Privacy Policy

Last Updated: February 19, 2026

1. Introduction

Welcome to Lucilla ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

• Account information (name, email address, phone number)
• Profile information (username, profile picture, date of birth)
• Payment information (processed securely through third-party payment processors)

2.1a Authentication & Identity Data

We collect identity and authentication data through multiple methods to verify users, prevent fraud, and protect the platform:

• Google Sign-In: When you sign in with Google, we receive your verified email address, display name, and profile photo from Google's authentication systems. Google's own security measures (2FA, suspicious login detection) provide additional identity assurance
• Apple Sign-In: When you sign in with Apple, we receive your verified email address (or Apple's private relay email) and display name from Apple's authentication systems. Apple's device-based biometric verification (Face ID, Touch ID) provides strong identity assurance
• Phone number: Collected for SMS verification, account recovery, two-factor authentication, and as an additional identity signal for fraud detection
• Location data: GPS coordinates collected for geo reward verification, geographic eligibility enforcement (paid match jurisdictional restrictions), and fraud prevention. Location data is only collected when actively using location-dependent features
• Government-issued ID: For users completing Tier 3+ identity verification, we collect images of government-issued photo ID (driver's license, passport, or government ID). ID images are used solely for identity verification and are stored securely with encryption at rest
• Live face verification: A live selfie captured via your device camera (camera-enforced — photo uploads are not accepted) is used for identity verification by comparing your face against your submitted ID. Face verification data is processed for identity matching and is not used for any other purpose
• Passkey and biometric data: Cryptographic passkeys are stored in your device's secure enclave and protected by your device's biometric authentication (fingerprint or face recognition). Lucilla does not store your biometric data — biometric verification is handled entirely on your device by the operating system. We only receive a cryptographic confirmation that authentication succeeded

Why we collect this data: This information is collected as a protective measure to verify user identity, prevent bot activity, detect and prevent fraud, enforce age restrictions for paid matches, comply with KYC/AML regulations, and maintain the integrity of the platform. Passkey-protected posting ensures that every post, comment, and social interaction on Lucilla is made by a verified human being.

2.1b Onramp Provider Data

When you purchase or sell USDC through the in-app Coinbase integration:

• Coinbase handles all onramp KYC: Coinbase independently collects and verifies your identity as required by financial regulations. Lucilla does not receive or store the identity documents you submit to Coinbase
• Data shared by Coinbase: Coinbase provides Lucilla only with the transaction result (amount of USDC purchased/sold and the destination wallet address). Coinbase does not share your banking details, identity documents, or financial account information with Lucilla
• Coinbase's privacy policy: Your interactions with Coinbase are governed by Coinbase's Privacy Policy. Lucilla is not responsible for Coinbase's data collection or handling practices

2.2 Health & Fitness Data

With your explicit consent, we collect:

• Step count data from Health Connect, Apple Health, Samsung Health, or Google Fit
• Activity data for fitness challenges and tracking
• Location data for geo-based rewards (only when you opt-in)
• Heart rate data from Fitbit (daily summary only — resting heart rate and heart rate zone minutes: Out of Range, Fat Burn, Cardio, Peak). This data is used for anti-cheat validation in paid step matches (see Section 2.3a below)

2.3 Wearable & Fitness Device Data

When you connect a wearable or fitness device to Lucilla, we collect:

• Step count data from connected wearables and phone pedometers
• Device type and model (e.g., Fitbit Charge 6, Apple Watch Series 9)
• Sync method (native sync via HealthKit/Health Connect/Fitbit API, or bridge sync via companion apps like Garmin Connect, Zepp, Polar Flow, COROS, Mi Fitness, Suunto, and Health Sync for Huawei devices)
• Device accuracy tier classification
• Health Connect permissions and connected data sources (Android)
• HealthKit permissions and connected data sources (iOS)
• Workout and activity session data for intraday match verification

How We Use Wearable Data:

• To verify step counts in competitions and determine winners
• To enforce device eligibility rules for paid matches (8% maximum error rate)
• To detect potential cheating or data manipulation
• To provide personalized health insights (with your consent)
• We do not sell your health or fitness data to third parties
• Wearable data is stored securely and encrypted at rest

Disconnecting Your Wearable: You can disconnect your wearable device at any time through the app settings. Please note that disconnecting a wearable will prevent your participation in matches that require that device as a verified step source.

2.3a Anti-Cheat Validation Data

For participants in paid step matches, we collect and store additional data for Fair Play validation purposes:

• Heart rate baseline: A rolling 7-day average of your resting heart rate, used to establish your personal activity baseline
• Match validation records: For each paid match, we store your raw step count, verified step count, confidence score, validation flags, and heart rate zone data for the match date
• Anti-cheat summary: Aggregated validation statistics including total matches validated, total flagged, and average confidence score

How This Data Is Used:

• To cross-reference heart rate activity with step counts and detect potential manipulation (e.g., high steps with no corresponding heart rate elevation)
• To calculate your confidence score and verified step count for fair winner determination
• To maintain match integrity records for dispute resolution
• We do not use this data for health assessments, medical purposes, or share it with third parties
• Anti-cheat records are retained for the duration of your account plus 1 year for dispute resolution

2.4 Wallet & Transaction Data

For users utilizing our USDC wallet features:

• Blockchain wallet addresses
• Transaction history (stored on public blockchain)
• Payment receipts and subscription records

2.5 Automatically Collected Information

• Device information (model, operating system, unique device identifiers)
• Usage data (features used, time spent, interactions)
• Log data (IP address, crash reports, performance data)

3. How We Use Your Information

We use your information to:

• Provide and maintain our services
• Process transactions and send transaction notifications
• Enable fitness challenges and step-based competitions
• Distribute USDC rewards and process payments
• Personalize your experience with AI-powered features
• Send important service updates and security alerts
• Improve our app through analytics and research
• Comply with legal obligations and prevent fraud

4. Data Sharing and Disclosure

4.1 We Share Your Information With:

• Service Providers: Firebase (Google), Circle (USDC payments), health data providers
• Payment Processors: Circle (USDC wallet transactions), Coinbase (fiat-to-USDC onramp/offramp)
• Reward Campaign Providers (Businesses & Creators): When you claim a geo/QR reward or visit a participating business, your display name, email address, and phone number (if provided) are shared with that business or creator to enable direct customer communications, promotional offers, and campaign analytics. See Terms of Service Section 10.5 for full details
• Legal Requirements: When required by law or to protect our rights

4.2 Data Ownership & Usage

Lucilla Technologies Inc. owns and retains all data generated through your use of the platform. We use this data to operate, improve, and personalize our services.

• We do not currently sell your personal data to any third parties
• We may analyze anonymized usage patterns and activity data to improve our services and platform features
• In the future, we may engage in partnerships that involve sharing aggregated, anonymized data — we will notify users in advance and update these terms accordingly
• We do not share your health data without explicit consent
• We do not use your data for third-party advertising without permission
• You always retain the right to export or delete your personal data

5. Health Data Privacy (HIPAA Compliance)

Your health and fitness data is protected under strict security measures:

• Encrypted in transit and at rest
• Stored securely in HIPAA-compliant infrastructure
• Only accessible by you and authorized services you approve
• You can delete your health data at any time

6. Blockchain & Cryptocurrency Disclosures

Lucilla integrates cryptocurrency functionality for rewards and payments. Important disclosures:

6.1 USDC Stablecoin

• USDC is a digital stablecoin pegged to the US Dollar, issued by Circle Internet Financial
• USDC transactions are recorded on the Base blockchain (Ethereum Layer 2), a public ledger
• While wallet addresses are pseudonymous, blockchain data is permanent and publicly visible
• We do not control or have the ability to modify blockchain data once recorded

6.2 Cryptocurrency Risks

IMPORTANT: Cryptocurrency involves significant risks:

• Volatility Risk: While USDC is designed to maintain a 1:1 peg with USD, no guarantee exists that this peg will always be maintained
• Regulatory Risk: Cryptocurrency regulations vary by jurisdiction and may change. You are responsible for compliance with your local laws
• Irreversibility: Blockchain transactions cannot be reversed once confirmed. Sending to wrong addresses results in permanent loss
• Custodial Risk: Wallets are non-custodial; you are solely responsible for safeguarding your wallet credentials
• Smart Contract Risk: While audited, smart contracts may contain bugs or vulnerabilities
• Network Risk: Blockchain networks may experience congestion, delays, or outages

6.3 Not Financial Advice

Lucilla does not provide investment, financial, tax, or legal advice. Any cryptocurrency features are provided "as-is" for rewards and payment purposes only. Consult qualified professionals for financial decisions.

6.4 Jurisdiction & Geographic Restrictions

While Lucilla's core features (health tracking, social, Step Matches) are available worldwide, certain cryptocurrency services have geographic restrictions:

• Coinbase On/Off-Ramp: Lucilla uses Coinbase for fiat-to-crypto and crypto-to-fiat conversion (buying and selling USDC). Coinbase handles its own KYC/identity verification. Availability depends on your country and Coinbase's compliance requirements. For details, see Coinbase User Agreement and Circle Developer Docs.
• Wallet & P2P Transfers: Self-custodial crypto wallets (powered by Circle) and peer-to-peer transfers are available worldwide where not prohibited by local law. See Circle Legal for details.
• USDC In-App Usage: Lucilla does not sell USDC directly. USDC is used within the app for subscriptions (Lucilla+ and Creator plans), step match entries, tipping creators, and purchasing content. All subscription and in-app payments are made exclusively with USDC from your Lucilla wallet — the app is free to download on all app stores and does not use Apple, Google, or Samsung in-app purchase systems.
• User Responsibility: You are responsible for ensuring compliance with local regulations regarding cryptocurrency use in your jurisdiction.

7. Your Rights & Choices

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate information
• Deletion: Delete your account and associated data
• Data Portability: Export your data in a machine-readable format
• Opt-Out: Disable location tracking, push notifications, or marketing emails

8. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Health data is deleted within 30 days of account deletion. Blockchain transactions are permanent.

9. Age Requirements & Minors

Lucilla is available to users aged 13 and older. Users under 13 may not create an account.

• Ages 13-17: May use all app features including free step matches, social features, AI journal, content creation, voice/video rooms, and earning USDC from rewards and referrals
• Ages 18+: Required only for paid step matches (skill-based competitions with USDC entry commitments) due to financial contract and KYC/AML regulatory requirements

Why 18+ for paid matches only? Paid step matches involve USDC financial commitments, which are legally classified as contracts. Minors lack legal capacity to enter binding financial contracts under most jurisdictions. Additionally, KYC/AML regulations (Bank Secrecy Act, FinCEN) require adult identity verification for financial transactions. This is the same requirement used by StepBet, HealthyWage, and DietBet. Free matches have no financial component and are available to all users 13+.

If you believe we have collected data from a child under 13, contact us immediately.

10. Social Feed, Content Safety & Anti-Bot Measures

10.1 No Social Feed Advertising

Lucilla does not inject advertisements into your social feed. There are no banner ads, pop-up ads, interstitial ads, sponsored posts, or promoted content in your feed. Your social experience is entirely organic — content is surfaced based on engagement and community interaction, not paid ad placements.

Geo/QR Reward Campaigns: Lucilla does offer Geo/QR reward campaigns, where businesses and creators can place USDC rewards at physical locations or on QR codes. These are opt-in promotional rewards that users choose to seek out — they are not injected into your social feed or displayed as advertisements within the app's content stream. Geo/QR campaigns appear only on the dedicated Rewards Map and are clearly identified as business-placed promotional rewards.

10.1a Geo/QR Reward Campaigns — Advertiser Data & Liability

Businesses and creators who use Lucilla's Geo/QR reward features to promote products, services, or physical locations should be aware of the following:

• Campaign data collected: We collect and store campaign metadata including reward location coordinates, reward amounts, claim counts, campaign duration, and advertiser wallet addresses. This data is used to operate the reward system and provide campaign analytics.
• User claim data: When users claim geo/QR rewards, we record the claim timestamp, approximate claim location (GPS verification), and the claiming user's account. This data is shared with the campaign creator in aggregate form (claim counts, claim times) but not as individually identifiable user data.
• No verification of advertisers: Lucilla does not verify the identity, business legitimacy, licensing status, or regulatory compliance of advertisers or businesses using the Geo/QR reward features. Lucilla is a technology platform that facilitates the distribution of digital promotional rewards — we do not endorse, sponsor, or assume liability for any advertiser's business, products, services, or conduct.
• Advertiser responsibility: Advertisers and businesses are solely responsible for all legal, regulatory, tax, licensing, and compliance obligations associated with their business operations and promotional activities. See Terms of Service Section 10.4 for full details.
• Physical location safety: Lucilla does not inspect, verify, or guarantee the safety of any physical location promoted through geo rewards. Users should exercise their own judgment when visiting locations promoted through the platform. Lucilla is not liable for any injury, loss, trespassing claims, property damage, or environmental harm arising from visits to reward locations.

10.2 Content Filtering & User Controls

• Word Filtering: Users can set custom word filters to hide content containing words or topics they do not wish to see. Filtered content is hidden from your feed and search results.
• Content Moderation: All user-generated content is subject to community guidelines. Prohibited content (hate speech, harassment, explicit material, spam) is actively removed.
• Block & Report: Users can block other accounts and report content that violates community guidelines.

10.3 Passkey-Protected Posting, Campaigns & Anti-Bot System

• Passkey Authentication: Every post, comment, and content submission requires passkey verification, making it extremely difficult for bots or automated scripts to post content on the platform.
• Campaign Creation Protection: Creating any geo reward, QR reward, or advertising campaign requires biometric authentication (fingerprint or face recognition). This prevents bots, malicious actors, or unauthorized users from placing fraudulent or harmful promotional content on the Rewards Map or within the app.
• Anti-Bot Detection: Lucilla employs an active anti-bot detection system that monitors for automated behavior patterns, rapid posting, duplicate content, and other indicators of bot activity. Accounts exhibiting bot-like behavior are flagged for review and may be suspended.
• Human Verification: Combined with passkey and biometric authentication across both social content and advertising features, these measures ensure that the vast majority of content and campaigns on Lucilla are created by verified human users, not automated accounts or malicious actors.

10.4 Social Feed Algorithm

Content visibility in your social feed is determined by genuine engagement:

• Posts with higher likes, comments, and shares are surfaced more prominently
• Recently posted content from people you follow appears first
• Popular content from the community may appear in your Discover feed
• No paid promotion or "boosted posts" — visibility is earned through authentic engagement

10.5 Lucilla Web — Community Health Journals

Lucilla Web (lucilla.app) is a public platform where users can share their AI journal entries with the community:

• Search & Discover: Browse and search shared health journals by topic, keyword, or category to learn from others' health experiences
• Community Engagement: Comment on, like, and share journal entries to support fellow users and build community knowledge
• Health Guidance: Find community guidance on wellness topics, fitness strategies, nutrition, mental health, and personal growth
• Privacy by Default: Journals are private unless you explicitly choose to share them (see Terms Section 9 for full journal privacy details)
• Anonymous Sharing: Shared journals can be posted anonymously — your username is not revealed unless you opt in

11. Security

We implement industry-standard security measures including:

• End-to-end encryption for sensitive data
• Secure authentication via Google Sign-In, Apple Sign-In, passkey, and biometric verification
• Passkey-protected posting — all social posts, comments, and content submissions require cryptographic passkey authentication, making it extremely difficult for bots or automated scripts to operate on the platform
• Biometric-protected wallet transactions — all USDC transfers, match entries, and financial actions require device-level biometric or passkey confirmation
• Regular security audits and penetration testing
• SOC 2 Type II compliant infrastructure (Firebase, Circle)
• Anti-bot detection systems monitoring for automated behavior patterns, rapid posting, and duplicate content

12. International Users

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place for international transfers.

13. Transaction Data Collection & AML Compliance

To comply with Anti-Money Laundering (AML) regulations and prevent financial crime, we collect and monitor extensive transaction data.

Data Collected

For every financial transaction, we automatically collect:

• Transaction Details: Amount, currency (USDC), timestamp, transaction hash
• Wallet Information: Sender and recipient wallet addresses
• User Identification: User IDs, usernames, display names
• Geographic Location: City, state, country, latitude/longitude coordinates
• Device Information: IP address, device type, operating system
• Transaction Metadata: Transaction type (send, match entry, subscription, etc.), memos, related IDs
• Risk Assessment: Automated risk scores (0-100 scale), compliance flags

Purpose of Collection

We collect this data to:

• Comply with Federal Law: Bank Secrecy Act (BSA), USA PATRIOT Act, FinCEN regulations
• Screen for Sanctions: OFAC (Office of Foreign Assets Control) sanctions compliance
• Detect Money Laundering: Identify structuring, unusual patterns, and suspicious activity
• Prevent Fraud: Monitor for fraudulent transactions and account takeovers
• Risk Assessment: Assign risk scores and flag high-risk transactions
• Regulatory Reporting: File Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) when required

Automated Decision Making

We use automated systems to make real-time decisions about your transactions:

• Risk Scoring: Every transaction receives an automated risk score (0-100) based on multiple factors
• Transaction Blocking: High-risk transactions (score ≥95) are automatically blocked
• KYC Triggers: Transactions over $1,000 automatically trigger identity verification requirements
• Velocity Limits: Automated enforcement of hourly (10) and daily (50) transaction limits
• Suspicious Activity Flagging: Transactions with scores ≥50 are flagged for compliance review

Your Rights: You have the right to contest automated decisions by contacting our compliance team at social@lucilla.ca. We will review flagged transactions manually upon request.

Data Storage Locations

Transaction data is stored in multiple locations for compliance and operational purposes:

• User Transaction History: Your personal transaction log (Users/{uid}/transactions/)
• Global Compliance Ledger: Master transaction database for AML monitoring (AllTransactions/)
• AML Screening Records: Risk scores, flags, and screening results (AMLScreenings/)
• Suspicious Activity Alerts: High-risk transaction records (SuspiciousActivity/)
• Compliance Alerts: Internal compliance team notifications (ComplianceAlerts/)

Data Retention

Transaction data is retained for 7 years as required by the Bank Secrecy Act (31 CFR 1010.430). This includes:

• All transaction records and receipts
• KYC verification documents (ID scans, selfies)
• Risk assessment results and compliance flags
• Suspicious Activity Reports (SARs) and supporting documentation
• Communication records related to transactions

Note: Even if you delete your account, transaction data will be retained for the full 7-year period to comply with federal law.

Data Sharing for Compliance

We may share your transaction data with:

• Law Enforcement: Federal, state, and local law enforcement agencies pursuant to legal process (subpoenas, court orders, search warrants)
• FinCEN: Financial Crimes Enforcement Network (Suspicious Activity Reports, Currency Transaction Reports)
• OFAC: Office of Foreign Assets Control for sanctions compliance
• Regulatory Agencies: SEC, CFTC, state financial regulators when required
• Service Providers: Cloud infrastructure (Google Firebase), compliance tools, and security services under strict confidentiality agreements

We do NOT:

• Sell your transaction data to third parties
• Share data for marketing purposes
• Provide data to unauthorized parties

Monitoring Technologies

We employ the following automated monitoring technologies:

• Velocity Monitoring: Tracks transaction frequency in real-time
• Pattern Detection: Identifies structuring, round numbers, and anomalous behavior
• Geographic Analysis: Detects unusual location changes
• Network Analysis: Identifies relationships between wallets and users
• Behavioral Analytics: Compares transactions to historical patterns

Your Data Protection Rights

While compliance data must be retained, you have rights regarding other personal data:

• Access: Request copies of your transaction data
• Correction: Request correction of inaccurate information
• Explanation: Request explanation of risk scores and automated decisions
• Appeal: Contest transaction blocks or account suspensions

Limitations: We cannot delete transaction data before the 7-year retention period, modify blockchain records (which are immutable), or remove data subject to active investigations.

Security Measures

Transaction data is protected by:

• Encryption at rest and in transit (AES-256, TLS 1.3)
• Role-based access controls (only authorized compliance personnel)
• Audit logging of all data access
• Regular security assessments
• SOC 2 Type II compliant infrastructure

14. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or in-app notification. Continued use after changes constitutes acceptance.

15. Contact Us

If you have questions or concerns about this Privacy Policy:

• Email: social@lucilla.ca
• Website: lucilla.ca

16. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purpose for collecting it, and the categories of third parties with whom we share it
• Right to Delete: You may request deletion of your personal information, subject to certain legal exceptions
• Right to Correct: You may request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information as defined under CCPA/CPRA
• Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights

Do Not Sell or Share My Personal Information: Lucilla does not sell your personal information to third parties for monetary consideration. We do not share your personal information for cross-context behavioral advertising. We do not participate in data brokers, ad exchanges, or programmatic advertising networks. To exercise any California privacy rights, contact us at social@lucilla.ca.

17. European Privacy Rights (GDPR)

EU/EEA residents have additional rights under the General Data Protection Regulation (GDPR):

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests

To exercise any GDPR right, contact us at social@lucilla.ca. We will respond within 30 days.

18. Cookies & Web Tracking

The Lucilla mobile app does not use browser cookies. However, our website (lucilla.ca, lucilla.app) may use:

• Essential cookies: Required for basic website functionality (login sessions, authentication tokens)
• Analytics: We may use Firebase Analytics and Google Analytics to understand app and website usage patterns. These services collect anonymized usage data including screen views, session duration, and general device information
• No advertising cookies: We do not use advertising cookies, tracking pixels, or retargeting technologies

19. Third-Party SDKs & Data Sharing

The Lucilla app integrates the following third-party SDKs that may collect or process data:

• Firebase (Google): Authentication, Cloud Firestore database, Cloud Functions, Firebase Analytics, Cloud Messaging (push notifications), Crashlytics (crash reporting). Data processed: anonymized usage analytics, crash logs, device identifiers for push notifications
• Circle: Programmable Wallets for USDC transactions. Data processed: wallet addresses, transaction records on Base blockchain
• Coinbase: Onramp/offramp for fiat-to-USDC conversion. Data processed: Coinbase handles its own KYC — see Coinbase's privacy policy
• Health Connect (Android) / HealthKit (iOS): Step count and health data access. Data processed: step counts, activity data — read locally on device, never sent to third parties
• Fitbit Web API: Step count retrieval for Fitbit users. Data processed: step counts, activity summaries via OAuth2 authorization
• Google Sign-In / Apple Sign-In: Authentication providers. Data processed: email address, display name, profile photo URL
• LiveKit: Real-time voice and video rooms. Data processed: audio/video streams during active room sessions (not recorded or stored)
• Local Authentication (Biometric): Device biometric verification. Data processed: none — biometric matching occurs entirely on-device, Lucilla receives only a boolean pass/fail result

We do not sell data to any of these providers. Data sharing is limited to what is strictly necessary for each service to function.

20. Parental Consent & Minor Users

Lucilla is available to users aged 13 and older. For users aged 13-17:

• We recommend that parents or legal guardians review these privacy practices before allowing minors to use the app
• Minors may use all free app features including step challenges, social features, AI journal, content creation, and earning USDC from rewards
• Paid step matches (requiring USDC entry commitments) are restricted to users 18+ due to financial contract regulations
• Creating geo/QR reward campaigns requires age 18+ and a Pro subscription
• Parents or guardians may request access to, correction of, or deletion of their child's data by contacting social@lucilla.ca

If you believe we have inadvertently collected information from a child under 13, please contact us immediately and we will promptly delete such data.