Privacy Policy

1. Introduction & Overview

Effective Date: 03-FEB-2025

Welcome to FAMO Connect LLC. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you access or use our mobile applications (“Apps”) available on the Google Play Store and Apple App Store, as well as when you interact with our website: https://famoconnect.com.

This Privacy Policy applies regardless of how you access our services—whether via mobile devices, tablets, or other platforms.

By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the data practices described herein. If you do not agree with our practices, please do not download, install, or use our applications or services.


1.1 Legal Compliance

This Privacy Policy is designed to comply with applicable data protection laws, including but not limited to:

  • General Data Protection Regulation (GDPR) – for users within the European Economic Area (EEA)
  • California Consumer Privacy Act (CCPA) – for California residents
  • Children’s Online Privacy Protection Act (COPPA) – regarding children’s data privacy in the U.S.
  • Other relevant global privacy laws, where applicable

We recognize that privacy laws may vary depending on your location. We strive to maintain compliance with the highest standards of data protection.


1.2 Scope of This Privacy Policy

This Privacy Policy applies to:

  • All apps published by FAMO Connect LLC, including apps with different localized names in various regions and app stores
  • Data collected through app usage, account creation, customer support interactions, and website visits
  • All personal and non-personal data collected, processed, or shared when you use our services

Note: This policy does not apply to third-party websites, products, or services, even if they are linked within our apps. We encourage you to review the privacy policies of any third-party services you interact with.


1.3 Updates to This Policy

We may modify this Privacy Policy periodically to reflect changes in legal requirements, business practices, or technology. When we update the policy:

  • We will revise the “Effective Date” at the top
  • For material changes, we will notify you via in-app notifications, email (if applicable), or through our website

Your continued use of our services after such updates constitutes your acceptance of the revised Privacy Policy.


2. Interpretation and Definitions

This section defines key terms used throughout this Privacy Policy to ensure clarity and consistency. The meanings apply whether the terms appear in singular or plural form.


2.1 Interpretation

  • Words with capitalized initial letters have specific meanings as outlined below.
  • Any reference to “you” or “your” refers to the user accessing or using our services.
  • References to “we,” “us,” or “our” refer to FAMO Connect LLC.

2.2 Definitions

  • “Account” means a unique profile created by you to access and manage specific features of our services.
  • “Application” (or “App”) refers to any mobile software program developed and provided by FAMO Connect LLC, including all localized versions available on the Google Play Store and Apple App Store.
  • “Company” refers to FAMO Connect LLC, the entity responsible for determining the purposes and means of processing personal data. Under GDPR, we act as the Data Controller.
  • “Country” refers to the United States of America, where the Company is legally registered and operates.
  • “Data Controller” (under GDPR) means the legal entity (i.e., FAMO Connect LLC) that determines how and why personal data is processed.
  • “Data Processor” refers to third parties who process personal data on behalf of the Company, such as cloud service providers.
  • “Device” means any electronic device used to access our services, including smartphones, tablets, and computers.
  • “Personal Data” means any information that identifies, relates to, describes, or can reasonably be linked to an individual. This may include identifiers such as names, email addresses, IP addresses, device IDs, and images uploaded for identification.
  • “Processing” refers to any operation performed on personal data, including collection, storage, use, sharing, or deletion, whether automated or manual.
  • “Service” refers collectively to our mobile applications, website, and related online services provided by FAMO Connect LLC.
  • “Service Provider” means any third party (individual or company) that processes data on behalf of the Company to support service delivery.
  • “Third Party” refers to entities other than the user or the Company that may process or receive personal data (e.g., analytics providers, advertising partners).
  • “Usage Data” means information collected automatically through the app or website, such as device information, browsing behavior, crash reports, and app performance metrics.
  • “You” refers to the individual accessing or using the Service, or the company or legal entity on behalf of which such individual is accessing or using the Service. Under GDPR, “You” may be referred to as the Data Subject.

2.3 Legal References

Where applicable, this Privacy Policy aligns with:

  • GDPR (Regulation (EU) 2016/679) for users in the European Economic Area
  • CCPA (California Consumer Privacy Act) for California residents
  • Other relevant data protection laws, based on the user’s jurisdiction

3. Collecting and Using Your Personal Data

We are committed to protecting your privacy by collecting only the data necessary to deliver and improve our services. This section explains the types of personal data we collect, how we collect it, and the legal bases for processing it.


3.1 Types of Data Collected

a. Personal Data

When you register for an account, use our services, or contact us for support, we may collect the following personal information:

  • Email Address: Required for account creation, authentication, password recovery, and communication.
  • User-Provided Information: Any additional information you voluntarily provide, such as when submitting feedback or contacting customer support.
  • Account Activity: Details related to your use of the app, such as preferences, saved identifications, and app settings.

We do NOT collect sensitive personal data (e.g., financial information, government-issued IDs, health data) unless explicitly stated and legally required.


b. Uploaded Content (Images/Photos)

When you use identification features within our apps:

  • Image Uploads: Images are temporarily stored to process identification requests.
  • Automatic Deletion: If you choose NOT to save the identification, the images are automatically deleted after processing.
  • Saved Identifications: If you choose to save the identification, the images are resized and securely stored.
  • No Human Review: Uploaded images are processed using automated systems, and we do NOT manually review them.

c. Usage Data

We automatically collect data to analyze how our services are used. This may include:

  • Device information (e.g., device model, operating system, unique device identifiers)
  • IP address
  • Browser type and version (if applicable)
  • App usage statistics (e.g., features accessed, session duration, in-app interactions)
  • Diagnostic data, crash reports, and performance logs

This data helps us improve service functionality, enhance security, and optimize the user experience.


d. Tracking Technologies

We use tracking technologies such as:

  • Cookies: Small text files stored on your device to enhance app functionality and remember user preferences.
  • Device Identifiers: Unique IDs (e.g., advertising IDs) used for analytics and personalized advertising.
  • SDKs (Software Development Kits): Embedded tools that help us track app performance and detect technical issues.

You can manage your preferences regarding tracking technologies through your device settings.


3.2 How We Collect Your Data

  • Direct Collection: Information you provide when registering, using the app, or contacting support.
  • Automated Collection: Data collected automatically through the app’s functionality, such as usage data and diagnostic information.
  • Third-Party Services: Data collected through integrated third-party services, such as analytics providers and advertising networks.

3.3 Legal Basis for Processing (Under GDPR)

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Consent: When you have given us clear consent for specific data processing activities (e.g., for marketing communications).
  • Performance of a Contract: When data processing is necessary to fulfill our contractual obligations to you (e.g., providing app features).
  • Legal Obligation: When processing is required to comply with legal obligations.
  • Legitimate Interests: When processing is necessary for our legitimate interests, provided your rights do not override those interests (e.g., improving app performance, preventing fraud).

4. How We Use Your Personal Data

We collect and process your personal data for specific, legitimate purposes. This section outlines how we use the data, the legal grounds for processing, and the measures we take to ensure your privacy.


4.1 Purposes of Data Processing

We use your personal data for the following purposes:

  1. To Provide and Maintain Our Services
    • Enabling core features such as image identification, user authentication, and personalized content.
    • Managing your account, including registration, login, and account-related preferences.
  2. To Improve and Personalize User Experience
    • Analyzing usage data to enhance app functionality, optimize performance, and improve user engagement.
    • Customizing app content and features based on your preferences and usage patterns.
  3. For Communication
    • Sending important service-related notifications (e.g., security alerts, app updates, changes to our terms or policies).
    • Responding to customer support inquiries and providing technical assistance.
  4. For Security and Fraud Prevention
    • Protecting our apps from unauthorized access, security breaches, and fraudulent activities.
    • Implementing measures like Firebase App Check to maintain the integrity of our services.
  5. For Analytics and Performance Monitoring
    • Using aggregated data to monitor app performance, detect technical issues, and improve service quality.
    • Conducting data analysis to understand user behavior and trends.
  6. For Legal Compliance
    • Fulfilling legal obligations, responding to lawful requests from authorities, and complying with data protection laws.
    • Retaining records as required for tax, accounting, or regulatory compliance.
  7. For Advertising and Monetization
    • Serving personalized ads through advertising networks like Google AdMob to support app monetization.
    • Measuring ad performance and user engagement to optimize ad relevance.

4.2 Legal Basis for Data Processing (Under GDPR)

For users in the European Economic Area (EEA), we process personal data based on the following legal grounds:

  • Consent: When you provide clear, informed consent (e.g., for receiving marketing communications or personalized ads).
  • Performance of a Contract: When processing is necessary to fulfill our contractual obligations, such as providing app services.
  • Legal Obligation: When we are required to process data to comply with legal requirements (e.g., data retention laws).
  • Legitimate Interests: When processing is necessary for our legitimate interests, such as improving app performance, preventing fraud, or supporting business operations—provided your rights and freedoms do not override these interests.

4.3 Data Minimization Principle

We adhere to the principle of data minimization, meaning we collect only the personal data necessary for the purposes outlined above. We regularly review our data collection practices to ensure we are not collecting, storing, or processing unnecessary information.


5. Sharing and Disclosure of Personal Data

We respect your privacy and are committed to protecting your personal data. We do NOT sell your personal data to third parties. However, to provide and improve our services, we may share your data with trusted third parties under specific circumstances. This section explains when and with whom your data may be shared, and the safeguards we have in place.


5.1 When We Share Your Data

We may share your personal data in the following situations:

  1. With Service Providers (Data Processors):
    We engage third-party service providers to perform certain functions on our behalf. These providers process your data only as necessary to deliver their services, under strict data protection agreements. Examples include:

    • Cloud Hosting Providers: For secure data storage and processing (e.g., Firebase Cloud Storage).
    • Analytics Services: To analyze app usage and improve performance (e.g., Google Analytics, Firebase Analytics).
    • Crash Reporting Tools: To diagnose and fix technical issues (e.g., Firebase Crashlytics).
    • Advertising Networks: For app monetization through personalized advertising (e.g., Google AdMob).
  2. For Legal and Regulatory Compliance:
    We may disclose your personal data if required to do so by law or in response to valid legal requests from public authorities (e.g., court orders, government agencies).
  3. Business Transfers:
    In the event of a merger, acquisition, restructuring, sale of assets, or bankruptcy, your personal data may be transferred to a third party as part of the business transaction. We will notify you if such a transfer affects your data.
  4. With Your Consent:
    We may share your personal data with third parties when you give us explicit consent to do so. You can withdraw your consent at any time.
  5. With Affiliates and Business Partners:
    We may share your data with affiliated companies or business partners to improve our services, provided they comply with strict data protection requirements.

5.2 Safeguards for Data Sharing

When we share your data with third parties:

  • Data Processing Agreements: We require third parties to sign legally binding agreements to process data only for specified purposes and protect it in compliance with privacy laws (e.g., GDPR, CCPA).
  • Security Measures: Third parties must implement robust security measures to safeguard your personal data.
  • Limited Access: We grant access to your data only to parties who need it to perform their services.

5.3 International Data Transfers

If your personal data is transferred to countries outside your jurisdiction, including to countries that may have different data protection laws, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs): Approved by the European Commission to ensure data protection when transferring data internationally.
  • Data Protection Agreements: With service providers in non-EEA countries to maintain GDPR-level data security standards.

5.4 No Sale of Personal Data

We do NOT sell your personal data to third parties for marketing or commercial purposes, including under the definitions provided by the California Consumer Privacy Act (CCPA).


6. Data Retention and Deletion

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal obligations, resolve disputes, and enforce our agreements. This section outlines how long we keep your data, the criteria we use to determine retention periods, and how you can request data deletion.


6.1 Data Retention Policy

We retain different types of data for varying periods, depending on the nature of the data and the purpose for which it was collected:

  1. Account Information:
    • Retained for as long as your account is active.
    • If you delete your account, all associated personal data will be permanently deleted, except where retention is required by law.
  2. Uploaded Content (Images/Photos):
    • Temporary Storage: Images uploaded for identification are stored temporarily.
    • Automatic Deletion: If you choose NOT to save the identification, the image is automatically deleted after processing.
    • Saved Identifications: If you choose to save the identification, the image is resized and securely stored until you delete it or delete your account.
  3. Usage Data:
    • Retained for analytical and security purposes for a limited time, typically no longer than 12 months, unless required for legal or operational purposes.
  4. Legal and Compliance Data:
    • Certain data may be retained longer if required for legal compliance (e.g., tax regulations, fraud prevention, or regulatory investigations).

6.2 Data Deletion Rights

You have the right to request the deletion of your personal data at any time.

How to Delete Your Account and Data:

  • In-App: Settings → Profile → Delete Account
  • Contact: You can also request deletion by contacting us at contact@famoconnect.com

Upon account deletion:

  • Your personal data, saved identifications, and account-related information will be permanently deleted.
  • This process is irreversible, and data cannot be recovered once deleted.

6.3 Exceptions to Deletion

We may retain certain data even after deletion requests in the following situations:

  • Legal Compliance: To comply with legal obligations, such as data retention laws or regulatory requirements.
  • Security and Fraud Prevention: To detect and prevent fraudulent activities or security breaches.
  • Dispute Resolution: To resolve disputes or enforce agreements, as required by applicable laws.

In such cases, we ensure that retained data is securely stored and accessed only for the purposes specified above.


6.4 Data Anonymization

In some cases, we may anonymize your data (so that it can no longer be associated with you) for statistical, analytical, or research purposes. Anonymized data is not subject to deletion requests, as it is no longer considered personal data under applicable privacy laws.


7. Data Security

We are committed to protecting your personal data and maintaining its confidentiality, integrity, and availability. This section outlines the security measures we implement to safeguard your information from unauthorized access, disclosure, alteration, or destruction.


7.1 How We Protect Your Data

We employ a combination of technical, organizational, and administrative security measures to ensure your data remains secure. These include:

  1. Encryption:
    • Data in Transit: All data transmitted between your device and our servers is encrypted using industry-standard protocols, such as TLS (Transport Layer Security).
    • Data at Rest: Sensitive data, including stored images and user information, is encrypted using strong encryption algorithms.
  2. Secure Authentication:
    • Account Protection: User accounts are secured through Firebase Authentication, utilizing strong password encryption and secure sign-in mechanisms.
    • Session Management: We implement secure session management to prevent unauthorized access to active sessions.
  3. Application Integrity Measures:
    • Firebase App Check: Protects our apps from abuse by verifying legitimate interactions and preventing unauthorized access to backend resources.
    • Code Obfuscation: We apply code obfuscation techniques to prevent reverse engineering of our mobile applications.
  4. Network and Infrastructure Security:
    • Firewall Protection: Our servers are protected by robust firewall configurations to prevent unauthorized access.
    • DDoS Mitigation: Distributed Denial of Service (DDoS) protection mechanisms are in place to ensure service availability during potential attacks.
  5. Regular Security Assessments:
    • Vulnerability Scans: Periodic security scans are conducted to identify and remediate vulnerabilities.
    • Penetration Testing: We engage in regular penetration testing to evaluate our security posture and identify potential risks.

7.2 Organizational Security Measures

  • Access Controls: Only authorized personnel with a legitimate need have access to personal data. Access is controlled through role-based permissions.
  • Employee Training: Staff handling personal data receive regular training on data protection, security practices, and privacy compliance.
  • Data Minimization: We collect and retain only the minimum data necessary to provide our services, reducing potential exposure risks.

7.3 User Responsibilities

While we take extensive measures to secure your data, you play an essential role in maintaining security. We recommend:

  • Using strong, unique passwords for your account.
  • Enabling two-factor authentication (if available) for added protection.
  • Not sharing account credentials with others.
  • Keeping your device software and apps up to date to prevent security vulnerabilities.

7.4 Data Breach Response

In the unlikely event of a data breach:

  • Incident Detection: We have monitoring systems to detect unauthorized access or data breaches in real-time.
  • Containment and Mitigation: Immediate actions will be taken to contain the breach, assess the impact, and secure affected systems.
  • User Notification: If the breach poses a risk to your rights and freedoms, we will notify affected users promptly, as required by applicable laws (e.g., within 72 hours under GDPR).
  • Regulatory Notification: Where required, we will notify relevant data protection authorities of the breach.

7.5 Limitations of Security

While we implement best-in-class security practices, no system is 100% secure. Despite our efforts, we cannot guarantee absolute security of your personal data due to the inherent risks of online activities. If you believe your account has been compromised, please contact us immediately at contact@famoconnect.com.


8. Your Data Protection Rights

We respect your privacy and are committed to providing you with control over your personal data. This section outlines your rights under applicable data protection laws, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), and explains how you can exercise them.


8.1 Your Rights Under GDPR (For Users in the European Economic Area – EEA)

If you are located in the EEA, you have the following rights regarding your personal data:

  1. Right to Access:
    • You have the right to request confirmation of whether we process your personal data and, if so, to access a copy of that data.
    • This includes details about the purposes of processing, data categories, recipients, and data retention periods.
  2. Right to Rectification:
    • You can request correction of inaccurate or incomplete personal data we hold about you.
  3. Right to Erasure (“Right to Be Forgotten”):
    • You have the right to request the deletion of your personal data, particularly when:
      • The data is no longer necessary for the purposes it was collected.
      • You withdraw your consent (where consent was the legal basis).
      • You object to processing, and there are no overriding legitimate grounds.
  4. Right to Restrict Processing:
    • You can request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.
  5. Right to Data Portability:
    • You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.
  6. Right to Object:
    • You can object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
  7. Right to Withdraw Consent:
    • Where we rely on your consent for processing, you have the right to withdraw it at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
  8. Right to Lodge a Complaint:
    • You have the right to file a complaint with your local data protection authority if you believe your rights have been violated.

8.2 Your Rights Under CCPA (For California Residents)

If you are a California resident, you have the following rights under the CCPA:

  1. Right to Know:
    • Request information about the categories and specific pieces of personal data we have collected, disclosed, or sold in the past 12 months.
  2. Right to Delete:
    • Request the deletion of your personal data, subject to certain legal exceptions.
  3. Right to Opt-Out of Sale:
    • Although we do NOT sell your personal data, you have the right to opt-out of the sale of your data under CCPA.
  4. Right to Non-Discrimination:
    • You will not receive discriminatory treatment for exercising your privacy rights under the CCPA. This includes protection against denial of services or different pricing based on your privacy choices.

8.3 How to Exercise Your Rights

You can exercise your data protection rights in the following ways:

  • In-App: Navigate to Settings → Profile → Delete Account to manage your data or delete your account.
  • Contact Us: Email us at contact@famoconnect.com with your specific request.

When submitting a request:

  • Clearly state the right you wish to exercise (e.g., data access, deletion).
  • Provide sufficient information to verify your identity (e.g., registered email address).

We will respond to verified requests within 30 days (or within the timeframe required by applicable law). If more time is needed, we will inform you of the reason for the delay.


8.4 Verification of Identity

To protect your privacy and security, we may require you to verify your identity before fulfilling your request. This may involve:

  • Verifying your email address or account credentials.
  • Requesting additional information to confirm your identity (only when necessary).

8.5 Limitations to Your Rights

Your rights may be subject to certain legal restrictions, such as:

  • Data retained for legal compliance (e.g., tax obligations).
  • Data necessary for fraud prevention or security purposes.
  • Data required for dispute resolution or contractual obligations.

In such cases, we will clearly explain the legal basis for denying or restricting your request.


9. Children’s Privacy

We are committed to protecting the privacy of children. Our services are not intended for individuals under the age of 13 (or the minimum legal age in your jurisdiction), and we do not knowingly collect personal data from children without appropriate parental consent. This section outlines our practices concerning children’s data and compliance with relevant laws.


9.1 Applicability of Children’s Privacy Laws

We comply with global children’s privacy regulations, including:

  • Children’s Online Privacy Protection Act (COPPA) – applicable in the United States
  • General Data Protection Regulation (GDPR) – Article 8 – applicable in the European Economic Area (EEA)
  • Similar data protection laws in other jurisdictions

9.2 Data Collection and Processing for Children

  • No Intentional Collection:
    We do NOT knowingly collect, solicit, or process personal data from individuals under the age of 13 without verified parental consent.
  • Parental Consent:
    If we offer services directed at children or knowingly collect data from minors, we will obtain verifiable parental consent before collecting personal data, in accordance with applicable laws.

9.3 What Happens If We Collect Data from a Child Unintentionally?

If we discover that we have inadvertently collected personal data from a child without parental consent:

  • Immediate Action: We will delete the information from our servers as quickly as possible.
  • Parental Notification: If applicable, we will notify the parent or legal guardian and take corrective actions.

9.4 Parental Rights and Controls

Parents or legal guardians have the right to:

  • Review: Request access to any personal data we may have collected from their child.
  • Delete: Request deletion of the child’s personal data from our systems.
  • Control: Withdraw consent for further data processing related to their child.

To exercise these rights, please contact us at contact@famoconnect.com.


9.5 Best Practices for Parents and Guardians

We encourage parents to:

  • Monitor their children’s online activities regularly.
  • Use parental controls on devices and apps.
  • Educate children about online privacy and the importance of not sharing personal information without supervision.

9.6 Special Considerations for International Users

In jurisdictions where the minimum age for data consent is higher than 13 (e.g., 16 in certain EU countries under GDPR), we comply with the applicable legal age requirements.

If we determine that a user under the required legal age has registered without parental consent, we will suspend the account and initiate the data deletion process.


10. Third-Party Services and Links

Our services may contain links to third-party websites, applications, and services, as well as integrations with third-party tools. This section explains how your personal data may be shared with third parties and outlines our responsibilities regarding external services.


10.1 Use of Third-Party Service Providers

We engage trusted third-party service providers to support the operation of our services. These third parties process your personal data only as necessary to deliver their services, in accordance with strict data protection agreements.

Categories of Third-Party Services We Use:

  1. Cloud Hosting & Storage:
    • For secure storage and data processing (e.g., Firebase Cloud Storage, Firestore).
  2. Analytics & Performance Monitoring:
    • To analyze app usage, track performance, and improve functionality (e.g., Google Analytics, Firebase Analytics, Firebase Performance Monitoring).
  3. Crash Reporting:
    • To diagnose technical issues and improve app stability (e.g., Firebase Crashlytics).
  4. Advertising & Monetization:
    • To serve relevant ads and support app monetization (e.g., Google AdMob).
  5. Authentication Services:
    • For secure user login and account management (e.g., Firebase Authentication).
  6. Security Services:
    • To enhance app security and prevent unauthorized access (e.g., Firebase App Check).
  7. Machine Learning & AI Services:
    • For identification features and data analysis (e.g., Vertex AI in Firebase).

10.2 How We Share Data with Third Parties

  • Purpose-Driven Sharing: We share personal data with third parties only for legitimate business purposes, such as service provision, analytics, security, or compliance.
  • Data Processing Agreements (DPAs): We enter into legally binding agreements with third-party processors to ensure they handle your data securely and comply with applicable privacy laws.
  • Limited Access: Third parties have access only to the data necessary to perform their functions, and they are prohibited from using it for any other purpose.

10.3 External Links to Third-Party Websites

Our apps and website may contain links to external websites or services that are not operated or controlled by us.

  • No Control Over External Sites: We are NOT responsible for the privacy practices, security, or content of third-party websites.
  • User Responsibility: We encourage you to review the privacy policies of any external sites or services you interact with.

Example: Clicking on an advertisement or external link within our app may redirect you to a third-party website, where different privacy practices apply.


10.4 Third-Party Data Collection

In some cases, third parties may collect data directly from you through their embedded tools within our apps, such as SDKs or APIs.

  • Advertising Networks: Third-party ad networks (e.g., Google AdMob) may collect device information to serve personalized ads, based on your preferences and device settings.
  • Analytics Tools: Third-party analytics services may track aggregated usage data to help us improve app performance.

You can manage your preferences for data collection through your device settings (e.g., opting out of personalized ads).


10.5 International Data Transfers by Third Parties

Some third-party service providers may process your personal data in countries outside your jurisdiction. In such cases:

  • Data Protection Measures: We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) and data protection agreements, to maintain data security and legal compliance.

10.6 Disclaimer Regarding Third-Party Services

While we carefully select third-party partners, we cannot guarantee their compliance with all privacy regulations. If you have concerns about a specific third party’s data handling practices, we recommend reviewing their privacy policy or contacting them directly.


11. International Data Transfers

Your personal data may be processed, stored, and transferred to countries outside of your own, including countries that may have different data protection laws than your jurisdiction. This section explains how we handle international data transfers to ensure the security and privacy of your information, in compliance with applicable laws such as the General Data Protection Regulation (GDPR).


11.1 How and Where Your Data Is Transferred

  1. Global Infrastructure:
    Your data may be processed and stored on servers located in the United States, the European Economic Area (EEA), and other countries where our cloud service providers, such as Firebase and Google Cloud, operate.
  2. Third-Party Data Processing:
    When we share your data with third-party service providers (e.g., for cloud hosting, analytics, or AI processing), they may process the data in countries outside your country of residence.

11.2 Legal Basis for International Data Transfers (Under GDPR)

For data transfers from the EEA to countries outside the EEA, we rely on the following legal mechanisms to ensure your data remains protected:

  1. Adequacy Decisions:
    • Transfers may occur to countries that the European Commission has deemed to provide an adequate level of data protection.
  2. Standard Contractual Clauses (SCCs):
    • For transfers to countries without an adequacy decision, we implement SCCs approved by the European Commission. These contractual obligations require data recipients to protect your data to GDPR standards.
  3. Binding Corporate Rules (BCRs):
    • In some cases, our service providers may have implemented BCRs, which are internal data protection policies approved by EU regulators.
  4. Your Consent:
    • Where other legal bases are not available, we may transfer data with your explicit consent, after informing you of potential risks.

11.3 Safeguards for Data Transfers

To protect your personal data during international transfers, we implement the following safeguards:

  • Data Encryption: Strong encryption protocols are applied both in transit and at rest.
  • Access Controls: Limited access to personal data based on strict authentication and authorization mechanisms.
  • Ongoing Monitoring: Continuous monitoring of third-party service providers to ensure compliance with data protection requirements.
  • Regular Audits: Periodic security and privacy audits of systems involved in data processing and transfer.

11.4 Your Rights Regarding International Transfers

If your personal data is transferred internationally, you have the right to:

  • Request information about the data transfer mechanisms in place.
  • Obtain a copy of the Standard Contractual Clauses or other safeguards used for the transfer (subject to confidentiality obligations).
  • Object to certain data transfers, where applicable under GDPR.

11.5 Risks Associated with International Transfers

While we take extensive measures to safeguard your data, international transfers to countries with differing data protection laws may carry inherent risks. We are committed to mitigating these risks through robust security practices and contractual protections.


12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, legal requirements, or service offerings. This section explains how we will notify you of updates and your responsibilities regarding these changes.


12.1 When We Update the Privacy Policy

We may revise this Privacy Policy under the following circumstances:

  • Changes in applicable data protection laws (e.g., GDPR, CCPA, or other privacy regulations).
  • Updates to our services, such as the introduction of new features, integrations with third-party services, or changes in data processing practices.
  • Changes in our business operations, such as mergers, acquisitions, or restructuring.

12.2 How We Notify You of Changes

When we make changes to this Privacy Policy:

  • We will update the “Last Updated” date at the top of this policy to reflect the date of the latest revision.
  • For material changes (e.g., changes in how we process personal data), we will notify you through:

For minor changes (e.g., legal clarifications), we may update the policy without additional notice beyond the revised date.


12.3 Your Responsibility to Review

  • Periodic Review: We encourage you to review this Privacy Policy periodically to stay informed about how we handle your personal data.
  • Acceptance of Changes: Your continued use of our services after updates are posted constitutes your acknowledgment and acceptance of the revised Privacy Policy.

If you do not agree with the updated Privacy Policy, you should stop using our services and delete your account if applicable.


12.4 Effective Date of Changes

  • The “Last Updated” date at the top of this Privacy Policy indicates when the most recent changes were made.
  • Changes become effective immediately upon posting unless stated otherwise in the notification.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, our data protection practices, or your personal data, please feel free to contact us. We are committed to addressing your privacy-related inquiries promptly and transparently.


13.1 How to Contact Us

You can reach out to us for:

  • General inquiries about this Privacy Policy
  • Requests to exercise your data protection rights (e.g., access, deletion, rectification)
  • Concerns about data security or privacy violations

13.2 Data Protection Officer (DPO) (if applicable)

If required by law, we may appoint a Data Protection Officer (DPO) to oversee compliance with data protection laws. You may contact the DPO directly regarding sensitive data protection concerns.


13.3 Submitting Data Protection Requests

When submitting a data protection request:

  • Clearly specify the nature of your request (e.g., data access, correction, deletion).
  • Provide sufficient information to verify your identity (e.g., registered email address, account details).

We will respond to your request within 30 days or as required by applicable laws. If we require additional time or information to process your request, we will notify you promptly.


13.4 Complaints to Data Protection Authorities

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority, especially if you are located in the European Economic Area (EEA).

For GDPR-related concerns, you can contact your local supervisory authority.
For CCPA-related concerns (California residents), you may contact the California Attorney General’s Office.