sexual activity and health data (special category, GDPR Art. 9)

Data about sexual activity, partners, contraception, STI tests, and related health information is classified as special category data under GDPR Art. 9. This data:

  • Is stored locally on your device only, encrypted with AES-128/256-CFB.
  • Is never transmitted to LoveLust servers or any third party.
  • May be shared with Apple HealthKit (iOS) or Health Connect (Android) only if you explicitly enable that integration.
  • Is used solely for your personal tracking within the app.

Processing this data requires your explicit consent (GDPR Art. 9(2)(a)), which you grant when you first use the relevant features.

Subscription and purchase data

In-app purchases are managed by RevenueCat. RevenueCat processes transaction identifiers and purchase history to validate and restore subscriptions. LoveLust does not receive or store your payment card details. See RevenueCat's Privacy Policy.

Anonymous usage analytics

We use Aptabase to collect aggregate, anonymous analytics (e.g., which screens are visited, app version, OS). No personal identifiers or health data are included. See Aptabase's Privacy Policy.

2. Where Data Is Stored

All sexual activity and health data is stored locally on your device, encrypted with AES-128/256-CFB. LoveLust servers have zero access to this data.

If you enable the optional encrypted cloud backup (premium feature), your data is encrypted on-device before upload. Only you hold the decryption key.

3. Data Retention and Deletion

Health data is retained for as long as you use the app. You can delete all your data at any time by:

  1. Using Settings → Delete all data within the app.
  2. Uninstalling the app (removes all locally stored data).
  3. Clearing the app's storage from your device settings.

4. Your GDPR Rights

  • Art. 15, Right of access: Request a copy of the personal data we hold about you.
  • Art. 16, Right to rectification: Ask us to correct inaccurate data.
  • Art. 17, Right to erasure: Request deletion of your data. For health data stored locally, exercise this directly in the app.
  • Art. 20, Right to data portability: Export your data in a machine-readable format.
  • Art. 7(3), Right to withdraw consent: Withdraw consent at any time by deleting your data.

To exercise any right, contact us at the email address listed on the Support page. We will respond within 30 days.

5. Third-Party Services

  • RevenueCat: subscription management. Privacy Policy
  • Aptabase: anonymous analytics. Privacy Policy
  • Apple HealthKit / Google Health Connect: optional health data integration (only when enabled by you).
  • Google Play Services: Privacy Policy

We do not sell your data to any third party.

6. Security

All health data is encrypted on your device using AES-128/256-CFB. We follow industry best practices to protect any data we process. However, no electronic system is 100% secure and we cannot guarantee absolute security.

7. Age Restriction

LoveLust is intended for users 18 years or older. We do not knowingly collect data from anyone under 18. If you believe a minor has used the app, contact us immediately.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the app after changes constitutes acceptance of the revised policy.

9. Contact Us

For any questions or to exercise your GDPR rights, contact us at the email address listed on the Support page.

Last updated: 2025-03-20