Introduction
Welcome to LuviaSpark ("we," "our," or "us"). LuviaSpark is an on-demand home services platform operated by LuviaSpark Ltd. We provide car wash, laundry, and home cleaning services through our mobile application available on iOS and Android.
This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use the LuviaSpark mobile application and any related services (collectively, the "Service"). Please read this policy carefully. By using the Service, you agree to the practices described herein.
If you do not agree with the terms of this Privacy Policy, please do not access or use our Service.
Information We Collect
We collect information that you provide directly to us, information collected automatically, and information from third parties.
Information You Provide Directly
- Account Information: When you register, we collect your full name, email address, phone number, and password.
- Profile Information: Profile photo or avatar, preferred contact method, and address information for service delivery.
- Payment Information: We collect payment slip images you upload when funding your in-app wallet via bank transfer. Full card or bank account numbers are never stored on our servers — payment processing is handled by Paystack.
- Booking Information: Service type, delivery address, scheduling preferences, special instructions, and any messages you send through the app.
- Communications: Any feedback, support requests, or correspondence you send us.
Information Collected Automatically
- Location Data: With your permission, we collect your precise GPS location to connect you with nearby service providers and to enable live tracking during active service sessions. Location is collected only when the app is in use and an active booking exists.
- Device Information: Device type, operating system version, unique device identifiers (device ID, advertising ID), app version, and mobile network information.
- Usage Data: App features accessed, screens viewed, time spent in-app, crash reports, and diagnostic data.
- Log Data: IP address, access times, pages or screens viewed, and referring URLs.
Information from Third Parties
- Payment Processors: Transaction confirmation data from Paystack after a payment is completed.
- Analytics Providers: Aggregated usage and behaviour data from Firebase Analytics and PostHog to help us improve the app.
- Push Notification Services: Device tokens provided by Firebase Cloud Messaging (FCM) for delivering push notifications.
How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To process bookings, dispatch service professionals to your location, and complete the requested services.
- Live GPS Tracking: To enable real-time location sharing between customers and assigned service staff during active jobs, so you always know where your professional is.
- Payment Processing & Verification: To process wallet top-ups, verify payment slips submitted by customers, credit wallets upon approval, and maintain an accurate transaction ledger.
- Push Notifications: To notify you when a booking is confirmed, when a professional is assigned, when they are on the way, and when the job is completed.
- Account Management: To create and manage your account, authenticate your identity, and maintain your session securely.
- Customer Support: To respond to your inquiries, resolve disputes, and investigate complaints.
- Safety & Reliability: To enforce our terms of service, including our two-strike policy for unreachable customers, and to protect against fraud or abuse.
- Analytics & Improvement: To understand how users interact with the app, identify bugs, and guide product improvements using anonymised and aggregated data.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes.
Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specifically:
- Account Data: Retained for the duration of your account and for up to 90 days after deletion to allow for dispute resolution.
- Booking & Transaction Records: Retained for up to 5 years to comply with financial record-keeping obligations.
- Payment Slips: Retained for up to 2 years from the date of upload for audit and compliance purposes, then securely deleted.
- Location Data: Real-time location data collected during active jobs is not permanently stored. Approximate location metadata may be retained as part of the booking record for up to 1 year.
- Usage & Analytics Data: Aggregated and anonymised analytics data may be retained indefinitely for product improvement purposes.
You may request deletion of your personal data at any time (see Your Rights below).
Security
We implement industry-standard security measures to protect your personal information from unauthorised access, disclosure, alteration, or destruction:
- Encryption in Transit: All data transmitted between the app and our servers is encrypted using TLS (Transport Layer Security).
- Authentication: We use JSON Web Tokens (JWT) with automatic refresh token rotation to secure your sessions. Tokens are stored securely on-device.
- Access Controls: Access to personal data within our organisation is restricted to authorised personnel on a need-to-know basis.
- Rate Limiting: Our API employs rate limiting to prevent brute-force and denial-of-service attacks.
- Secure Infrastructure: Our backend is hosted on cloud infrastructure with managed security patches, firewall rules, and regular vulnerability assessments.
While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at security@luviaspark.com.
Children's Privacy
LuviaSpark is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at support@luviaspark.com and we will delete that information promptly.
Users between the ages of 13 and 18 should use the Service only with the involvement and consent of a parent or legal guardian.
Your Rights
Depending on your location, you may have certain rights regarding your personal information. These include:
- Right of Access: You may request a copy of the personal information we hold about you.
- Right to Rectification: You may request that we correct any inaccurate or incomplete personal information.
- Right to Erasure: You may request that we delete your personal data. You can also delete your account directly from within the app — see How to Delete Your Account. Note that certain data may be retained for legal and compliance reasons as described in Data Retention.
- Right to Restrict Processing: You may ask us to limit how we use your data in certain circumstances.
- Right to Data Portability: You may request a structured, machine-readable copy of your personal data.
- Right to Withdraw Consent: Where we rely on your consent to process data (e.g., location tracking), you may withdraw that consent at any time via your device or app settings. Withdrawal does not affect the lawfulness of prior processing.
- Right to Object: You may object to processing based on legitimate interests, including for direct marketing purposes.
To exercise any of these rights, please contact us at privacy@luviaspark.com. We will respond to all legitimate requests within 30 days.
Google Services
LuviaSpark integrates several Google-owned services to power core features of the app. Each service is operated by Google LLC (or its affiliates) and is subject to Google's Privacy Policy. By using LuviaSpark, you acknowledge that data may be transferred to and processed by Google's infrastructure, which may be located outside your country of residence.
Google Maps Platform
We use the Google Maps SDK for React Native to render interactive maps within the app. During an active booking, your device's GPS coordinates are displayed on the map to show your location and the service provider's real-time position. The following data is transmitted to Google's servers as part of normal Maps SDK operation:
- Device location (latitude and longitude) while the map screen is active
- Map tile requests based on the current viewport (does not include your identity)
- Device type and operating system version for SDK compatibility
Location data sent to Google via the Maps SDK is governed by Google's Maps Platform Terms of Service. We do not share your account identity with Google Maps — location data is associated with anonymous map sessions only.
Google Places API (Autocomplete)
When you type a service address in the app, we use the Google Places Autocomplete API to suggest and validate addresses. The following data is sent to Google:
- The partial or full text you type into the address search field
- Your approximate location (used to bias results towards nearby addresses)
- A session token (a randomly generated, non-identifying string used to group autocomplete queries into a single billable session)
Address search queries are not linked to your LuviaSpark account when transmitted to Google. Google may use this data in accordance with their privacy policy to improve their autocomplete service.
Firebase Analytics
Firebase Analytics (part of Google Firebase) collects in-app event data to help us understand how users navigate the app, which features are most used, and where users encounter issues. Data collected includes:
- App events (e.g., screen views, button taps, booking completions)
- Session duration and frequency of app use
- Device information (model, OS version, screen resolution)
- Approximate geographic location (country/region level, derived from IP address)
- Advertising ID (IDFA on iOS, GAID on Android) — only if ad tracking is not limited on your device
Firebase Analytics data is aggregated and does not personally identify you by name or account. You can opt out by enabling "Limit Ad Tracking" on iOS or "Opt out of Ads Personalization" on Android in your device settings.
Firebase Cloud Messaging (FCM)
We use Firebase Cloud Messaging to deliver push notifications to your device (e.g., booking confirmations, staff dispatch alerts, job completion notices). FCM requires:
- A device registration token — a unique identifier assigned by FCM to your device/app installation. This token is stored on our servers solely for the purpose of delivering notifications to you.
- Message delivery metadata (delivery timestamps, message IDs) processed by Google to confirm successful delivery.
FCM does not allow us to read the content of notifications sent by other apps. You can disable push notifications at any time in your device's notification settings, though this will prevent you from receiving important service updates.
Firebase Crashlytics
Crashlytics automatically collects crash reports whenever the app encounters an unexpected error. Data sent to Google/Firebase includes:
- Stack traces and error logs at the time of the crash
- Device state information (available memory, battery level, network type)
- App version and build number
- A Crashlytics installation UUID (a non-identifying random identifier reset on app reinstall)
- Whether the crash occurred in a background or foreground session
Crash reports do not contain your name, email, phone number, or payment information. They are used solely for diagnosing and fixing software bugs.
Data Processing & Google's Role
For the Firebase services described above, Google acts as a data processor on our behalf under a Data Processing Agreement (DPA) consistent with applicable data protection laws. For Google Maps Platform and Places API, Google acts as an independent data controller for certain data collected through those services. We encourage you to review Google's Privacy Policy for full details on how Google handles data across its services.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this policy.
- Send you a push notification through the app.
- In some cases, request your renewed consent where required by law.
We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We aim to respond to all inquiries within 5 business days. For urgent data-related requests, please include "URGENT" in your subject line.