LuvSpotBack to home

Privacy Policy

Last updated: February 2026

1. Introduction

LuvSpot is a trading name of DateLead Ltd, a company registered in England (Company No. 17020430), with its registered office at 34 Northampton Square, London EC1V 0ES. References to "we", "us", and "our" mean DateLead Ltd trading as LuvSpot. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website, mobile application, and related services (the "Service").

DateLead Ltd is the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using the Service, you acknowledge that you have read and understood this policy.

2. Information We Collect

Information you provide

  • Account details: name, email address, date of birth, gender, password.
  • Profile information: photos, bio, physical attributes, lifestyle preferences, dietary requirements, and budget preferences.
  • Location data: your preferred date locations or postcodes.
  • Payment information: card details are collected and processed securely by Stripe. We do not store full card numbers on our servers.
  • Communications: messages sent through the in-app chat, support enquiries, and feedback.

Information for Venue owners

  • Business name, address, contact details, and business registration information.
  • Venue photos, descriptions, menus, and availability windows.

Information collected automatically

  • Device data: IP address, browser type, operating system, and device identifiers.
  • Usage data: pages visited, features used, time spent, and interaction patterns.
  • Cookies: we use essential cookies for authentication and optional analytics cookies to improve the Service.

3. How We Use Your Information

We process your personal data for the following purposes:

  • Providing the Service: creating your account, matching you with other users, generating venue recommendations, and facilitating bookings.
  • Payments: processing booking fees, cancellation charges, and refunds via Stripe.
  • Communication: sending you booking confirmations, reminders, availability nudges, and service updates.
  • Safety and moderation: investigating reports, enforcing our Terms of Service, preventing fraud, and maintaining platform integrity.
  • Improvement: analysing usage patterns to improve features, fix issues, and develop new functionality.
  • Legal compliance: meeting our legal obligations, responding to lawful requests, and protecting our rights.

4. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

  • Contract: processing necessary to provide the Service you have signed up for.
  • Legitimate interests: improving the Service, preventing fraud, and ensuring safety, where these interests do not override your rights.
  • Consent: where you have given explicit consent, such as for marketing communications or optional data sharing with your match.
  • Legal obligation: where processing is required by law.

5. What We Share

We share personal data only in the following circumstances:

  • With your match: limited profile information (first name, photos, preferences) is shared with users you are matched with, subject to your data-sharing settings.
  • With Venues: when a date is being arranged, we share limited, relevant information (dietary preferences, party size, budget range) with the venue. We do not share your full name or contact details with venues unless you choose to.
  • Service providers: we use trusted third parties for payment processing (Stripe), email delivery, hosting, and analytics. These providers process data on our behalf under strict contractual obligations.
  • Legal requirements: we may disclose data if required by law, regulation, legal process, or governmental request.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

We do not sell your personal data to third parties.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal, financial, or safety purposes (e.g., fraud prevention records may be kept for up to 6 years).

Photos are deleted from our servers promptly upon account deletion or when you remove them from your profile.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest.
  • Secure token-based authentication.
  • EXIF data stripping from uploaded photos to remove embedded location and device metadata.
  • Obfuscated file paths for stored media.
  • Access controls limiting who within our team can view personal data.

While we take reasonable precautions, no system is completely secure. We encourage you to use a strong, unique password for your account.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your data ("right to be forgotten").
  • Restriction: request that we limit how we process your data.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, contact us at privacy@luvspot.app. We will respond within one month.

9. Cookies

We use cookies and similar technologies for essential functionality (authentication, session management) and optional analytics. You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features.

10. International Transfers

Your data is primarily stored on servers within the United Kingdom and European Economic Area. Where data is transferred outside the UK/EEA (e.g., via third-party service providers), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

11. Children

The Service is not intended for anyone under 18. We do not knowingly collect personal data from children. If we become aware that a user is under 18, we will promptly delete their account and data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or a notice within the Service. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact and Complaints

For any questions or concerns about this policy or how we handle your data, contact us at privacy@luvspot.app.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.