Onelight Apps Privacy Policy

This Privacy Policy describes the ways we collect, store, use and manage any Personal Data you provide to us or we collect in connection with your use of our Apps and Websites.

BY CLICKING “I AGREE” OR BY USING OUR APP OR WEBSITE YOU AGREE TO THIS PRIVACY POLICY and the processing of your Personal Data in the manner provided in this Policy. If you do not agree to the terms of this Privacy Policy, please do not use the Apps and Websites.

  1. Definitions

Policy” means this Onelight Apps Privacy Policy.

We”, “our” or “us” means Onelight Apps CY Ltd., with its registered address at Spyrou Araouzou 165, Lordos Waterfront Office 402, Limassol, 3036 Cyprus.

You”, “your” means you as a user of our Apps or Websites.

App” means a mobile application developed by us and available through Google Play or Apple App Store.

Website” means our website on which this Policy appears.

Terms” means Onelight Apps Terms of Use.

Personal Data” means information that can be used to identify you as an individual, like your first and last name, email address, username, usage data and so on. Personal Data does not include information that has been anonymized such that it does not allow for your identification. If you cannot be identified (e.g., when Personal Data has been aggregated and anonymized), then this Policy does not apply.

  1. What Data We Collect and How We Do That

When you visit our Websites, use our Apps, or contact us directly we or our service providers collect and process your Personal Data. The ways it is collected can be broadly categorized into the following:

Information you provide to us directly

When you use some parts of our Apps or Websites we might ask you to provide Personal Data to us. For example, you will provide your email address when you contact us with questions or request support. Certain Apps require access to your photos stored on your device, provided you have granted us permission. You may upload photos (including their metadata) through specific features of our Apps and may choose to provide your email address or Instagram username. We only process the specific photos you select to modify using an App; we do not collect your entire Instagram photo library or photo albums. If you make an in-App purchase directly through us, we may collect your email address and maintain a purchase history related to your in-App transactions and subscriptions. Note that payments are processed by third-party providers, and we do not receive your financial information, such as payment method details or card numbers.  

Information we or our service providers collect when you interact with Apps or Websites

We or our service providers may automatically collect certain information about the devices you use to access the Apps and Websites. As described further below, we or our service providers may collect and analyze (a) device information and identifiers such as IP addresses, geolocation information (by country and city based on an IP address), unique device identifiers, Google Advertising ID, Apple ID for Advertising, IMEI and TCP/IP address, browser types, screen resolution, browser language, operating system, mobile device carrier information, and (b) information related to the ways in which you interact with the Apps and Websites, such as referring and exit web pages and URLs, platform type, the number of clicks, content viewed, statistical information about the use of the Apps and Websites (e.g. features you use; screens you viewed, navigation paths between pages or screens, the actions you take; the date and time you used the Apps and Websites, the frequency of your use of the Apps and Websites), error logs, and other similar information. As described further below, we or our service providers may use third-party web and mobile analytics services and technologies (such as Google Analytics, Facebook Analytics, Amplitude, Firebase, AppStore Analytics, etc.), including cookies, pixels and similar tools, to assist in collecting this information. The information collected by various analytics technologies described above will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Apps and Websites, including by analyzing usage trends, assisting with fraud prevention, and providing certain features to you.

Cookies and similar tracking technologies

We do not use our (first-party) cookies.

Mobile devices may use tracking technologies similar to cookies, such as Apple’s Advertising Identifier (IDFA) and Identifier for Vendor (IDFV) on iOS devices, and Google’s Advertising ID on Android devices.

We use third-party software development kits (SDKs), which are blocks of code provided by analytics and advertising partners. These SDKs help us and our partners understand how you interact with our Apps and may collect information about your device, network, and identifiers associated with your device or our Apps. For more information, please refer to the privacy policies of Facebook (Meta), Apple, and Google available on their respective websites.

To opt out of interest-based advertising on iOS devices, follow these steps: Launch "Settings" > Tap "Privacy" > Scroll down and tap "Advertising" > Toggle "Limit Ad Tracking" on. To opt out on Android devices, follow these steps: Launch "Settings" > Tap "Google" > Select "Ads" > Toggle on "Opt out of Ads Personalization." You can also reset your advertising ID by tapping "Reset Advertising Identifier."

If you opt out of interest-based advertising, you will still see ads, but they will not be tailored to your specific interests based on your device’s web-viewing data.

We may use local storage technology on our Websites to store information locally on your computer or mobile device. This may include data related to billing and invoicing, such as your user ID and email address.

Information from third parties

We may collect Personal Data about you from third parties, such as Instagram (Meta). For example, if you connect to our Apps via Meta’s API, we may collect, store, and use information you have agreed to share through Instagram’s API. This may include your username, number of followers, account type, number of entries, app version, and other details.

Our payment providers may provide us with limited information about transactions, including the payer’s zip code, IP address, card network type (Visa, MasterCard, etc.), and the last four digits of the card.

We use Meta tracking pixels on our Website to monitor the effectiveness of our Facebook advertisements. Meta Pixel records data such as the device used to access our Website and your actions on it. This helps us improve our advertising efforts, create retargeting campaigns, and build custom audiences for ads on Facebook and our Website. For more details, please refer to Meta’s Cookies Policy.

  1. Third Parties Processing Your Personal Data

This Policy does not cover the collection, processing, storage or use of your Personal Data, by Instagram (Meta), Adobe, Apple, Google or any other third parties. We do not control when or how third parties collect, process, store or use your Personal Data. Please refer to the privacy policies of third parties in order to learn and understand how and when they use your Personal Data.

  1. Legal Grounds to Process Personal Data

Where we collect Personal Data, we will only process it when we have the legal basis for the processing set out in applicable data protection laws. Such legal bases are:

  1. How We Use Personal Data

Our processing of your Personal Data is necessary for us to provide you with the Apps and Websites. If we do not process your Personal Data, we may be unable to provide you with all or some features of the Apps.

We use your Personal Data and may share it with our service providers and contractors for a number of purposes, which may include the following:

Use of your Personal Data

Legal basis

To operate our Apps and Websites, ensure they work as intended and deliver the services you have requested.

Performance of a contract

Legitimate interest

Authenticate you when you log in using third-party log-in services (e.g. Instagram).

Performance of a contract

Legitimate interest

To process your payments and other billing and invoicing purposes when we collect payments directly from you

Performance of a contract

To support you, including assisting with the resolution of technical or other issues relating to the Apps and Websites.

Performance of a contract

To enhance our Apps and Websites, test and develop new features and carry out analysis of our Apps and Website so that we can optimize your user experience and provide you and other users with more efficient tools and features.

Legitimate interest

To analyze and aggregate data, to prepare statistics, in particular, to produce aggregated and anonymized analytics and reports, which we may use internally or share publicly or with third parties.

Legitimate interest

To display advertisements to you.

Legitimate interest

To manage our relationship and communicate with you (including by push notifications). This may include:

  • operational and transactional communications about or in relation to  changes to our Apps, our services,  features, security updates, assistance with using our Apps, or requests for feedback;
  • survey requests, feedback collection and follow-up communication if these Terms or an App’s use has been terminated or suspended;
  • providing you with the information you have requested from us or information we are required to send to you.

These communications are part of the services we provide to you through the Apps and in most cases you will not be able to opt out of them. If an opt-out is available, you will find that option within the communication itself or in the App’s settings.

Performance of a contract

Legitimate interest

To promote and drive engagement with the Apps and Websites.

Legitimate interest

To send marketing communications that may be of specific interest to you.

These communications are aimed at driving engagement and maximizing what you get out of the Apps, including information about new Apps, newsletters, product offers, and promotions we think may be of interest to you.

You may opt out of receiving marketing communications from us managing notifications settings on your mobile device.

Legitimate interest

Your consent

To prevent, detect and report crime, protect you, other users and us, for example, by ensuring network and information security, mitigating security risks, detecting and preventing any fraudulent or malicious activity, and make sure that everyone is using our Apps and Websites fairly and in accordance with the Terms.

Legal obligation

Legitimate interest

Performance of a contract

To perform legal duties, responsibilities, and obligations; and to comply with any laws and regulations that apply to us.

Legal obligation

To exercise our rights set out in the Terms or other agreements with you.

Performance of a contract

To disclose information to companies in our group of companies following a restructure or for internal administrative purposes.

Legitimate interest

To evaluate or conduct a merger, restructuring, reorganization, or other sale or transfer of some or all of our assets.

Legitimate interest

We may aggregate and/or de-identify Personal Data collected through the Apps and Websites. We may use de-identified and/or aggregated data for any purpose, including without limitation for research and marketing purposes.

  1. To Whom We May Disclose Your Personal Data

We do not share your photos with third parties with the exception of uploading them to your Instagram profile to provide you with the service you requested by using the App.

At times, we may need to share your Personal Data with third parties. This may include disclosure to:

  1. Data Retention

Some data you can delete whenever you like, some data is deleted automatically, and some data we retain for longer periods of time when necessary. When the data is being deleted, we make sure that your data is safely and completely removed from our servers or retained only in anonymized form.

Information retained until you remove it

If you are connected to our App by using your Instagram account you can stop sharing the information from Instagram with us by removing our access to this service.

Information for marketing communications

If you have not opted-out or have consented (as the case may be) to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last used or expressed interest in our Apps or Websites.

Information retained for extended time periods for limited purposes

Sometimes business and legal requirements oblige us to retain Personal Data for specific purposes, for an extended period of time. Reasons we might retain some data for longer periods of time include:

  1. Your Rights

You have the following rights with respect to your Personal Data that we process:

You can exercise your rights at any time by sending an email to privacy@onelightapps.io. We may require evidence of and be satisfied as to your identity before we take any requested action.

  1. Security Measures

We have implemented technical, physical, and organizational security measures to protect against the loss, misuse, and/or alteration of your Personal Data. These safeguards vary based on the sensitivity of the information that we collect and store. However, we cannot and do not guarantee that these measures will prevent every unauthorized attempt to access, use, or disclose your Personal Data since despite our efforts, no Internet and/or other electronic transmissions can be completely secure.

  1. International Data Transfers

When we process and share data, it may be transferred to, and processed in, countries other than your country. These countries may have laws different to what you are used to. Where Personal Data is processed in another country, we put safeguards in place to ensure your Personal Data remains protected.

For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your Personal Data is transferred outside the EEA, it will be transferred to countries where we have compliant transfer mechanisms in place to protect your Personal Data, in particular, by implementing the European Commission’s Standard Contractual Clauses to the contracts with the entities the data is transferred to.

  1. Information Concerning Children

The Apps and Websites are not directed at children under the age of 13. If we become aware that we have collected personal information (as defined by the US Children’s Online Privacy Protection Act) from children under the age of 13, or personal data (as defined by the EU GDPR) from children under the age of 16, we will take reasonable steps to delete it as soon as practicable.

  1.  Third-Party Links and Services

The Apps and Websites may contain links to third-party websites, apps, plug-ins and other services. If you choose to use these sites or features, you may disclose your Personal Data not just to those third-parties, but also to their users and the public more generally depending on how their services function. We are not responsible for the content or privacy practices of such third party websites or services. The collection, use and disclosure of your Personal Data will be subject to the privacy policies of the third party websites or services, and not this Privacy Policy. We encourage you to read the privacy statements of each and every site you visit.

  1. Modifications

We may modify or revise this Policy at any time by posting the amended Policy. Please check the most current Policy. Your continued use of the Apps or Websites after a change or update has been made will constitute your acceptance to the revised Privacy Policy. If you do not agree with the modifications, please discontinue use of the Apps and Websites.

  1. Privacy Related Inquiries

If, for any reason, you are concerned with the way that we may be using your Personal Data, you have questions about the privacy aspects of the Apps or Websites, please, contact us at privacy@onelightapps.io.

  1. California Privacy Rights Notice

This  Privacy Notice for California residents supplements the information contained in our Privacy Policy. This Privacy Notice applies solely to visitors, users, and others who reside in the State of California.

Although we are not doing business in California for the purposes of the California Consumer Privacy Act (“CCPA”) (Civil Code Section § 1798.100 et seq.), this notice is adopted to comply with the CCPA. Any terms defined in the CCPA have the same meaning when used in this notice.

Personal Data We Collect

We have collected the following categories of Personal Data from consumers within the last twelve (12) months:

Category

Examples

Collected

A. Identifiers

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

YES

B. Personal Data categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

NO

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

NO

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

YES

E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

NO

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

YES

G. Geolocation data.

Physical location or movements.

YES

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

YES

I. Professional or employment-related information.

Current or past job history or performance evaluations.

NO

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

NO

K. Inferences drawn from other personal information.

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

NO

Business and Commercial Purposes for Collecting Personal Data

We use Personal Data we collect for business and commercial purposes described above in section “Legal Grounds to Process Personal Data”. We may also use Personal Data relating to California residents for one or more of the specific “business purposes” listed in the CCPA.

Categories of Sources of Personal Data

In the past twelve months, we have collected Personal Data relating to California residents from the sources described above in section “What Data We Collect and How We Do That”.

Categories of Third Parties and Other Entities to Whom We Disclose Personal Data

We disclose Personal Data to the categories of third parties, service providers, and contractors described in the Policy above, including section “To Whom We May Disclose Your Personal Data”.

Disclosures of Personal Data for a Business Purpose

In the preceding twelve (12) months, we have disclosed the following categories of Personal Data for a business purpose:

Sales or Sharing of Personal Data

We do not exchange your Personal Information for payment. However, under the CCPA, the term "sale" is defined broadly and may include certain data-sharing practices. We may share your Personal Data with advertising partners, analytics providers, and social networks that help us deliver and improve our Apps and Websites or advertise them to you. These third parties may collect certain data directly through your interactions with our Apps or Websites. In some cases, these parties may use the information for limited purposes, such as enhancing their services, delivering targeted ads, or conducting online behavioral advertising (including "cross-context" behavioral advertising). As a result, sharing Personal Data with these partners could be considered a "sale" or "sharing" under the CCPA. Over the past 12 months, we have "sold" or shared the following categories of Personal Data for cross-context behavioral advertising with advertising partners, analytics providers, and social networks:

The primary purpose of this sharing is to utilize third-party services, such as Google Analytics, to analyze how users interact with our Apps and Websites and to support our marketing efforts.

If you wish to opt out of the "sale" or sharing of your Personal Data for cross-context behavioral advertising, you can manage your cookie preferences as described in the “Cookies and Similar Tracking Technologies” section above.

Your Rights and Choices under the CCPA

You have the following right under the CCPA:

If you wish to do any of these things, please contact us at privacy@onelightapps.io. Please be aware that we do not accept or process requests through other means.

We will review the information provided and may request additional information to ensure we are interacting with the correct individual. Please also be aware that making any such request does not ensure complete or comprehensive removal or deletion of Personal Data, and there may be circumstances in which the law does not require or allow us to fulfill your request.

We will not discriminate against you for exercising your rights under the CCPA.

Last updated: November 19, 2024