Lit Teen Social logo
Support & Legal

Privacy Policy

Effective Date: 12 July 2026

This policy explains what personal data Lit Teen Social collects, how it is used, when it is shared, how long it is kept, and what rights users and parents have.

0. How to Read This Policy

This Privacy Policy uses the same two-layer structure as our Terms of Service. The plain-English summaries are a convenience, not a substitute for the full text, and if the two ever conflict, the full text controls.

We have written this policy to meet the standard set by the GDPR for all users, wherever they live, because we believe those protections are good practice everywhere, not only where they are legally required.

1. Key Terms Used in This Policy

To keep this policy readable, we use a few defined terms such as App or Service, personal data, processing, controller, age of digital consent, and KWS.

  • App / Service: the Lit Teen Social mobile application and related services.
  • Personal data: any information that identifies you or could reasonably be linked to you.
  • Processing: anything we do with personal data, such as collecting, storing, using, sharing, or deleting it.
  • Controller: the party that decides why and how personal data is processed. We are the controller for the data described here, except where we say another party such as KWS is the controller.
  • Age of digital consent: the age below which a parent or guardian must give permission before certain data about a young person can be processed.
  • KWS: Kids Web Services, our third-party age-assurance and parental-consent provider.

2. Who We Are and the Scope of This Policy

This Privacy Policy explains how Lit Teen Social & Adventures collects, uses, shares, and protects personal data in connection with the App. It should be read together with our Terms of Service.

This policy applies to all users of the App, including teens using the App with parental consent, adult users, and parents or legal guardians who interact with our age-verification and parental-consent process on behalf of a child.

Because a significant portion of our users are minors, we design our data practices around data minimization for children specifically: we collect the least personal data necessary to provide the Service safely, we do not use a minor’s data for behavioral advertising or to build advertising profiles, and we do not sell a minor’s personal data under any circumstances.

Rather than applying a lower standard depending on local law, we apply the protections in this policy, built to the GDPR standard, to every user, everywhere.

3. The Personal Data We Collect

We collect personal data you provide directly, information collected automatically while you use the App, and a small amount of verification-related status information from KWS.

  • Account information: email address, username or display name, password in hashed form, and date of birth.
  • Profile information: profile photo, bio, and anything else you choose to add to your profile.
  • Content: posts, photos, videos, comments, Stories, and direct messages you create or send.
  • Verification information: we receive only your verification status and the minimum information needed to apply the right rules, not the underlying documents.
  • Third-party login information: if you sign in with Google, Facebook, or Apple, we receive basic profile information such as name, email, profile picture, and account ID.
  • Communications: information you provide when you contact support or report content.
  • Device and session information: device ID, device name, operating system, user agent, IP address, locale, country or region, and in some cases city or approximate coordinates if location permission is granted.
  • Usage data: features used, screens viewed, session length, and crash or error logs.
  • Push notification data: if you grant permission, OneSignal collects a device push token, your platform, push permission status, and your Lit Teen Social user ID to deliver notifications.
  • We do not request or knowingly collect government identification numbers, payment-card details, or biometric data directly.

4. Our Legal Bases for Processing Your Data

This policy is built to satisfy overlapping privacy and child-safety frameworks, including the GDPR, PIPEDA, and COPPA where relevant.

Where these frameworks differ, we apply whichever standard is more protective of you.

  • Performance of a contract: to create your account and provide the core features you signed up for.
  • Verifiable parental consent: for users below the applicable age of digital consent.
  • Legal obligation: where we must process data to comply with law.
  • Legitimate interests: for limited purposes such as platform security, abuse prevention, and improving performance, balanced against your rights.
  • Consent: for optional features such as opt-in marketing, which you can withdraw at any time.

5. Age Verification and the Role of KWS

We use Kids Web Services (KWS), a specialist age-assurance provider based in the United Kingdom, to help verify age and manage parental consent.

KWS acts as an independent data controller for the personal data it processes during verification and operates under its own privacy policy.

When you create an account, KWS determines the age of digital consent applicable in your location and verifies whether you meet it using methods that vary by location.

The underlying identity, document, payment, and any biometric information used during verification are processed by KWS, not by us. We receive only the outcome and the minimum information needed to apply the correct rules.

We may periodically re-verify age or consent status, particularly around your transition from minor to adult.

6. How We Determine Which Rules Apply to You

Different countries set different minimum ages and different rules for young users. To apply the correct rules to you, we determine your applicable jurisdiction carefully rather than simply trusting what a user types in.

Your applicable jurisdiction is determined primarily by your device’s detected physical location, not solely by your stated country of residence.

Where your detected location and your stated country of residence differ, we apply whichever jurisdiction’s rules are stricter.

We maintain a record of these determinations so we can demonstrate to regulators that we applied the correct age rules where necessary.

7. Hard-Ban Jurisdictions

In some countries, applicable law prohibits minors below a specified age from using social media at all, regardless of parental consent.

Where a user’s detected location or stated residence is in such a jurisdiction and the user’s verified age falls below the applicable threshold, we block that user, and parental consent does not override a statutory hard ban.

As of the Effective Date, this includes, without limitation, users under 16 in Australia, Indonesia, and Malaysia, and is expanded as additional jurisdictions bring comparable laws into force.

8. How Parental Consent Works

If you are below the applicable age of digital consent, KWS manages verifying that your parent or guardian is an adult and obtaining their verifiable consent before your account becomes fully active.

We receive confirmation of the outcome only. We do not receive or store the underlying documents, payment information, or biometric data used to reach it.

For US users under 13, this process is designed to satisfy COPPA’s verifiable-parental-consent requirement before we collect personal information from a child under 13.

A parent or guardian who has consented may withdraw it at any time using the details at the end of this policy.

9. How We Use Your Data

We use personal data to create, maintain, and secure your account, provide core App features, verify age and parental consent where applicable, detect policy violations, respond to support and data-rights requests, diagnose technical issues, improve the App, and comply with legal obligations.

We do not sell your personal data, to anyone, for any reason.

We do not use a minor’s personal data to build individualized advertising profiles, and we do not use your content or personal data to train third-party artificial-intelligence models.

10. Location Data

Location is important to how the App works safely, so we treat it carefully and explain it separately.

  • For legal and age purposes: your device’s detected location is used to determine the laws applicable to you and to enforce jurisdiction-specific age restrictions.
  • For Link Ups: your general area is shared with the connections you invite; your exact location is revealed to a connection only once they actively join a Link Up.
  • For Deals and Steals: the deals locator uses your device location to show offers available near you.
  • We do not use location data for advertising targeting, and we do not continuously track your location in the background beyond what these purposes require.

11. Feature-Specific Data Practices

When you post a Story, the content is visible to your connections for 24 hours and then automatically removed from the App.

You can edit or delete your own messages within the App. When you delete a message, it is replaced with a deletion placeholder visible to other participants and is permanently removed from our servers within our standard retention cycle.

Where you use event-sharing or Link Up features, we process the meetup details you provide to display them to the connections you choose.

Link Ups are visible only to your existing approved connections, and parents or guardians do not currently have visibility into a teen’s planned Link Ups.

12. How Long We Keep Your Data

We retain personal data only as long as necessary for the purposes in this policy. Our general baseline retention is 30 days, after which data is automatically deleted from our servers, except where a longer period is legally required or specifically justified.

  • Account and profile data: retained while your account is active; deleted or anonymized within 30 days of account deletion unless a longer period is legally required.
  • Messages: stored for a minimum of 30 days to support moderation and safety review, then automatically deleted.
  • Moderation and safety records: retained for 30 days after resolution, then automatically deleted, unless a longer hold is legally required or needed for an active safety matter.
  • Jurisdiction and age-determination records: retained while the account is active to demonstrate correct application of age rules, then deleted or anonymized.
  • Verification and consent records: we retain only the outcome and consent record while the account is active, to demonstrate compliance. Underlying verification data is deleted by KWS per its published practices.

13. How We Share Your Data

We share personal data with third-party service providers who perform services on our behalf, under contracts that restrict their use of the data to the purpose we engaged them for.

Content you post is visible to other users based on whether your account is private or public.

We may disclose personal data where required by law, or where we have a good-faith belief that disclosure is necessary to prevent harm, investigate illegal activity, or protect the safety of a user or the public.

We may assign the operation of the Service, including personal data, to a successor entity, provided the successor is bound by this policy and maintains the same or greater standard of protection.

We do not sell personal data to third parties, and we do not share personal data with third parties for their own independent marketing purposes.

  • KWS: age verification and parental-consent management.
  • OneSignal: push-notification delivery.
  • Google: authentication via Google Sign-In.
  • Meta (Facebook): authentication via Facebook Login, with advertiser-ID collection and automatic app-event logging disabled.
  • Apple: authentication via Sign in with Apple.
  • Stripe: payment processing for businesses and advertisers only, not for App users.
  • DigitalOcean: cloud hosting and infrastructure.
  • Crash-reporting tool: to be integrated before or at launch; this section will be updated with specifics before activation.

14. Cookies, Logins, and Other Technologies

The App does not use cookie-based tracking. Authentication is handled via secure tokens stored on your device, not cookies.

We offer login via Google Sign-In, Facebook Login, and Sign in with Apple, for authentication only.

We use OneSignal to deliver push notifications for messages, likes, comments, mentions, friend requests, and other activity.

We plan to integrate a crash-reporting tool before or at launch to identify and fix technical issues, and will update this section with specifics before activation.

Lit Teen Social operates its own internal advertising system. Businesses submit ads through a self-serve portal we build and operate, and all submissions are reviewed by our team for age-appropriateness before any ad is served.

15. Marketing Communications

With opt-in consent, we may use your email address or phone number to send marketing communications about Lit Teen Social itself only.

This is opt-in only and never on by default. For minors, the consent must be given by a verified parent or guardian.

We never send marketing on behalf of any other company, brand, or advertiser, and we never sell, rent, or share your contact information with a third party for their own marketing purposes.

You or your parent or guardian may withdraw consent at any time without affecting your ability to use the App.

16. Your Privacy Rights

Subject to certain exceptions and limitations under applicable law, you have the right to access, rectify, erase, restrict, transfer, object to certain uses of your data, and withdraw consent where we rely on it.

If you are a parent or guardian making a request on behalf of a minor, we will take reasonable steps to verify your identity before acting.

We will respond to verified requests within one month, and will tell you if we need a reasonable extension for a complex request.

Depending on your US state or country, you may also have additional rights, including the right to complain to a relevant regulator.

17. How We Protect Your Data

We use technical and organizational measures designed to protect your personal data, including encryption of data in transit, access controls limiting internal access on a need-to-know basis, and secure storage of credentials.

If a breach of your personal data occurs that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours where required by law, and will notify affected users without undue delay where the risk is high.

No system is immune to technical failure. Please do not treat the App as your sole or permanent storage for content you cannot afford to lose.

18. Automated Processing and Moderation

We use automated systems, including rule-based filtering and AI analysis, as part of the layered moderation described in our Terms of Service.

These systems help detect policy violations, suspicious patterns, and safety concerns. Automated tools may lead to an account being flagged or temporarily actioned, but accounts actioned by automated systems are handed to our human review team for final determination, and you can appeal an enforcement decision where appropriate.

We do not use these systems to make solely automated decisions that produce legal or similarly significant effects on you without human involvement, except where permitted by law for safety and security purposes.

19. Special Notice for Parents and Guardians

We built Lit Teen Social with parents in mind. Before consenting to your child’s account, we encourage you to understand that certain features, such as Link Ups, are designed for teen autonomy and parents do not currently have visibility into planned Link Ups.

Verification and consent are handled by KWS, which processes the sensitive verification data rather than us.

You may review, correct, or delete your child’s data, or withdraw consent, at any time using the contact details in this policy.

If you believe we have collected personal information from a child in a manner inconsistent with this policy, contact us and we will investigate and, where appropriate, delete the information promptly.

20. Changes to This Policy

We may update this Privacy Policy from time to time. If we make a material change, particularly one that expands the categories of data we collect or the purposes for which we use it, we will notify you through the App and/or by email before the change takes effect.

For minors with parental consent on file, a material change of this kind may require renewed parental consent before it applies to that user.

21. Language and Accessibility

This policy is provided in English. Where we make a translation available for convenience and a conflict arises, the English version controls to the extent permitted by applicable law.

If you use assistive technology and have difficulty accessing any part of this policy or the App, contact us and we will work with you to provide the information in an accessible format.

22. How to Contact Us

If you have questions about this Privacy Policy or want to exercise any right described in this policy, contact us at litteensocial@gmail.com.

During the interim period, the operational contact address is litteensocial@gmail.com.

Lit Teen Social & Adventures (in formation as Lit Teen Social & Adventures OÜ). Registered address to be confirmed on completion of Estonian incorporation.