Onelight Apps Privacy Policy
This Privacy Policy describes the ways we collect, store, use and manage any Personal Data you provide to us or we collect in connection with your use of our Apps and Websites.
BY CLICKING “I AGREE” OR BY USING OUR APP OR WEBSITE YOU AGREE TO THIS PRIVACY POLICY and the processing of your Personal Data in the manner provided in this Policy. If you do not agree to the terms of this Privacy Policy, please do not use the Apps and Websites.
“Policy” means this Onelight Apps Privacy Policy.
“We”, “our” or “us” means Onelight Apps CY Ltd., with its registered address at Spyrou Araouzou 165, Lordos Waterfront Office 402, Limassol, 3036 Cyprus.
“You”, “your” means you as a user of our Apps or Websites.
“App” means a mobile application developed by us and available through Google Play or Apple App Store.
“Website” means our website on which this Policy appears.
“Terms” means Onelight Apps Terms of Use.
“Personal Data” means information that can be used to identify you as an individual, like your first and last name, email address, username, usage data and so on. Personal Data does not include information that has been anonymized such that it does not allow for your identification. If you cannot be identified (e.g., when Personal Data has been aggregated and anonymized), then this Policy does not apply.
When you visit our Websites, use our Apps, or contact us directly we or our service providers collect and process your Personal Data. The ways it is collected can be broadly categorized into the following:
When you use some parts of our Apps or Websites we might ask you to provide Personal Data to us. For example, you will provide your email address when you contact us with questions or request support. Certain Apps require access to your photos stored on your device, provided you have granted us permission. You may upload photos (including their metadata) through specific features of our Apps and may choose to provide your email address or Instagram username. We only process the specific photos you select to modify using an App; we do not collect your entire Instagram photo library or photo albums. If you make an in-App purchase directly through us, we may collect your email address and maintain a purchase history related to your in-App transactions and subscriptions. Note that payments are processed by third-party providers, and we do not receive your financial information, such as payment method details or card numbers.
We or our service providers may automatically collect certain information about the devices you use to access the Apps and Websites. As described further below, we or our service providers may collect and analyze (a) device information and identifiers such as IP addresses, geolocation information (by country and city based on an IP address), unique device identifiers, Google Advertising ID, Apple ID for Advertising, IMEI and TCP/IP address, browser types, screen resolution, browser language, operating system, mobile device carrier information, and (b) information related to the ways in which you interact with the Apps and Websites, such as referring and exit web pages and URLs, platform type, the number of clicks, content viewed, statistical information about the use of the Apps and Websites (e.g. features you use; screens you viewed, navigation paths between pages or screens, the actions you take; the date and time you used the Apps and Websites, the frequency of your use of the Apps and Websites), error logs, and other similar information. As described further below, we or our service providers may use third-party web and mobile analytics services and technologies (such as Google Analytics, Facebook Analytics, Amplitude, Firebase, AppStore Analytics, etc.), including cookies, pixels and similar tools, to assist in collecting this information. The information collected by various analytics technologies described above will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Apps and Websites, including by analyzing usage trends, assisting with fraud prevention, and providing certain features to you.
We do not use our (first-party) cookies.
Mobile devices may use tracking technologies similar to cookies, such as Apple’s Advertising Identifier (IDFA) and Identifier for Vendor (IDFV) on iOS devices, and Google’s Advertising ID on Android devices.
We use third-party software development kits (SDKs), which are blocks of code provided by analytics and advertising partners. These SDKs help us and our partners understand how you interact with our Apps and may collect information about your device, network, and identifiers associated with your device or our Apps. For more information, please refer to the privacy policies of Facebook (Meta), Apple, and Google available on their respective websites.
To opt out of interest-based advertising on iOS devices, follow these steps: Launch "Settings" > Tap "Privacy" > Scroll down and tap "Advertising" > Toggle "Limit Ad Tracking" on. To opt out on Android devices, follow these steps: Launch "Settings" > Tap "Google" > Select "Ads" > Toggle on "Opt out of Ads Personalization." You can also reset your advertising ID by tapping "Reset Advertising Identifier."
If you opt out of interest-based advertising, you will still see ads, but they will not be tailored to your specific interests based on your device’s web-viewing data.
We may use local storage technology on our Websites to store information locally on your computer or mobile device. This may include data related to billing and invoicing, such as your user ID and email address.
We may collect Personal Data about you from third parties, such as Instagram (Meta). For example, if you connect to our Apps via Meta’s API, we may collect, store, and use information you have agreed to share through Instagram’s API. This may include your username, number of followers, account type, number of entries, app version, and other details.
Our payment providers may provide us with limited information about transactions, including the payer’s zip code, IP address, card network type (Visa, MasterCard, etc.), and the last four digits of the card.
We use Meta tracking pixels on our Website to monitor the effectiveness of our Facebook advertisements. Meta Pixel records data such as the device used to access our Website and your actions on it. This helps us improve our advertising efforts, create retargeting campaigns, and build custom audiences for ads on Facebook and our Website. For more details, please refer to Meta’s Cookies Policy.
This Policy does not cover the collection, processing, storage or use of your Personal Data, by Instagram (Meta), Adobe, Apple, Google or any other third parties. We do not control when or how third parties collect, process, store or use your Personal Data. Please refer to the privacy policies of third parties in order to learn and understand how and when they use your Personal Data.
Where we collect Personal Data, we will only process it when we have the legal basis for the processing set out in applicable data protection laws. Such legal bases are:
Our processing of your Personal Data is necessary for us to provide you with the Apps and Websites. If we do not process your Personal Data, we may be unable to provide you with all or some features of the Apps.
We use your Personal Data and may share it with our service providers and contractors for a number of purposes, which may include the following:
Use of your Personal Data | Legal basis |
To operate our Apps and Websites, ensure they work as intended and deliver the services you have requested. | Performance of a contract Legitimate interest |
Authenticate you when you log in using third-party log-in services (e.g. Instagram). | Performance of a contract Legitimate interest |
To process your payments and other billing and invoicing purposes when we collect payments directly from you | Performance of a contract |
To support you, including assisting with the resolution of technical or other issues relating to the Apps and Websites. | Performance of a contract |
To enhance our Apps and Websites, test and develop new features and carry out analysis of our Apps and Website so that we can optimize your user experience and provide you and other users with more efficient tools and features. | Legitimate interest |
To analyze and aggregate data, to prepare statistics, in particular, to produce aggregated and anonymized analytics and reports, which we may use internally or share publicly or with third parties. | Legitimate interest |
To display advertisements to you. | Legitimate interest |
To manage our relationship and communicate with you (including by push notifications). This may include:
These communications are part of the services we provide to you through the Apps and in most cases you will not be able to opt out of them. If an opt-out is available, you will find that option within the communication itself or in the App’s settings. | Performance of a contract Legitimate interest |
To promote and drive engagement with the Apps and Websites. | Legitimate interest |
To send marketing communications that may be of specific interest to you. These communications are aimed at driving engagement and maximizing what you get out of the Apps, including information about new Apps, newsletters, product offers, and promotions we think may be of interest to you. You may opt out of receiving marketing communications from us managing notifications settings on your mobile device. | Legitimate interest Your consent |
To prevent, detect and report crime, protect you, other users and us, for example, by ensuring network and information security, mitigating security risks, detecting and preventing any fraudulent or malicious activity, and make sure that everyone is using our Apps and Websites fairly and in accordance with the Terms. | Legal obligation Legitimate interest Performance of a contract |
To perform legal duties, responsibilities, and obligations; and to comply with any laws and regulations that apply to us. | Legal obligation |
To exercise our rights set out in the Terms or other agreements with you. | Performance of a contract |
To disclose information to companies in our group of companies following a restructure or for internal administrative purposes. | Legitimate interest |
To evaluate or conduct a merger, restructuring, reorganization, or other sale or transfer of some or all of our assets. | Legitimate interest |
We may aggregate and/or de-identify Personal Data collected through the Apps and Websites. We may use de-identified and/or aggregated data for any purpose, including without limitation for research and marketing purposes.
We do not share your photos with third parties with the exception of uploading them to your Instagram profile to provide you with the service you requested by using the App.
At times, we may need to share your Personal Data with third parties. This may include disclosure to:
Some data you can delete whenever you like, some data is deleted automatically, and some data we retain for longer periods of time when necessary. When the data is being deleted, we make sure that your data is safely and completely removed from our servers or retained only in anonymized form.
If you are connected to our App by using your Instagram account you can stop sharing the information from Instagram with us by removing our access to this service.
If you have not opted-out or have consented (as the case may be) to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last used or expressed interest in our Apps or Websites.
Sometimes business and legal requirements oblige us to retain Personal Data for specific purposes, for an extended period of time. Reasons we might retain some data for longer periods of time include:
You have the following rights with respect to your Personal Data that we process:
You can exercise your rights at any time by sending an email to privacy@onelightapps.io. We may require evidence of and be satisfied as to your identity before we take any requested action.
We have implemented technical, physical, and organizational security measures to protect against the loss, misuse, and/or alteration of your Personal Data. These safeguards vary based on the sensitivity of the information that we collect and store. However, we cannot and do not guarantee that these measures will prevent every unauthorized attempt to access, use, or disclose your Personal Data since despite our efforts, no Internet and/or other electronic transmissions can be completely secure.
When we process and share data, it may be transferred to, and processed in, countries other than your country. These countries may have laws different to what you are used to. Where Personal Data is processed in another country, we put safeguards in place to ensure your Personal Data remains protected.
For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your Personal Data is transferred outside the EEA, it will be transferred to countries where we have compliant transfer mechanisms in place to protect your Personal Data, in particular, by implementing the European Commission’s Standard Contractual Clauses to the contracts with the entities the data is transferred to.
The Apps and Websites are not directed at children under the age of 13. If we become aware that we have collected personal information (as defined by the US Children’s Online Privacy Protection Act) from children under the age of 13, or personal data (as defined by the EU GDPR) from children under the age of 16, we will take reasonable steps to delete it as soon as practicable.
The Apps and Websites may contain links to third-party websites, apps, plug-ins and other services. If you choose to use these sites or features, you may disclose your Personal Data not just to those third-parties, but also to their users and the public more generally depending on how their services function. We are not responsible for the content or privacy practices of such third party websites or services. The collection, use and disclosure of your Personal Data will be subject to the privacy policies of the third party websites or services, and not this Privacy Policy. We encourage you to read the privacy statements of each and every site you visit.
We may modify or revise this Policy at any time by posting the amended Policy. Please check the most current Policy. Your continued use of the Apps or Websites after a change or update has been made will constitute your acceptance to the revised Privacy Policy. If you do not agree with the modifications, please discontinue use of the Apps and Websites.
If, for any reason, you are concerned with the way that we may be using your Personal Data, you have questions about the privacy aspects of the Apps or Websites, please, contact us at privacy@onelightapps.io.
This Privacy Notice for California residents supplements the information contained in our Privacy Policy. This Privacy Notice applies solely to visitors, users, and others who reside in the State of California.
Although we are not doing business in California for the purposes of the California Consumer Privacy Act (“CCPA”) (Civil Code Section § 1798.100 et seq.), this notice is adopted to comply with the CCPA. Any terms defined in the CCPA have the same meaning when used in this notice.
We have collected the following categories of Personal Data from consumers within the last twelve (12) months:
Category | Examples | Collected |
A. Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. | YES |
B. Personal Data categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. | NO |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | NO |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | YES |
G. Geolocation data. | Physical location or movements. | YES |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | YES |
I. Professional or employment-related information. | Current or past job history or performance evaluations. | NO |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
K. Inferences drawn from other personal information. | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | NO |
We disclose Personal Data to the categories of third parties, service providers, and contractors described in the Policy above, including section “To Whom We May Disclose Your Personal Data”.
In the preceding twelve (12) months, we have disclosed the following categories of Personal Data for a business purpose:
We do not exchange your Personal Information for payment. However, under the CCPA, the term "sale" is defined broadly and may include certain data-sharing practices. We may share your Personal Data with advertising partners, analytics providers, and social networks that help us deliver and improve our Apps and Websites or advertise them to you. These third parties may collect certain data directly through your interactions with our Apps or Websites. In some cases, these parties may use the information for limited purposes, such as enhancing their services, delivering targeted ads, or conducting online behavioral advertising (including "cross-context" behavioral advertising). As a result, sharing Personal Data with these partners could be considered a "sale" or "sharing" under the CCPA. Over the past 12 months, we have "sold" or shared the following categories of Personal Data for cross-context behavioral advertising with advertising partners, analytics providers, and social networks:
The primary purpose of this sharing is to utilize third-party services, such as Google Analytics, to analyze how users interact with our Apps and Websites and to support our marketing efforts.
If you wish to opt out of the "sale" or sharing of your Personal Data for cross-context behavioral advertising, you can manage your cookie preferences as described in the “Cookies and Similar Tracking Technologies” section above.
You have the following right under the CCPA:
If you wish to do any of these things, please contact us at privacy@onelightapps.io. Please be aware that we do not accept or process requests through other means.
We will review the information provided and may request additional information to ensure we are interacting with the correct individual. Please also be aware that making any such request does not ensure complete or comprehensive removal or deletion of Personal Data, and there may be circumstances in which the law does not require or allow us to fulfill your request.
We will not discriminate against you for exercising your rights under the CCPA.
Last updated: November 19, 2024