Legal

Privacy Policy

How Lugs handles local-first watch collection data, optional cloud backup, analytics, crash diagnostics, and GDPR rights.

Last updated: May 13, 2026

The short version: Lugs is local-first. Your watch collection lives on your device. There is no account, no signup, no email, and no login. We don’t know who you are. Cloud backup and restore is an optional Lugs+ feature. When enabled, your collection data and photos are hosted in the EU. App analytics and crash reporting are opt-in and go to EU servers. The Lugs website uses Vercel Web Analytics and Speed Insights for privacy-preserving page and performance measurement.

1. Who We Are

Lugs is developed by Ovidiu-Cristian Damian, an independent developer based in Romania. For questions about this policy or your data:

Email: damian@leveluplabs.eu

2. Data We Collect

Data you provide:

• Watch collection information (brands, models, serial numbers, photos, purchase details, service records)
• Wear tracking data and accuracy measurements
• Wishlist items and market valuations

Data collected automatically:

• Device identifier (anonymous UUID) - for app functionality, rate limiting, and promo code tracking
• Device type and OS version - for compatibility
• Website pageview and performance telemetry through Vercel Web Analytics and Speed Insights. Custom website events use fixed allowlists only, such as app-store platform, CTA placement, FAQ identifier, gallery interaction type, and scroll depth. They do not include watch collection data, account identifiers, device IDs, search terms, raw URLs, query strings, hrefs, labels, visible text, referrers, or arbitrary payloads.

Optional anonymous diagnostics (only when Share Analytics is enabled):

• App usage analytics (screens viewed, features used) via PostHog (EU) - only when Share Analytics is enabled. You can opt out at any time in Settings.
• Crash reports and error logs via Sentry (EU) - only when Share Analytics is enabled. Sentry is initialized only if analytics consent is granted.

What we do NOT collect:

• Email addresses - there is no signup or account creation
• Phone numbers
• Names or any personal identity information
• Location data

3. Legal Basis for Processing (GDPR)

• Legitimate interest: Core app functionality (storing and displaying your watch collection, wear logs, service records). This is the data you explicitly enter for the app to work.
• Consent: Optional cloud backup to Supabase, analytics via PostHog, and crash diagnostics via Sentry. You can opt out at any time.
• Legitimate interest: Privacy-preserving website analytics and performance measurement via Vercel Web Analytics and Speed Insights.
• Contract performance: Processing premium subscription purchases via RevenueCat and the app stores.

4. Data Storage

• Local storage: All watch data is stored locally on your device using SQLite. The app works fully offline. This is the default for all users.
• Cloud backup (optional, Lugs+ only): The app may create an anonymous Supabase session so backup and recovery are ready without a login. Your collection data and photos are only uploaded if you enable cloud backup. Backed-up data is hosted in the EU (Frankfurt, Germany).
• Photos: Watch photos are stored on your device. If cloud backup is enabled, photos may be uploaded to secure cloud storage in the EU.
• Security: All data in transit is encrypted via HTTPS/TLS.

5. How We Use Your Data

• To provide and maintain the app’s core functionality
• To back up your collection if you opt in to cloud backup
• To process premium subscriptions
• To generate insurance documents and export data at your request
• To improve app performance and fix bugs (via analytics and crash reports)
• To understand aggregate website traffic and performance without collecting watch collection data
• To prevent abuse (rate limiting via device identifier)

6. Third-Party Services

We do not sell, rent, or share your personal data for advertising or marketing. Your watch collection is yours.

We use the following service providers solely to operate the app and website:

• Supabase (EU - Frankfurt) - anonymous auth plus cloud database/storage for backed-up data (privacy policy)
• PostHog (EU) - anonymous usage analytics (privacy policy)
• Sentry (EU) - crash reporting and diagnostics (privacy policy)
• Vercel - website hosting, Web Analytics, and Speed Insights (privacy policy)
• RevenueCat - subscription management (privacy policy)
• Apple App Store / Google Play - payment processing for premium purchases

7. International Data Transfers

All primary app data processing occurs within the EU. RevenueCat may process some subscription-related data, and Vercel may process website analytics or performance telemetry, in the United States under standard contractual clauses. No watch collection data leaves the EU.

8. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

• Access your data - export your full collection anytime (JSON/CSV) from within the app
• Delete your data - use “Delete My Data” in the app’s Profile settings, or email us
• Portability - export and take your data with you in standard formats
• Rectification - correct any inaccurate data directly in the app
• Withdraw consent - disable cloud backup or app analytics at any time in Settings
• Lodge a complaint with Romania’s data protection authority (ANSPDCP) at www.dataprotection.ro

Since there is no account, local data is entirely under your control. Uninstalling the app removes all local data. Cloud-backed data can be deleted from the app settings or by emailing us.

9. Data Retention

Local data remains on your device until you delete it or uninstall the app. Cloud-backed data (Premium only) is retained while backup is active. If you request deletion, all cloud data is permanently removed within 30 days.

10. Children’s Privacy

Lugs is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have inadvertently collected data from a child, contact us and we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated through the app. Continued use of the app after changes constitutes acceptance of the updated policy.