Privacy Policy
Effective Date: June 17, 2025WELCOME TO LUVLY PRIVACY POLICY!
This Privacy Policy (the “Privacy Policy“) sets out the main principles on which the data collected from you, or that you provide to us, will be processed by us in connection with your use of “Luvly” (the “App”), our websites (including but not limited to https://luvly.care), our blog, and all related services, features, materials, and content available for your use (collectively the “Service“) provided by Gismart Limited, a private limited company, incorporated and registered in England and Wales with company number 10152488 whose registered office is at 151 Wardour Street, London, England, W1F 8WE (“we”,“us”, “our” or the “Company”).Depending on your location, selected payment method, or other relevant factors, access to the Service, particularly with respect to sales, billing, and payment processing may be facilitated by Gismart Limited or one of its authorized partners acting as the Merchant of Record. These partners may include Extramile Limited, a company incorporated in Cyprus under registration number ΗΕ 445953, with its registered office at Prodromou 75, Oneworld Parkview House, Floor 4, 2063 Nicosia, Cyprus; and Fulfilling Inc., a Delaware corporation with a registered address at 1007 N Orange St., 4th Floor, Site 1382, Wilmington, New Castle, Delaware, 19801, USA. The Merchant of Record does not provide the Service, manage subscriptions, or assume any obligations related to the operation, support, or performance of the Service. Your contractual relationship remains solely with Gismart Limited. Your rights and obligations under these Terms are unaffected by the designation of a Merchant of Record, and neither Gismart Limited nor its partners shall be jointly liable for each other’s obligations unless expressly stated in these Terms.We encourage you to review our Privacy Policy in its entirety to gain insight into our personal data handling practices.HOW TO REACH US?
We have carefully designed this Privacy Policy to be clear, transparent, and accessible. However, if you have any questions or concerns regarding your privacy rights or how we handle your personal data, please feel free to contact us through:For EEA/UK and Non-EU/EEA Data Subjects:Online Contact Form: https://account.luvly.care/contact-formMailing Address: Gismart Limited, 151 Wardour Street, London, England, W1F 8WE
Email: dpo@gismart.com
CHANGES TO THIS PRIVACY POLICY
We may revise this Privacy Policy from time to time to reflect:- changes in applicable laws or regulatory requirements;
- updates to our data practices or the features and functionality of our Service provided to you;
- advancements in technology or other relevant changes.
- posting a prominent notice on our websites;
- sending an email to the contact information you have provided, if applicable.
CONTENTS
WHAT IS PERSONAL DATA, AND WHO OVERSEES ITS PROCESSING?WHAT PERSONAL DATA DO WE COLLECT?
WHAT ARE THE PURPOSES FOR PROCESSING YOUR DATA?
WHAT ARE THE LEGAL BASIS FOR PROCESSING YOUR DATA?
WHEN AND WHY DO WE SHARE YOUR DATA?
WHERE IS YOUR DATA STORED AND TRANSFERRED?
WHAT ACTIONS DO WE AVOID WHEN HANDLING YOUR DATA?
WHAT ARE OUR RULES FOR STORING YOUR DATA?
WHAT SECURITY MEASURES DO WE USE?
HOW DO WE RESPOND TO SECURITY INCIDENTS?
WHAT ARE YOUR RIGHTS OVER YOUR DATA?
HOW CAN YOU MANAGE YOUR DATA?
HOW WE PROCESS YOUR REQUESTS?
PRIVACY NOTICE FOR CALIFORNIA RESIDENTS, US
PRIVACY NOTICE FOR VIRGINIA, CONNECTICUT, COLORADO, UTAH, AND NEVADA, US
WHAT IS PERSONAL DATA, AND WHO OVERSEES ITS PROCESSING?
“Personal Data” refers to any information that identifies you as an individual or relates to an identifiable individual. Gismart Limited acts as the ‘controller’ of your Personal Data. As the controller, we determine the purposes and means of the processing of your personal data when you use our Service. In certain situations, as specified within this Privacy Policy, we may act as a ‘processor’ of your personal data, meaning we process data on behalf of another controller.For the purposes of data protection laws in the United Kingdom, including the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA 2018”), Gismart Limited is the controller of your personal data. Additionally, for specific categories of personal data, we may act as a processor, as detailed below.Certain aspects of our Service may be provided by our authorized partners Extramile Limited and Fulfilling Inc., both of which act as ‘processors’ of your personal data. This means that:- Extramile Limited, a company incorporated in Cyprus (Company No. ΗΕ 445953), with a registered office at Prodromou, 75, Oneworld Parkview House, Floor 4, 2063, Nicosia, Cyprus, processes data on our behalf in accordance with our instructions.
- Fulfilling Inc., a Delaware corporation, with a registered address at 1007 N Orange St, 4th Floor, Site 1382, Wilmington, New Castle, 19801, also processes certain personal data as a data processor, operating strictly under our direction.
WHAT PERSONAL DATA DO WE COLLECT?
As you access and use our Service, we gather certain personal data through the following means:Data Directly Provided by You:Basic Information. We collect the information necessary to personalize your account and provide you with tailored Service. This includes: your name, email address, age, gender, account and profile credentials, skin type, target areas, any other information you choose to share to personalize your account or profile, and optional information, such as preferences or interests, that you provide during onboarding or while using the Service.Purchase and Subscription Information. Payment information is required to process your subscription. This includes subscription plan details, and payment information. Note that we do not store or process your credit card information. This information is handled securely and directly by our third-party payment processing partners in accordance with their privacy policies.Health and Wellness Information. If you choose to share information related to your health or wellness, we may process information about your skin, physical attributes, skincare preferences, nutritional preferences, exercise routines, and other information you provided during the onboarding questions. With your explicit consent, we may also import data from third-party services, such as Google Health Connect, including but not limited to information about fitness activities, weight, height etc. This information will be processed solely to provide the functionality and features of the App. Imported data remains subject to the privacy policies of the relevant third-party providers.Survey and Communication Information. We may collect any information you voluntarily provide when: participating in surveys, questionnaires, or Service testing, communicating with us or directed to us via letters, emails, and social media, or submitting reviews or testimonials regarding our Service. If you participate in any promotions or competitions we may run, we process information relevant to your participation. This data is processed to assess user opinions, improve our Service, and support the development of new features.Face and Cosmetic Scan Information. We may process photos submitted for Face and Cosmetic Scan features to enhance our Service only with your express consent. The use of these scanned photos is entirely voluntary and will only occur when you actively choose to use these features. They are processed exclusively to improve our Service and are not used for identification purposes. You may withdraw your consent at any time by contacting us at https://account.luvly.care/contact-form. Upon withdrawal, we will cease processing any future Face and Cosmetic Scan data for Service improvement purposes. For further details about the Face and Cosmetic Scan feature in our App, please refer to our TermsAI Assistant Interaction Information. When you engage with our AI Assistant based on OpenAI technology (e.g., GPT-4 API), we process and store the content of your conversations to improve the functionality of our Service and enhance the user experience. You can read more about the AI Assistant feature in our Terms.User-Generated Content. We process any content you publish or upload on our Service, including but not limited to posts, messages, images, and other materials, in accordance with the provisions set out in our Terms regarding User-Generated Content.Data Automatically Collected by Us:Log and Technical Information. When you access our website or use the App, certain information is automatically collected by your browser or device. This may include: your IP address, browser type, time zone, language settings, the date and time of your access, details about the features you use, actions you take within the Service, interactions with specific areas of the interface, and patterns of App usage, including session frequency and duration.Device-Related Information. We collect information about the device you use to access our Service, including device model, type, unique device identifiers, operating system version, Internet service provider details, mobile carrier information, and hardware ID.Face and Cosmetic Scan Feature. If you choose to use the Face Scan feature, we process the photos you upload to assess specific facial characteristics, skin attributes, and other visual details. This information enables us to create a tailored wellness program designed to meet your individual needs. When you use the Cosmetic Scan feature, we process the photos you provide to evaluate product compatibility with your skin type or offer insights into current products on the market, including detailed reports on their ingredients. Please note that the photos and data collected through these features are used exclusively to deliver the requested Service. We may keep the photos and associated information for up to one month to further develop and improve the accuracy and effectiveness of our Face and Cosmetic Scan features.Other Sources. We may augment the information you provide with data obtained from third parties or other external sources. This additional data may include: details about how you interact with our Service or information from third parties to support marketing communications (only where you have opted in), refine our research, or enhance the delivery of our Service.Data Collected via Cookies.To provide you with an enhanced experience, our Service relies on technologies such as cookies, SDKs, and similar tools. These technologies assist us in tailoring your interactions, delivering relevant advertisements, and gaining insights into how our Service is used. They are triggered when you browse our website, navigate the App, or activate specific features. While you have the option to disable these tools in your settings, doing so may limit the availability or performance of certain functionalities, however, the essential aspects of our Service will remain accessible.Please learn more about this in our Cookie Policy.
Please note that this Privacy Policy does not apply to information collected by:Third-Party Service. Any third party, including through any application or content (including advertising) that may link to or be accessible from or through our Service.Personnel and Job Applicants: This Privacy Notice does not apply to the collection of personal data from employees, job applicants, contractors, business owners, directors, officers, or other staff members except for California Residents.Non-Personal Data: Information that cannot reasonably identify, relate to, describe, or be linked (directly or indirectly) to a specific individual is not considered personal data. This Privacy Notice does not govern the processing of such non-personal information.
WHAT ARE THE PURPOSES FOR PROCESSING YOUR DATA?
We collect and process personal data to deliver, enhance, and secure our Service, ensuring a seamless and personalized experience. Below, we outline the purposes for which your data is processed:To Ensure Access to and Proper Delivery of our Service. We process your personal data to enable your access to and use of our Service, including features such as Face and Cosmetic Scan tools, AI Skin Helper, and wellness or beauty plans. This includes: verifying your identity and providing uninterrupted access to our Service, promptly addressing any operational or technical problems.To Fulfill Transactions. We collect the information required to process your transactions, which includes managing subscription payments and providing any related services to ensure seamless access to the features you have subscribed to.To Customize Your Experience. We process your personal data to tailor the Service to your individual preferences and needs. By analyzing your interactions and behavior, we deliver content, recommendations, and features aligned with your specific goals. This allows us to provide you with a more personalized experience, whether through customized wellness plans, targeted content, or recommendations for relevant products. To Analyze Usage and Performance. We use your personal data to gain insights into how you interact with our websites and App. This helps us identify the most popular features, assess the effectiveness of our content, and understand user behavior. These insights are used to refine functionality, improve usability, and ensure that the Service operates effectively and efficiently for all users.To Improve the Service. We process personal data to enhance the overall quality and functionality of the Service. By refining features and developing new tools, we ensure that the Service evolves to meet your needs. Data is also used to optimize our offerings, conduct research and surveys, and perform financial analyses to assess billing, pricing, and other processes that may require improvement. These efforts enable us to create a better user experience and provide innovative, value-driven solutions. For Advertising and Marketing Purposes. We may process your personal data to enhance and deliver targeted advertising within our Service and on third-party platforms. Your information helps us display personalized ads and content that reflect your interests and preferences. We work with external advertising networks, social media platforms, and analytics providers to promote our Service across various channels. Additionally, we analyze the performance of our marketing campaigns to assess their effectiveness and refine our advertising strategies for better engagement. To Ensure the Security and Integrity of our Service. We process your personal data to safeguard the security and stability of our systems, networks, and users. Measures are taken to prevent unauthorized access, detect misuse or fraudulent activities, and ensure the integrity of our IT infrastructure through consistent monitoring and maintenance.To Provide Support and Communicate with You. When you reach out to us with inquiries, concerns, or feedback, we process your personal data to assist you and address your requests. This may include sending responses via email, providing updates related to your use of our Service, or resolving reported issues. We may also review communications and interactions with you to ensure the quality of our support, improve staff training, and effectively handle any complaints you raise. We may process your inquiries, subscription details, and communication content using the AI API to generate personalized responses. This includes analyzing your inquiries to identify dissatisfaction or disputes and routing your request to the appropriate support workflow. The AI Assistant does not engage in autonomous decision-making that produces legal or similarly significant effects concerning individuals. All final decisions are made by human personnel, with the AI system used solely to assist in providing timely and relevant support.To Comply with Legal Obligations. We process your personal data to meet our responsibilities under applicable laws and regulations. This may involve using your information to investigate disputes or claims related to our Service or to respond to legal, governmental, or regulatory requests. Your information may also be processed to fulfill obligations related to anti-money laundering measures, fraud prevention efforts, tax compliance, sanctions adherence, or other legal requirements. We may use your personal data to assert or protect our legal rights when appropriate.WHAT ARE THE LEGAL BASIS FOR PROCESSING YOUR DATA?
We are committed to transparency in how we collect, use, and process your personal data. Under applicable data protection laws and other relevant regulations, we rely on specific legal bases for processing your personal data. The legal basis varies depending on the purpose of personal data processing, as outlined below.PURPOSE OF THE PROCESSING
LEGAL BASIS
CATEGORIES OF PERSONAL DATA
To Ensure Access to and Proper Delivery of our Service
Performance of a Contract (Article 6(1)(b) GDPR)Legitimate Interests (Article 6(1)(f) GDPR) Consent for Special Category Data (Article 9(2)(a) GDPR)
All categories of data.
To Fulfill Transactions*
Performance of a Contract (Article 6(1)(b) GDPR)Legitimate Interests (Article 6(1)(f) GDPR)
Transactional Data
- Payment details (e.g., subscription payments).
- Billing information.
- Service usage history related to transactions etc.
To Customize Your Experience
Performance of a Contract (Article 6(1)(b) GDPR)Legitimate Interests (Article 6(1)(f) GDPR)Consent for Special Category Data (Article 9(2)(a) GDPR)
Personalization & Preference Data
- User preferences and settings.
- Interaction and behavioral data.
- Customization preferences (e.g., wellness plans, targeted content) etc.
To Analyze Usage and Performance
Legitimate Interests (Article 6(1)(f) GDPR)
Usage & Analytics Data
- Websites and App interaction data.
- Feature usage statistics.
- Engagement metrics (e.g., time spent, navigation patterns), etc.
To Improve the Service
Legitimate Interests (Article 6(1)(f) GDPR)
Service Improvement Data
- User feedback and survey responses.
- Performance data on features and tools.
- Financial analysis related to billing and pricing etc.
For Advertising and Marketing Purposes
Legitimate Interests (Article 6(1)(f) GDPR)Consent for Special Category Data (Article 9(2)(a) GDPR)
Marketing & Advertising Data
- Ad engagement data.
- Targeting and audience segmentation data.
- Information shared with third-party advertisers and analytics providers etc.
To Ensure the Security and Integrity of our Service
Legitimate Interests (Article 6(1)(f) GDPR)
Security & Fraud Prevention Data
- Authentication and access logs.
- Security monitoring and threat detection data.
- Fraud prevention indicators etc.
To Provide Support and Communicate with You
Performance of a Contract (Article 6(1)(b) GDPR)Legitimate Interests (Article 6(1)(f) GDPR)
Customer Support & Communication Data
- Inquiries and support requests
- Subscription status and details, billing period, tone analysis data processed via the AI API to personalize responses and route requests
- Communication logs (e.g., email, chat)
- Customer service interactions and quality assurance data, etc.
To Comply with Legal Obligations
Compliance with Legal Obligations (Article 6(1)(c) GDPR).
Legal & Compliance Data
- Information required for regulatory compliance (e.g., anti-money laundering, tax compliance).
- Dispute resolution and claims-related data.
- Government and law enforcement request responses etc.
- Apple App Store (for iOS devices)
- Google Play Store (for Android devices)
- You authorize the applicable payment provider to collect and process your payment details.
- We do not collect or store your payment information (e.g., credit card number, expiration date).
PayPal Privacy PolicySecurity and Compliance. We take your financial security seriously and ensure that all payment providers we work with:
- comply with PCI-DSS (Payment Card Industry Data Security Standard) regulations;
- use encryption and fraud prevention mechanisms to safeguard transactions;
- operate independently in processing and securing your payment details.
WHERE IS YOUR DATA STORED AND TRANSFERRED?
Data Storage. We primarily store and process your personal data within the United Kingdom (UK) and European Economic Area (EEA) to ensure compliance with applicable data protection laws. Our commitment to data security and privacy means that all personal data is stored on secure servers that we either own or license from trusted third-party providers. These servers are protected using industry-standard security measures to prevent unauthorized access, data loss, or misuse.Data Transfers Outside the UK & EEA. In certain circumstances, we may need to process or transfer your data to trusted third-party service providers outside the UK and EEA to ensure the effective operation and delivery of our Service. This may include servers or partners based in the United States or other jurisdictions.Before engaging any third-party processor located outside these regions, we conduct thorough risk assessments and ensure they meet strict privacy and security requirements aligned with international data protection standards. We do not transfer personal data to jurisdictions that lack adequate data protection frameworks.Legal Safeguards for International Transfers. Whenever personal data is transferred outside the UK or EEA, we comply with UK GDPR and EU GDPR by implementing legally recognized safeguards, including:- For transfers outside the UK: We use International Data Transfer Agreements (IDTAs) or UK Addendums to ensure data protection in line with UK regulations.
- For transfers outside the EEA: We rely on Standard Contractual Clauses (SCCs) as approved by the European Commission, ensuring an equivalent level of data protection.
Processor’s name
Processor’s privacy policy
Purpose
Amplitude
Tracking user interactions and engagement within the App. Collecting user behavior data, event tracking, and App usage statistics to analyze user behavior, measure App performance, and improve user experience.
AppsFlyer
Providing mobile attribution and marketing analytics, including deep linking functionality. Collecting device information, user interactions, and attribution data to measure the effectiveness of marketing campaigns, improve user acquisition strategies, and facilitate deep linking within the App.
Firebase Crashlytics
Tracking and reporting App crashes and stability issues. Collecting crash reports, device state information, and user interactions leading up to a crash to help us identify and fix bugs, ensuring a stable and reliable App experience.
Firebase Authentication
Providing secure authentication for users signing in to our App. Collects user identifiers (e.g., email, phone number) and authentication tokens to manage user sessions and secure access to the App.
Firebase Analytics
Tracking user interactions and engagement within the App. Collecting user behavior data, event tracking, and app usage statistics to analyze user behavior, measure App performance, and improve user experience.
Facebook (Analytics)
Tracks user interactions and engagement within the App. Collects user behavior data, event tracking, and App usage statistics to analyze user behavior, measure App performance, and improve user experience.
Google Sign-In
Allowing users to sign in to our App using their Google account. Collecting user’s Google ID, name, email address, and profile picture to authenticate users and enable a seamless login and personalized experience.
AWS AppSync
Enabling real-time data synchronization between the App and backend services. Used for querying, mutating, and subscribing to data through a secure GraphQL interface. Collecting and syncing user and application data across devices to maintain app performance, reliability, and data consistency.
OpenAI (ChatGPT API)
Processing customer support inquiries and subscription details to generate personalized responses and analyze tone for routing to appropriate support workflows.
Reteno
Enhancing user engagement through personalized communication and retention strategies, including marketing emails and push notifications. Collecting user activity data, preferences, engagement metrics, and contact information to create personalized user experiences, improve retention efforts, and send targeted marketing emails and push notifications.
Wellhub
Tracking user interactions and engagement within the App. Collecting user behavior data, event tracking, and wellness-related analytics to enhance personalized features, measure App performance, and improve user experience.
WHAT ACTIONS DO WE AVOID WHEN HANDLING YOUR DATA?
We are dedicated to respecting your privacy and safeguarding your personal data. In line with this commitment, we adhere to principles regarding the handling of your information, as detailed below:No Sale, License, or Rental of Personal Data. We do not sell or rent your personal data for financial gain. Your personal data is only disclosed as outlined in this Privacy Policy.Limited Sharing with Service Providers. We share your personal data exclusively with service providers who assist in delivering and supporting our Service, as described herein. We ensure that no data is shared with external providers or partners without appropriate data protection agreements or contractual terms in place to safeguard your information.Protection of Children’s Data. We do not knowingly collect personal data from children who do not meet the minimum age requirement in their jurisdiction. If you are under the applicable minimum age, as defined in our Terms, you are not permitted to use our Service.WHAT ARE OUR RULES FOR STORING YOUR DATA?
We store your personal data only for as long as it is necessary and relevant to achieve the purposes for which it was originally collected. This includes providing our Service, maintaining security, resolving disputes, and complying with legal and regulatory obligations.Retention Periods. When your personal data is no longer required for its original purpose, we will either securely delete or anonymize it so that it can no longer be linked to you. If you deactivate or delete your account, we will retain your personal data for no longer than two (2) months, unless retention is required for legal, regulatory, or contractual obligations. In cases where legal or regulatory requirements necessitate longer retention, we will store only the minimum personal data necessary and ensure it is appropriately protected.Exceptions to Deletion Requests. Even if you request the erasure of your personal data, certain circumstances may require us to retain minimal personal data, including:- Legal compliance: to adhere to applicable laws, regulations, or law enforcement requests.
- Dispute resolution: to investigate, defend, or settle legal claims.
- Contract enforcement: to uphold our agreements and protect our legitimate business interests.
WHAT SECURITY MEASURES DO WE USE?
We take data security seriously and have implemented both organizational and technical safeguards to protect your personal information against unauthorized access, loss, alteration, or misuse.Organizational Security Measures. We enforce strict internal policies and procedures to maintain the security and confidentiality of personal data, including:- Access Control Policies: Only authorized personnel with a legitimate need can access sensitive data.
- Login & Password Management: We enforce multi-factor authentication (MFA) and strong password policies.
- Physical Security: Our premises and data storage facilities are secured through restricted access, surveillance, and security protocols.
- Encryption & Pseudonymization: Sensitive data is encrypted at rest and in transit to prevent unauthorized access.
- Secure Networks & Firewalls: We use firewalls, intrusion detection systems (IDS), and endpoint protection to prevent cyber threats.
- Regular Security Audits & Assessments: We conduct penetration testing, vulnerability scanning, and security reviews to proactively identify and mitigate risks.
- Backups & Disaster Recovery: Our systems include secure backups and failover mechanisms to ensure resilience against data loss or service disruptions.
HOW DO WE RESPOND TO SECURITY INCIDENTS?
Immediate Assessment and Containment. In the unlikely event of a personal data breach, we will promptly assess the incident, contain its impact, and evaluate the risks to individuals’ rights and freedoms. Our breach response may involve actions such as logging affected users out, resetting passwords, and enhancing security protocols to mitigate potential harm. By maintaining strong personal security practices and promptly reporting any concerns, you can help us protect your information effectively.Regulatory Reporting Obligations. If the breach is likely to result in a high risk, we will notify affected individuals without undue delay, providing details of the breach, mitigation steps, and recommended protective actions. When required, we will report the breach to the relevant supervisory authority - such as the Information Commissioner’s Office (ICO) for the UK or the appropriate EU authority - within 72 hours of becoming aware. All breaches will be documented, and measures will be implemented to prevent recurrence.To report a personal data breach or seek assistance, please contact us via https://account.luvly.care/contact-form or dpo@gismart.com. We will address your concerns accordingly.WHAT ARE YOUR RIGHTS OVER YOUR DATA?
As a resident of the European Union (EU), European Economic Area (EEA), or the United Kingdom (UK), you are entitled to certain rights regarding your personal data under the General Data Protection Regulation (GDPR) and the UK GDPR. Below is a summary of your key rights and how you can exercise them:Right to Access Your Data. You have the right to request access to the personal data we hold about you. Upon request, we will provide a copy of your personal data along with details about how it is processed, shared, and stored.Right to Rectification. If your personal data is inaccurate, incomplete, or outdated, you have the right to request corrections or updates to ensure it is accurate and complete.Right to Erasure (‘Right to be Forgotten’). You can request the deletion of your personal data where:- the data is no longer necessary for the purposes for which it was collected;
- you withdraw consent and there is no other legal basis for processing;
- you object to processing and there are no overriding legitimate grounds;
- your data was unlawfully processed; or
- deletion is required to comply with a legal obligation.
- you contest its accuracy (while we verify the accuracy);
- processing is unlawful, and you prefer restriction over deletion
- we no longer need the data, but you require it for legal claims; or
- you object to processing, pending verification of our legitimate interests.
- processing is based on legitimate interests or public interest unless we demonstrate compelling legitimate grounds that override your interests.
- your data is used for direct marketing purposes, in which case we will immediately stop processing for this purpose.
- EU Residents: You can find your relevant supervisory authority here.
- UK Residents: You can lodge a complaint with the UK’s Information Commissioner’s Office (ICO) here.
- Access Your Data: Request details about the categories and specific pieces of personal data we collect, use, disclose, or sell.
- Request Deletion: Ask us to delete your data, subject to legal exceptions.
- Opt-Out of Sale or Sharing of Data: If applicable, opt out of the sale or sharing of your data for targeted advertising or analytics purposes.
- Correct Your Data: Request correction of inaccurate personal information we maintain.
- Limit Use of Sensitive Data: If applicable, restrict the processing of sensitive personal information.
- Non-Discrimination: You will not be discriminated against for exercising your privacy rights.
- Right to Access and Portability: Request a copy of the data we hold about you.
- Right to Correction: Request modifications to any inaccurate or incomplete personal information.
- Right to Withdraw Consent: If we process your data based on consent, you can withdraw it at any time.
- Right to Challenge Compliance: You can challenge our privacy practices with Canada’s Office of the Privacy Commissioner (OPC).
If you are a resident of Brazil, you are entitled to rights under the LGPD, including:
- Right to Confirm Processing: Request confirmation on whether we process your data.
- Right to Access and Correction: Request access to or corrections of your data.
- Right to Anonymization or Blocking: Request anonymization, blocking, or deletion of unnecessary or excessive data.
- Right to Data Portability: Receive your data in a structured format or transfer it to another provider.
- Right to Withdraw Consent: Revoke your consent for data processing at any time.
- Right to Know: Request information about how we collect, use, and disclose your data.
- Right to Access and Correction: Request copies of your data and corrections if inaccurate.
- Right to Restrict Processing: Limit how we use your personal data.
If you are located in Japan, your rights under the APPI include:
- Right to Notification of Purpose of Use:Request details on how and why your personal data is being used.
- Right to Access: Request disclosure of your personal data held by us.
- Right to Correction or Deletion: Request correction, addition, or deletion of data that is inaccurate or outdated.
- Right to Suspension of Use or Erasure: Request us to stop using or delete your data if we are using it in violation of the APPI.
- Right to Object to Third-Party Transfer: Object to the sharing of your personal data with third parties without your consent.
- Access: Know what personal data we hold about you and how we use it.
- Rectification: Request corrections to inaccurate or incomplete data.
- Cancellation: Request deletion of your data when it is no longer necessary or used without your consent.
- Objection: Object to the processing of your data for specific purposes, such as marketing.
HOW CAN YOU MANAGE YOUR DATA?
We provide you with the ability to access, update, and delete your personal data in accordance with applicable privacy laws.Accessing, Correcting, or Updating Your Data.You can review, modify, or update your personal data at any time by contacting us via our support form: https://account.luvly.care/contact-formDeleting Your Data. If you wish to delete your personal data, you may do so using the following methods:Option 1: Submit a request via our support form at: https://account.luvly.care/contact-formPlease include a brief description of your request.Option 2: Delete Your Account via the App
Android Users:
Open Profile → Settings.
Select Manage Account Details.
Press Delete Account and confirm on the popup.Contact our support team via https://account.luvly.care/contact-form for final confirmation.
iOS Users:
Open Profile → Settings.
Select Profile Details.
Press Delete Account and confirm on the popup.If you purchased a subscription via the App Store or Google Play, your account will be deleted automatically with no further action required.If you purchased a subscription on our website, you must send a request to our support team via our contact form at: https://account.luvly.care/contact-formImportant Considerations for Account Deletion. If you delete your Account, you will lose access to all associated subscriptions, progress, and Content (including User-Generated Content) in the App. Once your Account is deleted, we may not be able to restore any lost data. If you purchased a subscription via our website, deleting your Account means you will no longer have access to your subscription.For any further assistance, please contact our support team via https://account.luvly.care/contact-form.
HOW WE PROCESS YOUR REQUESTS?
If you submit a request to exercise your data protection rights, we will process it as follows:Response Timeframe. We aim to respond to valid requests within 30 days from the date of receipt. If your request is complex, or we receive a high volume of requests, we may require additional time. In such cases, we will inform you of the extension and provide a revised timeline for our response.Right to Decline Requests. We reserve the right to decline requests that are manifestly unfounded, excessive, or repetitive under applicable privacy laws. If your request falls into this category, we will notify you of our decision and provide reasons where required by law.Identity Verification. To protect your privacy and prevent unauthorized access, we may request additional information to verify your identity before processing your request. This step is necessary to ensure:- the requestor is entitled to access or modify the personal data;
- the rights and privacy of third parties are not compromised.
PRIVACY NOTICE FOR CALIFORNIA RESIDENTS, US
General Details. Residents of certain U.S. states, such as California, may have additional rights regarding their personal information under applicable state laws. These include the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), among other state privacy laws. Where specific legal provisions in this notice do not apply, the Privacy Policy shall govern the processing and handling of personal information.Exercising Your Rights. Only you or an authorized representative legally permitted to act on your behalf may submit a request related to your personal information. Please refer to the previous section for details on the rights available to you and how to exercise them. In addition to those rights, this section provides further information about the processing, collection, and disclosure of personal information under U.S. State Privacy Laws.Definition of Personal Information. Personal Information refers to any information that identifies, relates to, describes, or can reasonably be linked to you as an individual.Pursuant to the CCPA, the term “personal information” excludes:- information that is publicly available through official government sources;
- consumer data that has been de-identified, anonymized, or aggregated in a manner that prevents re-identification
- Submitting an opt-out request via https://account.luvly.care/contact-form
- Adjusting your cookie and tracking preferences through our website’s settings.
- Configuring your browser or device settings to restrict online tracking.
- the specific categories of personal information we collect;
- the business purposes for which this information is collected and disclosed;
- the categories of service providers to whom we have disclosed this personal information in the past 12 months.
CATEGORY
EXAMPLE
BUSINESS PURPOSE
WHO WE SHARE IT WITH
Identifiers
Name, email address, phone number, account username, IP address etc.
Facilitating business operations and service delivery.Engaging in lawful advertising, marketing, and promotional efforts.Managing account registration, authentication, and support functions.Maintaining, enhancing, and safeguarding the functionality, reliability, and security of the Service.
Advertising platforms, technology and service providers, analytics and research firms, cloud storage providers, social media companies, business partners, affiliated companies, and payment processors.
Physical characteristics as indicated by you
Height, weight, or other self-reported physical attributes.
Facilitating business operations and service delivery.Engaging in lawful advertising, marketing, and promotional efforts.Maintaining, enhancing, and safeguarding the functionality, reliability, and security of the Service.
Advertising platforms, technology and service providers, analytics and research firms, cloud storage providers.
Gender and age, as identified by you
Gender and age details as voluntarily provided by you.
Facilitating business operations and service delivery.Engaging in lawful advertising, marketing, and promotional efforts.Maintaining, enhancing, and safeguarding the functionality, reliability, and security of the Service.
Advertising platforms, technology and service providers, analytics and research firms, cloud storage providers.
Wellness data to the extent it contains identifying information
Any exercise or activity-related data that may be associated with your identity.
Facilitating business operations and service delivery.Engaging in lawful advertising, marketing, and promotional efforts.Maintaining, enhancing, and safeguarding the functionality, reliability, and security of the Service.
Technology and service providers, analytics and research firms, cloud storage providers.
Visual or similar information to the extent it contains identifying information
Photos, User-Generated Content or other materials created within our Service.
Facilitating business operations and service delivery.Maintaining, enhancing, and safeguarding the functionality, reliability, and security of the Service.
Technology and service providers, analytics and research firms, cloud storage providers
Payment information
Purchase history, transaction details, subscription data etc.
Facilitating business operations and service delivery.Processing transactions, fraud detection, maintaining financial records
Payment processors
Internet or network activity
Browsing history, usage logs, App interactions, cookies etc.
Facilitating business operations and service delivery.Maintaining, enhancing, and safeguarding the functionality, reliability, and security of the Service.
Advertising platforms, technology and service providers, analytics and research firms, cloud storage providers.
Geolocation data
Approximate location based on IP address etc.
Facilitating business operations and service delivery.Maintaining, enhancing, and safeguarding the functionality, reliability, and security of the Service.
Advertising platforms, technology and service providers, analytics and research firms, cloud storage providers.
Inferences drawn from personal information
User preferences, behavioral trends, if applicable, etc.
Facilitating business operations and service delivery.Engaging in lawful advertising, marketing, and promotional efforts.Maintaining, enhancing, and safeguarding the functionality, reliability, and security of the Service.
Advertising platforms, technology and service providers, analytics and research firms, cloud storage providers, social media companies, business partners, and affiliated companies.
PRIVACY NOTICE FOR VIRGINIA, CONNECTICUT, COLORADO, UTAH, AND NEVADA, US
We include this section for residents of other US states with privacy laws that may impact them. These privacy laws include the Virginia Consumer Data Privacy Act (“VCDPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), the Colorado Privacy Act (“CPA”), and the Nevada Privacy Law (“NPL”), the Montana Consumer Data Privacy Act (“MCDPA”), the Oregon Consumer Privacy Act (“OCPA”), and the Texas Data Privacy and Security Act (“TDPSA”). This section is intended to comply with these laws by supplementing the information provided elsewhere in the Privacy Policy.Collection of Personal Information. We may collect personal information as described and categorized elsewhere in this Privacy Policy. The specific definitions of sensitive information vary by state law.Use of Personal Information. We may collect, use, and disclose personal information for the purposes outlined in this Privacy Policy. This includes providing services, improving our products, and complying with legal obligations.Disclosure of Personal Information. We may disclose personal information to third parties and service providers as described in this Privacy Policy. We ensure such disclosures comply with applicable laws to protect your privacy and rights.General Privacy RightsResidents of Colorado, Connecticut, Virginia, Utah, Montana, Oregon, and Texas are entitled to the following rights concerning their personal information:- Access: You have the right to request and receive a copy of the personal information we have collected about you.
- Correction: You can request corrections to inaccurate or outdated personal information.
- Deletion: You have the right to request the deletion of your personal information, subject to specific exceptions under the law.
- Data Portability: You can request that personal information be provided in a portable, easy-to- read format to enable its transfer to another service provider.
- Opt-Out Rights:
- Targeted Advertising: You can opt out of your personal information being used for targeted advertising.
- Sale of Personal Information: You can opt out of the sale of your personal information to third parties. Note: We do not sell personal information for monetary consideration.
- Profiling: You can opt out of automated decision-making processes that profile you for significant decisions, such as those affecting your legal, financial, or employment status.
- Profiling Opt-Out*: You may opt out of the use of your personal information for profiling purposes.
- Data Sales Opt-Out: You can opt out of the sale of personal information.
Oregon
- Access, Correction, and Deletion Rights: You can request access to your personal information, correct inaccuracies, or request its deletion.
- Data Sales and Targeted Advertising Opt-Out: You have the right to opt out of the sale of your personal information and the use of your information for targeted advertising.
- Compliance: We fully comply with the requirements of the Oregon Consumer Privacy Act (OCPA) to safeguard your rights and personal information.
- Transparency: You have the right to know the types of personal information we collect, process, and store about you.
- Data Correction and Deletion: You may request corrections to inaccuracies or deletion of your personal information.
- Opt-Out Rights: You can opt out of targeted advertising and profiling practices.
- Sale of Information*: Nevada residents have a limited right to opt out of the sale of personal information.
- Submit a Request: Contact us using the methods specified in our Privacy Policy. Include your full name, state of residence, and details of the request to help us process it efficiently.
- Verification Process: We may require you to verify your identity to protect your personal information and comply with legal obligations.
- Response Timeline: We will respond to verifiable requests within the timeframe specified by applicable state laws (typically 30 to 45 days).