Privacy Policy

Last updated: 21 March 2026

1. Who We Are

luō is a mobile parking application operated in South Africa. We provide a digital parking management service integrated with Crestpac's access control infrastructure. For POPIA purposes, luō acts as the Responsible Party for personal information collected through the app and website.

Contact: hello@myluo.app

2. Information We Collect

We collect only what is necessary to provide the parking service:

• Account information: Name, email address, and password (stored securely via Supabase authentication)
• Vehicle information: Number plate(s) registered for LPR access
• Payment information: Card details are processed and tokenised by Paystack — we never store your full card number
• Parking session data: Entry and exit times, location, tariff charges, and transaction history
• Device information: Push notification token (to send session and payment alerts)

3. How We Use Your Information

Your information is used to:

• Create and manage your luō account
• Enable QR ticket scanning and LPR plate recognition at Crestpac parkades
• Process parking payments via Paystack
• Send push notifications about your active parking session
• Generate and email invoice PDFs after each parking session
• Respond to support requests sent to hello@myluo.app
• Improve the app based on anonymised usage patterns

4. Third-Party Service Providers

We share data only with trusted processors necessary to deliver the service:

• Supabase: Authentication, user profile storage, and real-time parking session data
• Paystack: PCI-DSS Level 1 compliant payment processing. View Paystack's Privacy Policy
• Crestpac: Your number plate is shared with Crestpac's LPR infrastructure to enable automatic boom gate access at their parkades. Learn about Crestpac
• Microsoft Azure: Cloud infrastructure hosting the luō API (serverless functions)

5. Data Retention

We retain your personal information for as long as your account is active or as required by law. Parking transaction records are retained for a minimum of 5 years for tax and invoice purposes. You may request deletion of your account at any time (see Section 7).

6. Security

We implement appropriate technical and organisational measures to protect your personal information including:

• All data transmitted over TLS/HTTPS encryption
• Authentication via JWT tokens (Supabase)
• Card details tokenised by Paystack — never stored on our servers
• Regular security reviews of our Azure-hosted infrastructure

7. Your Rights Under POPIA

As a data subject under the Protection of Personal Information Act 4 of 2013, you have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Ask us to correct inaccurate information
• Deletion: Request deletion of your account and associated personal data
• Objection: Object to the processing of your information in certain circumstances
• Complaint: Lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za

To exercise any of these rights, email hello@myluo.app with your request. We will respond within 30 days.

8. Cookies and Analytics

The luō website (myluo.app) does not use tracking cookies or third-party analytics that collect personal information. The mobile app does not use advertising SDKs or third-party analytics beyond anonymised crash reporting.

9. Children

luō is not directed at children under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with information, please contact us immediately at hello@myluo.app.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. We encourage you to review this page periodically. Continued use of luō following any changes constitutes your acceptance of the updated policy.