LOVEPY - PRIVACY POLICY

At Lovepy, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use the Lovepy mobile application (the "App"). This policy complies with: - General Data Protection Regulation (GDPR) - EU Regulation 2016/679 - California Consumer Privacy Act (CCPA) - Turkish Personal Data Protection Law (KVKK - Law No. 6698) - Apple App Store Guidelines PLEASE READ THIS POLICY CAREFULLY. BY USING LOVEPY, YOU AGREE TO THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY.

Last Updated: January 2025

1. DATA CONTROLLER AND CONTACT INFORMATION

Data Controller: Lovepy Inc. Email: info@lovepy.app Website: https://lovepy.app For privacy-related inquiries, data access requests, or deletion requests, please contact us at the email address above.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly Account Information: - Anonymous user identifier (generated automatically by Firebase Authentication) - Display name (optional - only if you choose to set one) Session Content: - Messages and text inputs you submit during Classic sessions - Chat conversations you have during Pro sessions - Feedback and ratings you provide for reports Important: We do NOT collect: - Email addresses (unless you voluntarily contact us) - Phone numbers - Real names (unless you use your real name as your display name) - Physical addresses - Government-issued ID numbers - Financial information (payments are handled by Apple/Google) 2.2 Information Collected Automatically Device and Technical Information: - Device type and model - Operating system and version (iOS/Android) - App version - Device language and locale settings - Unique device identifier (hashed for privacy - used only for daily quota tracking) Usage Analytics: - App features you use (for example sessions created, reports viewed) - Screen views and navigation patterns - Session duration and frequency of use - Error logs and crash reports (for troubleshooting) Important: We use Firebase Analytics, which collects anonymized usage data. Analytics data cannot be used to identify you personally. 2.3 Session and Room Data - Session type (Classic or Pro) - Session creation and completion timestamps - Room participants (by anonymous user ID only) - Session status (waiting, active, completed)

3. HOW WE USE YOUR INFORMATION

We use your data ONLY for the following purposes: 3.1 To Provide and Improve the App - Authenticate your account (Firebase Anonymous Auth) - Create and manage sessions with your partner - Generate AI-powered relationship reports using your session inputs - Store your reports for future access - Provide customer support when you contact us 3.2 To Analyze and Improve Service Quality - Understand how users interact with the App - Identify and fix technical issues and bugs - Improve AI report quality and accuracy - Develop new features based on usage patterns 3.3 To Enforce Policies and Prevent Abuse - Monitor for violations of our Terms of Use - Prevent fraud, spam, and abusive behavior - Protect the security and integrity of the App - Comply with legal obligations 3.4 To Manage Subscriptions (Premium Users Only) - Process subscription purchases through RevenueCat - Verify premium entitlements - Enable premium features We do NOT use your data for: - Third-party advertising - Selling your data to data brokers - Marketing emails (unless you explicitly opt in) - Training AI models (your content is only used for YOUR reports)

4. LEGAL BASIS FOR PROCESSING (GDPR)

For users in the European Economic Area (EEA), UK, or Switzerland, we process your data under the following legal bases: | Purpose | Legal Basis | |---------|-------------| | Providing App features and generating reports | Performance of contract (Terms of Use) | | Account authentication and session management | Performance of contract | | Analytics and service improvement | Legitimate interest | | Premium subscription management | Performance of contract | | Legal compliance and fraud prevention | Legal obligation / Legitimate interest | | Processing explicit content you provide | Your explicit consent | You have the right to withdraw consent or object to processing based on legitimate interest at any time.

5. HOW WE SHARE YOUR INFORMATION

5.1 AI Service Providers OpenAI (GPT Models) and Google (Gemini Models): - We send your session messages and inputs to these AI providers solely to generate your relationship reports - This processing is necessary to provide the core functionality of the App - These providers process data according to their own privacy policies and security standards - We do NOT authorize these providers to use your data for training their models or any other purpose beyond generating your reports Important: By using Lovepy, you acknowledge that your session content will be processed by third-party AI services. If you do not consent, please do not use the App. 5.2 Cloud Infrastructure Providers Google Cloud Platform (Firebase): - Authentication (Firebase Anonymous Auth) - Database storage (Firestore - hosted in europe-west3 region) - Cloud Functions for backend processing - Analytics (Firebase Analytics) All data is stored on servers located in the European Union (europe-west3 - Belgium) to ensure GDPR compliance. 5.3 Subscription and Payment Processing RevenueCat: - Manages subscription status and entitlements - Processes subscription data from Apple App Store / Google Play Store - Does NOT receive your payment information (handled by Apple/Google) Apple App Store / Google Play Store: - Processes all payments - We receive only anonymous purchase receipts to verify subscriptions 5.4 Analytics Providers Firebase Analytics: - Collects anonymized usage statistics - Helps us understand feature usage and app performance - Data is aggregated and cannot identify individual users 5.5 When Required by Law We may disclose your information if required by: - Valid legal process (subpoena, court order) - Law enforcement requests (with proper legal authority) - Protection of our legal rights - Prevention of fraud or security threats We will notify you of such requests unless legally prohibited. 5.6 Business Transfers If Lovepy is acquired, merged, or goes through a business restructuring, your data may be transferred to the new entity. You will be notified of any such change, and the new entity will be bound by this Privacy Policy. We do NOT: - Sell your personal data to third parties - Share your data with advertisers - Allow third parties to use your data for their own purposes

6. DATA RETENTION

6.1 Active Account Data We retain your data for as long as: - Your account is active - Needed to provide services to you - Required by law (for example financial records) 6.2 Deleted Account Data When you delete your account using the "Delete all my data" button: - Your personal reports are deleted immediately - Your messages and chat history are deleted immediately - Your user profile is deleted immediately - Your Firebase authentication account is deleted immediately - Your userRooms references are deleted immediately Important Exceptions: 1. Shared Reports: Reports shared with your partner remain accessible to them, as they have independent access rights. Your partner can still view shared reports even after you delete your account. 2. Anonymized Analytics: Aggregated, anonymized analytics data may be retained indefinitely for service improvement. This data cannot be used to identify you. 3. Legal Compliance: We may retain certain data if required by law (for example for tax purposes, fraud investigation, or legal proceedings). 6.3 Deletion Timeline - Immediate: User-facing data becomes inaccessible to you - Within 30 days: Permanent deletion from active databases - Within 90 days: Deletion from backup systems

7. DATA SECURITY

We implement industry-standard security measures to protect your data: 7.1 Technical Safeguards - Encryption in transit (TLS/SSL) for all data transmissions - Encryption at rest for stored data (Firebase Firestore) - Secure authentication (Firebase Anonymous Auth) - Regular security audits and updates - Access controls and authentication for our systems 7.2 Organizational Safeguards - Limited access to data (only authorized personnel) - Regular security training for our team - Incident response procedures 7.3 Limitations Despite our best efforts, no security system is 100% secure. We cannot guarantee absolute security against: - Unauthorized access by sophisticated attackers - Hardware or software failures - Events beyond our reasonable control If we become aware of a data breach that affects your rights, we will notify you and relevant authorities as required by law.

8. YOUR PRIVACY RIGHTS

Depending on your location, you may have the following rights: 8.1 Rights Under GDPR (EU/EEA/UK/Switzerland) - Right to Access: Request a copy of your personal data - Right to Rectification: Correct inaccurate or incomplete data - Right to Erasure ("Right to be Forgotten"): Request deletion of your data - Right to Restriction: Limit how we use your data - Right to Data Portability: Receive your data in a structured, machine-readable format - Right to Object: Object to processing based on legitimate interest - Right to Withdraw Consent: Withdraw consent for data processing - Right to Lodge a Complaint: File a complaint with your local data protection authority 8.2 Rights Under CCPA (California, USA) - Right to Know: Request disclosure of data collected and shared - Right to Delete: Request deletion of your data - Right to Opt-Out: Opt-out of data sales (Lovepy does not sell data) - Right to Non-Discrimination: Equal service regardless of privacy rights exercise 8.3 Rights Under KVKK (Turkey) - Right to learn whether personal data is processed - Right to request information about processing - Right to learn the purpose of processing and whether it's used appropriately - Right to correction or deletion - Right to object to processing 8.4 How to Exercise Your Rights To delete all your data: Use the "Delete all my data" button in the Profile section of the App. For other requests: Email us at info@lovepy.app with: - Your request type (access, correction, deletion, etc.) - Your user ID (if known) - Any other identifying information to verify your identity We will respond to verified requests within: - GDPR: 30 days (may be extended to 60 days for complex requests) - CCPA: 45 days - KVKK: 30 days

9. INTERNATIONAL DATA TRANSFERS

9.1 Data Storage Location All primary data is stored in the European Union (europe-west3 - Belgium) on Google Cloud Platform servers. 9.2 Transfers Outside the EEA Some data may be transferred outside the European Economic Area for AI processing: - OpenAI: United States - Google Gemini: Multiple regions (depending on service configuration) These transfers are necessary to provide the core AI-powered features of the App. We ensure adequate safeguards through: - Standard Contractual Clauses (SCCs) approved by the European Commission - Data Processing Agreements with providers - Compliance with GDPR requirements for international transfers By using Lovepy, you explicitly consent to these international transfers for the purpose of generating your reports.

10. CHILDREN'S PRIVACY

Lovepy is NOT intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a user is under 18, we will: 1. Immediately terminate their account 2. Delete all associated data 3. Prevent future access If you believe a child under 18 has provided data through the App, please contact us immediately at info@lovepy.app.

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 Mobile App Tracking The App does NOT use traditional web cookies. However, we use similar technologies: - Firebase Analytics: Collects usage data using device identifiers - AsyncStorage: Stores app preferences locally on your device - RevenueCat: Tracks subscription status using device receipts 11.2 Opt-Out Options - iOS: Settings > Privacy > Analytics & Improvements > Disable "Share iPhone Analytics" - Android: Settings > Google > Ads > Opt out of Ads Personalization Note: Disabling analytics may limit our ability to improve the App and provide support.

12. THIRD-PARTY LINKS

The App may contain links to third-party websites or services (for example support documentation, partner resources). We are NOT responsible for the privacy practices of these third parties. Please review their privacy policies before providing any information.

13. DO NOT TRACK SIGNALS

Our App does not currently respond to "Do Not Track" (DNT) browser signals, as there is no universally accepted DNT standard for mobile applications.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect: - Changes in our practices - Legal or regulatory requirements - New features or services 14.1 Notice of Changes We will notify you of material changes through: - In-app notification - Email (if you've provided one) - Notice on our website 14.2 Effective Date Changes become effective: - Non-material changes: Immediately upon posting - Material changes: 30 days after notice Continued use of the App after changes constitutes acceptance of the revised policy. If you do not agree, please delete your account and stop using the App.

15. CALIFORNIA SHINE THE LIGHT LAW

California Civil Code Section 1798.83 allows California residents to request information about disclosure of personal information to third parties for direct marketing purposes. Lovepy does NOT share your data with third parties for their direct marketing purposes.

16. CONTACT US

For privacy questions, data requests, or concerns: Email: info@lovepy.app Website: https://lovepy.app Response Time: We aim to respond within 48 hours Data Protection Officer (EU/EEA Users) For GDPR-related inquiries, you may contact our Data Protection Officer at: info@lovepy.app Supervisory Authority (EU/EEA Users) You have the right to lodge a complaint with your local data protection authority. Find your authority at: https://edpb.europa.eu/about-edpb/board/members_en

17. YOUR CONSENT

By using Lovepy, you consent to: - Collection and use of your data as described in this Privacy Policy - Processing of your session content by third-party AI providers (OpenAI, Google Gemini) - International data transfers for AI processing - Use of analytics to improve the App You may withdraw consent at any time by deleting your account. BY USING LOVEPY, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY.