Privacy Policy

Last Updated: April 17, 2026

1. Introduction

Welcome to Lucilla ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

• Account information (name, email address, phone number)
• Profile information (username, profile picture, date of birth)
• Payment information (processed securely through third-party payment processors)

2.2 Health & Fitness Data

With your explicit consent, we collect:

• Step count data from Health Connect, Apple Health, Samsung Health, or Google Fit
• Activity data for fitness challenges and tracking
• Location data for geo-based rewards (only when you opt-in)

2.3 Wearable & Fitness Device Data

When you connect a wearable or fitness device to Lucilla, we collect:

• Step count data from connected wearables and phone pedometers
• Device type and model (e.g., Fitbit Charge 6, Apple Watch Series 9, Garmin Forerunner)
• Sync method (native sync via HealthKit/Health Connect/Fitbit API/Garmin Health API, or bridge sync via companion apps like Garmin Connect, Zepp, Polar Flow, COROS, Huawei Health)
• Device accuracy tier classification
• Health Connect permissions and connected data sources (Android)
• HealthKit permissions and connected data sources (iOS)
• Workout and activity session data for intraday match verification

How We Use Wearable Data:

• To verify step counts in competitions and determine winners
• To enforce device eligibility rules for paid matches (8% maximum error rate)
• To detect potential cheating or data manipulation
• To provide personalized health insights (with your consent)
• We do not sell your health or fitness data to third parties
• Wearable data is stored securely and encrypted at rest

Disconnecting Your Wearable: You can disconnect your wearable device at any time through the app settings. Please note that disconnecting a wearable will prevent your participation in matches that require that device as a verified step source.

2.3a Third-Party Wearable & Health Platform Integrations

Lucilla integrates with the following third-party wearable and health platforms to read fitness data on your behalf, only after you have granted explicit permission via the platform's official authorization flow (OAuth, HealthKit, Health Connect, or equivalent):

• Apple HealthKit (iOS) — Apple Watch and iPhone
• Health Connect (Android) — aggregator for Google Fit, Samsung Health, Fitbit, and other Android health apps
• Fitbit Web API — Fitbit and Google Pixel Watch
• Google Fit REST API — Wear OS and Android phones
• Samsung Health SDK — Galaxy Watch and Galaxy phones
• Garmin Health API (Garmin Connect Developer Program) — Garmin watches, cycling computers, and fitness trackers

Data we read from these wearable APIs:

• Daily and intraday step counts
• Workout and activity sessions (start time, end time, sport type, duration, distance)
• Heart rate samples during active workouts and step matches
• Calories burned during activity
• Active minutes and exercise time

Purpose of collection. Lucilla reads the data above for the sole purpose of (1) validating fitness challenge and step-match results, (2) confirming verified in-person visits for reward claims, (3) calculating reward and USDC prize eligibility, and (4) displaying your activity back to you inside the Lucilla app. We do not sell wearable data to third parties, do not use it for advertising, and do not share it with enterprise partners in identifiable form.

Garmin Health API specific notice. Health and activity data obtained through the Garmin Health API (steps, activities, heart rate, calories, intensity minutes, daily summaries) is used exclusively to verify step matches, validate fitness challenge results, and award USDC and reward prizes inside the Lucilla app. Garmin data is stored encrypted at rest, accessed only by authorized backend services on a need-to-process basis, and is never sold, rented, or licensed to third parties. You can disconnect your Garmin account at any time from Settings > Connected Devices > Garmin in the Lucilla app, which immediately revokes our OAuth token with Garmin and stops all further data ingestion. You can additionally request deletion of all Garmin-derived data we have stored by emailing s.borjas@lucilla.ca — we will purge it within 30 days, subject only to the FINTRAC retention exception described in Section 6 (which applies only to records linked to a settled USDC transaction).

Apple HealthKit Notice: Health data obtained from Apple HealthKit is used solely to provide and improve App features. We do not use HealthKit data for advertising, and we do not share HealthKit data with third parties except as required to operate the App or as required by law.

Fitbit Web API specific notice. Health and activity data obtained through the Fitbit Web API (steps, intraday step data, workouts, heart rate, calories, sleep, daily summaries) is used exclusively to verify step matches, validate fitness challenge results, and award USDC and reward prizes inside the Lucilla app. Fitbit data is stored encrypted at rest, accessed only by authorized backend services on a need-to-process basis, and is never sold, rented, or licensed to third parties. You can disconnect your Fitbit account at any time from Settings > Connected Devices > Fitbit in the Lucilla app, which immediately revokes our OAuth token with Fitbit (and your authorization is also manageable from https://www.fitbit.com/settings/applications) and stops all further data ingestion. You can additionally request deletion of all Fitbit-derived data we have stored by emailing s.borjas@lucilla.ca — we will purge it within 30 days, subject only to the FINTRAC retention exception described in Section 6 (which applies only to records linked to a settled USDC transaction).

Google Fit / Health Connect specific notice. Health and activity data obtained through the Google Fit REST API and the Android Health Connect platform (steps, exercise sessions, heart rate, calories, distance, sleep) is used exclusively to verify step matches, validate fitness challenge results, and award USDC and reward prizes inside the Lucilla app. Google-derived data is stored encrypted at rest, accessed only by authorized backend services on a need-to-process basis, and is never sold, rented, or licensed to third parties. Lucilla's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. You can disconnect Google Fit at any time from Settings > Connected Devices > Google Fit (or revoke access at https://myaccount.google.com/permissions), and you can revoke Health Connect read permissions at any time from your Android device's Health Connect settings. You can additionally request deletion of all Google-derived data we have stored by emailing s.borjas@lucilla.ca — we will purge it within 30 days, subject only to the FINTRAC retention exception described in Section 6 (which applies only to records linked to a settled USDC transaction).

Samsung Health specific notice. Health and activity data obtained from Samsung Health (via Health Connect or the Samsung Health SDK on Galaxy Watch and Galaxy phone surfaces — steps, exercise sessions, heart rate, sleep, calories) is used exclusively to verify step matches, validate fitness challenge results, and award USDC and reward prizes inside the Lucilla app. Samsung Health data is stored encrypted at rest, accessed only by authorized backend services on a need-to-process basis, and is never sold, rented, or licensed to third parties. You can disconnect Samsung Health at any time from Settings > Connected Devices > Samsung Health in the Lucilla app, and you can additionally revoke Lucilla's read permission inside the Samsung Health app or via Android Health Connect at the OS level. You can request deletion of all Samsung-derived data we have stored by emailing s.borjas@lucilla.ca — we will purge it within 30 days, subject only to the FINTRAC retention exception described in Section 6 (which applies only to records linked to a settled USDC transaction).

2.3b Shareable Health Data

You may optionally share certain health data with the Lucilla community:

• Step activity — daily or challenge-period step counts
• Meal logs (macros) — food diary entries you choose to post
• Exercise logs — workouts, sets, reps, distance, heart rate
• Journal entries — AI-assisted journal content you explicitly choose to share

All health sharing is opt-in and user-initiated. Nothing is shared automatically. You control visibility (public, followers, groups, or paid subscribers only) and may delete shared posts at any time.

Web community feed (lucilla.ca) is force-anonymized. When you opt a journal / macros / exercise entry into the public community feed that powers lucilla.ca, the server strips your username, user ID, and profile picture at read time so web visitors see the content without being able to identify you. This is a one-way transformation handled server-side. The only de-anonymization path is an admin-only audit endpoint used exclusively for legal-hold or law-enforcement requests — ordinary staff and other users cannot resolve an anonymized entry back to an account.

Enhanced Profile paid subscriptions are the ONLY identified share path. Inside the app, a user may enable a creator subscription on their Enhanced Social Profile (Profile > Creator Pricing). Paid subscribers then see that creator's live macros / exercise / journal feed with full identity attached. Non-subscribers (including strangers, followers, friends, or people the creator follows — depending on the audience tier the creator chose) see a paywall stub plus at most aggregate daily-total teasers. This is a direct creator-to-subscriber relationship facilitated by Lucilla; the platform fee follows the creator's subscription tier. Server-side rules at Users/{uid}/journal_entries block every non-owner read path from reaching raw data without going through the getCreatorTrackingView / getNetworkTrackingFeed Cloud Functions, which enforce the subscription / audience tier.

2.3c Voice & Audio

• Voice commands to the AI assistant (FAB) are processed in real time via Google Gemini Live API and are not stored beyond the active session
• Voice posts and audio you publish to your social feed are stored only when you explicitly post them
• Audio transmitted in live Spaces or Streams is processed in real time

You can revoke microphone access at any time in your device Settings.

2.3d Biometric Data (Passkey / Face ID / Fingerprint)

We never receive or store your biometric data. When you set up your Lucilla Smart Wallet via WebAuthn passkey, authentication happens entirely on your device through Apple or Google's secure enclave. We only receive a cryptographic token confirming successful authentication — your fingerprint or face data never leaves your device.

2.4 Wallet & Transaction Data

For users utilizing our USDC wallet features:

• Blockchain wallet addresses
• Transaction history (stored on public blockchain)
• Payment receipts and subscription records
• Wallet balance at time of reward claims and transactions (used for fraud prevention and platform integrity)

2.5 Device Information

We collect information about the device you use to access Lucilla, including:

• Device model and manufacturer
• Operating system and version
• App version
• Unique device identifiers
• Mobile network information

This information helps us provide a consistent experience, troubleshoot issues, and ensure platform security.

2.6 Location & Geo-Reward Data

When you use location-based features (such as geo-rewards), we collect:

• GPS coordinates: Your precise location at the time of a reward claim, including distance to the reward location
• GPS accuracy metrics: Signal accuracy and confidence data to verify genuine physical presence
• Claim and redemption locations: For two-step rewards (Geo + QR), both the initial claim location and the redemption location are recorded
• Time patterns: Timestamps of claims, time between viewing a reward and claiming it, session duration, and visit frequency

We collect this location intelligence data to improve reward targeting and provide more relevant offers near you, to prevent fraud and ensure fair reward distribution for all users, and to enhance platform safety through anti-spoofing measures.

2.7 Reward & Campaign Interaction Data

When you interact with rewards and business campaigns, we collect:

• Reward claim history (which rewards you claimed, when, and where)
• Mystery Reward tier results (which tier you received in randomized rewards)
• Redemption code usage (for two-step Geo + QR claims)
• Referral code activity (codes you shared and codes used by others)
• XP points earned and streak bonus history
• View-to-claim timing (how long between seeing a reward and claiming it)
• Campaign engagement metrics (views, saves, shares)

This data helps us optimize campaign performance and provide you with more relevant reward opportunities.

2.8 Automatically Collected Information

• Usage data (features used, time spent, interactions)
• Log data (IP address, crash reports, performance data)
• Session duration and navigation patterns
• Search queries within the app

2.9 Fraud Prevention & Platform Integrity Data

To maintain a fair and secure platform for all users, we collect and process:

• Fraud prevention signals: We use proprietary technology to detect and prevent fraudulent activity, including multi-account abuse and location spoofing. These systems operate on anonymized data and do not identify specific individuals.
• Behavioral patterns: Claim velocity, timing patterns, and usage signals that help distinguish genuine users from automated or fraudulent activity

2.10 Enterprise Account Data

For enterprise (business) customers, we additionally collect:

• Business registration information
• Enterprise handle (@businessname)
• Team member information (staff names, roles, permissions)
• Campaign configuration and performance data
• Business hours, contact information, and social media links as provided by the business

3. How We Use Your Information

We use your information to:

• Provide and maintain our services
• Process transactions and send transaction notifications
• Enable fitness challenges and step-based competitions
• Distribute USDC rewards and process payments
• Personalize your experience with AI-powered features
• Send important service updates and security alerts
• Improve our app through analytics and research
• Comply with legal obligations and prevent fraud
• Improve reward targeting and provide more relevant offers to you
• Prevent fraud and ensure fair reward distribution across the platform
• Optimize campaign performance for business partners
• Enhance platform safety through anti-spoofing measures
• Provide aggregated, anonymized analytics to business partners to help them understand campaign effectiveness
• Power content discovery and personalized recommendations

4. Data Sharing and Disclosure

4.1 We Share Your Information With:

• Service Providers: Firebase (Google), Circle (USDC payments), health data providers
• Payment Processors: Apple App Store, Google Play, Samsung Galaxy Store
• Reward Campaign Providers (Businesses & Creators): When you claim a geo/QR reward or visit a participating business, your display name, email address, and phone number (if provided) are shared with that business or creator to enable direct customer communications, promotional offers, and campaign analytics. See Terms of Service Section 10.11 for full details
• Enterprise Customers (Anonymized Only): Enterprise business customers receive aggregated, anonymized analytics about their campaign performance. Enterprise customers cannot identify individual users through the data we provide. Raw user data is retained by Lucilla and is never shared with enterprise customers in identifiable form
• Legal Requirements: When required by law or to protect our rights

4.2 Data Ownership & Usage

Lucilla Technologies Inc. owns and retains all data generated through your use of the platform. We use this data to operate, improve, and personalize our services.

• We do not currently sell your personal data to any third parties
• We may analyze anonymized usage patterns and activity data to improve our services and platform features
• In the future, we may engage in partnerships that involve sharing aggregated, anonymized data — we will notify users in advance and update these terms accordingly
• We do not share your health data without explicit consent
• We do not use your data for third-party advertising without permission
• When you claim rewards from a business or creator, your basic contact information (name, email, phone) is shared with that reward provider to enable direct customer relationship and communications
• You always retain the right to export or delete your personal data

5. Health Data Privacy (HIPAA Compliance)

Your health and fitness data is protected under strict security measures:

• Encrypted in transit and at rest
• Stored securely in HIPAA-compliant infrastructure
• Only accessible by you and authorized services you approve
• You can delete your health data at any time

6. Blockchain & Cryptocurrency Disclosures

Lucilla integrates cryptocurrency functionality for rewards and payments. Important disclosures:

6.1 USDC Stablecoin

• USDC is a digital stablecoin pegged to the US Dollar, issued by Circle Internet Financial
• USDC transactions are recorded on the Base blockchain (Ethereum Layer 2), a public ledger
• While wallet addresses are pseudonymous, blockchain data is permanent and publicly visible
• We do not control or have the ability to modify blockchain data once recorded

6.2 Cryptocurrency Risks

IMPORTANT: Cryptocurrency involves significant risks:

• Volatility Risk: While USDC is designed to maintain a 1:1 peg with USD, no guarantee exists that this peg will always be maintained
• Regulatory Risk: Cryptocurrency regulations vary by jurisdiction and may change. You are responsible for compliance with your local laws
• Irreversibility: Blockchain transactions cannot be reversed once confirmed. Sending to wrong addresses results in permanent loss
• Custodial Risk: Wallets are non-custodial; you are solely responsible for safeguarding your wallet credentials
• Smart Contract Risk: While audited, smart contracts may contain bugs or vulnerabilities
• Network Risk: Blockchain networks may experience congestion, delays, or outages

6.3 Not Financial Advice

Lucilla does not provide investment, financial, tax, or legal advice. Any cryptocurrency features are provided "as-is" for rewards and payment purposes only. Consult qualified professionals for financial decisions.

6.4 Jurisdiction & Geographic Restrictions

While Lucilla's core features (health tracking, social, Step Matches) are available worldwide, certain cryptocurrency services have geographic restrictions:

• Transak On/Off-Ramp: Fiat-to-crypto conversion services (buy/sell USDC) are NOT available in approximately 80 countries including China, Russia, Nigeria, Iran, North Korea, and others due to Transak's compliance requirements. See full list at Transak Compliance.
• Wallet & P2P Transfers: Self-custodial crypto wallets and peer-to-peer transfers are available worldwide where not prohibited by local law.
• User Responsibility: You are responsible for ensuring compliance with local regulations regarding cryptocurrency use in your jurisdiction.

Data Retention & Deletion Schedule

Lucilla retains personal data only as long as necessary to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. When you delete your account, most personal data is removed immediately. Some records must be retained for a fixed period due to Canadian money-services-business law (FINTRAC, under the Proceeds of Crime Act), the Canada Revenue Agency business-records rule, and similar laws where you reside. The table below lists exactly what we keep, for how long, and why.

The retention vault. On the day you delete your account, the records marked "5 years, then purged" are moved into a locked retention vault that only compliance auditors can access. You can no longer see or control them, but they exist for audit response until the retention period ends. Once the 5-year retention period expires, a scheduled process permanently deletes the vault record for that user.

Why we link identity to transaction records. FINTRAC's record-keeping rules require that a money-services business be able to identify the person behind any transaction it processed. Keeping only the wallet address and amount isn't enough — regulators need to know which real person held that wallet. This is why your name, email, phone, and date of birth stay in the vault alongside your transaction history.

Your rights. GDPR (EU), CCPA (California), and Canadian privacy law all grant a right to erasure. That right is subject to a legal-obligation exception (GDPR Article 17(3)(b); CCPA § 1798.105(d)) which is what the retention above relies on. You may always request a copy of your retained records by emailing privacy@lucilla.ca. If you believe your data has been retained longer than necessary, or you want to dispute the retention, contact the same address — we respond within 30 days.

Partial data deletion. You may request deletion of specific data categories without deleting your whole account (social posts, journal, step history, device identifiers, subscription tracking) via /delete-data. Reward claims, match history, and transactions cannot be partially deleted — those are governed by FINTRAC retention and are only removed via full account deletion into the retention vault.

7. Your Rights & Choices

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate information
• Deletion: Delete your account and associated data
• Data Portability: Export your data in a machine-readable format
• Opt-Out: Disable location tracking, push notifications, or marketing emails

7.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:

• Right to Know: You can request details about the categories and specific pieces of personal information we have collected about you
• Right to Delete: You can request deletion of your personal information, subject to certain legal exceptions
• Right to Opt-Out of Sale: We do not sell your personal information. If this changes, we will provide a "Do Not Sell My Personal Information" mechanism
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• Right to Correct: You can request correction of inaccurate personal information
• Right to Limit Use of Sensitive Personal Information: You can limit how we use sensitive personal information (such as precise geolocation) to purposes necessary for providing services

To exercise these rights, contact us at s.borjas@lucilla.ca. We will respond within 45 days.

7.2 European Users (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:

• Right to Access: Obtain a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time for processing based on consent

Legal Bases for Processing:

• Contract: To provide our services to you
• Legal Obligation: Tax reporting, KYC/AML compliance
• Legitimate Interest: Fraud prevention, service improvement, platform security
• Consent: Marketing communications, optional data sharing, location-based features

To exercise these rights, contact our Data Protection contact at s.borjas@lucilla.ca.

7.3 Canadian Users (PIPEDA)

Canadian users have rights under the Personal Information Protection and Electronic Documents Act, including the right to access, correct, and withdraw consent for the collection and use of personal information.

7.4 Other Jurisdictions

Residents of Virginia, Colorado, Connecticut, Nevada, and other states with consumer privacy laws have rights similar to those described above under their respective state laws. Contact us to exercise these rights.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide services:

• Account data: Until you delete your account
• Health data: Deleted within 30 days of account deletion
• Transaction records: 7 years (federal compliance requirement)
• KYC verification documents: 7 years (federal compliance requirement)
• Reward claim and campaign data: Duration of account plus 2 years
• Location intelligence data: 1 year for detailed data; aggregated anonymized data retained indefinitely
• Blockchain transactions: Permanent (immutable on-chain)

Even if you delete your account, transaction data and compliance records will be retained for the full 7-year period to comply with federal law.

9. Children's Privacy & Age-Based Access

Lucilla is not directed to children under 13. We do not knowingly collect personal information from anyone under the minimum age that applies in their jurisdiction: 13 in the United States (COPPA), 14 in most Latin American countries, 15 in France, and 16 in Germany and most EU member states (GDPR-K). If we learn a user is under the applicable minimum age, we will delete the account and associated data.

Paid step-match competitions require users to be at least 18 years old (19+ in British Columbia, Alberta, Manitoba, Quebec, Nova Scotia, and PEI). Age is verified in two stages:

1. At point of entry: when a user selects a monetary commitment on the Set Game Mode screen, the app reads their stored date of birth and blocks the selection if they are under 18 or have not added a date of birth yet. Free matches remain available to all ages.
2. At identity verification: when cumulative annual winnings reach the identity-verification threshold (currently USD 600, aligned with the US IRS 1099-MISC trigger), the user is required to upload a government ID. Our automated document verification reads the real date of birth off the ID.

If the ID shows the user is under 18:

• New paid-match entry is blocked going forward. Free matches, rewards, and social features remain available.
• Matches already in progress complete normally — it would be unfair to cancel on opponents who entered in good faith.
• USDC already credited to the user's wallet from prior matches remains with the user. Lucilla does not and cannot reverse settled on-chain transactions.
• The user may re-verify at any time via Account Settings → Identity Verification. A successful re-verification showing 18+ immediately restores paid-match access. This is a compliance hold, not a permanent ban.
• Appeals for mis-identification may be sent to social@lucilla.ca.

10. Security

We implement industry-standard security measures including:

• End-to-end encryption for sensitive data
• Secure authentication (OAuth, biometric login)
• Regular security audits and penetration testing
• SOC 2 Type II compliant infrastructure (Firebase, Circle)
• Role-based access controls for internal data access
• Audit logging of all data access by personnel

11. International Users

Your data may be transferred to and processed in countries outside your residence, primarily the United States and Canada. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required.

App distribution footprint: The Lucilla app is currently distributed to approximately 145 countries on the Apple App Store and approximately 157 countries on the Google Play Store. Countries currently excluded from one or both stores due to US sanctions, regulatory restrictions, or pending local registrations include (non-exhaustive): Afghanistan, Algeria, Belarus, Bhutan, Brazil, Brunei, China mainland, Cuba, Egypt, India, Iran, Iraq, North Korea, Libya, Madagascar, Malawi, Mauritania, Morocco, Nepal, Pakistan, Russia, South Korea (App Store only), Syria, Türkiye (App Store only), Venezuela, and certain small-island territories. The authoritative list for your region is the regional Apple App Store or Google Play Store listing. EU/EEA users are served via Lucilla's appointed EU representative where required by the Digital Services Act.

12. Transaction Data Collection & AML Compliance

To comply with Anti-Money Laundering (AML) regulations and prevent financial crime, we collect and monitor extensive transaction data.

Data Collected

For every financial transaction, we automatically collect:

• Transaction Details: Amount, currency (USDC), timestamp, transaction hash
• Wallet Information: Sender and recipient wallet addresses
• User Identification: User IDs, usernames, display names
• Geographic Location: City, state, country, latitude/longitude coordinates
• Device Information: IP address, device type, operating system
• Transaction Metadata: Transaction type (send, match entry, subscription, etc.), memos, related IDs
• Risk Assessment: Automated risk scores (0-100 scale), compliance flags

Purpose of Collection

We collect this data to:

• Comply with Federal Law: Bank Secrecy Act (BSA), USA PATRIOT Act, FinCEN regulations
• Screen for Sanctions: OFAC (Office of Foreign Assets Control) sanctions compliance
• Detect Money Laundering: Identify structuring, unusual patterns, and suspicious activity
• Prevent Fraud: Monitor for fraudulent transactions and account takeovers
• Risk Assessment: Assign risk scores and flag high-risk transactions
• Regulatory Reporting: File Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) when required

Automated Decision Making

We use automated systems to make real-time decisions about your transactions:

• Risk Scoring: Every transaction receives an automated risk score (0-100) based on multiple factors
• Transaction Blocking: High-risk transactions (score of 95 or above) are automatically blocked
• KYC Triggers: Transactions over $1,000 automatically trigger identity verification requirements
• Velocity Limits: Automated enforcement of hourly (10) and daily (50) transaction limits
• Suspicious Activity Flagging: Transactions with scores of 50 or above are flagged for compliance review

Your Rights: You have the right to contest automated decisions by contacting our compliance team at s.borjas@lucilla.ca. We will review flagged transactions manually upon request.

Data Storage Locations

Transaction data is stored in multiple locations for compliance and operational purposes:

• User Transaction History: Your personal transaction log
• Global Compliance Ledger: Master transaction database for AML monitoring
• AML Screening Records: Risk scores, flags, and screening results
• Suspicious Activity Alerts: High-risk transaction records
• Compliance Alerts: Internal compliance team notifications

Data Retention

Transaction data is retained for 7 years as required by the Bank Secrecy Act (31 CFR 1010.430). This includes:

• All transaction records and receipts
• KYC verification documents (ID scans, selfies)
• Risk assessment results and compliance flags
• Suspicious Activity Reports (SARs) and supporting documentation
• Communication records related to transactions

Note: Even if you delete your account, transaction data will be retained for the full 7-year period to comply with federal law.

Data Sharing for Compliance

We may share your transaction data with:

• Law Enforcement: Federal, state, and local law enforcement agencies pursuant to legal process (subpoenas, court orders, search warrants)
• FinCEN: Financial Crimes Enforcement Network (Suspicious Activity Reports, Currency Transaction Reports)
• OFAC: Office of Foreign Assets Control for sanctions compliance
• Regulatory Agencies: SEC, CFTC, state financial regulators when required
• Service Providers: Cloud infrastructure (Google Firebase), compliance tools, and security services under strict confidentiality agreements

We do NOT:

• Sell your transaction data to third parties
• Share data for marketing purposes
• Provide data to unauthorized parties

Monitoring Technologies

We employ the following automated monitoring technologies:

• Velocity Monitoring: Tracks transaction frequency in real-time
• Pattern Detection: Identifies structuring, round numbers, and anomalous behavior
• Geographic Analysis: Detects unusual location changes
• Network Analysis: Identifies relationships between wallets and users
• Behavioral Analytics: Compares transactions to historical patterns

Your Data Protection Rights

While compliance data must be retained, you have rights regarding other personal data:

• Access: Request copies of your transaction data
• Correction: Request correction of inaccurate information
• Explanation: Request explanation of risk scores and automated decisions
• Appeal: Contest transaction blocks or account suspensions

Limitations: We cannot delete transaction data before the 7-year retention period, modify blockchain records (which are immutable), or remove data subject to active investigations.

Security Measures

Transaction data is protected by:

• Encryption at rest and in transit (AES-256, TLS 1.3)
• Role-based access controls (only authorized compliance personnel)
• Audit logging of all data access
• Regular security assessments
• SOC 2 Type II compliant infrastructure

13. Cookies and Tracking

Our mobile app may use:

• Analytics SDKs for usage statistics
• Crash reporting tools
• Push notification services

We do not use cookies for advertising purposes. Our web properties (lucilla.app, enterprise dashboard) may use essential cookies for authentication and session management.

14. User-Generated Content & Moderation

Lucilla includes user-generated content (UGC) in the form of social feed posts, chat messages in 1v1/duo/squad match rooms, social rooms and live spaces, profile media, music reward uploads, business reviews, and reward-card customizations. We operate the following layered moderation system:

14.1 Pre-Publication Content Filtering

Before a post, chat message, or music upload is published we run automated filters that block:

• Hate speech, slurs, and discriminatory language
• Threats of violence, dox threats, and harassment
• Explicit sexual content and child sexual abuse material (zero tolerance)
• Crypto / USDC scam patterns (seed-phrase requests, impersonation giveaways)
• Spam, mass-posting, and rate-limit violations

14.2 Reporting (Post-Publication)

Every post and profile has a Report button that lets any user submit a report with one of these categories: spam, harassment, hate speech, violence or threats, nudity or sexual content, illegal activity, self-harm, scam or fraud, misinformation, or other.

Reports are stored immutably and reviewed by our moderation team. The reporting system is rate-limited (no more than 20 reports per user per 24 hours) to prevent coordinated brigading.

14.3 Automatic Takedown Thresholds

• 3 valid reports in a 30-day window: post is automatically hidden from the feed pending human moderator review.
• 10 valid reports in a 30-day window: post is automatically removed; even direct links no longer render the content.
• Human review SLA: we aim to review every auto-hidden post within 24 hours.

14.4 Blocking

Every profile has a Block button. Blocking another user hides their posts, severs any follow relationship in both directions, and prevents direct messaging. Blocks are bilateral and enforced server-side.

14.5 Data Written by Moderation Actions

When you file a report we record your Lucilla account ID, the reported post ID, the reason category, and the timestamp. When you block a user we record the block timestamp and the two account IDs. This data is retained for the life of the account and deleted on account deletion. Appeals for moderation decisions may be sent to social@lucilla.ca.

15. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or in-app notification. Continued use after changes constitutes acceptance.

16. Contact Us

For questions about this Privacy Policy, GDPR / PIPEDA / CCPA rights requests, and data-deletion requests:

• Email: s.borjas@lucilla.ca
• Website: lucilla.ca

For abuse reports, UGC moderation, and in-app support: social@lucilla.ca.

To exercise any of your data rights, contact us at the email above. We will respond within 30 days (or 45 days for CCPA requests).