Privacy Policy
Effective Date: February 14, 2025 | Last Updated: February 19, 2026
Summary: Latrixel is a social platform that respects your privacy. We collect only what
is necessary to provide our services. We do not sell your personal data. Anonymous and confession posts
are encrypted and we do not link them to your identity. You have full control over your data and can
delete your account at any time.
1. Introduction
Latrixel ("we," "us," "our," or the "Company") operates the Latrixel mobile application (the "App" or
"Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when
you use our Service.
By accessing or using Latrixel, you agree to this Privacy Policy. If you do not agree with the terms of this
Privacy Policy, please do not access the App.
We reserve the right to make changes to this Privacy Policy at any time. We will alert you about any changes
by updating the "Last Updated" date. You are encouraged to periodically review this Privacy Policy to stay
informed.
2. Information We Collect
2.1 Information You Provide Directly
- Account Information: When you register, we collect your email address, username, and
password (stored as a cryptographic hash — we never store plaintext passwords).
- Profile Information: Name, profile picture, bio/thought, social links, and other
optional profile details you choose to provide.
- Content You Create: Posts ("Buzzes"), comments, voice notes, media (images, videos),
status updates, channel posts, group messages, direct messages, spotlight content, and achievements.
- Anonymous & Confession Content: When you post anonymously or as a confession, the
content is encrypted using end-to-end encryption before storage. See Section 5 for details.
- War Room Messages: Messages posted in War Room debate threads, including your chosen
group affiliation (Group A or Group B) for each thread.
- Voice Notes: Audio recordings you voluntarily create and share in comments, direct
messages, group chats, and channel posts.
- Shopping Data: If you use our marketplace features, we collect product listings,
purchase history, and transaction details.
- Verification Documents: If you apply for a verification badge, we collect supporting
documentation you submit (e.g., professional credentials).
- Reports & Feedback: Information you provide when reporting other users or content, or
when contacting support.
2.2 Information Collected Automatically
- Device Information: Device type, operating system version, unique device identifiers,
and mobile network information.
- Usage Data: Features used, content viewed, interactions (likes, comments, reposts,
views), timestamps, and frequency of use.
- Log Data: IP address, browser type, access times, pages viewed, and referring URLs.
- Crash & Performance Data: Error logs and performance metrics to improve app stability.
- Camera & Microphone Access: When you grant permission, we access your device's camera
to capture photos and videos for posts, statuses, profile pictures, and messages. We access your
microphone to record voice notes and videos with audio. Camera and microphone are accessed only
when you actively use these features — we do not access them in the background.
- Storage Access: We access your device storage to allow you to select existing photos,
videos, and files to upload. We may also temporarily cache media files for performance.
2.3 Information from Third Parties
- Firebase (Google): Authentication tokens, analytics data, and Firebase Cloud Messaging
(FCM) tokens for push notifications. FCM tokens are unique device identifiers used solely to deliver
push notifications to your device. They do not contain personal information and are refreshed
periodically by the operating system.
- Cloudflare R2: File storage metadata for uploaded media.
- Pexels: We integrate Pexels stock imagery in certain features. No personal data is
shared with Pexels.
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Create and manage your account
- Deliver content, including personalized feeds
- Process verification badge applications
- Facilitate marketplace transactions
- Send push notifications (which you can disable at any time)
- Enforce our Terms of Service and Community Guidelines
- Detect, prevent, and address fraud, abuse, security threats, and technical issues
- Respond to user reports and moderate content
- Comply with legal obligations
- Analyze usage patterns to improve user experience (aggregated, non-identifying data only)
4. How We Share Your Information
We do NOT sell your personal data to third parties. Period.
We may share your information only in the following circumstances:
- With Other Users: Your public profile information, posts, and content are visible to
other users according to your privacy settings. You control visibility per post (everybody, followers
only, or nobody).
- Service Providers: We use Firebase (Google) for authentication, database, and
notifications; Cloudflare R2 for file storage. These providers process data on our behalf under strict
contractual obligations.
- Legal Requirements: We may disclose information if required by law, regulation, legal
process, or governmental request. We will notify affected users when legally permitted to do so.
- Safety & Security: We may share information when we believe in good faith that
disclosure is necessary to protect the safety of any person, address fraud or security issues, or
protect our rights.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, user data
may be transferred. We will notify users before their data becomes subject to a different privacy
policy.
- With Your Consent: We may share information for any other purpose with your explicit
consent.
5. Anonymous Posts, Confessions & Encryption
This section is critical for understanding how Latrixel handles sensitive content.
5.1 Anonymous Posts
When you create an anonymous post, your username and profile picture are replaced with "Anonymous" before the
post is stored. The post content is encrypted using our cryptographic library before being written to our
database.
What we store: The encrypted content, a cipher nonce, and a reference to the encryption
method used. The post is tagged with your user ID internally for the sole purpose of enabling content
moderation (e.g., if the post is reported for illegal content).
What other users see: "Anonymous" — no username, no profile picture, no identifying
information.
5.2 Confession Posts
Confession posts receive the same encryption treatment as anonymous posts. Content is encrypted using
symmetric encryption (NaCl/libsodium-based) before storage. The encryption key is managed server-side and is
not accessible to individual users or employees in plaintext form.
5.3 When We May De-anonymize Content
We will only attempt to link anonymous or confession content to a user account in the following limited
circumstances:
- Valid Legal Process: A court order, subpoena, or equivalent legal instrument from a
court of competent jurisdiction specifically requiring disclosure.
- Imminent Threat to Life: Where we have a good-faith belief that there is an imminent
risk of death or serious physical injury to any person.
- Child Sexual Abuse Material (CSAM): As required by law in all jurisdictions where we
operate.
We will not de-anonymize content based on informal requests, non-binding government
inquiries, or civil litigation discovery requests without a valid court order.
5.4 War Room Privacy
War Room threads are timed debate spaces attached to posts. Messages in War Rooms are stored with your
username and group affiliation (A or B). War Room threads automatically expire and are cleaned up after
their timer ends. Anonymous mode is available within War Rooms — when enabled, your messages appear as
"Anonymous" to other participants.
6. Voice Notes & Audio Data
Voice notes are audio recordings you create within the App for comments, direct messages, group chats, and
channel posts. Voice notes are:
- Recorded locally on your device using your device's microphone
- Uploaded to our secure file storage (Cloudflare R2) only when you explicitly send them
- Stored as audio files and accessible only to intended recipients (based on post/chat privacy settings)
- Subject to the same content moderation policies as text content
- Deletable by you at any time (for content you own)
We do not perform speech-to-text transcription, voice recognition, or voiceprint analysis on
your voice notes. We do not use voice data for advertising or profiling purposes.
7. Direct Messages & Private Communications
Direct messages (DMs) between users are stored in our database to enable message delivery and history.
Messages are:
- Visible only to the sender and recipient(s)
- Not monitored or read by Latrixel staff unless a report is filed
- Subject to content moderation only when reported by a participant
Group chat messages are visible to all members of the group. Channel posts are visible to all subscribers of
the channel.
8. Status Updates (Stories)
Status updates are ephemeral content that automatically expires after 24 hours. After expiration:
- Status media files are deleted from our servers
- View counts and metadata are permanently removed
- We do not retain copies of expired statuses
9. Explore, Maps & Events
Latrixel includes an Explore feature with an interactive map powered by Google Maps. Users can create
location-based events, pin meeting points, and join event group chats. By using the Explore feature:
- Location Data: When you grant location permission, we access your device's GPS to show
your position on the map and display nearby events. Your precise location is not stored
on our servers — it is used only in real-time on your device.
- Location Caching: We cache your last known location locally on your device (not on our
servers) for faster map loading. This cache expires after 24 hours.
- Event Creation: When you create an event, the location you select (GPS coordinates,
place name, address) is stored in our database and visible to other users on the map.
- Event Auto-Deletion: Events are automatically deactivated and removed from the map 3
days after the event date. You cannot create an event more than 3 days in advance.
- Event Group Chats: Each event has a linked group chat. Messages in event group chats
follow the same privacy rules as regular group chats.
- Meeting Safety: Latrixel provides the platform for users to discover and organize
meetups. We are not responsible for what happens at in-person meetings. Users meet at
their own risk. We strongly recommend meeting in public places and informing someone you trust of your
plans.
- Age Restrictions: Event creators can set minimum and maximum age requirements. We rely
on user-provided age information and do not independently verify ages for event participation.
We do not track your location in the background. Location access is only active while the
Explore tab is open and you have granted permission.
10. Offline Messaging (NeoMesh)
Latrixel includes "NeoMesh," a decentralized messaging system that works without an internet connection using
Bluetooth Mesh technology.
- Direct P2P Transmission: Messages are sent directly between devices via Bluetooth Low
Energy (BLE). These messages do not pass through our central servers.
- Local Storage: NeoMesh messages and chat history are stored entirely on your local
device database. This content is private to you and the recipients.
- Relaying: Your device may safely relay encrypted packets from other nearby users to
help them reach their destination. Relayed content is encrypted and cannot be read by your device or the
relaying party.
- Foreground Service: To maintain these connections, the App uses a Foreground Service
which shows a persistent notification in your status bar. This service ensures your messages are
delivered even when the app is in the background.
- Connectivity Data: We do not track your movement. We only use local proximity signals
to establish direct links between devices.
11. Marketplace & Shopping
Our marketplace features allow users to browse and list products. Important clarifications:
- Latrixel does not hold, process, or manage any money. All financial transactions for
marketplace purchases are conducted entirely outside the Latrixel platform through third-party payment
providers or direct seller-buyer arrangements.
- Product listing information (descriptions, images, prices) is stored on our servers for display purposes
only.
- Latrixel is not a party to any transaction between buyers and sellers.
- We do not store credit card numbers, bank account details, M-Pesa PINs, or any
financial instrument data on our servers.
- Disputes between buyers and sellers are the responsibility of the parties involved. Latrixel may assist
with moderation if content violates our guidelines.
12. Wallet & Biocoin (In-App Currency)
Latrixel includes an in-app wallet feature that allows users to hold and manage a virtual currency balance
("Biocoin"). By using the wallet feature:
- Balance Data: Your Biocoin balance is stored securely in our database and associated
with your account.
- Transaction History: We record all wallet transactions (earnings, spending, transfers,
gifts) for accountability and dispute resolution.
- No Real-Currency Equivalence: Biocoin is a virtual in-app currency. Its value, exchange
rate, and usability are determined solely by Latrixel. Biocoin has no cash value outside the platform
unless explicitly stated.
- Earning & Spending: Users may earn Biocoin through platform engagement, achievements,
and other activities. Biocoin may be spent on in-app features such as gifts, verification badges, and
premium features.
- No Refunds: Biocoin balances are non-refundable and non-transferable outside the
platform, except as required by applicable law.
- Account Deletion: Upon account deletion, any remaining Biocoin balance is forfeited.
- Security: Wallet balances are protected by the same security measures as other account
data. We are not liable for unauthorized access resulting from your failure to secure your account
credentials.
We do not store external payment method details (M-Pesa PINs, bank account numbers, credit
card numbers) on our servers. All external payment processing is handled by third-party payment providers.
13. Data Retention
- Account Data: Retained as long as your account is active. Upon account deletion, we
delete your personal data within 30 days, except where retention is required by law.
- Content: Posts, comments, and media are retained until you delete them or delete your
account. Anonymous/confession posts may be retained in encrypted form even after account deletion (as
they are not publicly linked to your identity).
- Status Updates: Automatically deleted 24 hours after posting.
- War Room Threads: Automatically cleaned up after the thread timer expires.
- Events: Automatically deactivated and removed from the map 3 days after the event date.
Event group chats remain accessible to participants until manually deleted.
- Reports & Moderation Records: Retained for up to 2 years for legal compliance and to
prevent repeat violations.
- Log Data: Retained for up to 90 days for security and debugging purposes.
- Verification Documents: Retained for the duration of your verification status. Deleted
within 30 days of verification revocation or account deletion.
14. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in Transit: All data transmitted between your device and our servers uses
TLS/SSL encryption.
- Encryption at Rest: Sensitive data (anonymous posts, confessions) is encrypted using
NaCl/libsodium symmetric encryption before storage.
- Authentication: Passwords are hashed using industry-standard algorithms. We support
secure authentication via Firebase Auth.
- Access Controls: Admin access to user data is restricted, logged, and auditable. Only
authorized personnel can access moderation tools.
- Infrastructure: Our services run on Google Cloud (Firebase) and Cloudflare cloud
infrastructure with enterprise-grade security.
While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We
cannot guarantee absolute security.
15. Your Rights & Choices
14.1 All Users
- Access: You can access your personal data through your profile and settings.
- Correction: You can update your profile information at any time.
- Deletion: You can delete individual posts, comments, and media. You can delete your
entire account through the app settings.
- Privacy Controls: You can set per-post privacy settings (visibility, comments, reposts,
war room access, voice comments, gifts, anonymous comments, quotes).
- Blocking: You can block any user, which prevents all interaction between you.
- Notifications: You can disable push notifications through your device settings.
- Data Export: You may request a copy of your data by contacting us at the email below.
14.2 European Economic Area (EEA) Residents — GDPR
If you are located in the EEA, you have additional rights under the General Data Protection Regulation
(GDPR):
- Right to Access: Request a copy of all personal data we hold about you.
- Right to Rectification: Request correction of inaccurate data.
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data,
subject to legal retention requirements.
- Right to Restriction: Request that we limit processing of your data in certain
circumstances.
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interests or for direct
marketing.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at
any time.
Our legal bases for processing under GDPR include: performance of contract (providing the Service),
legitimate interests (security, fraud prevention, service improvement), consent (optional features,
marketing), and legal obligation (compliance with laws).
14.3 California Residents — CCPA/CPRA
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and
California Privacy Rights Act (CPRA):
- Right to Know: What personal information we collect, use, and disclose.
- Right to Delete: Request deletion of your personal information.
- Right to Opt-Out of Sale: We do not sell personal information. No
opt-out is necessary.
- Right to Non-Discrimination: We will not discriminate against you for exercising your
rights.
14.4 Kenya & East Africa Residents
If you are located in Kenya or East Africa, we comply with the Kenya Data Protection Act, 2019 and applicable
regional data protection laws. You have the right to:
- Be informed of the use of your personal data
- Access your personal data
- Object to the processing of your personal data
- Correct false or misleading data
- Delete your personal data
16. Children's Privacy
Latrixel is not intended for children under the age of 13 (or the minimum age required in
your jurisdiction). We do not knowingly collect personal information from children under 13. If we become
aware that we have collected data from a child under 13, we will take steps to delete that information
promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please
contact us immediately.
17. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence, including
the United States (where Google/Firebase infrastructure is located). These countries may have different data
protection laws.
Where we transfer data internationally, we ensure appropriate safeguards are in place, including Standard
Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer
mechanisms.
18. Third-Party Services
Our Service integrates with the following third-party services:
We are not responsible for the privacy practices of third-party services. We encourage you to review their
privacy policies.
19. Law Enforcement & Government Requests
Latrixel is committed to protecting user privacy while complying with valid legal
obligations.
Our policy for responding to law enforcement and government requests:
- We require valid legal process. We do not voluntarily provide user data to law
enforcement. We require a valid court order, subpoena, or equivalent legal instrument issued by a court
of competent jurisdiction.
- We scrutinize every request. Our legal team reviews all requests for legal validity,
proper scope, and jurisdictional authority. We push back on overbroad or legally deficient requests.
- We notify users when possible. Unless legally prohibited (e.g., by a gag order), we
will notify affected users of law enforcement requests before disclosing their data, giving them an
opportunity to challenge the request.
- We provide the minimum data necessary. We disclose only the specific data required by
the legal instrument, nothing more.
- Anonymous content protections. For anonymous and confession posts, we will only provide
de-anonymization data pursuant to a valid court order specifically requiring such disclosure. Informal
requests are denied.
- Transparency. We may publish periodic transparency reports detailing the number and
types of government requests received.
20. Content Moderation & Reporting
We maintain content moderation systems to enforce our Community Guidelines:
- Users can report content or accounts that violate our guidelines
- Reports are reviewed by our moderation team through our admin dashboard
- We may remove content, issue warnings, temporarily suspend, or permanently ban accounts that violate our
policies
- Users can appeal moderation decisions by contacting us
- We retain moderation records (reports, actions taken) for up to 2 years
21. Blocking & User Safety
Latrixel provides robust blocking features:
- When you block a user, they cannot view your profile, posts, or send you messages
- Block relationships are bidirectional — neither party can interact with the other
- Block data is stored securely and is not visible to other users
- Administrators can view block relationships for safety investigations only
22. Cookies & Tracking
The Latrixel mobile app does not use browser cookies. We use standard mobile analytics (Firebase Analytics)
to understand app usage patterns. This data is aggregated and does not identify individual users. You can
opt out of analytics collection through your device settings.
23. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on this page with a new "Last Updated" date
- Sending an in-app notification for significant changes
- Requiring re-acceptance for material changes that affect your rights
24. Limitation of Liability
Please read this section carefully as it limits our liability to you.
To the maximum extent permitted by applicable law, Latrixel and its officers, directors, employees, and
agents shall not be liable for any indirect, incidental, special, consequential, or punitive damages,
including but not limited to:
- Loss of data, revenue, profits, or business opportunities
- Personal injury or property damage resulting from your use of the Service
- Unauthorized access to or alteration of your data
- Conduct of any third party on the Service, including other users
- Any content posted, shared, or transmitted through the Service by users
- Interactions, meetings, or transactions between users arranged through the platform
Our total aggregate liability for any claims arising from or related to the Service shall not exceed the
amount you have paid us in the twelve (12) months preceding the claim, or fifty US dollars (USD $50),
whichever is greater.
25. Disclaimer of Warranties
The Service is provided on an "AS IS" and "AS AVAILABLE" basis without warranties of any
kind, whether express, implied, or statutory, including but not limited to:
- Implied warranties of merchantability, fitness for a particular purpose, and non-infringement
- That the Service will be uninterrupted, error-free, secure, or free of viruses or harmful components
- That any content on the Service is accurate, reliable, or complete
- That defects will be corrected in any particular timeframe
You use the Service at your own risk. We do not warrant that the Service will meet your specific requirements
or expectations.
26. Governing Law & Dispute Resolution
This Privacy Policy and any disputes arising from or related to it or the Service shall be governed by and
construed in accordance with the laws of the Republic of Kenya, without regard to conflict
of law principles.
Any disputes shall be resolved as follows:
- Informal Resolution: Before filing any formal claim, you agree to contact us at
legal@latrixel.com and attempt to resolve the dispute informally for at least 30 days.
- Arbitration: If informal resolution fails, disputes shall be submitted to binding
arbitration in Nairobi, Kenya, under the rules of the Nairobi Centre for International Arbitration
(NCIA), unless you are located in a jurisdiction that requires disputes to be resolved in your local
courts.
- Class Action Waiver: To the extent permitted by law, you agree to resolve disputes on
an individual basis and waive any right to participate in a class action, class arbitration, or
representative proceeding.
Nothing in this section shall prevent either party from seeking injunctive or equitable relief in a court of
competent jurisdiction for matters relating to data security, intellectual property, or unauthorized access.
27. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us
at:
- Email: privacy@latrixel.com
- Legal Inquiries: legal@latrixel.com
- Law Enforcement Requests: lawenforcement@latrixel.com
For GDPR-related inquiries, you may also contact your local Data Protection Authority.