LShare

Privacy Policy

Effective Date: March 14, 2026

SSP Enterprises ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our LShare mobile application ("App"). By using the App, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Personal Information

We collect information you provide directly, such as:

Account information: Name and email address obtained from your Google account during Google Sign-In.
Location data (encrypted): Real-time and historical location information when you share your location or track others.

Automatically Collected Information

Device information: Device type, operating system, unique device identifiers.
Usage data: App usage statistics, crash reports, and performance data.
Log data: IP address, access times, and pages viewed.

Location Data

Location data is collected only with your consent and used for the core functionality of location sharing and tracking. All location data is end-to-end encrypted on your device using AES-256-GCM before being transmitted. The server stores only the encrypted payload and cannot read your location coordinates. Only the intended recipients — those with the corresponding share code or group code — can decrypt and view your location.

Background Location Data

LShare collects your precise location data (GPS coordinates) in the background — that is, when the app is closed, minimized, or your screen is locked — to enable continuous location sharing with people you choose.

Background location collection occurs in the following circumstances:

Active sharing sessions: When you explicitly start a location sharing session, the app collects your location at the interval you choose (ranging from every 2 minutes to every 24 hours) for the duration you set (from 15 minutes up to 1 year).
Group sharing: When you join a group and start sharing, your location is periodically collected in the background so other group members can see your position.

Background location data is used to:

Keep your shared location up to date while the app is minimized or your screen is locked.
Continue location updates while you use other apps.
Maintain active sharing sessions so recipients always see your current position.

Background location collection only occurs when you explicitly start a sharing session. It stops automatically when your session expires or when you manually stop sharing. You are always in control of when background location collection is active.

All background location data is end-to-end encrypted before leaving your device. Your location data is never sold, shared with third-party advertisers, or used for any purpose other than providing the location sharing functionality you initiated.

Buzz Alert Messages

When a group administrator sends a buzz alert, the message content and sender information may be transmitted to group members via push notifications. This data is used solely to deliver the alert and is not stored beyond delivery.

2. How We Use Your Information

We process your personal information based on the following lawful bases under applicable laws such as GDPR:

Consent: For collecting and processing location data (including background location) and other personal information where you provide explicit consent.
Contract: To perform our contractual obligations, such as providing the App services and managing your account.
Legitimate Interest: To improve the App, communicate with you, and ensure security, where our interests do not override your privacy rights.
Legal Obligation: To comply with applicable laws.

We use the collected information for the following purposes:

To provide and maintain the App's functionality, including location sharing and tracking.
To create and manage user accounts.
To communicate with you about the App, updates, or support.
To improve the App's performance and user experience.
To deliver in-app buzz alerts from group administrators to group members.
To comply with legal obligations.

3. Sharing Your Information

We do not sell, trade, or otherwise transfer your personal information to third parties, except in the following limited circumstances:

App Functionality: Location data is end-to-end encrypted on your device before being shared. Recipients decrypt it client-side using the share code or group code. We cannot read location data in transit or at rest. Buzz alert messages are delivered to group members via push notifications.
Service Providers: We use Supabase as our database provider. Data is stored securely on Supabase servers, and we ensure they adhere to strict privacy standards. Supabase may access data only as necessary to provide services to us.
Legal Requirements: We may disclose information if required by law, to enforce our Terms of Service, or to protect our rights, property, or safety, or that of others.

We do not share your data with third-party advertisers, marketers, or for any commercial purposes beyond providing the App's services.

4. Data Security

We implement end-to-end encryption (E2EE) for all location data. Location coordinates are encrypted on your device using AES-256-GCM with keys derived from your share code via PBKDF2 (100,000 iterations). The server stores only encrypted data and hashed share codes — it cannot access your plaintext location.

In the event of a data breach that poses a high risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities (such as the Data Protection Board in India or GDPR supervisory authorities) within the required timeframes under applicable laws (e.g., 72 hours under GDPR).

5. Data Retention

We retain your personal information for as long as necessary to provide the App's services, comply with legal obligations, resolve disputes, and enforce our agreements.

Location data: Retained only for the duration of active sharing sessions. When a session expires, associated location data is deleted from the server.
Background location data: Collected only during active sharing sessions. Collection stops immediately when you end a session or when it expires. Stored data follows the same retention period as foreground location data.
Account data: Retained until you request deletion of your account.

You can request deletion of your account and associated data at any time.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal information under laws such as GDPR, CCPA, and the Digital Personal Data Protection Act 2023:

Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete information.
Deletion: Request deletion of your personal information, subject to legal limitations.
Portability: Request transfer of your data in a structured format.
Opt-out: Withdraw consent for data collection where applicable, including opting out of sharing for commercial purposes (though we do not engage in such sharing).
Restriction/Objection: Request restriction of processing or object to processing based on legitimate interests.

To exercise these rights, contact us at sspenterprises@proton.me. We will respond to your requests within the timeframes required by applicable law (e.g., 30 days under GDPR). If we cannot fulfill your request, we will explain the reasons.

7. Children's Privacy

The App is not intended for children under 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will delete it promptly.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your own, including India where our servers are located. We ensure that such transfers comply with applicable data protection laws by implementing appropriate safeguards, such as standard contractual clauses, adequacy decisions, or other mechanisms required under GDPR, CCPA, and the Digital Personal Data Protection Act 2023.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Effective Date" at the top. Your continued use of the App after changes constitute acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

SSP Enterprises
Pune, India
Email: sspenterprises@proton.me

This Privacy Policy is governed by Indian law and subject to the jurisdiction of courts in Pune, India.