Bolou Privacy Policy

1. Introduction

Bolou ("we," "us," or "our") is dedicated to safeguarding the privacy and security of your personal information. This Privacy Policy outlines our practices regarding the collection, utilization, disclosure, potential sale, retention, and protection of your information when you access or use our mobile application and related services (collectively referred to as the "Service"). By engaging with the Service, you acknowledge and consent to the data practices described in this document, which complies with global privacy regulations including GDPR, CCPA, VCDPA, PIPA, and CPA.

2. Data Controller Information

For the purposes of applicable data protection laws (including GDPR, CCPA, VCDPA, and others), the **data controller** responsible for processing your personal information is:

The data controller is responsible for determining the purposes and means of processing your personal data, ensuring compliance with applicable privacy laws, and responding to data subject requests related to your information.

3. Information We Collect

We gather information to deliver and enhance the Service, improve user experience, and ensure platform safety. The information we collect falls into the following categories:

3.1 Disclosures on Phone Number Collection

We collect phone number data from users for the following legitimate business purposes:

• Account verification and security: To confirm the authenticity of your account and prevent unauthorized access, identity theft, or fraudulent account creation;
• Communication: To send important service notifications (e.g., account recovery codes, security alerts) via SMS;
• User matching (optional): To facilitate connections with contacts who also use Bolou (only with your explicit consent);
• Customer support: To respond to your inquiries and resolve account-related issues efficiently.

Your phone number is encrypted during collection and storage, and will never be displayed publicly on your profile or shared with other users without your express permission.

3.2 Disclosures on Device ID Collection

We automatically collect unique Device ID information (including but not limited to IDFA, AAID, UDID, and other device-specific identifiers) for the following purposes:

• Device authentication: To verify the legitimacy of devices accessing the Service and prevent account hijacking;
• Service optimization: To identify and fix technical issues, improve app performance, and tailor the Service to your device’s capabilities;
• Fraud prevention: To detect and block suspicious activities (e.g., multiple accounts on a single device, automated bot access);
• Analytics: To analyze usage patterns (in anonymized form) to enhance the overall user experience.

Device ID data is collected only when you install and launch the Bolou app, and is linked to your account only for security purposes. You may limit Device ID collection by adjusting your device’s privacy settings (e.g., disabling ad tracking), though this may affect certain Service features.

3.3 Other Personal Information You Provide

When registering an account or using the Service, you may voluntarily provide:

• Contact details (e.g., email address, optional social media handles);
• Profile information (e.g., full name, date of birth, gender, profile picture, biography, and interest preferences);
• Communication content (e.g., direct messages, video call recordings (if enabled by you), photos, videos, and other media shared via the Service);
• Payment information (if purchasing premium features, processed securely by third-party payment providers, not stored by Bolou).

3.4 Automatically Collected Usage Information

We collect usage data passively when you interact with the Service:

• Usage metrics (e.g., features accessed, session duration, search history, swipe and interaction patterns);
• Location data (approximate or precise, only if you enable location services, used to improve regional matching features);
• Log data (e.g., IP address, access timestamps, browser/OS type, referral sources).

3.5 Third-Party Information

We may receive information from authorized third parties:

• Social media platforms (if you link your account, in compliance with the platform’s privacy rules);
• Service providers (e.g., analytics tools, fraud detection services, payment processors) who share anonymized or pseudonymized activity data.

4. How We Use Your Information

We use the collected information only for lawful and legitimate purposes, including:

• Service operation and maintenance (account creation, payment processing, customer support, feature delivery);
• Personalization and improvement (customizing your experience, developing new features, optimizing matching algorithms based on your preferences);
• Communication (sending account updates, security alerts, service-related notifications, and optional promotional offers (you may opt out of marketing communications));
• Safety and security (detecting/preventing fraud, harassment, unauthorized access, and enforcing our User Agreement);
• Legal compliance (responding to valid legal requests, subpoenas, court orders, or regulatory obligations).

5. Data Sharing & Sale

5.1 User’s Right to Know About Data Sharing

You have the unconditional right to know whether and how your personal data is shared with third parties. Bolou is fully transparent about data sharing practices, and this section outlines all scenarios where your personal information may be disclosed to external parties. You may request a detailed breakdown of data sharing activities (including the names of third-party recipients, purpose of sharing, and data categories) by contacting our Data Protection Officer at any time (see Section 11).

5.2 Circumstances for Data Sharing

We may share your personal information in the following limited scenarios:

• With Service Providers: We engage trusted third-party vendors (e.g., cloud hosting providers, analytics firms, payment processors) to perform services on our behalf. These vendors are contractually obligated to protect your data, use it only for the specified purposes, and not to disclose it to other third parties;
• With Other Users: Your public profile information (name, photo, bio) and voluntary communications (messages, shared media) may be visible to other users to enable platform interactions (e.g., matching, video calls);
• For Legal Protection: We may disclose information if required by law, or to protect our rights, property, or safety, or the rights, property, or safety of our users or the public;
• Business Transfers: In the event of a merger, acquisition, or sale of all/part of our assets, your data may be transferred as part of the transaction (subject to privacy laws, and the acquirer will be bound by this Privacy Policy);
• With Your Consent: We may share your data with third parties if you provide explicit written consent (e.g., sharing with integrated third-party apps).

5.3 Data Sale Practices

Bolou does not currently sell any personal data (defined as exchanging personal information for monetary consideration) to third parties for commercial purposes. If our data sale practices change in the future, we will:

• Update this Privacy Policy at least 30 days prior to the change;
• Send a prominent notification to all users via the app and registered email;
• Provide a clear and easy opt-out mechanism (no opt-out required for non-California/Virginia users under applicable law).

5.4 How to Opt-Out of Data Sale/Targeted Advertising

If we ever engage in data sales (as defined by CCPA/VCDPA), or if you wish to opt out of targeted advertising based on your data, you may exercise your opt-out rights through the following methods:

5.4.1 Opt-Out of Data Sale (If Applicable)

• Method 1: Submit a written request to our Data Protection Officer at metaprobot@gmail.com (include your registered email/phone number for identity verification);
• Method 2: Use the "Data Privacy Settings" in your Bolou account (Settings > Privacy > Opt-Out of Data Sale);
• Method 3: Send a physical request to our registered address (see Section 2) with a copy of your government-issued ID.

We will process your opt-out request within 15 business days and confirm completion via email. Opting out of data sale will not affect your use of free Service features, and we will not discriminate against you for exercising this right (per CCPA/VCDPA requirements).

5.4.2 Opt-Out of Targeted Advertising

• Within Bolou: Navigate to Settings > Privacy > Advertising Preferences > Disable "Personalized Ads";
• Device-Level: Adjust ad tracking settings on your mobile device (e.g., iOS: Settings > Privacy & Security > Tracking; Android: Settings > Privacy > Ads > Opt out of Ads Personalization);
• Third-Party Ad Networks: Visit the Digital Advertising Alliance (DAA) opt-out page (https://optout.aboutads.info/) to opt out of targeted ads from participating networks;
• Contact Us: Email metaprobot@gmail.com to request removal from our advertising audiences.

Note: Opting out of targeted advertising will not stop ads from appearing, but ads will no longer be personalized based on your usage data.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

• Active accounts: Data is retained while your account is active (indefinitely, unless you request deletion);
• Account deletion: Profile information, communication content, and phone number/Device ID data are permanently deleted within 30 days of account deletion (except data retained for legal compliance);
• Anonymized data: Aggregated, non-identifiable data (e.g., usage trends, device type statistics) may be retained indefinitely for analytical and business improvement purposes;
• Legal retention: Data may be retained for up to 7 years if required by tax, audit, or legal obligations.

7. User Privacy Rights (Global Compliance)

Depending on your jurisdiction, you may have the following privacy rights under applicable regulations (GDPR, CCPA, VCDPA, PIPA, CPA):

7.1 GDPR Rights (EU/EEA Users)

• Right to access: Request a copy of all personal data we hold about you;
• Right to rectification: Request correction of inaccurate or incomplete data;
• Right to erasure ("Right to be forgotten"): Request deletion of your data (subject to legal exceptions);
• Right to restriction of processing: Request limitation of data processing in certain circumstances;
• Right to data portability: Request your data in a machine-readable format;
• Right to object: Object to processing of your data for marketing, profiling, or legitimate interest purposes;
• Right to withdraw consent: Withdraw any previously given consent for data processing.

7.2 CCPA Rights (California Users)

• Right to know: Request details about the categories and specific pieces of personal data we collect, use, disclose, or sell;
• Right to delete: Request deletion of your personal data (subject to exceptions like legal retention);
• Right to opt out: Opt out of the sale of your personal data (see Section 5.4.1);
• Right to non-discrimination: No denial of service, charging of different prices/terms, or reduction of quality for exercising CCPA rights.

7.3 VCDPA Rights (Virginia Users)

• Right to access: Confirm if we process your data and request access to such data;
• Right to correction: Request correction of inaccurate personal data;
• Right to deletion: Request deletion of your personal data;
• Right to data portability: Request transfer of your data to another controller;
• Right to opt out: Opt out of targeted advertising, data sale, or profiling with legal/significant effects.

7.4 How to Exercise Your Rights

To exercise your privacy rights:

• Email: Send a request to metaprobot@gmail.com (include your registered email/phone number for verification);
• Account Portal: Use the "Privacy Rights Request" form in Settings > Privacy > Data Rights;
• Mail: Send a written request to Bolou Technology Inc., Attn: Privacy & Legal Department, 456 Tech Boulevard, Suite 1200, San Francisco, CA 94107, USA (attn: Data Protection Officer).

We will verify your identity (matching your request details to your account) and respond to valid requests within 45 days (or 60 days for complex requests, with written notice of extension).

8. Data Security

We implement industry-standard security measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction:

• Technical safeguards: End-to-end encryption for sensitive data (phone number, Device ID), secure socket layer (SSL) technology for data transmission, regular security audits;
• Administrative safeguards: Role-based access control, employee privacy training, strict data handling policies;
• Physical safeguards: Secure data centers with access controls, backup systems for data recovery.

While we strive to protect your data, no electronic storage or transmission method is 100% secure. You are responsible for maintaining the confidentiality of your account credentials (password, verification codes). Notify us immediately at metaprobot@gmail.com if you suspect unauthorized access to your account.

9. Children’s Privacy

The Bolou Service is not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect, use, or disclose personal information from children under this age. If we become aware that we have collected data from a child without parental/guardian consent, we will delete such data within 72 hours. Parents/guardians may contact us at metaprobot@gmail.com to report suspected child data collection.

10. Changes to This Privacy Policy

We may update this Privacy Policy to reflect regulatory changes, new service features, or business practices. Material changes will be communicated via:

• Prominent notice within the Bolou app;
• Email notification to your registered address;
• Posting the revised policy on our website with a "New" label for 90 days.

Your continued use of the Service after the effective date of the revised policy constitutes acceptance of the changes. We encourage you to review this policy periodically for updates.

11. Contact Information

For questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us at the above channels. For legal requests (e.g., subpoenas), please send official documentation to our registered address (Section 2) marked "Attn: Legal Department."