This Privacy Policy (“Privacy Policy”) explains how TGCX Fintech Private Limited, (“Company”, “we”, “us”, or “our”) a company incorporated under the laws of India with CIN: U66190GJ2024PTC152724 and having its registered office at 304, Venus Benecia Pakvan, S.G. Highway, Bodakdev, Ahmedabad, Gujarat- 380054, India, collects, uses, stores, shares, and protects personal data when users (“User”, “you”, or “your”) access or use Lifrica (“Platform”) as a messaging and communication application.

By creating an account, accessing, or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. Where required by applicable laws, your explicit consent will be obtained through clear affirmative action before processing certain categories of Personal Data. If you do not agree with any provision of this Policy, you must immediately cease using the Platform and delete your account.

In this Privacy Policy, unless the context otherwise requires, the term “personal data” shall mean any data about an individual who is identifiable by or in relation to such data.

1. WHY WE COLLECT PERSONAL DATA?

Lifrica must receive or collect some personal data to operate, provide, improve, understand, customize, support, and market our Services, including when you install, access, or use our Services.

The types of personal data we receive and collect depend on how you use our Services. We require certain personal data to deliver our Services and without this we will not be able to provide our Services to you. For example, you must provide your mobile phone number to create an account to use our Services.

Our Services have optional features which, if used by you, require us to collect additional personal data to provide such features. You will be notified of such collection, as appropriate. If you choose not to provide the personal data needed to use a feature, you will be unable to use the feature. For example, you cannot share your location with your contacts if you do not permit us to collect your location data from your device.

Permissions can be managed through your device settings on both Android and iOS devices.

2. DATA WE COLLECT

    1. Personal Data you provide:

    Personal Information: You must provide your mobile phone number along with country code, and basic information (including a profile name of your choice) to create an account on the Platform. If you do not provide us with this information, you will not be able to create an account to use our Services. You can add other information to your account, such as a profile picture and “about”

    Contact Information: You can also use the contact upload feature and provide us, in accordance with applicable laws, with the phone numbers in your address book on a regular basis, including those of users of our Services and your other contacts. If any of your contacts are not yet using our Services, we will manage this information for you in a way that ensures those contacts cannot be identified by us.

    Customer Support Data: If you contact us for customer support or otherwise communicate with us, you may provide us with information related to your use of our Services, including copies of your messages, any other information you deem helpful, and how to contact you (e.g., an alternate contact number or an email address).

    2. Automatically Collected Information:

    Usage Data: We collect information about your activity on our Services, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, how you Interact with others using our Services and the time, frequency, and duration of your activities and interactions, log files, and diagnostic, crash, website, and performance logs and reports. This also includes information about when you registered to use our Services; the features you use like our messaging, calling, Status, groups (including group name, group picture, group description); profile photo, “about”; whether you are online, when you last used our Services (your “last seen”); and when you last updated your “about”.

    The Company typically does not store data of who you are messaging or calling at any given moment. However, there may be circumstances where Company may have access to this type of personal data. For example, we work to detect spam or abuse through advanced automated systems and reports.

    Device And Connection Data: We collect device and connection-specific information when you install, access, or use our Services. This includes data such as hardware model, operating system data, battery level, signal strength, app version, browser data, mobile network, connection (including phone number, mobile operator or ISP), language and time zone, IP address, and device operations.

    Location: We collect and use precise location data from your device with your permission when you choose to use location-related features, like when you decide to share your location with your contacts or view locations nearby or locations others have shared with you. There are certain settings relating to location-related data which you can find in your device settings or the in-app settings, such as location sharing. Even if you do not use our location-related features, we use IP addresses and other personal data like phone number, area codes to estimate your general location (e.g., city and country). We also use your location data for diagnostics and troubleshooting purposes.

    Cookies: We use cookies to operate and provide our Services, including to provide our Services that are web-based, improve your experiences, understand how our Services are being used, and customize them. For example, we use cookies to provide our Services for web and desktop and other web-based services. Additionally, we may use cookies to remember your choices, like your language preferences, to provide a safer experience, and otherwise to customize our Services for you.

    Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies such as beacons, tags, and scripts are used to collect and track information and to improve and analyse the Platform. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of the Services

3. THIRD-PARTY PERSONAL DATA

Data Others Provide About You: We receive personal data about you from other users. For example, when other users you know use our Services, they may provide your phone number, name, and other data just as you may provide theirs. They may also send you messages, send messages to groups to which you belong, or call you. You should keep in mind that in general any user can capture screenshots of your chats or messages or make recordings of your calls with them and send them to us or anyone else, or post them on another platform.

User Reports: Just as you can report other Users, other Users or third parties may also choose to report to us your interactions and your messages with them or others on our Services. When a report is made, we collect personal data (name, mobile number, reported messages) on both the reporting User and reported User.

Third-Party Service Providers:We work with third-party service providers to help us operate, provide, improve, understand, customize, support, and market our Services. For example, we work with them to distribute our apps (Play Store and App Store); provide our technical and physical infrastructure, delivery, and other systems; provide engineering support, cyber security support, and operational support; supply location, map (Google Maps, Apple Maps etc.); help us understand how people use our Services; market our Services; conduct surveys and research for us; ensure safety, security, and integrity; and help with customer service. These companies may provide us with personal data about you in certain circumstances; For example, app stores may provide us with reports to help us diagnose and fix service issues.

III . PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

We may use any of your personal data on standalone one basis or in combination with one-another for the following purposes:

#Purpose & Data CollectedUsage
01
For creating and managing your account- Your Account Information; Your Connections;Usage and LogInformation;Device and Connection Information; Cookies; Location Information (general location information, but not preciselocation)
  • Collecting and verifying your phone number by sending you a verification code via SMS or by calling you.
  • Checking the operating system and other features of your device to set up the Platform correctly on your device, and running security checks to make sure you do not already have an account or a phone number that is banned from the Platform.
  • Recording your user preferences, including the Terms you accepted, your privacy settings and the users you have blocked.
  • Facilitating you adding additional information, such as your photo or facial characteristics used to create your avatar if you choose to create one, or Account Information such as a profile picture, “about” information which is displayed to people who have your phone number, in line with your privacy settings.
  • Changing the phone number associated with your account when you update it.
  • In order to maintain security, limit data retention and protect your privacy, checking for activity every 30 days and deleting your account where your phone has not been online for 120 days (in general).
  • Deleting your account, at your request
  • Enabling you to re-register your account when it has been deactivated or locked.
02
To send and receive messages and to broadcast your status - Your Account Your Account Information; Your Messages (your messages, images, audio and videos are encrypted); Status Information (which is also encrypted); Your Connections; Usage And Log Information; Device and Connection Information; Cookies
  • If the recipient’s device is online on the Platform, deliver messages directly to their device. If your device or the recipient’s device is offline, we store the encrypted message for up to 30 days as we attempt to deliver the message and send a push notification to the device.
  • Show when you are online or indicate activity to recipients in a chat, such as displaying your ‘last seen’ to recipients according to your preferences.
  • Enable you to search the web for images to use as a community or group profile picture or to share videos from third-party services such as YouTube.
  • Allow you to broadcast your Status updates with contacts of your choice and view updates in order of relevance.
  • Take precautions to ensure your messages are conveyed correctly.
  • Optimize the sending of media files by storing them temporarily for up to 30 days in encrypted form on our servers to aid in more efficient delivery.
  • Use cookies to operate and provide our web-based Services.
03
For making, receiving, joining or leaving voice and video calls - Your Account Information; Your Messages (your messages, images, audio and videos are encrypted); Your Connections; Usage And Log Information; Device and Connection Information; Location Information (general location information, but not precise location)
  • Establish an encrypted connection for audio/video information between you and the other call participant (or participants if you are in a group call) after checking the participant’s privacy settings to see if they have blocked you.
  • Send you a push notification if you are receiving or have missed a call.
  • Notify participants in a group call when another user has been invited but has not accepted the call, or another user starts to ring, or another user joins the call, or a call participant has left, or the call is over.
  • When you change your in-app settings or take certain actions in a call, we let the other call participant(s) know the following: whether your video is on or off; when you invite other users to switch from an audio to a video call (or vice versa); when you have not heard from the other call participant(s); when you turn mute on or off; when your battery is below 5% and not charging; when you get an incoming call that interrupts your ongoing call;
  • To optimize call quality, we swap to alternative networks interfaces where your existing connection is limited, track metrics such as failed calls, number of calls ended due to disconnection and measure network link conditions to identify and resolve call quality issues, store performance information on your device after the call, so it is easier to set up a call with the same user(s) again, collect metrics about calls and aggregate them to optimize call quality, back up your data usage and time spent on a call, exchange network and other information during a call to adjust audio, video and network quality.
04
To enable you to use contact upload - YYour Account Information; Your Connections; Usage And Log Information
  • Regularly identify other users in your address book, add them to your contact list and store cryptographic hash values of the phone numbers of your contacts who are not users, so we can quickly update your contacts if those contacts sign-up at a later date.
  • Remove contacts from your contact list if one of your contacts no longer has an account.
  • At your request, block phone numbers of other users to prevent them from contacting you.
05
For creating or administering, a group or community - Your Account Information; Your Connections; Usage And Log Information; Device and Connection Information
  • Check that phone numbers you are trying to add to a group are users and check to ensure that their admission to the group is in line with their privacy settings.
  • Check to ensure that the community or group name and optional community or group description meets Platform requirements.
  • Store information about the community or group and its participant users (including any pending or past participant users) for example, to ensure that the appropriate privileges are applied and assign the creator of the community or group as an admin so that they can control and personalize community’s or group’s information, membership and settings.
  • When a community or group is active, log when you send invites to new community or group participants and for groups, expire non-accepted invitations within a set period.
  • Notify participants in the group of certain key changes to the community or group, such as changes to the community or group name, description or profile picture.
  • Temporarily store information to protect you from being re-added to groups you chose to leave and store the phone numbers of participants who are banned for example, from groups to ensure that they cannot rejoin. This information is also used to help identify any suspicious users or abusive behaviour where there is a high turnover of participants.
  • Allow you to appoint other community admins to a community you have created or you are a community admin of, and appoint a new group admin or community admin when the current admin (or admins) leave the group or community, or delete their account.
  • Delete a group when its last member leaves.
  • Suspend, or deactivate a community, and add or disconnect groups within the community.
06
For allowing you to create, access and restore backups - Your Account Information; Usage And Log Information; Device and Connection Information
  • nabling you to upload a backup of your chat history to a third-party cloud-based service.
  • Check to ensure that the community or group name and optional community or group description meets Platform requirements.
  • Store information about the community or group and its participant users (including any pending or past participant users) for example, to ensure that the appropriate privileges are applied and assign the creator of the community or group as an admin so that they can control and personalize community’s or group’s information, membership and settings.
  • Encrypt your chat history with a randomly generated encryption key or password you create. You can upload these encrypted backups of your chat history to a third-party cloud-based service.
  • Using an encryption key or your password to retrieve an encryption key to decrypt your backed-up chat history.
07
To ensure the safety, security and integrity of our Services - Your Account Information; Your Messages (only if provided by a user); Your Connections; Customer Support and Other Communications; Usage And Log Information; Device and Connection Information; Location Information (general location information, but not precise location); Cookies; Information Others Provide About You; User Reports Third-Party Service Providers; Third-Party Services
  • Verify accounts on an ongoing basis, and check that user sign-ups are genuine.
  • Log events and aggregated counts about community, group and user actions on our Platform (like the number of groups joined) and related sequences like patterns in registration and repetitive or identical User Reports to identify and investigate suspicious users, abusive behaviour, threats to the security of our Platform.
  • Store information about the community or group and its participant users (including any pending or past participant users) for example, to ensure that the appropriate privileges are applied and assign the creator of the community or group as an admin so that they can control and personalize community’s or group’s information, membership and settings.
  • Investigate and address violations of our Terms. For example, we may ban your account when we learn that you are engaged in infringing activities.
  • Detect, prevent and combat harmful or unlawful behaviour which threatens the security of our user’s information or the Platform, such as to combat scraping by bad actors at scale, or our efforts to detect and prevent spam, and bad experiences.
  • Collect app verification information from anti-abuse services to aid our efforts, such as preventing malicious actors from trying to take over your account.
08
To operate and provide our Services: Your Account Information; Your Messages (your messages, images, audio and videos are encrypted); Status Information (which is also encrypted); Your Connections; Customer Support and Other Communications; Usage And Log Information; Device and Connection Information; Location Information (general location information, but not precise location); Cookies; Information Others Provide About You; User Reports; Third-Party Service Providers; Third-Party Services

To transfer, store or process your information across borders. As the Platform service operates globally, with users around the world, we need to share information we collect globally externally with our partners and service providers, and with those with whom you communicate around the world, in accordance with our Privacy Policy. We carry out necessary transfers outside your home country or territory, and other countries, to:

  • Operate and provide our services. We also allow you to share information and connect with your family and friends around the globe andallow us to fix, analyse and improve our services.
09
For sending you notifications or updates about our Services: Your Account Information; Transactions And Payments Data; Usage And Log Information (details of the notifications you have previously received); Device and Connection Information; Location Information (general location information, but not precise location)
  • Identify relevant service-related notifications for you, send them to you on the Platform and keep a log when you have received the notification. For example, when our Terms are updated we will provide a notification about the update (as appropriate).
10
For providing you with customer support - Your Account Information; Your Connections; Customer Support and Other Communications; Usage And Log Information; Device and Connection Information; Location Information (general location information, but not precise location); Cookies
  • Processing requests for support and / or searches you make within the Help Center, in the app or via our website.
  • Responding when you request our help such as assisting with your account login or verification process.
11
To comply with a legal obligation and respond to legal requests - Your Account Information; Your Messages (only if provided by a user); Your Connections; Customer Support and Other Communications; Usage And Log Information; Device and Connection Information; Location Information (general location information, but not precise location); Cookies; Information Others Provide About You; User Reports; Third-Party Service Providers; Third-Party Services

To comply with a legal obligation, for example:

  • To access, preserve or disclose certain information if there is a valid legal request from a regulator, law enforcement or others.
  • To implement technical and organizational measures to protect your information on the Platform.
12
To respond to legal requests - Your Account Information; Your Messages (only if provided by a user); Your Connections; Customer Support and Other Communications; Usage And Log Information; Device and Connection Information; Location Information (general location information, but not precise location); Cookies; Information Others Provide About You; User Reports; Third-Party Service Providers; Third-Party Services
  • To preserve and share information with others, including law enforcement, where we have a good faith belief it is required by law in the relevant jurisdiction and it is consistent with internationally recognized standards including human rights, due process, and the rule of law.
  • To share information with law enforcement or industry partners/peers such as other online platforms and technology companies to combat abusive or illegal behaviour.
13
To protect your vital interests or those of another person - Your Account Information; Your Messages (only if provided by a user); Your Connections; Customer Support and Other Communications; Usage And Log Information; Device and Connection Information; Location Information (general location information, but not precise location); Cookies; Information Others Provide About You; User Reports; Third-Party Service Providers; Third-Party Services

To protect your vital interests or those of another person, for example:

  • To apply automated processing techniques and conduct manual (human) review.
  • To share information with law enforcement and others, in circumstances where someone’s vital interests require protection, such as in the case of emergencies. These vital interests include protection of your or someone else’s life, physical or mental health, wellbeing or integrity or that of others. In protecting such vital interests we aim to combat harmful conduct and promote safety, integrity and security.
  • To investigate reports of harmful conduct and take appropriate action, such as taking action on user accounts (such as banning them) or sharing information with relevant authorities, where there is a risk of imminent harmful conduct such as an attack or where a person’s safety is at risk.
  • Log User Reports, user's feedback about other users, aggregated events and actions to identify and understand the techniques being used by the bad actors that may interfere with the services, including your use of the services.
  • Identify, analyze, and investigate patterns of suspicious, harmful or fraudulent behavior like scams or other potential violations of our policies and Terms. We may ban your account when we learn that you are engaged in infringing activities.
  • check to ensure that User Reports are genuine and that community or group name, description or profile picture comply with our Terms.
  • Invite you to take surveys or provide feedback and analyse your responses to resolve issues.
14
For business intelligence and analytics - Your Account Information; Your Messages (only if provided by a user); Your Connections; Customer Support and Other Communications; Usage And Log Information; Device and Connection Information; Location Information (general location information, but not precise location); Cookies; Information Others Provide About You; User Reports; Third-Party Service Providers; Third-Party Services
  • Counting users and events for reporting to identify how many users the Platform has (and similar metrics) so we can share these metrics with affiliates, regulators and the public.
  • Validating metrics and analyzing the feedback you provide (e.g., via surveys), to understand how and how often our services are used, to gain insights, inform business planning and forecasting.
15
For providing marketing communications to you - Your Account Information; Usage and Log Information; Device and Connection Information; Location Information (general location information, but not precise location)
  • Collecting and storing your information and using it to send marketing communications to you.
16
To seek legal advice or seek to protect ourselves in the context of litigation and other disputes - Your Account Information; Your Messages (only if provided by a user); Your Connections; Customer Support and Other Communications; Usage And Log Information; Device and Connection Information; Location Information (general location information, but not precise location); Cookies; Information Others Provide About You; User Reports; Third-Party Service Providers; Third-Party Services

To seek legal advice or to protect ourselves in the context of litigation and other disputes, by preserving and sharing information in matters such as violations of our Terms and policies.

17
To improve the customer support service - Your Account Information; Customer Support and Other Communications; Usage and Log Information; Device and Connection Information; Location Information (general location information, but not precise location); Cookies; User Reports
  • a. Track information about your interactions with our customer support team to understand if issues are being resolved in a timely manner.
  • b. Run quality assurance checks on our interactions with our customers.
  • c. Request and review information you provide in customer satisfaction feedback surveys.
  • IV. WITH WHOM YOUR PERSONAL DATA IS SHARED

    You share your personal data as you use and communicate through our Services, and we share your personal data to help us operate, provide, improve, understand, customize, support, and market our Services.

    • With Whom You Communicate: You share your personal data (including messages) as you use and communicate through our Services.
    • Data Associated With Your Account: Your phone number, profile name and photo, “about” information, last seen information, and message receipts are available to anyone who uses our Services, although you can configure your Services settings to manage certain information available to other users with whom you communicate.
    • Third-Party Service Providers: We work with third-party service providers to help us operate, provide, improve, understand, customize, support, and market our Services. We work with these companies to support our Services, such as to provide technical infrastructure, delivery and other systems; market our Services; conduct surveys and research for us; protect the safety, security, and integrity of users and others; and assist with customer service. When we share information with third-party service providers in this capacity, we require them to use your personal data on our behalf in accordance with our instructions and terms.
    • Third-Party Services: When you use third-party services that are integrated with our Services, those third-party services may receive personal data about what you or others share with them. Please note that when you use third-party services, their own terms and privacy policies will govern your use of those services and products.

    V. INTERNATIONAL TRANSFER OF PERSONAL DATA

    Your personal data may be transferred to, stored or processed outside India for one or more of the purposes stated herein. We will only transfer your personal data outside India in accordance with applicable laws.

    VI. USER RIGHTS

    • Rights of access, correction and deletion: You are entitled to review, correct, amend or delete any part of your personal data provided to the Company, which is inaccurate, incomplete, misleading or not up to date. When handling data access, correction, restriction, or deletion requests, the Company shall be entitled to check the identity of the requesting party to ensure that they are the person entitled to make such request. We may also refuse such request in accordance with applicable laws.
    • Right to erasure: You have the right to request erasure of your personal data subject to limitations by applicable law. Company will retain your personal data on its servers for as long as is reasonably necessary for the purposes listed in this Privacy Policy. In some circumstances we may retain your personal data for longer periods of time, for example, where we are required to do so in accordance with any legal, regulatory, tax or accounting requirements. Where your personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the Platform or for our Services. In case user wishes to delete their account, they can do so using the ‘Delete Account’ option provided in the Platform’s in-app settings. Upon receipt and approval of such a request, the Company shall insofar as the data is stored in electronic form, take steps to ensure that it is securely deleted, erased or destroyed. Deletion, eraser or destruction of data may result in ceasing or limiting the provision of Services and termination of any agreements you may have with us. We shall inform you about the same before action on your request. The Company’s legal rights and remedies are expressly reserved in such event.
    • Right to grievance redress: If you believe that your rights have been infringed in any way, we encourage you to contact the Company through the ‘Help’ option in the Platform’s in-app settings or reach out to us as provided in the Contact Us section of this Privacy Policy so that we can try to resolve the issue or dispute amicably.

    VII. SECURITY

    • All your personal data is secured using AES-256 standard encryption. The Company has stringent security measures in place to protect the loss, misuse, and alteration of the personal data under our control. Whenever you use our Services, we offer the use of a secure server. Once your personal data is in our possession we adhere to strict security guidelines, protecting it against unauthorized access.
    • 2. In the event of a security breach or the failure of the measures of protection of such personal data in our systems or that of any engaged third-party service providers, the Company will notify you in accordance with applicable laws.

    VIII. WITHDRAWAL OF CONSENT

    You may withdraw your consent to further process any or all personal data or decline to provide any permissions to the Platform as covered above at any time. In case, you choose to do so then your access to the Platform may be limited, or we might not be able to provide the Services to you. You may withdraw your consent by going to the in-app settings or changing the permissions in your device settings.

    IX. CHILDREN’S DATA

    Our Services are not intended for children under 18 years old, and we will never collect their data unless it is provided by (and with the consent of) a parent or guardian. If we become aware that we have processed the information of a child under 18 years old without the valid consent of a parent or guardian, we will delete it.

    X. ASSIGNMENT, CHANGE OF CONTROL AND TRANSFER

    In the event that we are involved in a merger, acquisition, restructuring, bankruptcy, or sale of all or some of our assets, we will share your personal data with the successor entities or new owners in connection with the transaction in accordance with applicable laws.

    XI. LAW, OUR RIGHTS AND PROTECTION

    We access, preserve, and share your personal data if we have a good-faith belief that it is necessary to: (a) respond pursuant to applicable law or regulations, legal process, or government requests; (b) enforce our terms and any other applicable terms and policies, including for investigations of potential violations; (c) detect, investigate, prevent, or address fraud and other illegal activity or security, and technical issues; or (d) protect the rights, property, and safety of our users, the Company, or others, including to prevent death or imminent bodily harm.

    XII. CONTACT US

    If you have any questions or complaints about or relating to the personal data collected by the Company or wish to contact the Company under the terms of this Privacy Policy, you may contact us using the “Help” option in the Platform’s in-app settings or please contact our designated Grievance Officer:.

    Name: Mr. Umang Shah

    Email: support@lifrica.com

    Address: 304, Venus Benecia Pakvan, S.G. Highway, Bodakdev, Ahmedabad, Gujarat - 380054, India

    Days and Timing : Monday to Friday (9 AM - 7 PM)

    The Grievance Officer will acknowledge and address your complaint in accordance with applicable legal requirements and within the timelines prescribed thereunder.

    XIII. UPDATES TO OUR POLICY

    We may amend or update our Privacy Policy. We will provide you notice of amendments to this Privacy Policy, as appropriate, and update the “Effective Date”. Please review our Privacy Policy from time to time.

    ADDENDUM - UNITED KINGDOM AND EUROPEAN REGION


    This Addendum applies solely to users who are residents of the European Region or the United Kingdom and supplements the Privacy Policy. The Platform processes your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK General Data Protection Regulation as incorporated in the UK law and amended (“UK GDPR”), and any applicable data protection laws of the of the EU/EEA Member State or part of the UK in which you reside.

    I. USER RIGHTS

    Without prejudice to the contents of the main Privacy Policy, it is hereby clarified that in accordance with the GDPR, the following rights shall be available to the users residing in UK or European Region.

    • Right to be Informed: Users have the right to be informed about the collection and use of their personal data. This includes information about the identity and contact details of the data controller (being the Company herein) and, where applicable, its representative; the purposes and legal basis for processing; the categories of personal data processed; the recipients or categories of recipients of the personal data; the period for which the personal data will be stored; the existence of automated decision-making, including profiling, where applicable.
    • Right to Rectification:Users have the right to obtain, without undue delay, the rectification of inaccurate personal data concerning them and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
    • Right to Erasure: Users have the right to request the erasure of personal data concerning them without undue delay where one of the following grounds applies: the personal data is no longer necessary for the purposes for which it was collected or otherwise processed; the user withdraws consent on which the processing is based and there is no other legal ground for processing; the user objects to the processing and there are no overriding legitimate grounds; the personal data has been unlawfully processed; or the personal data must be erased for compliance with a legal obligation. This right is subject to exceptions, including where processing is necessary for compliance with a legal obligation, public interest, or the establishment, exercise, or defence of legal claims.
    • Right to Restriction of Processing: Users have the right to request restriction of processing where the accuracy of the personal data is contested, for a period enabling verification; the processing is unlawful and the user opposes erasure; the data is no longer required by the controller but is required by the user for legal claims; or the user has objected to processing pending verification of overriding legitimate grounds. During restriction, personal data shall only be processed with the user’s consent or for limited lawful purposes.
    • Right to Data Portability: Users have the right to receive the personal data concerning them, which they have provided to the controller, in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller, where the processing is based on consent or a contract; and the processing is carried out by automated means. Where technically feasible, users may also request direct transmission of data to another controller.
    • Right to Object: Users have the right to object, on grounds relating to their particular situation, at any time to the processing of personal data based on legitimate interests or performance of a task in the public interest. Where personal data is processed for direct marketing purposes, users have the absolute right to object at any time, and such data shall no longer be processed for those purposes.
    • Rights in Relation to Automated Decision-Making and Profiling:Users have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects them, unless such decision is necessary for entering into or performing a contract; or is authorized by law; or is based on the user’s explicit consent. In such cases, users have the right to obtain human intervention, express their point of view, and contest the decision.
    • Right to Withdraw Consent: Where processing of personal data is based on consent, users have the right to withdraw their consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
    • Right to Lodge a Complaint with a Supervisory Authority: Users have the right to lodge a complaint with a competent data protection supervisory authority in the Member State of their habitual residence, place of work, or place of the alleged infringement, if they believe their rights under the GDPR have been violated.

    II. PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

    In addition to the legal bases provided in the main Privacy Policy, the other legal bases we rely on when processing your information and the circumstances in which we rely on them are set out below:

    #Data CollectedUsage
    01
    Account Information; Your Messages (encrypted); Your Connections; Usage And Log Information; Device and Connection Information; Location Information (precise location)

    Your Consent - We process data when you have given us your consent to enable particular product features in your device-based settings.

    02
    Account Information; Your Connections; Your Community and Group Information; Customer Support Information; Usage Information; Device and Connection Information; General Location Information; User Reports; Cookies; Information Others Provide About You; Third-Party Services

    Compliance with a Legal Obligation -We process information to comply with a legal obligation including, for example, to access, preserve or disclose certain information if there is a valid legal request. New laws may be enacted or other obligations may become binding on our processing.

    01
    Account Information; Your Messages (only if provided by a user); Your Connections; Customer Support and Other Communications; Usage And Log Information; Device and Connection Information; Location Information (general location information, but not precise location); Cookies; Information Others Provide About You; User Reports; Third-Party Service Providers; Third-Party Services

    Protection Of Your Vital Interests Or Those Of Another Person - We apply automated processing techniques and conduct manual (human) review. We share information with law enforcement and others, in circumstances where someone’s vital interests require protection, such as in the case of emergencies. These vital interests include protection of your or someone else’s life, physical or mental health, wellbeing or integrity or that of others.

    04
    Account Information; Your Messages (only if provided by a user); Your Connections; Customer Support and Other Communications; Usage And Log Information; Device and Connection Information; Location Information (general location information, but not precise location); Cookies; Information Others Provide About You; User Reports; Third-Party Service Providers; Third-Party Services

    Legitimate Interests - We rely on our legitimate interests or the legitimate interests of a third-party, such as our users, where they are not outweighed by your interests or fundamental rights and freedoms. These may include:

    • For creating and managing your account;
    • To send and receive messages and to broadcast your status;
    • For showing your activity indicators;
    • For making, receiving, joining or leaving voice and video calls;
    • For creating or administering, a group or community;
    • For allowing you to create, access and restore backups and encrypted backups;
    • To ensure the safety, security and integrity of our Services;
    • For sending you notifications or updates about our Services;
    • For providing you with customer support;
    • To comply with a legal obligation and respond to legal requests;
    • To protect your vital interests or those of another person;
    • For business intelligence and analytics;
    • For providing marketing communications to you;
    • To seek legal advice or seek to protect ourselves in the context of litigation and other disputes.

    III. INTERNATIONAL DATA TRANSFER

    The Company shares personal data of the users globally with third parties in accordance with this Privacy Policy and our Terms. This includes places where the data centers we rely on are located and where external Third-Party Service Providers are located. These transfers are necessary and essential to enable us to provide the services set forth in our Terms and globally to operate and provide our services which allow you to communicate with users on the Platform around the world.

    How do we protect this data?

    When information controlled by the Platform is transferred or transmitted to, or stored and processed in other countries outside of the region to which this Addendum is applicable, we rely on the following transfer mechanisms:

    • Adequacy Decisions: We rely on decisions from the concerned authorities where they recognize that certain countries and territories outside of the regions ensure an adequate level of protection for personal data. These decisions are referred to as “adequacy decisions”.
    • Standard Contractual Clauses: We utilize standard contractual clauses approved by the authorities for transfers to third party interoperable messaging services. While transfers to countries that do not have an adequacy decision typically take place on the basis of the standard contractual clauses, in certain circumstances, transfers can also take place on the basis of exemptions provided for under applicable law.

    ADDENDUM - CALIFORNIA


    This Addendum applies solely to users who are residents of the State of California (“California Consumers”) and supplements the Privacy Policy. It is provided in compliance with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, the “CCPA/CPRA”).

    I. USER RIGHTS

    • Right to Access: You have the right to request disclosure of the categories of personal data collected about you; the sources from which such data is collected; the purposes for collecting, using, or disclosing such information; the categories of third parties with whom data is shared; and the specific pieces of data collected about you.
    • Right to Correction: You have the right to request correction of inaccurate personal data maintained about you.
    • Right to Deletion: You have the right to request deletion of personal data collected from you, subject to lawful exceptions, including where retention is required to provide services, comply with legal obligations, or protect legal rights.
    • Right to Limit Use and Disclosure of Sensitive Personal Information: Where applicable, you have the right to limit the use and disclosure of sensitive personal information to that which is necessary to perform the services or as otherwise permitted by law.
    • Right to Opt-Out of Sale or Sharing: California Consumers have the right to opt out of the sale or sharing of personal information. The Company does not sell or share personal information as defined under the CCPA/CPRA.

    II. CHILDREN’S DATA

    The Platform is not directed to children under the age of 16. The Company does not knowingly share the Personal Information of minors under 16 years of age.

    III. RETENTION DISCLOSURE

    In order to facilitate your ongoing utilization of our services, we shall retain your personal data for the duration necessary to fulfil the objectives outlined in this Privacy Notice, in accordance with legal requirements, as otherwise instructed to you.

    IV. NON-DISCRIMINATION

    Any consumer who exercises their rights under the CCPA will not be subject to discrimination by the Company and/or the Platform.

    V. EXERCISING YOUR RIGHTS

    You may exercise your rights by contacting the Company through the contact details provided in the Contact Us section of this Privacy Policy or via the in-app “Help”. Before responding to a request, the Company may verify your identity to protect your personal data. The Company will respond to verified requests within the time-frames prescribed under the CCPA.

    ADDENDUM - AFRICAN REGION


    This Addendum applies solely to users who are residents of the African continent and supplements the Privacy Policy. Depending on where you reside, one of the following data protection laws may be applicable to you:
    • South Africa: Protection of Personal Information Act (POPIA), 2013;
    • Nigeria: Nigeria Data Protection Regulation (NDPR), 2019; Nigeria Data Protection Act (NDPA), 2023;
    • Kenya Data Protection Act, 2019;
    • Ghana Data Protection Act, 2012;
    • Mauritius: Data Protection Act, 2017 and Data Protection (General) Regulations, 2020;
    • Rwanda: Law on the Protection of Personal Data and Privacy, 2021;
    • Malabo Convention: AU Convention on Cyber Security and Personal Data Protection, 2014

    If you do not reside in any of the above-mentioned regions, the provisions of the main Privacy Policy shall apply to you directly.

    I. ADDITIONAL DATA REQUIREMENT

    The Company may provide additional services through the Platform in the African region including but not limited to digital wallet services, payment processing, peer-to-peer remittance, cross-border money transfers, marketplace transactions, e-commerce integration, and other value-added services as may be introduced from time to time.

    II. DATA COLLECTED

    In pursuance of the additional services to be provided on the Platform, the following additional personal data may be collected from you:

    • Bank account details;
    • Payment card information (the Company does not store payment card information unless specifically required under applicable law);
    • Transaction history, wallet balances, remittance details;
    • Tax identification numbers;
    • Know Your Customer documents (as issued by the government)

    III. PURPOSE AND LEGAL BASIS OF PROCESSING YOUR PERSONAL DATA

    In addition to the purposes and legal bases already covered in the main Privacy Policy, we may process your personal data for the following:

    • Facilitating payments, remittances, and cross-border money transfers;
    • Processing transactions through integrated payment gateways and banking partners;
    • Managing digital wallet balances, transaction history, and fund reconciliation;
    • Conducting KYC verification and Anti Money Laundering (AML) screening;
    • Generating invoices, receipts, and transaction confirmations;
    • Resolving payment disputes, chargebacks, and refund requests.

    IV. INTERNATIONAL DATA TRANSFER

    For certain categories of personal data subject to localization requirements (if any), the Company will transfer the data as per applicable law and ensure that any overseas transfer complies with sector-specific regulations.

    V. USER RIGHTS

    • Right to Access, Correction & Erasure: You are entitled to review what personal data is being collected and processed by us. You may also request correction, amendment or deletion of any part of your personal data provided to the Company, which is inaccurate, incomplete, misleading or not up to date.
    • Right to Object: You have the right to restrict, object to, or withdraw your consent for, the processing of your personal data by the Company at any time. Any such restrictions, objections or withdrawal will not affect the lawfulness of the Company’s processing of your personal data based on consent obtained before the restriction, objection or withdrawal. Depending on the nature of your request, such restriction, object or withdrawal may result in ceasing or limiting the provision of services and/ or access to the Platform to you, and termination of any agreements you may have with us.
    • Right to Data Portability: Users have the right to receive the personal data concerning them, which they have provided to the controller, in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller, where the processing is based on consent or a contract; and the processing is carried out by automated means.
    • Right to Withdraw Consent: Where processing of personal data is based on consent, users have the right to withdraw their consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
    • Right to Lodge a Complaint with a Supervisory Authority: Users have the right to lodge a complaint with a competent data protection supervisory authority in the jurisdiction of their habitual residence, place of work, or place of the alleged infringement, if they believe their rights under applicable law have been violated.