Ciigo Privacy Policy: Your Data, Our Responsibility
Effective Date: March 15, 2025

I. Operational Foundations of Data Handling

To ensure service reliability and user trust, Ciigo systematically processes information across key functional areas.

(A) Device and System Metrics

Technical data is collected to optimize performance and security:

• Device Specifications: Model, OS version, screen resolution, and app build details for compatibility troubleshooting.

• Network Diagnostics: IP address, connection type (Wi-Fi/cellular), bandwidth metrics, and carrier data.

• Error Reporting: Crash logs and latency analytics to resolve stability issues.

• Device Identification: Unique hardware/software identifiers (Device ID) for fraud prevention and analytics.

(B) User-Generated Content and Activity

Interaction data drives platform safety and personalization:

• Private Communications: Chat histories stored for moderation and user protection.

• Behavioral Patterns: Records of video matches, chat frequency, and feature engagement.

￮ Technical Support: Addressing issues like lagging streams or failed connections.

￮ Personalization: Adjusting recommendations (e.g., matches) based on usage trends.

￮ Policy Enforcement: Detecting abusive behavior through automated analysis.

II. User Identity and Preferences

Account creation requires minimal data to enable core functionalities:

• Account Credentials: User ID (anonymous identifier) and username.

• Profile Customization: Avatar uploads and language/notification preferences.

III. Commercial Partnerships and Analytics

Third-party collaborations underpin free service sustainability:

• Ad Performance: Aggregated metrics on ad clicks/views to balance relevance.

• Analytics Tools: Platforms like Google Analytics assess demographics and feature adoption.

IV. Data Utilization Framework

Information is applied across four strategic pillars:

(A) Service Optimization

• Core Feature Support: Powering chats, video matches, and account management.

• Performance Enhancements: Reducing latency via device/network diagnostics.

(B) Personalized Experiences

• Dynamic Content: Curating matches and suggestions aligned with user behavior.

• Interface Adaptation: Adjusting layouts based on saved preferences.

(C) Security and Compliance

• Fraud Prevention: Monitoring for suspicious logins or bot activity.

• Legal Obligations: Responding to lawful data requests (e.g., subpoenas).

• Regulatory Alignment: Adhering to GDPR, CCPA, VCDPA, and other privacy laws.

V. Data Sharing Protocol

Information disclosure occurs only under strict conditions:

• Trusted Vendors: Service providers (hosting, payment processing) bound by NDAs.

• User Consent: Explicit approval for third-party integrations beyond core services.

• Corporate Transfers: Data portability during mergers/acquisitions.

• Public Safety: Disclosures to prevent harm or comply with legal mandates.

VI. Permission Management

Optional device access enables advanced features:

• Photo: For profile customization and media sharing, allowing you to upload profile pictures or share photos within the app.

• External Storage: File uploads/downloads from external drives, supporting media sharing and content management.

• Camera: For capturing photos or videos within the app for activities such as updating your profile or sharing visual content.

• Microphone: Voice messages and call functionalities, enabling audio interactions during video matches or private chats.

• Advertising IDs: Optional use for ad relevance tuning, ensuring promotions align with your preferences.

VII. User Control and Updates

• Permission Adjustments: Revoke access via device settings at any time.

• Policy Revisions: Changes communicated through in-app notifications and versioned documentation.

VIII. Security Infrastructure and Risk Mitigation

(A) Technical Safeguards

Multi-layered defenses protect against unauthorized access:

• Perimeter Defense: Next-gen firewalls and intrusion detection systems (IDS) to neutralize external threats.

• Data Obfuscation: AES-256 encryption for data in transit (TLS 1.3) and at rest (disk-level encryption).

• Network Segmentation: Isolating user databases from public-facing servers to minimize breach impact.

(B) Administrative Controls

• Privileged Access Management: Role-based permissions and biometric authentication for internal systems.

• Continuous Audits: Third-party penetration testing and quarterly SOC 2 compliance reviews.

• Incident Response: Real-time monitoring with automated alerts for anomalous activities (e.g., brute-force login attempts).

(C) User-Driven Precautions

• Credential Hygiene: Enforce strong passwords (12+ characters, multi-factor authentication).

• Breach Reporting: Immediately notify motaz2632@gmail.com upon detecting compromised accounts or phishing attempts.

IX. Policy Evolution and Transparency

• Versioned Updates: Track revisions through timestamps and summary changelogs accessible in app settings.

• User Notification: Push alerts for material changes affecting data rights or security practices.

X. Global Privacy Compliance and User Rights

(A) Adherence to International Data Protection Standards

Ciigo is committed to aligning with global privacy regulations, ensuring consistent protection for users across jurisdictions. Below are the frameworks we follow:

1. GDPR Compliance (EU/EEA)
For users in the European Union and European Economic Area, we adhere to GDPR requirements, including:

• Transparency: Clear disclosure of data collection, storage, and processing practices.

• User Rights: Guaranteed access, rectification, erasure, and portability of personal data.

• Consent Management: Options to withdraw consent for data processing at any time.

2. CCPA Compliance (California)
California residents enjoy enhanced rights under the CCPA, such as:

• Data Disclosure: Detailed information about collected data, including sources, purposes, and third-party sharing.

• Deletion Rights: Request removal of personal data, subject to legal or operational exceptions.

• Opt-Out Options: Opt-out of data sharing for personalized advertising (note: Ciigo does not sell personal data).

• Non-Discrimination: Protection against service denial for exercising privacy rights.

3. LGPD Compliance (Brazil)
For Brazilian users, we comply with LGPD by:

• Transparency: Clear communication about data handling processes.

• User Control: Rights to access, correct, delete, or withdraw consent for data processing.

4. VCDPA Compliance (Virginia)
For users in Virginia, we adhere to the Virginia Consumer Data Protection Act (VCDPA), ensuring:

• Transparency: Clear disclosure of data collection and processing practices.

• User Rights: Rights to access, correct, delete, and opt-out of data processing.

5. Other Regional Regulations
We also align with privacy laws in other jurisdictions, such as:

• Australia’s Privacy Act (APP).

• India’s Personal Data Protection Bill.

(B) Legal Foundations for Data Processing

Ciigo processes data based on one or more of the following legal grounds:

• Consent: Explicit permission for activities like personalized advertising or optional data collection.

• Contractual Necessity: Processing required to deliver app services.

• Legitimate Interests: Enhancing app performance, security, or user experience, provided they do not override user rights.

• Legal Obligations: Compliance with government requests, tax laws, or fraud prevention.

• Public Interest: Limited processing for public health, safety, or other recognized matters.

XI. User Rights and Data Management

(A) Core Rights Under Privacy Laws

Users retain the following rights, depending on applicable regulations:

• Access: Obtain a copy of personal data, including details about its collection, processing, and sharing.

• Correction: Update inaccurate or incomplete data.

• Deletion: Request removal of data when no longer necessary or legally required.

• Restriction: Limit processing during disputes or accuracy verification.

• Portability: Receive data in a machine-readable format for transfer to another provider.

• Objection: Object to processing for purposes like direct marketing or profiling.

• Withdraw Consent: Revoke prior permissions at any time.

• File Complaints: Lodge grievances with relevant data protection authorities.

(B) CCPA-Specific Rights (California)

California residents have additional rights, including:

• Right to Know: Disclosure of data categories, sources, purposes, and third-party sharing.

• Right to Delete: Request data deletion, subject to legal or operational exceptions.

• Right to Opt-Out: Opt-out of data sharing for analytics or advertising.

• Right to Non-Discrimination: Protection against service denial for exercising rights.

• Right to Transparency: Confirmation of data sharing or sales (note: Ciigo does not sell data).

XII. Opt-Out Mechanisms and Consent Management

1. Personalized Advertising
Disable tailored ads via the “Ad Preferences” section in app settings.

2. Third-Party Data Sharing
Adjust data sharing with advertisers, marketers, or analytics providers through the “Privacy Preferences” menu.

3. Data Sales Opt-Out
If applicable, opt out of data sales (as defined by CCPA) via the “Do Not Sell My Personal Information” link or email request.

4. Automated Decision-Making
Disable automated processing or profiling features through account settings.

5. Consent Withdrawal
Revoke prior permissions for data collection or processing using the “Manage Consent” settings.

6. Service Data Usage
Opt out of non-essential data collection for performance analytics or app improvements via the “Service Data Opt-Out” setting.

7. For assistance, contact motaz2632@gmail.com.

XIII. Compliance with Brazilian Data Protection Laws (LGPD)

Ciigo adheres to Brazil’s General Data Protection Law (LGPD), ensuring robust privacy protections for Brazilian users. Below are the rights and mechanisms available to you:

(A) Core Rights Under LGPD

• Access: Request a detailed report of your collected personal data, including processing purposes.

• Correction: Report inaccuracies in your data for immediate updates.

• Deletion: Request removal of personal data no longer necessary for its original purpose, subject to legal exceptions.

• Data Sharing Transparency: Obtain a list of third parties with whom your data has been shared and the specific sharing purposes.

• Portability: Receive your data in a transferable format for seamless migration to other services.

• Objection: Contest data processing activities based on legitimate interests.

• Withdraw Consent: Revoke consent for optional data processing at any time.

(B) Exercising Your Rights

• Contact: Email motaz2632@gmail.com to submit requests.

• Complaints: File grievances with Brazil’s National Data Protection Authority (ANPD) if rights are violated.

XIV. Safeguarding Children’s Privacy

Ciigo prioritizes the protection of minors’ privacy and implements strict measures to ensure compliance:

(A) Age Restrictions and Verification

• Minimum Age: Services are exclusively available to users aged 18 and above.

• Data Removal: If we inadvertently collect data from minors, it is promptly deleted from our systems.

• Preventive Measures: Enhanced age verification processes and regular audits to prevent recurrence.

(B) Reporting Concerns

• Contact: Report suspected cases of minors sharing data with us at motaz2632@gmail.com.

• Investigation: Immediate action is taken to address and resolve such incidents.

XV. Policy Updates and User Notifications

This Privacy Policy is subject to revisions to reflect operational, regulatory, or service changes:

(A) Notification Mechanisms

• In-App Alerts: Significant changes are communicated via notifications.

• Email Updates: Users are informed of major updates through email.

(B) Consent for New Practices

• Explicit Consent: New data processing activities may require your approval.

• Regular Review: Users are encouraged to periodically review the policy for updates.

XVI. Managing Data Sharing and Sales

Control how your data is shared or sold through the following methods:

(A) Opt-Out Mechanisms

• Direct Requests: Email motaz2632@gmail.com to cease sharing or selling your data.

• Processing Timeline: Requests are typically processed within 10 business days.

(B) Compliance Assurance

• Regulatory Alignment: All opt-out requests are handled in compliance with privacy laws.

XVII. Data Controller Responsibilities

The data controller oversees the lawful collection, processing, and protection of your personal information:

(A) Contact Information

• Name: Liam Dawson

• Email: motaz2632@gmail.com

• Address: 5800 Highland Park Dr 2076 2076, Benbrook, TX 76132-5843, United States

(B) Role and Accountability

• Compliance Oversight: Ensures adherence to data protection laws and safeguards user rights.

• Assistance: Available to address questions or concerns about data handling.

XVIII. Data Protection Officer (DPO) Contact

For privacy-related inquiries or to exercise your rights, contact our Data Protection Officer (DPO):

• Name: Liam Dawson

• Email: motaz2632@gmail.com

• Office Address: Sudan, Khartoum, Omdurman, 1111

XIX. General Contact Information

For questions, feedback, or concerns about this Privacy Policy or our data practices, please contact us:

(A) How to Reach Us

• Email: motaz2632@gmail.com

• Commitment: We are dedicated to maintaining your trust through transparent and ethical data handling.

(B) User-Centric Approach

• Feedback: We value your input and strive to improve our services based on your needs.

• Gratitude: Thank you for choosing Ciigo. Your privacy is our priority.