Privacy Policy

Last updated: 2025-10-25

This Privacy Policy (the “Policy”) explains how Xiamen Lilivi Technology Co., Ltd. (“Lilivi”, “we”, “us”) collects, uses, shares, stores, and protects information when you use our websites, mobile/desktop apps, and related features (the “Services”), and describes your rights across jurisdictions. By using the Services, you agree to this Policy. If you do not agree, please stop using the Services.

Questions? Contact: support@lilivi.com (please include “Privacy” in the subject).

1. Scope and necessary data

• Applies to information we collect or receive when you use the Services; not to independent third parties.
• “Personal information” means information that identifies or can reasonably identify a natural person.
• Some data are necessary to provide the Services (as indicated at collection). Refusing to provide such data may limit features.

2. Information we collect

To deliver, secure, and improve the Services, we may collect:

1. Account and subscriptions

• Required: email/phone (registration, login, verification); device identifier (e.g., device ID)
• Optional: display name, avatar, gender, date of birth, region/language
• Subscription/purchase metadata: order status, amount, currency, time, taxes, last 4 digits (if applicable). We do not store full card numbers; complete payment data are processed by app stores or payment processors.

2. Device and network

• Device: model, OS version, resolution, and (where applicable) identifiers (IDFA/GAID/IDFV/OAID/Android ID/IMEI/MAC)
• Network: operator, network type, Wi‑Fi name, coarse location, session duration, IP, system time zone

3. Location

• Required: country/region code and system country (for versioning/localization)
• Optional (with permission): latitude/longitude, network location, network information, IP address, and system time zone
• Purposes: correct versioning, location features (e.g., geo‑tagging), risk control, and compliance statistics. You can withdraw permission in OS settings. Even with location disabled, we may still receive signals like IP and time zone as part of network communications.

4. Logs and analytics

• Usage frequency, key paths, errors/crashes, language/time zone, for stability and quality; not used to directly identify you.

5. Content processing (if you choose these features)

• Image/video cloud editing: uploading is needed to return results; EXIF (device model, parameters, timestamp, possibly GPS) may be present.
• Voice: microphone input for dubbing/editing; not used for advertising.
• Metadata and facial features: to enable face detection/key‑points/segmentation/stickers/beauty/AR, we may compute technical data locally or in the cloud. Facial mapping is discarded when the recommendation ends or the app closes; not used to identify specific persons; not shared with third parties.

6. Cookies/SDKs and advertising IDs

• Cookies/local storage: session, preferences, A/B flags, basic analytics.
• Third‑party SDKs: may support crash analytics, attribution, helpdesk, cloud/CDN, and (with consent) advertising/measurement.
• Advertising: ad IDs (e.g., IDFA/GAID/OAID), coarse location, IP, in‑app interactions; for frequency capping, deduplication, measurement, and anti‑fraud. You can limit personalized ads in OS/app settings (where provided).

7. Website payment information (not applicable)

• We do not offer direct website checkout at this time. In‑app subscriptions are billed and managed by Apple App Store and Google Play. We do not process full cardholder data.

3. How we use information

• Provide and maintain Services: account, features, support, and notifications
• Security and risk control: anomaly detection, anti‑fraud, debugging, and audit
• Statistics and optimization: product/performance improvements (you may opt out of optional analytics)
• Location‑based features: with permission, to enable context and correct versioning
• Identity verification: SMS/email/device checks to prevent unauthorized access
• Compliance: responding to regulators, law enforcement, and disputes
• Other purposes with your consent or as disclosed at collection

4. Sharing and disclosure

We do not sell your personal information. We may share on a need‑to‑know basis:

• Service providers/processors: cloud/storage, crash/analytics, payments/orders, helpdesk, content moderation/security, and (with consent) ads/attribution
• Legal/compliance: to comply with law, court/regulatory/law‑enforcement requests, and to protect safety and property
• Business transfers: as part of mergers, reorganizations, or asset transfers; recipients must honor this Policy or seek renewed consent
• Affiliates: only for purposes in this Policy, under equivalent safeguards

5. Legal bases (overview)

• Consent: precise location, personalized ads, non‑essential cookies/SDKs
• Contract: core features, subscriptions/purchases
• Legitimate interests: service security, product optimization, anti‑fraud (balanced against your rights)
• Legal obligations: to comply with applicable laws and requests

6. Cross‑border transfers

Your information may be processed or stored outside your country/region (e.g., Singapore, the United States, the EU/UK). We apply safeguards required by law (e.g., SCCs and supplemental measures) to ensure equivalent protection.

7. Security

We use transport encryption, access controls, least privilege, audits, and incident response. No method is 100% secure; keep your credentials safe.

8. Data retention

• Account and transactions: retained for the life of your account and for legal/accounting needs, then deleted or anonymized.
• Cloud‑processed content: kept for the minimum time needed to return results and optimize (typically ≤ 72 hours).
• Server logs/diagnostics: retained for security/troubleshooting (typically 21–180 days, per purpose).
• Biometric data (e.g., BIPA): deleted within three years of your last interaction or earlier if required by local law.

9. Your rights

Subject to law, you may request access/copies, rectification, deletion, withdrawal of consent, restriction or objection to processing, and data portability (where technically feasible). Contact support@lilivi.com; we may verify your identity before fulfilling requests.

10. Children’s privacy

We do not knowingly collect data from children under the age required by local law (e.g., under 16). If you believe we collected such data, contact support@lilivi.com for deletion.

11. Cookies and similar technologies

• Purposes: sessions, preferences, performance/UX, and (with consent) personalization/measurement.
• Controls: manage cookies/ad IDs in browser/OS settings; see our Cookie Policy. Strictly necessary cookies cannot be disabled.

Consent management (EEA/UK)

• In consent‑first regions (EEA/UK), we only enable strictly necessary cookies/SDKs until consent, show non‑personalized ads (NPA) if consent is not granted, and limit analytics to essential aggregated measurements.
• The app integrates Google UMP/Consent SDK. You can change choices in privacy/settings (in‑app entry to be provided).

12. Regional addenda

• EEA/UK (GDPR/UK GDPR): object/restrict processing, complain to a supervisory authority; cross‑border transfers rely on SCCs and safeguards; no solely automated decisions producing legal or similarly significant effects.
• United States (CCPA/CPRA): rights to know/access/correct/delete/portability, non‑discrimination, and opt‑out of “targeted advertising/sale/certain profiling” where applicable. Where BIPA applies, biometric deletion per Retention above. We do not sell personal information.
  • We have not “sold” or “shared” personal information in the past 12 months (as defined by the CCPA), nor for minors under 16.
  • Sensitive personal information is used only to provide the Services, ensure security/fraud prevention, maintain quality/safety, or for purposes that do not infer characteristics.
  • Identity verification and authorized agents: we will reasonably verify requestors and accept authorized agents with written authorization from you.
  • Opt‑out preference signals: we do not respond because we do not sell/share personal information.
  • Where BIPA applies, biometric data is deleted within three years of last interaction (or earlier if local law requires).
• Brazil (LGPD): bases include consent, contract, legal obligations, and anti‑fraud/credit protection; rights include access, correction, deletion, anonymization, portability, and withdrawal of consent.
• Japan/Korea: rights include disclosure/correction/deletion/suspension; cross‑border transfers with recipient/purpose/items/retention disclosures and safeguards; data destroyed when purposes are achieved (electronic via unrecoverable methods).

GDPR Notice (Controller/Representative/DPO)

• Controller: Xiamen Lilivi Technology Co., Ltd.
• Registered address: Xiamen, Fujian Province, Mainland China
• Data Protection Officer (DPO): support@lilivi.com
• EU representative: Not appointed at this time; please contact the DPO for assistance
• UK representative: Not appointed at this time; please contact the DPO for assistance

Under GDPR, you may exercise rights (access, rectify, erase, restrict, portability, object, withdraw consent) via the contact above. We will respond within 1 month of receipt of complete information; in complex cases, we may extend by up to 2 additional months with notice. We may request reasonable identity verification before fulfilling requests.

CCPA/CPRA Category Matrix (California)

• Identifiers (device/advertising IDs, push tokens): collected; disclosed to service providers (ads/measurement/fraud). Not sold/shared.
• Internet or network activity (app interactions/events): collected for analytics/product improvement. Not sold/shared.
• Approximate location (network/IP/time zone): collected when used for features or ads statistics; may be disclosed to ad/measurement service providers. Not sold/shared.
• Diagnostics & performance (crash/performance telemetry): collected for diagnostics/stability. Not sold/shared.
• User‑generated content (cloud editing when used): processed ephemerally; not sold/shared.
• Sensitive personal information: not used to infer characteristics.

We have not “sold” or “shared” personal information in the past 12 months and do not sell/share minors’ data. Submit CCPA requests via Contact; we will verify identity and respond within statutory timeframes.

Data retention (summary map)

• Account/subscription metadata: retained for account life and legal/accounting retention, then deleted/anonymized.
• Cloud‑processed content (images/videos): ≤ 72 hours (minimum needed for results and optimization), no persistent storage.
• Ads/analytics events: 90–180 days aggregated; where personalization is off/no consent, we keep only necessary aggregated stats.
• Diagnostics (Crashlytics/Performance): 90–180 days for stability/performance.
• Push tokens: bound to device/account lifecycle; deleted after sign‑out or consent withdrawal.

Data subject requests (process & verification)

• How to request: email support@lilivi.com stating the request type (access/rectify/delete/restrict/port/withdraw/object).
• Identity verification: we may request matching device/order/email info or a verification code.
• Timeline: respond within 30 days; complex requests may take up to 90 days with notice.
• Format: where feasible, provide machine‑readable formats (e.g., JSON/CSV). For deletion, we irreversibly erase or anonymize (unless legal retention applies).

13. Changes to this Policy

We may update this Policy due to service or legal changes. For material changes, we will provide prominent notice and, where required, seek renewed consent. Continued use constitutes acceptance of the updated Policy.

Contact

Email: support@lilivi.com
Links: Refund Policy · Terms of Use · Cookie Policy

Appendix A: Mobile apps and store compliance (Apple / Google Play)

This appendix summarizes our approach for iOS and Android store disclosures (actual filings are made in the developer consoles).

• Tracking and ATT (iOS): If we use IDFA for ads/attribution or use third parties (e.g., Google Ads/AdMob) for cross‑app/site tracking, we request Apple ATT permission before accessing IDFA. If you deny, we won’t access IDFA; ads become non‑personalized and some measurement is limited.
• Ad personalization (Android): We honor system ad personalization and GAID settings; if you turn off or reset GAID, we do not use it for personalized ads.
• Minimal permissions: Camera, microphone, photos/media, notifications, Bluetooth, and location are requested only when a feature needs them; you can withdraw in OS settings at any time.
• Children and sensitive content: The app is not directed to users under 16; we do not target personalized ads to children.

Third‑party SDKs (current plan)

• Firebase (Google): Analytics (aggregated analytics), Crashlytics (crash reports), Cloud Messaging (push token management, if provided).
  Privacy: https://firebase.google.com/support/privacy , https://policies.google.com/privacy
• Google Ads / AdMob: Ad delivery/measurement, frequency capping, anti‑fraud.
  Privacy: https://policies.google.com/technologies/ads

These providers may process device identifiers (IDFA/GAID/Android ID/OAID), coarse location signals, IP, in‑app events, and crash logs. We configure data minimization and purpose limits per law and store policies.

Third‑party SDKs and processed data (details)

• Firebase Analytics
  • May process: event names and timestamps, app version/build, device model and OS version, region/language, first‑open/source attribution, session counts/durations, screen views and interaction events; if system allows ad identifiers/personalization, may read ad ID (IDFA/GAID).
  • Our handling: when consent is not given or ATT is denied, we disable access to ad ID and personalization signals and keep only necessary aggregated statistics; we honor system “limit ad tracking/reset ad ID”.
• Firebase Crashlytics
  • May process: crash stack traces, thread/device state, recent log snippets, app version/build, device model/OS version, crash time/frequency, strictly for stability analysis.
  • Our handling: used solely for diagnostics and quality improvement; not for ads or identifying specific individuals.
• Google Ads / AdMob
  • May process: advertising identifiers (IDFA/GAID/OAID), coarse location and IP, ad impressions/clicks/revenue, and frequency/anti‑fraud signals (e.g., deduplication, invalid traffic detection).
  • Our handling: when consent is not given or ATT is denied, we enable non‑personalized ads (NPA) and do not use IDFA for personalization; comply with restricted data processing and age policies; no child‑directed personalized ads.

Your controls (mobile)

• iOS: Settings → Privacy & Security → Tracking (control “Allow Apps to Request to Track”); disable tracking for this app.
• Android: Settings → Google → Ads (reset advertising ID; turn off ad personalization).
• In‑app (to be provided):
  • Personalized ads toggle;
  • Analytics/diagnostics toggle;
  • Account/data deletion entry.

App Store privacy labels (reference)

• Data used to track you: device identifiers (IDFA) [only if you allow ATT and only for ads/attribution].
• Data linked to you: email (account/support), identifiers (for security/abuse prevention/analytics), usage data (interactions), diagnostics (crash/performance).
• Not collected: health, financial account credentials, biometric templates, precise location (unless you explicitly grant).

Google Play Data safety (reference)

• Collected: approximate location, app activity, app info and performance (crash/diagnostics), device or other IDs.
• Shared: only with processors for infrastructure, analytics, ads, and anti‑fraud (with consent or where legally permitted).
• Security practices: encryption in transit, least privilege, vendor compliance reviews.
• Data deletion: in‑app entry (to be provided) or by email to support@lilivi.com to request deletion/account deactivation.
• Optional vs required: Non‑core data can be disabled via settings or consent dialogs.

User controls and toggles

• Personalized ads: disable in app (when available) or OS settings; via ATT on iOS and GAID settings on Android.
• Analytics/diagnostics: toggle in app privacy settings (when available).
• Account/data deletion: request by email; an in‑app “Account → Delete account” entry will be provided in a future version.

Third‑party websites and services

Our Services may contain links to third‑party websites or services, or be referenced by them. We do not control or endorse those third parties and are not responsible for their content or privacy practices. Review their privacy policies carefully; your use of such third parties is at your own risk.

Information access and control

We take reasonable and appropriate technical measures to help you access, update, correct, or delete your personal information. To protect account security, we may verify your identity before processing requests. Withdrawing consent or requesting deletion may affect feature availability.

Governing law

Unless otherwise agreed in writing, the governing law and dispute resolution for this Policy follow the Terms of Service with your contracting entity. If not specified, the laws of our principal place of business apply (excluding conflict‑of‑laws rules).

Korea addendum (cross‑border transfer notice)

• Personal information transferred: see “2. Information we collect”.
• Transfer time and method: transmitted via secure channels when you submit data or use relevant features for storage and processing.
• Recipient countries/regions: the United States and Singapore (cloud/analytics/ads delivery and measurement).
• Third‑party recipients:
  • Google LLC (Firebase / Google Ads / AdMob) — Privacy: https://policies.google.com/privacy
• Retention period: see “8. Data retention”.
• If you do not agree to overseas transfers, we may be unable to provide some or all Services to you.