Flash Mall Market – Privacy Policy

Effective date: August 30, 2025

Quick summary

• We collect account details you provide, content you upload (posts, reels, chat, voice), device/app info, and usage analytics.

• We use this data to run core features (accounts, feed ranking, messaging, orders & payments), keep the community safe, improve quality, and comply with law.

• We share data with service providers (e.g., Google Firebase, ZEGOCLOUD, payment providers) under contracts. We do not sell your personal data.

• You can access, correct, download, or delete your data. The App is not for children under 13.

If you have questions, contact us at office@lightideasdc.com.

Contents:

1) Who we are 2) Scope 3) Information we collect 4) How we use your information 5) Legal bases (GDPR/UK GDPR) 6) How we share information 7) International data transfers 8) Data retention 9) Your rights & choices 10) Children’s privacy 11) Security 12) Permissions we request 13) Cookies / SDKs 14) Changes to this Policy 15) Contact us 16) Google Play Data safety mapping 17) Region‑specific disclosures 18) Version history

1) Who we are

Controller: Light Idea Software Development Company (Myanmar)

Email: office@lightideasdc.com

2) Scope

This Policy applies to the App and any website or feature that links to it. It does not apply to third‑party websites or services you access via links from our Services.

3) Information we collect

We collect the following categories of information:

A. Information you provide

• Account & profile: name/username, phone number or email, profile photo, city, address (optional), preferred language, shop information (for sellers), and verification data.

• Content you create: posts, captions, prices, product listings, comments, likes, shares, messages, voice notes, images, videos, live streams, and associated timestamps/metadata (e.g., duration, file type, thumbnails).

• Orders & payments: delivery details, order items, amounts, transaction IDs/tokens (payments are processed by third parties; we don’t store full card numbers).

• Support & feedback: messages you send to us (including attachments).

B. Information collected automatically

• Device & app data: device model, OS/app version, language, time zone, IP address, network type, device identifiers (e.g., Firebase Installation ID), crash logs, performance/diagnostics.

• Usage data: interactions with content and features (views, likes, comments, follows, searches, session duration), referral/source, notification tokens.

• Approximate location: derived from IP, SIM locale, or your selected city (we do not collect precise GPS unless you explicitly enable it for certain features; currently the App does not require background location).

C. Information from third parties

• Authentication: sign‑in providers (e.g., Google) share your account ID, name, email, and photo per your consent.

• Payments: payment gateways/banks share payment status/transaction references.

• Safety & anti‑fraud: service providers may share signals for abuse prevention.

4) How we use your information

• Provide and operate the Services: account creation and login; profile; posts/reels upload and playback; chat and voice messages; live streaming & calls; orders, payments, receipts; push notifications.

• Personalize and rank content: tailor what you see in feed/reels based on your activity and interests (e.g., likes, views, follows). We do not use sensitive categories for personalization.

• Safety, integrity, and moderation: detect spam, fraud, illegal items, intellectual‑property violations, and enforce our terms.

• Improve and develop: fix bugs, analyze performance, and build new features.

• Communicate with you: service messages (security, receipts, updates) and, with your consent, promotions/news.

• Legal compliance: tax, accounting, requests from authorities where required.

5) Legal bases (GDPR/UK GDPR)

Where applicable law requires a legal basis, we rely on:

• Contract (Art. 6(1)(b)): to provide the Services you request.

• Legitimate interests (Art. 6(1)(f)): safety, fraud prevention, analytics, service improvement, and personalization in a way users reasonably expect.

• Consent (Art. 6(1)(a)): optional features (e.g., notifications, camera/mic, contacts if ever used), and certain analytics/marketing where required. You can withdraw consent in settings.

• Legal obligation (Art. 6(1)(c)).

6) How we share information

We do not sell your personal data. We share information in these cases:

• Service providers / processors bound by contracts:

  • Google Firebase & Google Cloud: Auth, Firestore/Storage/Functions, Crashlytics, Analytics, FCM push.

  • ZEGOCLOUD (RTC/live streaming & calling quality stats and media relay).

  • Payment processors/gateways: e.g., [replace with bank/payment provider names] for fee collection and orders.

  • Content delivery & infrastructure: image/video processing, thumbnails, and caching.

• Other users: content you set as public (posts, reels) is visible to others. Messages are visible to participants. If you delete a message/post, copies may persist in backups or on recipient devices for a limited time.

• Business transfers: if we merge, sell, or restructure, data may transfer as part of the transaction.

• Legal: to comply with law or respond to lawful requests.

7) International data transfers

We may process and store information in data centers outside your country (e.g., Google Cloud regions). Where required, we use appropriate safeguards for cross‑border transfers.

8) Data retention

• Account data: kept while your account is active. If you delete your account, we de‑identify or delete personal data within 30 days, unless we must keep some records (e.g., payments, taxes, fraud prevention) for up to 7 years.

• Content: posts, reels, chat media persist until you remove them or your account is deleted. Note: deletion does not remove copies on other users’ devices.

• Logs/diagnostics: typically retained 90–365 days.

9) Your rights & choices

Depending on your region, you may have rights to access, correct, delete, restrict, object to, or export your data.

In‑App controls (as available):

• Edit profile, manage posts/reels, delete messages you sent, notification preferences.

• Delete Account: Profile → Settings → Delete Account (or contact us).

Requests: Email [replace with your support email]. We may verify your identity.

Marketing: You can opt‑out via in‑app settings or the unsubscribe instructions.

California (CCPA/CPRA): We do not “sell” personal information as defined by CPRA. You may request access/deletion and limit use of sensitive data by contacting us.

10) Children’s privacy

Our Services are not intended for children under 13 (or the age required in your country). We do not knowingly collect personal data from children under 13. If you believe a child provided data, contact us and we will delete it.

11) Security

We use technical and organizational measures including encryption in transit, restricted access, and secure development practices. However, no method is 100% secure.

12) Permissions we request (examples)

We request permissions only when needed for features you use:

• Camera & Photos/Videos: capture or upload images/videos for posts, reels, chat, and shop logos.

• Microphone: voice messages, live streams, and calls.

• Storage/Media library: pick or cache media files for smoother playback.

• Notifications: receive order updates, chat, comments/likes.

• Approximate location (optional): improve discovery and local relevance (you can select your city manually instead).

• Network: connect to the internet and streaming services.

We do not read your SMS, call logs, or contacts.

13) Cookies / SDKs

The App doesn’t use browser cookies, but uses SDKs (e.g., Firebase, ZEGOCLOUD) that process device identifiers and analytics to operate the Services and improve performance. See their policies for details.

14) Changes to this Policy

We may update this Policy from time to time. We will post the new version with a new “Effective date” and, where required, notify you in the App.

15) Contact us

Light Idea Software Development Company

Email: [replace with your support email]

Address: [optional – add if available]

16) Google Play Data safety mapping Helper

Use this section to complete the Play “Data safety” form. Keep it for your records; you don’t need to display it publicly if you don’t want to.

Security practices: Data is encrypted in transit; you can request deletion; account deletion is supported in‑app.

Data sharing: We share with processors/service providers under contracts (Firebase, ZEGOCLOUD, payment gateways) and with other users only for content you choose to share.

17) Region‑specific disclosures (summary)

• EEA/UK: You have rights to access, rectification, erasure, portability, restriction, and objection. You may lodge a complaint with your local authority.

• California: We do not sell/share data as defined by CPRA. You may access/delete and limit use of sensitive data by contacting us.

• Brazil (LGPD): You have rights similar to GDPR and can contact us to exercise them.

18) Version history

• v1.0 (Aug 30, 2025): Initial publication for Play Store.

Placeholders to replace before publishing:

• Support email and legal address

• Payment provider names

• (Optional) hosting/data‑center region details

© 2025 Light Idea Software Development Company. This page is provided for transparency about how we treat user and device data in Flash Mall Market.