Data Protection

Data Protection & GDPR

LEWO is committed to protecting your personal data. We follow data protection principles and give you full control over your information.

Your Data Rights

You have complete control over your personal data. Here's what you can do:

Right to Deletion

Delete your account and all associated data at any time. We remove your encryption keys, messages, contacts, and profile information permanently.

Right to Access

Request a copy of all data we hold about you. We'll provide your profile information, settings, and any metadata in a portable format.

Right to Rectification

Update or correct your personal information at any time through the app settings. Changes take effect immediately.

Right to Restriction

Control who can see your profile, online status, last seen, and posts through granular privacy settings.

Contact Privacy

Your contacts are never uploaded as plain text. We use a privacy-preserving approach that lets you find friends on LEWO without exposing your address book.

Phone numbers are hashed with SHA-256 before leaving your device

We only receive cryptographic hashes, never actual phone numbers

You can clear all synced contact data at any time

How contact matching works

Your device normalizes phone numbers to international format (E.164)

Each number is hashed with SHA-256 and a unique salt

Only the hash is sent to our server for matching

Matches are returned without ever seeing the actual numbers

PII Protection

We implement comprehensive Personal Identifiable Information (PII) protection. Any sensitive data that might appear in logs or error reports is automatically redacted using pattern matching.

Automatically redacted data types:

Email addresses

Phone numbers (all formats)

Afghan phone numbers (+93)

Afghan National ID (Tazkira)

Credit card numbers

Authentication tokens

Passwords and secrets

IP addresses

Data Retention

We keep your data only as long as necessary and delete it when it's no longer needed.

Messages

Encrypted messages are relayed in real-time and not stored. Offline queued messages are deleted immediately after delivery.

Security Logs

Local security logs are retained for 7 days maximum with a cap of 1,000 entries. No sensitive data is ever logged.

Account Deletion

When you delete your account, all data is removed: encryption keys, conversation states, cached messages, and profile information.

Our Commitment

We believe privacy is a fundamental right. LEWO is designed from the ground up to collect minimal data, protect what we do collect, and give you full control over your information.

Questions about your data? Contact us at privacy@lewohq.com