Privacy Policy

Last updated: 2026-07-10

Lusis ("we", "our", "the app") is a private location-sharing app operated by STODR LLC, a Washington State (USA) limited liability company ("STODR", "the operator"). This policy explains what data Lusis collects, how it's used, who it's shared with, and the choices you have.

Plain-English summary

The short version, in plain language, is:

The rest of this document is the full legal version of the above.

Data we collect

Account data

When you sign up, we collect:

Location data

When you enable location sharing, Lusis collects:

Location is reported at an adaptive interval that balances accuracy against battery life — faster updates while you're moving, slower updates while you're stationary, and longer gaps when your battery is low. The exact tuning changes over time as we learn more from real usage; specific intervals aren't part of this policy.

Usage data

Technical data

Activity and motion data

To save battery, Lusis adapts how often it reports your location based on whether you're moving. To do this, the app reads short-term signals from your phone:

Raw pedometer readings and OS activity-recognition events are not persisted. We do retain a derived activity label (for example, walking, biking, or driving) alongside each location record so history and trip features can colour and group your timeline correctly.

Crash and diagnostic reports

When the app crashes or hits an unexpected error, we collect a diagnostic report containing:

We do not deliberately include personal information in crash reports. Crash reports are sent to Sentry (sentry.io); see "Service providers" below.

In-app feedback

When you submit feedback through the in-app form, we store the text you typed, your user ID, and a timestamp. We read it manually to triage bugs and improve the app. You can request deletion of any feedback you've submitted by emailing [email protected].

Diagnostic and product telemetry

Lusis logs a small set of named events to its own backend (Supabase) to diagnose bugs and tune the location and battery algorithms. These are first-party events — none of them are sent to any third-party analytics service.

Examples of events we log:

Each event is stored with your user ID, the event name, a timestamp, and a small set of structured fields (typically: device state, an error message, or a coarse-rounded location). We do not include the contents of check-in messages, the names of saved places, your phone number, or your email in these events.

Beta waitlist signups (website)

If you request a beta invite through the form on lusis.app, we store the email address you enter, the platform you pick (iPhone or Android), your answer to the beta-diagnostics consent checkbox, and a timestamp. If you later reply to our invite email, we may add your answers (for example, how you plan to use Lusis) to the same record.

We use this information to run the closed beta and to keep you in the loop: deciding who to invite and when, setting you up on the right platform, and sharing occasional Lusis news, like the public launch. We don't use it for anything else. It is never shared with or sold to anyone, and it is stored on our EU-hosted servers, separate from app accounts.

We keep your entry until you tell us to stop. You can unsubscribe or ask to be removed at any time by emailing [email protected] and we will delete it.

Permissions we request

How we use your data

We use the data above only to:

  1. Show your location to members of your shared circle you've explicitly invited and who have accepted the invitation.
  2. Deliver check-in messages from one circle member to another.
  3. Trigger geofence notifications when you arrive at or leave a saved place.
  4. Operate the app — authentication, data sync, crash diagnostics, and minimal server-side logs required for service operation. We use a third-party crash reporter (Sentry) to be told when the app fails, but we do not use any analytics SDK, advertising SDK, attribution SDK, or behavioral tracker.

We do not use your data for:

Where your data is stored

Account data, location history, check-ins, saved places, profile photos, push tokens, user-submitted feedback, and diagnostic event logs are stored on Supabase infrastructure (supabase.com), which uses data centers in the European Union (Frankfurt, Germany). Data is encrypted at rest and in transit. Supabase is our data processor; they process data only on our instructions and do not use it for their own purposes.

Crash and diagnostic reports are stored separately by Sentry (see Service providers below).

Service providers

Lusis relies on a small set of third-party services to operate. Below we describe what each category of service receives. The currently-named providers in each category are listed at the end of this section; we update that list whenever a provider changes, but the descriptions of what each category sees do not change.

We do not use any analytics, advertising, attribution, fingerprinting, or A/B-testing services.

Currently-named providers

This list reflects the providers in each category as of the "Last updated" date at the top of this page. When a provider changes, we update this list and the date.

Who can see your location

Your location is visible only to:

  1. Members of the shared circle you created or joined, and only while you have location sharing enabled.
  2. The operator, when investigating account-specific issues you've reported to us, and only with your explicit consent.

When a circle member is viewing you and your shared location is stale, your device may — silently, and only while you are sharing with that circle — share a fresh location (see Push notifications & background updates below).

Your location stream is never sent to:

Location history retention

Location points are retained while your account is active. You can delete your entire account and all associated data at any time using Settings → Delete account in the app (see "Account deletion" below). A configurable auto-delete window for older location history is on our roadmap and will be announced in-app when available.

Push notifications & background updates

We use push notifications for two things: visible alerts (such as circle check-in messages), and silent background updates. If a member of a circle you are actively sharing your location with opens the app and your last location is outdated, we may send your device a silent background signal asking it to share a fresh location. This signal is invisible — no banner, no sound, nothing on your screen — and carries no message text or personal information. It is best-effort and subject to your phone's operating-system limits, so an update is not guaranteed. It happens only while you are sharing with that circle, and stops if you turn off location sharing or leave the circle. The information needed to notify your device is stored only while you are signed in, and is cleared when you sign out or delete your account.

Your rights

You have the right to:

To exercise any right that isn't already self-service in the app, email [email protected]. We respond within 30 days.

If you are in the European Economic Area, United Kingdom, or Switzerland, you also have the right to lodge a complaint with your local data protection authority.

California residents (CCPA / CPRA)

If you are a California resident, you have the additional right to know what personal information we collect and how we use it (covered above), the right to delete it, the right to correct it, and the right to opt out of sale. We do not sell personal information to any third party. There is nothing to opt out of, but if this ever changes we will provide a clear opt-out mechanism.

Account deletion

You can delete your account and all associated data directly in the app via Settings → Delete account. Live account data is deleted immediately; encrypted database backups may persist for up to 30 days before they are purged. If you can no longer sign in, email [email protected] with the subject line "Delete my Lusis account" from the email address associated with your account, and we will complete the deletion within 7 days.

Upon deletion, we will remove:

Changes to this policy

We will post any changes to this page and update the "Last updated" date above. If the changes are material, we will notify active users in-app before the changes take effect.

Contact

Questions or requests: [email protected]

Operator: STODR LLC, Washington State, USA