Privacy Policy

Effective date: 10 April 2026

We care about your privacy, and we aim to explain everything in plain English. This policy tells you what data we collect, why we need it, how we protect it, who we share it with, where we store it, how long we keep it, and the choices and rights you have under UAE law.

The headline points are:

We only use your data to run and improve LUVED, to keep the community safe, to process payments and deliveries, and to support you when you need help.
We store your data in trusted cloud systems whose physical servers are located in the United Arab Emirates, with backup servers in Europe.
You can exercise your privacy rights with us at any time.

If you read nothing else, please remember never to share your payment details with other users. Please note that certain personal information — such as your address — will be shared with the other party on LUVED once an in-person pick-up has been confirmed. Outside of this, please do not share personal information with other users. Always keep conversations and payments on LUVED.

Who We Are and How to Contact Us

We are LUVED FZ-LLC, a Dubai-born, AI-powered community marketplace for pre-loved fashion, furniture and lifestyle items.

Registered office: in5 Tech, Dubai Internet City, Dubai, UAE.

Email for anything privacy-related: privacy@luved.app

You can also reach our support team via the app (LuvBot) once it is live, or email. If you prefer old-school, write to us at our registered office and mark it "Privacy".

For UAE privacy law purposes, we're the "controller" of your personal data when you use LUVED.

What This Policy Covers

This policy applies to our app, website, and any services we provide through them. It covers buyers, sellers, people who browse without an account, and anyone who contacts us, wherever you are located.

If you are outside the UAE, you may have additional rights under your local data protection laws (such as the GDPR in Europe or CCPA in California), and we will respect those rights where required by law.

It doesn't cover other companies' sites or services we link to (for example, payment providers, couriers or brand authentication services). They have their own privacy notices.

The Data We Collect

We only collect what we need to run LUVED well, protect the community, and meet our legal obligations. This mainly includes:

Data Category	Data Types
Account and profile data	Name, username, email, phone number, delivery address, preferences, favourite brands, saved items, profile photo
Listing and transaction data	Item photos and descriptions you upload, offers, orders, payment status, in-app wallet balance, refunds and disputes
Delivery data	Pick-up and drop-off details, time windows, delivery confirmations
Communications	Messages you send to us, in-app chat with other users, comments and reviews
Payment and payout data	We don't store full card details. Our payment partners process card/Apple Pay/Google Pay (Coming Soon) details. We may collect limited payment identifiers, status, last 4 digits, and payout details you provide to withdraw funds
Verification and anti-fraud data	Device information, log data, IP address, app version, approximate location, risk flags generated by our systems, and images you submit for authentication or dispute resolution
Marketing and analytics data	Cookie IDs, browsing behaviour on our app/website, campaign interactions and preferences

Identity Data

Sellers are required to complete identity verification as part of our know-your-customer ("KYC") process before they can list items on LUVED. This includes providing a copy of a valid identity document (such as a passport or Emirates ID) and confirming their registered address on the app. We use a trusted third-party verification provider, Onfido, to carry out this process on our behalf. We may also ask any user for identity verification where required by law or to prevent fraud.

Sensitive Personal Data

Under the UAE PDPL, certain categories of personal data are treated as "sensitive" and receive a higher level of protection. These include information that directly or indirectly reveals a person's family background, ethnic or racial origin, political opinions, religious or philosophical beliefs, criminal record, biometric data, genetic data, health data, or information about a person's sexual life.

We do not routinely collect sensitive personal data. However, in limited circumstances we may collect certain categories, for example: biometric data and identity document data (such as a passport or Emirates ID), where we are required to verify the identity of sellers as part of our know-your-customer ("KYC") obligations.

We use a trusted third-party verification provider (currently Onfido) to assist with this process.

Where we do collect sensitive personal data, we will only do so where we have a valid legal basis under the UAE PDPL (such as your explicit consent, or where required by law), and we will apply additional technical and organisational safeguards to protect it. We will not collect sensitive personal data unless it is strictly necessary for the purpose stated at the time of collection.

How We Collect Your Data

Directly from you when you create an account, list an item, make a purchase, message another user, contact support, or join a promotion.
Automatically when you use LUVED, through cookies, software development kits ("SDKs") and similar technologies that help the app work, keep it secure and show you relevant content.
From trusted partners who support our service, for example payment providers, delivery partners, and our luxury authentication partner, where this is needed to complete your request.

How We Use Your Data (and Our Lawful Reasons)

We rely on the lawful reasons set out in UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the "UAE PDPL") and, when published, its Executive Regulations.

We have to have a lawful basis (reason) to process your personal data, and the UAE PDPL allows several 'bases' on which we can do this. Depending on the context (see below table), we rely on the following legal grounds to process your data:

To perform our contract with you — to provide you with LUVED and everything that goes with it
Our legitimate interests (balanced against your rights) — to run, protect and improve LUVED in ways that are fair, expected and respect your rights
Where we have your consent — for certain types of marketing and optional features
Where it is necessary to comply with our legal obligations — to comply with the law, handle requests from authorities, and establish, exercise or defend legal claims

If you are based outside the UAE, we comply with your local data protection laws where they apply.

For the main things you do on LUVED, we have set out our reason below, next to each main action.

Context	Our Reason
Create and manage your account, listings and orders	Contract
Process payments, hold funds where needed for buyer protection, and send payouts	Contract; legal obligations
Arrange deliveries and collections and keep you updated	Contract
Provide authentication for selected luxury brands and manage disputes about authenticity	Contract; legitimate interests in platform integrity and fraud prevention
Personalise your experience, including recommendations and search results based on your preferences and behaviour	Legitimate interests; consent for certain marketing personalisation where required
Communicate with you about your account, listings, orders, changes to our terms or policies, and important service notices	Contract; legal obligations; legitimate interests
Send you marketing by email, push or in-app messages about features, offers and events	Consent where required; legitimate interests for existing customers, with an easy opt-out at any time
Prevent, detect and investigate fraud, scams, counterfeit items and unsafe behaviour, and to protect our community	Legitimate interests; legal obligations
Improve our app's safety, performance, accessibility and design, including analytics and testing	Legitimate interests
Comply with the law, resolve disputes, enforce our terms and defend legal claims	Legal obligations; establishment, exercise or defence of legal rights

Automated Decision-Making and AI

We use AI to power features like item recommendations and smart search. These help you discover relevant items faster. For example, our AI analyses your browsing history, saved items, search queries, and favourite brands to suggest items that match your taste. Our smart search understands natural language queries (like "black Chanel bag under AED 20,000") and helps you find what you're looking for more easily. The AI also helps us categorise listings, detect potential policy violations, and improve the overall experience.

We do not make decisions that produce legal effects on you, or similarly significant effects, based solely on automated processing. This means that important decisions (such as suspending your account, rejecting a dispute claim, or permanently banning you from the platform) always involve human review. While our systems may flag issues (like suspicious activity or potential policy breaches) using automated tools, a member of our team will review the situation before taking action that significantly affects you.

If you are in a jurisdiction that requires it (such as the EU under GDPR), you have the right to request human review of any automated recommendation.

You can switch off certain personalisation features in your settings. Contact us at privacy@luved.app if you would like more information about how our recommendation systems work or to exercise this right.

Cookies and Similar Technologies

We use cookies, SDKs, and similar tools to keep LUVED secure, remember your preferences, measure performance and show you relevant content.

What Are Cookies and SDKs?

Cookies are small text files stored on your browser or device when you visit a website. They help the site recognise your device and remember information about your visit (for example, your language or items in your basket).

SDKs (software development kits) are pieces of code built into our mobile app that perform similar functions to cookies in a web browser. For example, they can help us understand how the app is used, send push notifications, or detect crashes.

What We Use Them For

Depending on how you use LUVED (web or app), we may use:

Essential cookies/SDKs — These are needed to make LUVED work. For example, they:

Keep you logged in as you move around the app or website
Enable basic security and fraud prevention
Allow you to place and manage orders

You cannot switch these off through our tools, but you can block them in your browser/device (which may stop LUVED working properly).

Performance and analytics cookies/SDKs — These help us understand how people use LUVED so we can improve it. For example, they:

Tell us which screens or pages are most popular
Help us see if features are working as expected
Let us measure the effectiveness of campaigns

We use this information in an aggregated way and do not use it to make decisions about you individually.

Functional cookies/SDKs — These remember your choices to give you a smoother experience. For example, they:

Remember your language and region
Save your preferences (such as favourite categories)
Help us show you more relevant content in the app

Marketing cookies/SDKs — Where enabled, these help us show you more relevant LUVED content and offers and measure our own marketing. For example, they:

Record that you visited our site or app and interacted with certain content
Help us avoid showing you the same promotion repeatedly

We do not currently use mobile advertising IDs to show you third party ads across other apps or websites. If we introduce this in future, we will update this policy and, where required, ask for your consent first.

Please see our Cookie Policy for more information. You can also request more detail about the specific cookies or SDKs we use, their providers and lifespans, by contacting us at privacy@luved.app.

When We Share Your Data

We only share what's necessary, with safeguards in place. We do not sell your personal data.

Who We Share Data With	Why We Share That Data
Payment providers	To process payments and payouts. We currently work with partners that support Apple Pay, Google Pay and card payments. These providers act as independent controllers for your payment data.
Authentication partner	For selected luxury brands, we share necessary data and images to verify authenticity and prevent counterfeits.
Identity verification partner (Onfido)	To verify the identity of sellers and confirm their registered address as part of our KYC process. Onfido processes identity documents (such as passports and Emirates IDs) and related biometric data on our behalf as a data processor, under a data processing agreement with us.
Logistics partners	To pick up and deliver items, including your name, address and contact details needed for the delivery.
Cloud hosting, analytics and support tools	To store data securely, fix issues and run our service.
Law enforcement, regulators or authorities	Where we're legally required or to protect our community from fraud and serious harm.
Business transfers	If we undergo a merger, acquisition or reorganisation, your data may transfer as part of the business, with the same protections.

International Data Transfers and Where We Store Your Data

Your data is stored in trusted cloud infrastructure whose physical servers are located in the United Arab Emirates, with backup servers in Europe.

This means your data may be transferred outside the UAE. When we transfer data internationally, we use safeguards that comply with the UAE PDPL and, where applicable, other international frameworks such as the GDPR. Our safeguards include:

Data transfer agreements with the recipients of your data that include UAE-compliant contractual protections.
Technical and organisational security measures, including encryption in transit and at rest (see below sections for more information on this).
Strict access controls and vendor due diligence.
Some partners may also store or access data from other countries (including the European Economic Area, United Kingdom, and other jurisdictions), but only where this is necessary to provide the service; and always subject to the same safeguards (including Standard Contractual Clauses where required).
If you would like more detail about our transfer safeguards, please contact us.

How We Protect Your Data

Encryption in transit and at rest for personal data stored in our cloud systems. This means your data is scrambled using industry-standard encryption protocols when it travels between your device and our servers (in transit), and when it's stored in our databases (at rest). Even if someone intercepted the data, they wouldn't be able to read it without the encryption keys, which we protect carefully.
Strict access controls, multi-factor authentication and role-based permissions for our team. Only authorised employees can access personal data, and only when they need it to do their job (for example, customer support helping you with an issue). Every team member must use multi-factor authentication to log in, and their access is limited based on their role. We log and monitor all access to sensitive data.
Data minimisation and secure-by-design engineering practices. We only collect and keep the data we actually need, and we build privacy and security into our systems from the start rather than adding them later. This includes things like automatic data deletion when it's no longer needed, privacy impact assessments for new features, and designing systems so that even our own team can't access more data than necessary.
Regular monitoring, logging and vendor security reviews. We actively monitor our systems for unusual activity, security threats and potential breaches. We keep detailed logs of system events and access, which help us detect and investigate issues quickly. We also regularly review the security practices of our third-party vendors to make sure they meet our standards and protect your data properly.
Staff training on privacy and security. Every member of our team receives training on data protection, privacy best practices, and how to spot and respond to security threats like phishing attempts. We make sure everyone understands their responsibilities under UAE law and our internal policies, and that they know how to handle your data with care.
Incident response procedures. While we work hard to protect your data, no system is 100% secure. If a data breach occurs that is likely to result in a risk to your rights and freedoms, we'll notify you without undue delay and, where required by law, we'll notify the UAE Data Office and other relevant authorities. We'll tell you what happened, what data was affected, and what steps to take.

How Long We Keep Your Data

We keep your data only for as long as we need it for the purposes we collected it, including to meet legal, accounting or reporting requirements.

We apply the following general rules:

Account data — Kept while your account is active. If you close your account, we'll delete or anonymise your data within 30 days, unless we need to keep certain information for legal reasons (such as financial records for tax compliance, fraud prevention data, or to defend legal claims).
Transaction and delivery records — Typically kept for up to 7 years to meet tax, financial and consumer protection requirements.
In-app messages and communications — Kept for as long as you have an account and then for up to 24 months to help resolve disputes and protect our community.
Anti-fraud and safety data — We keep anti-fraud and safety data for as long as is necessary and proportionate to the risk level, the nature of the incident, and our legal obligations. Retention periods vary depending on the circumstances, including the severity of the issue, whether action was taken, and any applicable legal requirements.
- Routine risk flags where no further issues arise are kept for a limited period proportionate to the level of risk identified.
- Higher-risk accounts or incidents that were investigated but resulted in no further action are kept for a reasonable period reflecting the nature of the concern.
- Records of confirmed fraud, serious abuse or account bans are kept for longer periods where necessary to protect our community, comply with the law, or to establish, exercise or defend legal claims.
Marketing preferences — Kept until you opt out. If you opt out, we'll keep a record of that choice, so we don't contact you again by mistake.
Cookies/IDs — These are stored according to their type and purpose. You can manage or delete them at any time.

Your Choices

You're in control of many settings:

Update your profile, addresses and preferences in the app at any time. You can change your display name, profile photo, email address, phone number, delivery addresses, favourite brands, and preferred categories. Simply go to your account settings (tap the profile icon, then the settings gear). Changes take effect immediately, and you can update these as often as you need.
Choose whether to receive marketing. Every marketing message includes an easy opt-out. You can unsubscribe from marketing emails by clicking the "unsubscribe" link at the bottom of any email, turn off push notifications in your device settings or in-app notification preferences, or adjust your marketing preferences in your account settings. Even if you opt out of marketing, we'll still send you important transactional messages about your orders, account security, and policy updates.
Control personalisation in your settings and device permissions. You can turn off personalised recommendations in your account settings under "Privacy & Personalisation". You can also control location access, camera access, photo library access, and notifications through your device settings. Note that turning off some features may affect your experience (for example, you might see less relevant search results).
Manage cookies and ad tracking via your browser and device settings. However, keep in mind that blocking essential cookies may prevent some features from working properly.
Use in-app messaging for safer communication; avoid sharing personal data directly with other users. Our in-app chat is monitored for scams and policy violations to help protect you. Never share your full address (until you've confirmed a purchase), phone number, email address, social media handles, payment details, or copies of ID documents with other users through chat. If someone asks you to move the conversation to WhatsApp, Instagram, or another platform, this is a red flag — report it immediately. Keeping communication in-app means we can help if something goes wrong.

Your Rights Under UAE Law

Under the UAE PDPL, you have rights over your personal data. If you are located in the EU/EEA, UK, or other jurisdictions with broader protections, you may have additional rights under the GDPR or equivalent laws. Depending on your location and the applicable law, you can:

Ask for access to the personal data we hold about you. This is sometimes called a "subject access request". You can ask us to confirm what data we have, where it came from, why we're processing it, who we've shared it with, and how long we'll keep it. We'll provide you with a copy of your data in a commonly used format. This is free of charge for your first request, though we may charge a reasonable fee for repeated or excessive requests.
Ask us to correct inaccurate or incomplete data. If any of your personal information is wrong or out of date, you have the right to have it corrected. For most information (like your name, email, phone number, or addresses), you can update it yourself directly in your account settings. For information you can't change yourself, or if you believe we have inaccurate data about your transactions or account history, contact us and we'll investigate and correct it if needed.
Ask us to delete your data when it's no longer needed, when you withdraw consent (where consent was the basis), or when the law allows. This is sometimes called the "right to be forgotten". You can close your account at any time through the app settings, and we'll delete or anonymise your data within 30 days. However, we may need to keep some information for longer if we have a legal obligation (like keeping financial records for tax purposes for 7 years), to defend legal claims, or to protect our community from fraud. We'll always tell you if we need to keep some data and explain why.
Ask us to restrict or stop processing in certain circumstances. This means we'll store your data but not actively use it. You might ask for this if you've challenged the accuracy of your data and we're checking it, if you've objected to processing and we're considering whether our legitimate interests override yours, if processing is unlawful but you don't want us to delete the data, or if we no longer need the data but you need us to keep it to establish, exercise or defend a legal claim.
Object to processing based on our legitimate interests, including for direct marketing. You have an absolute right to opt out of marketing at any time — just click unsubscribe in any email, adjust your notification settings, or contact us. You can also object to processing based on our legitimate interests (for example, fraud prevention or product improvement) by explaining your particular situation. We'll stop processing unless we can demonstrate compelling legitimate grounds that override your interests, or we need to process the data for legal claims.
Ask for your data in a portable format where technically feasible and where the legal conditions are met. This means you can request a copy of the personal data you've provided to us in a structured, commonly used, machine-readable format (like CSV), so you can move it to another service if you want. This right applies to data you've given us directly (like your profile information and listing details) where we're processing it based on consent or contract, and where it's technically possible for us to provide it. It doesn't cover data we've derived or generated about you (like risk scores or analytics).
Withdraw your consent at any time where we rely on consent. If we're processing your data based on your consent (like for certain marketing or optional features), you can change your mind at any time. Just update your settings in the app or contact privacy@luved.app. Withdrawing consent is as easy as giving it. This won't affect any processing we did before you withdrew consent, and it won't affect processing that's based on other lawful grounds (like contract or legal obligations). We'll stop the processing based on consent as soon as reasonably possible after you withdraw it.
Complain to the UAE Data Office if you're not happy with how we handle your data. If you are in the EU/EEA, you can contact your local supervisory authority. If you are in another jurisdiction, you may contact your local data protection authority. We'd appreciate the chance to resolve your concerns first.

To exercise your rights, email privacy@luved.app or use the in-app privacy settings where available. We may ask you to verify your identity for security. We aim to respond as soon as possible and usually within 30 days. If you are subject to the GDPR, we will respond within one (1) month. If we need more time for complex requests, we'll let you know and explain why.

Keeping Our Community Safe: User-to-User Messages and Sharing

LUVED is a peer-to-peer marketplace. That means buyers and sellers can chat and arrange deliveries. Please keep these safety tips in mind:

Never share your card details, bank PINs, one-time passwords, or full ID documents with other users.
Keep payments inside LUVED. Paying outside the app removes our buyer and seller protections.
Be careful with personal information in messages. Anything you share with another user can be copied or misused by them.
Report suspicious behaviour immediately through the app or by emailing privacy@luved.app.
If someone asks you to switch to an external app, or makes an offer too good to be true, it probably is.

We monitor for fraud and policy breaches and may review your messages if we need to investigate a reported issue or protect our community.

Children's Privacy

LUVED is for adults. You must be 18 or over to create an account or use our services. By creating an account, you confirm you meet this age requirement. In some countries, the age of digital consent may be lower, but we set our minimum at 18 for all users.

We sell children's items to adults. We don't knowingly collect personal data from children. If you think a child has used LUVED, please contact us and we'll take appropriate steps.

Third-Party Links and Services

You'll find links to other sites or services in our app (for example, payment providers or authentication tools). These services are run by other companies with their own privacy policies and terms. We're not responsible for their practices. Before you use them, please read their privacy information so you understand how they handle your data.

Payments, Wallets and Stored Value

Payments on LUVED are processed by trusted payment partners, and we support Apple Pay, Google Pay (Coming Soon) and card payments.

We do not store full card numbers on our systems.
If you use your in-app wallet balance, we'll process your payout details to send funds to your bank account when you ask us to.
Chargebacks, disputes and refunds may involve sharing limited data with payment partners to resolve the issue, under strict confidentiality.
Your bank or payment provider may process your data as an independent controller. Please refer to their privacy policy for more details.

Data Sharing Details — Our Main Partners

To keep things transparent, here are the key categories of partners we work with and why:

Partner Category	Why We Work With Them
Cloud hosting and storage	We store app data securely and reliably. Our primary servers are physically located in the UAE, with backup servers in Europe.
Payments	To process your payments and payouts securely.
Logistics	To pick up and deliver items safely and on time.
Authentication	To help verify selected luxury brands and prevent counterfeits.
Analytics and crash reporting	To understand app performance and fix bugs quickly.
Communications	To send you essential service messages and support you when you contact us.

Limiting Our Liability

We'll always do our best to keep your data safe and to be clear about how we use it. That said:

We're not responsible for losses caused by information you choose to share with other users, or by payments you make outside LUVED.
We're not responsible for the privacy practices of third-party sites or services linked from LUVED.
We don't promise the app will be free from all errors or interruptions all the time.
To the maximum extent the law allows, we're not liable for indirect losses like lost profits or business interruption that result from how you use LUVED or this policy.
Nothing in this policy limits liability we can't limit under the law.

Changes to This Policy

We may update this policy to reflect how LUVED evolves or to stay compliant with the law.

If we make significant changes, we'll let you know in the app or by email.

The latest version will always be available in the app and on our website, with the effective date at the top.

How to Raise a Concern or Make a Complaint

First, please contact us at privacy@luved.app — we're here to help and we'll do our best to fix the issue quickly.

If you're not satisfied, you can lodge a complaint with the UAE Data Office. To do so, visit the official UAE Data Office complaints page at https://www.dataoffice.gov.ae/en/complaints. You may be required to provide details of your concern and supporting documents as part of the process. We encourage you to contact us first so we can address your issue directly.

Helpful Definitions

"Personal data" is information that identifies you or could identify you, like your name or email.

"Controller" refers to the organisation that decides why and how to process personal data. That's us for most LUVED activities.

"Processor" refers to a company that processes data for us under contract, following our instructions.

"UAE PDPL" is the UAE's federal data protection law and its Executive Regulations. "GDPR" is the EU General Data Protection Regulation.

Your Privacy Checklist for a Safer LUVED Experience

Keep your account details up to date and your password private.
Never share payment or ID details with other users.
Keep payments and chat inside LUVED.
Use our in-app report tools if something feels off.
Review your settings and preferences regularly.

Final Word

Trust is at the heart of LUVED. We wrote this policy to be clear and useful, not to hide the ball. If anything in this policy is confusing, or you have an idea to make it better, email privacy@luved.app. We genuinely value your feedback.