LOLO PRIVACY POLICY
Effective Date: July 1, 2025This Privacy Policy explains and lists the transparency information regarding what personal data is collected when you use our mobile applications, websites, and the services provided through them (together, the “App” or the “Service”), and how such personal data will be processed.
By using the Service, you represent and warrant that (i) you have read, understood, and agreed to this Privacy Policy and the data processing described herein, and (ii) you are over 18 years of age (or the age of majority in your jurisdiction, if higher).
If you do not agree, or are unable to make this representation, you must not use the Service. In such case, you must:
- Delete your account and contact us to request deletion of your data; and
- Delete the App from your devices.
1. INFORMATION WE COLLECT
- Account and Registration Data: name, nickname, email address, profile photo, gender, date of birth, login credentials (including Apple ID, Google ID, or Facebook ID), and any optional profile details you choose to provide.
- Communication Data: messages exchanged within the Service, correspondence with our support team, dispute resolution data, and notifications preferences. Screenshots may occasionally be taken for moderation or fraud-prevention purposes.
- Device and Technical Data: IP address, time zone, device model, operating system, language settings, hardware identifiers (e.g., IDFA, AAID, IDFV), crash logs, network information, and performance data.
- Usage Data: logs of how you interact with the Service (e.g., pages or features used, time spent, frequency of logins, in-app actions, search queries, and referral source such as the app store or ad that brought you to the Service).
- Location Data: approximate location derived from your IP address or device settings. We do not collect precise GPS location unless you explicitly allow it.
- Payment and Transaction Data: transaction IDs, purchase history, subscription or in-app purchase confirmations through Apple App Store or Google Play. We do not store full payment card details; payments are processed securely by Apple or Google.
- Advertising and Analytics Data: advertising identifiers (IDFA, AAID), cookies, and tracking pixels (including Meta Pixel), which may collect data about your interactions with the Service, ads you see, and actions you take.
- Verification Data (where required for compliance or fraud prevention): identity documents, selfies for age verification, and associated metadata.
1.3. Children’s Data. The Service is not directed to persons under 18. We do not knowingly collect personal data from children. If we learn that a child has provided us data, we will promptly delete it.
2. PURPOSES AND LEGAL BASES FOR PROCESSING
2.1. We collect and utilize your data primarily to provide our services, enhance the quality of our App and to continuously improve it. Furthermore, we aim to attract new customers to our products. Below, you'll find a more comprehensive breakdown of how we use your information, illustrated with clear examples.
2.2. We process your personal data only when we have a lawful basis under applicable data protection laws (including GDPR, CCPA/CPRA, and ePrivacy rules). Depending on the context, this may be:
(a) performance of our contract with you;
(b) compliance with legal obligations;
(c) your consent; or
(d) our legitimate interests, provided that your rights and freedoms do not override such interests.
2.3. The table below sets out the purposes, examples of processing, categories of personal data, and the legal bases relied upon.
| Purpose | Description and Examples | Categories of Data | Lawful Basis |
|---|---|---|---|
| 1. To provide the Service and administer your account | Verification of your identity, email, or device; enabling secure login; preventing fraud or abuse; customizing your in-app experience; resolving technical issues; responding to support requests. Example: adjusting in-app recommendations to your preferences. | Login details, identifiers, device data, support communications | Contract performance; Consent (if sensitive categories apply) |
| 2. To communicate with you about the Service | Sending service updates, password resets, reminders (e.g., push notifications), and feedback requests. Example: sending a push notification reminding you to open the app. | Contact information, device identifiers | Contract performance; Legitimate interest (encouraging active and safe use of the Service) |
| 3. To process in-app purchases | Processing of one-time in-app transactions via Apple App Store or Google Play. We may retain transaction IDs for accounting and fraud prevention but do not store full payment card details. | Transaction IDs, purchase history, Apple/Google account data | Contract performance; Legal obligation (fraud prevention, accounting) |
| 4. To research and improve our Service | Using analytics tools (Google Analytics, Firebase, AppsFlyer, Amplitude, Meta Pixel) to understand engagement, improve features, diagnose errors, test new functionality, and personalize experiences. | Usage data, device data, cookies, advertising IDs | Legitimate interest (improving and optimizing the Service); Consent (where required for tracking) |
| 5. To personalize ads and marketing | Using advertising IDs, cookies, and Meta Pixel to deliver targeted ads and measure campaign effectiveness. Example: showing you ads on Instagram after you used the app. | Device data, advertising IDs, cookies, interaction history | Consent (for personalized ads, where required); Legitimate interest (where permitted) |
| 6. To enforce Terms, ensure safety, and combat fraud | Using automated and human moderation to detect harmful or prohibited behavior; investigating suspected abuse or fraud; enforcing bans or restrictions. | Account data, communications, moderation logs, IP address, device identifiers | Legitimate interest (ensuring safety, preventing fraud); Legal obligation (where applicable) |
| 7. To comply with legal obligations | Retaining invoices, processing tax/accounting data, responding to law enforcement or regulatory requests. | Payment records, account data, communication logs | Legal obligation |
| 8. To defend legal claims and rights | Using data to establish, exercise, or defend against legal claims or disputes; providing evidence in arbitration or litigation. | All categories, as relevant | Legitimate interest (protection of legal rights) |
3. WITH WHOM WE SHARE YOUR DATA
3.1. We share your Personal Data with our service providers, strictly limited to the cases and purposes stipulated in this Privacy Policy.
3.2. We will not:
3.2.1. Use information gained through your use of the Service for unrelated advertising or sell it to advertising platforms, data brokers, or information resellers.
3.2.2. Process your data in a manner incompatible with the purposes described in Section 2. Types of Data We Collect.
3.2.3. Collect or process data that is not required for the stated purposes.
3.3. We require all third-party service providers to respect the security of your personal data and process it lawfully. They may not use your personal data for their own purposes and may process it only for the purposes explicitly instructed by us.
3.4. We may disclose certain personal data internally (among employees, contractors, and affiliates) or externally (to authorized service providers) strictly on a “need-to-know” basis, provided that such parties are bound by confidentiality and security obligations.
External Third Parties
We use third-party services to operate, analyze, and improve our App. These services assist us with hosting, analytics, error monitoring, advertising attribution, and feature functionality. Below is a list of our current third-party providers, the purpose of their processing, and links to their respective privacy policies:
| Third-Party Provider | Service | Purpose of Usage | Privacy Materials |
|---|---|---|---|
| Google LLC | Google Ads | Marketing and advertising | Privacy Policy |
| Meta Platforms, Inc. | Facebook / Meta Pixel | Marketing, ad measurement, campaign personalization | Privacy Policy |
| Apple Inc. | App Store / APNs | App distribution, push notifications | Privacy Policy |
| Amplitude Inc. | Amplitude | Product analytics and event tracking | Privacy Policy |
| AppsFlyer Inc. | AppsFlyer | Mobile marketing analytics and attribution | Privacy Policy |
| Google LLC | Firebase | Development purposes | Privacy Policy |
| Agora Lab, Inc. | Agora SDK | Real-time audio/video streaming and quality monitoring | Privacy Policy |
| Applovin Corporation / AppLovin (Singapore) Pte. Ltd. | AppLovin | Marketing and advertising | Privacy Policy |
5. DATA RETENTION
5.1. We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal, accounting, or reporting obligations.
5.2. If you delete your account, we will remove or anonymize your data according to the following timelines:
- Account/profile data: deleted within 30 days of account deletion.
- Communications (messages, correspondence, attachments): deleted within 30 days of account deletion.
- Moderation and safety logs (e.g., flagged content, screenshots, abuse reports): retained for up to 60 days for fraud prevention and platform safety, then permanently deleted or anonymized.
- Technical logs and device information: deleted or anonymized within 60 days, unless longer retention is required for security or legal investigations.
- Payment and transaction data: retained as required by applicable tax and accounting laws (typically 5–7 years).
5.3. Where precise retention periods cannot be determined in advance, we will apply the shortest necessary period consistent with the purposes outlined in this Policy.
5.4. After the retention period expires, we will securely delete or anonymize your Personal Data so that it can no longer be associated with you.
6. YOUR RIGHTS
6.1. Under applicable data protection laws (including GDPR and CCPA), you have the following rights:
- Right of access: to request confirmation of whether we process your data and obtain a copy.
- Right to rectification: to have inaccurate or incomplete data corrected.
- Right to erasure (“right to be forgotten”): to request deletion of your data, subject to legal obligations.
- Right to object: to object to processing based on legitimate interests, including direct marketing.
- Right to restrict processing: to request suspension of processing under certain conditions.
- Right to data portability: to obtain your data in a structured, machine-readable format and transfer it to another controller.
- Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time.
- Right to lodge a complaint: with your local data protection authority if you believe we unlawfully process your data.
6.2. To exercise your rights, please contact us at [email protected]. We may request verification of your identity before responding to ensure the security of your data.
6.3. We will respond to verified requests within 30 days or, where allowed by law, within a maximum of 60 days.
6.4. Access rights under California’s Shine the Light California also provides its residents with additional access rights. Under Shine the Light law, the residents may ask companies once a year what personal information they share with third parties for those third parties' direct marketing purposes. Learn more about what is considered to be personal information under the statute.
To obtain this information from us, please send an email message to [email protected], which includes “Request for California Shine the Light Privacy Information” on the subject line and your state of residence and email address in the body of your message. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.
7. CHILDREN’S PRIVACY
7.1. The Service is intended for users aged 18 or older. We do not knowingly collect or process Personal Data of children.
7.2. If we become aware that a child under 18 has provided us with data, we will delete such information promptly. Parents or guardians who believe their child may have provided us with Personal Data should contact us at [email protected].
8. INTERNATIONAL DATA TRANSFERS
8.1. We operate globally and may transfer your Personal Data outside the country where it was originally collected.
8.2. If you are located in the EEA or UK, transfers outside these regions will only occur where:
- The European Commission has issued an adequacy decision for the destination country; or
- We have implemented Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring equivalent safeguards.
8.3. By using the Service, you acknowledge that your data may be transferred, stored, and processed in countries that may not have the same level of protection as your home jurisdiction, but always with appropriate safeguards.
9. SECURITY MEASURES
9.1. We implement appropriate technical and organizational measures to protect your Personal Data against unauthorized access, loss, misuse, alteration, or disclosure. These include encryption of data in transit, access controls, regular monitoring, and staff confidentiality obligations.
9.2. We also require our service providers to apply security measures consistent with applicable data protection laws, including the GDPR and CCPA/CPRA.
9.3. However, no system or transmission over the Internet is completely secure. While we use commercially reasonable safeguards, we cannot guarantee absolute security of your information.
9.4. You are responsible for maintaining the confidentiality of your account details and must notify us promptly at [email protected] of any suspected unauthorized use of your account.
9.5. In case of a data breach that may affect your rights, we will notify you and, where applicable, the competent supervisory authorities, in accordance with the law.
10. CHANGES TO THIS POLICY
10.1. We may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices.
10.2. If changes are material, we will notify you via email or in-app notice. The “Effective Date” will be updated accordingly.
11. CONTACT US
11.1. If you have questions about this Privacy Policy or our data practices, please contact us at:
Controller: Destria Limited
Email: [email protected]
Adress: THE LEVENTIS GALLERY TOWER, Floor 13, Flat 1301, 5 A.g. Leventis Nicosia