Privacy Policy

Appdoro ("Company," "We," "Us," or "Our") provides a website and multiple mobile applications (collectively referred to as the "Platform") to offer various services (the "Services").

This Privacy Policy ("Policy") describes the Company's practices and policies regarding the use and processing of personal information while providing the Services. It outlines the types of personal information we collect through our website and our mobile applications available on the Google Play Store or Apple App Store. It also explains how we use that information, our legal basis for doing so, with whom we share it, your rights and choices, and how you can contact us about our privacy practices. This Policy does not apply to third-party sites, products, or services, even if they link to our Services or Platform, and you should consider the privacy practices of those third parties carefully.

By acknowledging this Policy, you accept the practices described herein (including new versions of this Policy when they go into effect) and our Terms of Use (the "Terms"), which govern this Policy and contain disclaimers of warranties and limitations of liabilities.

Definitions

Capitalized words not defined in this Privacy Policy are defined in our Terms. It is important to read this Policy alongside the Terms to understand the key concepts provided and explained therein.

• Business:For the purpose of the CCPA, refers to the Company as the legal entity that collects consumers' personal information and determines the purposes and means of the processing of consumers' personal information.
• CCPA:Means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act ("CPRA") (collectively, "California Privacy Laws").
• Company: Refers to Appdoro. For the purposes of the GDPR, the Company is the Data Controller.
• Consumer: For the purpose of the CCPA, means a natural person who is a California resident.
• Data Controller: For the purposes of the GDPR, means the legal person which determines the purposes and means of the processing of personal data alone or jointly with others.
• Data Subject: Means a natural person who can be identified or rendered identifiable through the personal data related to them.
• Device: Means any device that is suitable to access the Service such as a computer, a cellphone, or a digital tablet with an internet connection.
• Do Not Track (DNT): Is a concept promoted by U.S. regulatory authorities, particularly the U.S. Federal Trade Commission (FTC), for the internet industry to develop and implement a mechanism allowing internet users to control the tracking of their online activities across websites.
• GDPR:Means (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "EU GDPR"); and (ii) the EU GDPR as saved into United Kingdom law by virtue of section 3 of the United Kingdom's European Union (Withdrawal) Act 2018 (the "UK GDPR").
• Personal Information / Personal Data: Means any information that relates to an identified or identifiable individual. For the purposes of the CCPA, personal information means any information that identifies, relates to, describes, or is capable of being associated with, or could reasonably be linked, directly or indirectly, with you.
• Personal Data Breach: Means a breach of security, whether accidental or intentional, resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.
• Sale of Data:For the purposes of the CCPA, means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information to another business or a third party for monetary or other valuable consideration.
• Service Provider: Any natural or legal person who processes the data on behalf of the Company. For the purpose of the UK GDPR, service providers are considered data processors.
• Third Party: Means any other natural or legal person that is not part of the Company.
• Usage Data: Means data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
• Platform: Means the website and subdomains, and other media including all of their respective features and content belonging to the Company, and our mobile applications accessible from the App Store or Google Play Store.
• User: Refers to the individual accessing or using the Platform and Services. For the purpose of the GDPR, you can be referred to as the Data Subject.

How We Collect Data

We collect personal information concerning you from various sources to provide the Services and manage the Platform. We also obtain information from you and from third parties as detailed below.

Please note that if you decline to provide any required information requested by the Company, you may not be able to take full advantage of the Services and their features.

a) Platform Users and the Services

We collect information from and about you and your transactions and other interactions with us. This includes, but is not limited to, when you:

• Visit our Platform.
• Use the Services.
• Leave comments or feedback about our Services.
• Reach out to us through customer support.
• Contact us through the Platform, email, or any other channels provided by the Company.

b) Third-Party Integrations (Service Providers)

We utilize third-party service providers to offer certain Services on our behalf when personal data is necessary for them to perform their duties. These service providers are prohibited from using personal information for any other purpose and are contractually obligated to comply with all applicable laws and requirements.

We strongly advise you to read the terms and conditions and privacy policies of any third-party service providers or websites you visit.

c) Third-Party Analytics and Advertisements

We may use third-party analytics tools to understand how our Services are used and to improve their functionality. Any data shared with these providers is anonymized or aggregated to protect user privacy. We do not share identifiable personal data with third parties for advertising purposes.

d) Cookies and Automatic Collection Methods

We may also collect information about your online activities on the Platform and your devices over time and across third-party websites, devices, apps, and other online features and services. This collection includes automatically collected information and generally does not include personal information unless you provide it through our Platform or choose to share it with us by other means. Methods we use include:

• Cookies: Small data files stored on your device or in connection with your internet browser.
• Web Beacons or Tags: Small images embedded into websites or emails that send information about your device when you visit our Platform.
• Platform Log Files: Created automatically in connection with your access to and use of our Platform.

Types of Data Collected

a) Personal Data We Collect from Users

While using our Services, we may ask you to provide certain personally identifiable information, which can be used to enable your transactions, manage registrations, contact you, or identify you. This information may include, but is not limited to:

• Identifiers and Contact Information: First name, last name, email address, phone number, username, account password, country of residency.
• Communications and Interactions: Email messages, text messages, phone calls exchanged with you, customer support communications, reviews, comments, feedback, ratings, and other usage data.
• Device Information: IP address, internet provider, operating system and browser used, type of device, device cookie settings, and other device details.

b) Information We Collect Automatically

Our Platform uses cookies and other technologies to function effectively. These technologies record information about your usage of our Platform, including:

• Browser and Device Data: IP address, device type, internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons.
• Preference Information: Your marketing and communication preferences, account settings, indicated preferences, types of services/offers that interest you.
• Usage Data: Time spent on the Platform, pages visited, links clicked, bounce rate, language preferences, views, Platform usage time, interactions with in-platform notifications, habits, favorites, likes, behaviors, preferences, search activities.

While using our Services, and with your prior permission, we may collect photos, files, and other information from your device's contacts, camera, voice recording/photo library, and files to provide features of our Platform. You can enable or disable access to this information at any time through your device settings.

Use of Personal Data

a) Our Services

We use the information we collect to conduct our business and provide you with the best possible products, Services, and online experiences. We rely on several legal grounds to ensure that our use of your personal data is compliant with applicable law. We use personal data to:

• Deliver information or services or process transactions you have requested or agreed to receive.
• Enable you to participate in various Service features.
• Verify your information is active and valid (account registration).
• Respond to your requests, inquiries, comments, feedback, and concerns.
• Fulfill customer support requests.
• Communicate with you and fulfill our obligations arising from contracts between you and the Company.
• Comply with applicable laws, including accounting, auditing, and billing activities.
• Respond to court orders, lawsuits, subpoenas, and government requests.
• Ensure security and integrity of our Platform and business, protecting against and preventing fraud.
• Promote, analyze, modify, and improve our products, systems, tools, and Services.
• Conduct aggregate analysis and develop business intelligence to operate, protect, and make informed decisions.

Facial Image Data

We may collect facial images submitted by users (e.g., selfies) for the purpose of providing AI-generated insights such as celebrity lookalike, age estimation, ethnicity prediction, and similar features. This facial image data is not linked to any identifiable user information, and we do not store or process biometric identifiers.

Facial image data is processed through our API servers and select third-party AI providers solely for the delivery of real-time features. All facial image data is automatically deleted within 7 days after processing. This data is not used for training purposes, shared for marketing, or sold to third parties.

b) Marketing and Events-related Communications

We may send you email marketing communications about the Company and its Services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided we do so in accordance with applicable consent requirements.

How We Share Personal Data

The Company may share your personal data to:

• Satisfy any applicable law, regulation, legal process, or governmental request.
• Enforce this Policy and our Terms and Conditions, including investigating potential violations.
• Detect, prevent, or address fraud, security, or technical issues.
• Respond to your requests.
• Protect our rights, property, or safety, users, and the public.
• Fulfill our obligations arising from contracts with our users.

We share personal data with a limited number of our service providers. These providers offer services on our behalf, such as website hosting, data analysis, information technology, customer service, email delivery, and auditing. They are contractually obligated to protect the security and confidentiality of personal data they process on our behalf.

We do not sell or transfer personal data to third parties for marketing or advertising purposes unless you have provided explicit consent.

Business Transfers

In the event we enter into or intend to enter into a transaction that alters our business structure — such as a reorganization, merger, acquisition, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets, or stock — we may share personal data with third parties to facilitate and complete the transaction.

European Union and United Kingdom Privacy Information ("GDPR Privacy")

Appdoro respects the confidentiality of your personal data and ensures you can exercise your rights. Under this Policy, and by law if you are within the UK or EU, you have the right to:

• Right of Access: Obtain confirmation as to whether or not personal data concerning you is processed and access such data.
• Right to Rectification: Request rectification of inaccurate personal data.
• Right to Erasure ("Right to be Forgotten"): In certain cases, request the erasure of your personal data.
• Right to Restriction of Processing: Request restriction of processing for a certain period and/or in certain situations.
• Right to Data Portability: Receive your personal data in a structured format and transmit such data to another controller.
• Right to Object: In certain cases, object to the processing of your personal data, including profiling.
• Right Not to Be Subject to Automated Decision-Making: Not be subject to a decision based solely on automated processing.
• Right to File a Complaint: File complaints with the applicable data protection authority.
• Right to Compensation for Damages: Claim damages from us for any breach of applicable legislation.

You may exercise your rights by contacting us at hello@appdoro.com. Please note that we may ask you to verify your identity before responding to such requests.

CCPA Privacy

Under this Privacy Policy, and by law if you are a resident of California, you have the following rights:

• Right to Notice: Be properly notified of which categories of personal data are being collected and the purposes for which it is being used.
• Right to Access / Right to Request: Request and obtain information regarding the disclosure of your personal data collected in the past 12 months.
• Right to Say No to the Sale of Personal Data: Ask the Company not to sell your personal data to third parties.
• Right to Know About Your Personal Data: Request information about categories of personal data collected, sources, purposes, and third parties with whom we share.
• Right to Delete Personal Data: Request the deletion of your personal data collected in the past 12 months.
• Right Not to Be Discriminated Against: Not be discriminated against for exercising any of your consumer rights.

To exercise any of your rights under the CCPA, and if you are a California resident, you can email us at hello@appdoro.com. We will disclose and deliver the required information free of charge within 45 days of receiving your verifiable request.

We do not sell personal information. However, the service providers we partner with may use technology that could be considered a "sale" under the CCPA. You may opt out by adjusting your device settings or following the instructions in our applications.

"Do Not Track" Policy as Required by CalOPPA

Our Service does not respond to Do Not Track signals. However, some third-party websites track your browsing activities. You can enable or disable DNT by visiting the preferences or settings page of your web browser.

Security and Retention

We make reasonable efforts to provide you with an appropriate level of security relative to the risk associated with the processing of your personal data. We take organizational, technical, and administrative measures designed to protect your personal data against unauthorized access, destruction, loss, alteration, or misuse. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.

We retain your personal data as long as we are providing Services to you. We retain personal data after we cease providing Services to comply with legal and regulatory obligations, tax, accounting, and financial reporting obligations. We also take measures to delete your personal information or keep it in a form that does not permit identifying you when it is no longer necessary for processing purposes.

International Data Transfers

We are a global business. Personal data may be stored and processed in any country where we have operations or engage service providers. We may transfer personal data to recipients in countries other than the country in which the personal data was originally collected. Those countries may have different data protection rules. However, we will take measures to ensure that any such transfers comply with applicable data protection laws and that your personal data remains protected as described in this Policy.

Use by Minors

The Services are not directed to individuals under the age of eighteen (18) for California residents and sixteen (16) for United Kingdom citizens, and they should not provide personal data through the Services. If you believe a minor has provided us with personal information, please contact us.

Updates to This Policy

We may change this Policy from time to time to reflect new services, changes in our personal data practices, or relevant laws. The "Last Updated" date at the top of this Policy indicates when it was last revised. Any changes are effective when we post the revised Policy on the Platform. We may provide disclosures and alerts regarding the Policy or personal data collected by posting them on our Platform and, if you are a user, by contacting you through the email address you provided.

Links to Other Websites

The Services may provide the ability to connect to other sites. These sites may operate independently from us and may have their own privacy notices or policies, which we strongly suggest you review. If any linked website is not owned or controlled by us, we are not responsible for its content, use, or the privacy practices of its operator.

Jurisdiction

Appdoro focuses on multinational compliance regulations, including the United Kingdom General Data Protection Regulation ("UK GDPR"), the European Union's General Data Protection Regulation ("GDPR"), and United States Privacy Laws, to ensure privacy is a priority. You have the right to request further information on our personal data processing activities based on your country's laws.

Contact Us

If you have any questions or complaints about this Policy, please contact us at:

Email: hello@appdoro.com