Privacy Policy.

1. Who we are

Levva, S.A. is the data controller for the levva. application and website. We process your personal data under applicable national privacy laws in CV, AO and BR — including Cabo Verde Lei nº 41/VIII/2013 (data protection), Angola Lei nº 22/11 (data protection), and Brasil LGPD (Lei nº 13.709/2018).

Our Data Protection Officer can be reached at privacy@levva.app for any privacy-related question or request.

2. Categories of data we process

Account data: name, email address, phone number, date of birth, market, language preference, hashed password, and (optionally) avatar.

Identity data: for drivers and merchants, government ID, selfie biometric, vehicle registration and business documents — collected via our identity verification partner (Onfido).

Financial data: wallet balance, top-up and transfer history, ride and order history, ratings you give and receive, payment method tokens. We never store full card numbers — those are tokenized at the payment provider.

Location data: precise GPS coordinates while a ride or delivery is in progress, approximate location for "near me" search, and the city you set in your preferences.

Device + usage data: IP address, app version, OS, request ids, push notification token, error reports.

Communications: messages exchanged in support and the in-app chat (when shipped).

3. Legal bases (per Article 6 GDPR)

Performance of a contract (Art. 6(1)(b)): account creation, ride/order/payment processing, wallet operations, customer support.

Legitimate interests (Art. 6(1)(f)): fraud prevention, abuse detection, network security, aggregated product analytics. Our interest is balanced against your reasonable expectations as a user; you may object via privacy@levva.app.

Legal obligation (Art. 6(1)(c)): tax records, anti-money-laundering checks, retention of identity-verification data, response to law-enforcement requests under appropriate due process.

Consent (Art. 6(1)(a)): marketing communications, analytics cookies, push notifications. You can withdraw consent at any time without affecting prior processing.

4. How we use the data

Provide the service: matching you with drivers, restaurants, couriers, sellers, professionals, employers; routing payments; sending receipts and notifications.

Keep the service safe: detecting fraud, enforcing our Terms, complying with AML rules, responding to security incidents.

Improve the service: aggregated and anonymized analytics on flow conversion and feature usage. Personal identifiers are not used for product analytics where avoidable.

Communicate with you: transactional emails and push notifications (always on while you have an active account); marketing emails (only after you opt in).

5. Sub-processors

We use the following sub-processors to deliver the service. Each is bound by GDPR-compliant data processing terms. The list is updated as we add or replace providers — significant changes are notified at least 30 days in advance.

· Cloudflare (Workers, D1, KV, R2, Pages) — EU jurisdiction. Hosts user data, request logs, and the marketing site.

· Resend — transactional email delivery.

· SISP/Vinti4 — card processing in CV.

· Multicaixa Express — card processing in AO.

· Stripe (Ireland) — card and PIX processing in BR.

· Onfido — identity verification (drivers, merchants).

· OpenRouteService + Nominatim — routing and geocoding.

· Plausible Analytics — privacy-friendly product analytics (cookieless; gated behind your cookie consent).

· Sentry — error reporting (loaded server-side; no client-side fingerprinting).

6. International transfers

Customer data is stored on Cloudflare infrastructure (D1, KV, R2). Sub-processors are headquartered outside Cabo Verde, Angola and Brazil — Stripe is in Ireland, Onfido is UK-based, Cloudflare may route through US points of presence — under contractual data-protection clauses + supplementary measures (encryption in transit and at rest, no plaintext access by sub-processors).

7. Retention

Account data: kept while your account is active, plus the per-market statutory minimum (CV: 5 years, AO: 5 years, BR: 5 years per LGPD/CDC) for tax and AML compliance, whichever is longer.

Identity verification data: kept for the per-market statutory minimum after the last use of the wallet (typically 5 years).

Transaction history: kept for the per-market commercial-code minimum (typically 5–10 years).

Location traces during a ride/delivery: 90 days.

Generic logs + diagnostic data: 30 days for raw, 90 days for aggregated.

Marketing list: until you withdraw consent + 1 month for technical opt-out propagation.

8. Your rights

Under GDPR you have the rights to access, rectify, erase, restrict, port and object to processing of your personal data, and the right not to be subject to automated decisions with legal or similarly significant effects.

Most rights are exercisable directly in the app: Profile → Privacy. The data export endpoint downloads a JSON dump of everything we hold against your account; the delete-account flow erases your data and propagates the erasure to sub-processors within 30 days. For everything else, email privacy@levva.app — we respond within 30 days.

You can lodge a complaint with the Portuguese Data Protection Authority (CNPD, https://www.cnpd.pt) or your local DPA.

9. Automated decision-making

We use automated systems to detect fraud and to match riders with drivers / orders with couriers based on proximity and capacity. These systems do not make legal-effect decisions about you — every fraud-prevention block can be reviewed manually by emailing review@levva.app.

KYC checks for drivers and merchants are conducted by Onfido with a human-review fallback; automated rejections can be appealed and re-reviewed by a human.

10. Cookies

We set a minimum number of strictly-necessary cookies for authentication and session management — these cannot be turned off without breaking the service.

Analytics (Plausible) and any future marketing trackers are gated behind explicit consent via the cookie banner. You can change your choice at any time by clearing your browser storage or by emailing privacy@levva.app.

11. Children

levva. is not directed at children under 16. Account creation is gated by a date-of-birth check. If you believe we have collected data on a child under 16, contact privacy@levva.app and we will delete it.

12. Security

Passwords are hashed with scrypt. Sensitive PII (name, phone) is encrypted at rest with AES-256-GCM. Communications use TLS 1.3. Access to production data is limited to a small on-call rotation, audited via append-only logs.

Report suspected vulnerabilities to security@levva.app — we follow a 90-day responsible disclosure window.

13. Changes

We will notify you of material changes by email at least 30 days before they take effect. The current version is always available at levva.app/privacy. Past versions are archived and available on request.

14. Contact

Levva, S.A. — Praia, Cabo Verde

Data Protection Officer: privacy@levva.app

Security incidents: security@levva.app