Privacy Policy
Effective Date: 2026-07-05 Last Updated: 2026-07-05 Publisher / Data Controller: BKPA (operator of LiLO) Contact: support@lilo.club
This Privacy Policy explains what data the LiLO mobile application ("LiLO", "we", "us") collects, how we use it, who we share it with, and what choices you have. It applies to LiLO v1.0 on iOS and Android.
LiLO is a short video/photo social application. To make the app useful and to keep the community safe, we collect a limited amount of personal data. We do not sell personal data and we do not run third-party advertising in v1.0.
LiLO offers an optional virtual-currency economy: you can buy Coins through Apple's In-App Purchase system and spend them on digital cosmetic items in the in-app Store (profile frames, chat bubbles, and entrance effects), and you may hold Diamonds, a separate in-app virtual currency. All payments are processed by Apple — we never receive or store your card number or other payment-instrument details. See the In-App Purchases and Virtual Currency section below.
1. Data We Collect
We collect only what is needed to operate the listed features in Key Features. Specifically:
1.1 Information you give us directly
| Data | Required for | Stored where |
|---|---|---|
| Email address | Account creation, login, password reset, account-deletion confirmation | NestJS API + MySQL users table |
| Password | Login (hashed with bcrypt; never stored or transmitted in plain text) | MySQL users.password_hash |
| Display name / nickname | Profile identity | MySQL users + profiles |
| Profile photo (avatar) | Profile identity | NestJS API uploads dir (/uploads/avatars/) + URL in profiles.avatarUrl |
| Bio (short text) | Profile identity | profiles.bio |
| Country, gender (optional, set once at onboarding) | Personalization (e.g. recommended content) | users.country, users.gender |
| Moments posts (video file, photo file, caption, hashtags) | The Moments feed | NestJS uploads dir + posts row |
| Comments and likes on Moments posts | Social interaction | comments, likes |
| 1:1 chat messages | The Messages feature | messages table (server-side at-rest) |
| Reports you file (post / comment / user) | UGC moderation (Apple Guideline 1.2) | reports table |
| Block list | Hiding content from blocked users (Guideline 1.2) | blocks table |
| Privacy preferences (e.g. "private account", "comments off") | Honoring your privacy choices | privacy_settings |
| Coin / Diamond balance and in-app transaction history (which Store item you bought, when, for how many Coins) | Operating the virtual-currency economy; crediting purchased Coins; showing your balance and purchase history | MySQL wallets / transactions |
| Apple In-App Purchase transaction identifier / receipt | Verifying an IAP with Apple and crediting the matching Coin pack (we never receive your card number) | MySQL iap_receipts |
1.2 Information collected automatically
| Data | Purpose |
|---|---|
| Authentication token (JWT, HS256, 15-day expiry) | Keeping you signed in (stored locally on device via flutter_secure_storage; not shared with any third party) |
| Device platform (iOS / Android) and app version | Diagnostics, crash triage |
| Approximate request timestamps | Rate-limiting, abuse detection |
1.3 Information we do NOT collect in v1.0
- We do not collect precise (GPS) location.
- We do not access your contacts or calendar.
- We do not read SMS or call logs.
- We do not run third-party advertising SDKs.
- We do not receive, see, or store your card number, CVV, or any other payment-instrument details. Coin purchases are processed entirely by Apple's In-App Purchase system; we only receive Apple's transaction identifier so we can credit the Coins you bought.
- We do not run analytics SDKs (Firebase Analytics, Mixpanel, etc.) in v1.0. Server-side request logs are kept only for short-term operational purposes.
2. How We Use Your Data
We use the data above only to:
- Provide the LiLO service — show your posts, deliver your comments and chats, render your profile, sign you in, send password-reset emails.
- Keep the community safe — review reports within 24 hours, enforce the community rules in the Terms of Service, suspend or remove accounts that violate them, hide content from users you blocked.
- Operate and improve the service — diagnose crashes, fix bugs, prevent abuse and spam.
- Comply with legal obligations — respond to lawful requests.
We do not use your data for targeted advertising. We do not sell or rent your data.
3. Sign in with Apple (when enabled)
When LiLO offers Sign in with Apple, the only data we receive is the Apple "private relay" email and the display name you choose to share. We store that in the same users table as an email-based account, and we treat it the same way. We do not receive any other Apple-account information.
3A. In-App Purchases and Virtual Currency
LiLO includes an optional virtual-currency economy. You are never required to spend money to use LiLO's core features (Moments, Messages, profiles).
- Coins are a virtual currency you can buy with real money. All Coin purchases are made through Apple's In-App Purchase (StoreKit) system on iOS. Apple — not LiLO — collects and processes your payment. We do not receive your card number or billing address; we receive only the transaction identifier / receipt that lets us verify the purchase with Apple and credit the correct number of Coins to your account.
- Diamonds are a separate in-app virtual currency used within LiLO. Coins and Diamonds have no cash value, are non-refundable except as required by Apple's or applicable law, and cannot be transferred off the platform or exchanged for money by us.
- The Store lets you spend Coins on digital cosmetic items (profile frames, chat bubbles, entrance effects). We store which items you own and your balance so the app can display and apply them.
We keep a record of your Coin/Diamond balance and your in-app transaction history (what you bought, when, and the Coin amount) to operate the economy, show you your purchase history, and support refund or dispute handling. We do not use purchase history for third-party advertising, and we do not sell it.
If we later add other paid features, they will likewise be sold only through Apple's In-App Purchase system on iOS (Apple Guideline 3.1.1).
4. Who We Share Data With
We share personal data only with the parties below, only for the purposes listed, and only the minimum data needed:
| Party | Purpose | Data shared |
|---|---|---|
| Cloud hosting provider | Run the NestJS API + MySQL database | All stored data, at-rest, encrypted by the provider |
| Email provider (transactional) | Send password-reset / account-deletion confirmation emails | Email address + the message body |
| Apple (App Store / StoreKit) | Process In-App Purchases of Coins and verify receipts | Handled by Apple under Apple's own privacy policy; we receive only the transaction identifier / receipt, never your payment-instrument details |
| Live A/V vendor (future v1.1+ only — Agora or ZEGOCLOUD) | Live streaming (NOT shipped in v1.0; gated off) | n/a in v1.0 |
We do not share data with advertisers, data brokers, or social networks.
If we are ever required by law (a valid subpoena or court order) to disclose data, we will narrow the disclosure to exactly what is compelled and, where legal, notify the affected user.
5. Data Retention
| Data | Retention |
|---|---|
| Account (user row, profile, settings) | Until you delete your account in-app (see §7) |
| Posts, comments, likes you created | Same as above; deleting your account hard-deletes them |
| Chat messages | Same as above; both sides' messages from the deleted account are removed from the deleted user's view |
| Reports you filed or that were filed about you | Up to 12 months from action date, for trust and safety auditing |
| Coin/Diamond balance and in-app transaction history | While your account exists; transaction records may be kept up to 24 months (or longer where tax/accounting law requires) for refund, dispute, and audit purposes, even after individual items are consumed |
| Authentication token | 15 days from issue, or until you log out |
| Server request logs (HTTP access log) | 30 days, then rotated/deleted |
6. Children's Privacy
LiLO is for users 17 and older. We do not knowingly collect data from children under 13. If you believe a child under 13 has registered, email support@lilo.club and we will remove the account within 5 business days.
7. Your Rights — including Account Deletion
You can, at any time, from inside the app:
- Edit your profile (Me → Edit Profile).
- Change privacy settings (Me → Privacy).
- Block or unblock users (any user profile, or Settings → Blocked Users).
- Report content or a user (any post / comment / user profile).
- Delete your account end-to-end (Me → Account & Security → Delete Account). Confirmation requires typing
DELETE. This cascades to your profile, your posts (with their comments and likes), your comments and likes elsewhere, your follows in both directions, your blocks in both directions, your reports, your privacy settings, your wallet and Store inventory, and finally youruserrow. The operation is transactional. Apple Guideline 5.1.1(v) compliant. Note: deleting your account forfeits any remaining Coins or Diamonds — virtual currency has no cash value and is not refundable on account deletion. We may retain minimal transaction records as described in §5 where law requires.
If you cannot reach the in-app flow (e.g. the app will not open), email support@lilo.club with the email address used to register, and we will delete the account within 30 days of verifying your request.
You may also email support@lilo.club to request a copy of the data we hold about you, or to ask us to correct it.
8. Security
- Passwords are hashed with bcrypt (server-side, salt per password).
- Authentication tokens use JWT HS256 with a 15-day expiry.
- All client/server traffic uses HTTPS / TLS.
- Tokens are stored on-device using
flutter_secure_storage(Keychain on iOS, EncryptedSharedPreferences on Android). - We do not export user data to any third-party analytics or ad SDK.
No system is perfectly secure. If you discover a vulnerability, please email security@lilo.club.
9. International Transfers
The NestJS API + MySQL database run in a single cloud region (initially: SEA). If you access LiLO from outside that region, your data crosses borders to reach the server, secured by HTTPS in transit.
10. Changes to This Policy
If we change this policy, we will update the "Last Updated" date above and, for material changes, present an in-app notice the next time you open LiLO. Continued use after the notice constitutes acceptance.
11. Contact
- General support:
support@lilo.club - Privacy / data requests:
privacy@lilo.club - Security issues:
security@lilo.club
These addresses are reviewed every business day; trust-and-safety reports are actioned within 24 hours per Apple Guideline 1.2.