Privacy Policy

This Privacy Policy ("Policy") explains how toktok ("Company") collects, uses, stores, and discloses personal information when you use our service ("Service"). The Company complies with applicable laws (e.g., the Personal Information Protection Act, GDPR, CCPA) as well as with the policies of the Apple App Store and Google Play Store.

Chapter 1: General Provisions

1.1 Purpose

This Policy aims to clearly explain the types of personal information collected by the Company for the provision of the Service, the purposes for which the information is used, the retention period, disclosure to third parties, user rights, and related security measures, so that users can understand how their personal information is processed.

1.2 Definitions

• Personal Information: Information about a living individual that can be used to identify that individual.
• Processing: A series of actions including the collection, storage, use, disclosure, and destruction of personal information.
• Auto-Renewal Subscription: A subscription service for which payment is automatically processed at regular intervals without a separate cancellation request.

Chapter 2: Collection and Use of Personal Information

2.1 Items of Personal Information Collected

2.1.1 Essential Information

• User Account Information: Email address, username, profile information, and the selected avatar image.
• Service Usage Information: App usage records and environment settings (e.g., theme, notification settings).
• Device Information:
  • Operating system (OS), device model, app version.
  • SHA-256 Hashed Device ID: Used for managing multiple devices and security; the original value is not stored.

2.1.2 Optional Information

• Location Information: Approximate location at the country level is collected for advertisement optimization. Users may opt out via app settings.
• User Activity Data: Log data for analyzing usage patterns of in-app features (e.g., chat, friends list).

2.1.3 Advertising and Third-Party Related Information

• Advertising Identifier and Device Information:
  • For personalized advertising, the IDFA is collected on iOS and the Google Advertising ID on Android.
  • On iOS devices, the Company requests user consent through the App Tracking Transparency (ATT) framework before collecting the IDFA.
  • The purpose is to provide tailored advertising and to analyze ad performance. Users can disable ad personalization through device settings or in-app options.

Note: If a user refuses tracking, the Company may provide non-personalized ads, which will continue to be displayed.

2.1.4 Additional Information: Chat Audio/Video Data

• Chat Audio/Video Data: Automatically recorded at the start of a conversation for security and report handling purposes; stored for one week and then automatically deleted.

2.1.5 Text Chat Data

• Text Messages: User-to-user chat messages are stored in encrypted format using AES-256-CBC.
• Retention Period: Messages are stored for 14 days and then automatically deleted from our servers.

Chapter 3: Purpose of Using Personal Information

The personal information collected is used for the following purposes:

1. Provision and Operation of the Service

   • User authentication and account management (using Firebase Authentication).
   • Enabling key in-app features and enhancing user experience.
   • Managing multiple devices and improving security using the SHA-256 hashed Device ID.

2. Provision and Optimization of Advertising

   • Personalized Advertising: Utilizing advertising identifiers (IDFA/Google Advertising ID) via Google AdMob to provide tailored advertisements and measure ad performance.
   • Depending on user consent for ad tracking, either personalized or non-personalized ads may be provided.

3. Customer Support and Inquiry Handling

   • Supporting user inquiries and problem resolution.

4. In-App Payment and Subscription Management

   • Products: Subscription services offering benefits such as ad removal.
   • Payment Processing: Payments and subscription renewals are securely processed through the Apple App Store and Google Play Store. The Company does not store specific payment information.
   • Auto-Renewal: Subscriptions are automatically renewed on a monthly basis unless canceled by the user.
   • Cancellation and Refunds: Cancellation and refund requests are subject to the policies of the respective stores; any unused portion of payments made within 24 hours prior to renewal is non-refundable.

Chapter 4: Data Retention and Use Period

4.1 Retention Period

• User Account Information: Retained as long as the account is active and immediately destroyed upon account deletion.
• SHA-256 Hashed Device ID: Deleted immediately upon account cancellation or device deregistration.
• Advertising Data: May be stored in anonymized form for a period in accordance with Google AdMob policies.
• Chat Audio/Video Data: Automatically recorded at the start of a conversation, stored for one week, then automatically deleted.
• Legal Requirements: Data may be retained as required by applicable laws and then safely destroyed.

Chapter 5: Third-Party Disclosure and Delegation

5.1 Third-Party Disclosure

• In principle, the Company does not sell or provide personal information to third parties.
• However, personal information may be disclosed to third parties within a limited scope for legal requirements (e.g., government requests) or for service provision (e.g., Google AdMob, Firebase Authentication).

5.2 Delegation

• Certain tasks such as service operation, data analysis, and customer support may be outsourced to specialized third-party providers, who are managed to comply with relevant privacy laws.

Chapter 6: User Rights and How to Exercise Them

6.1 User Rights

Users have the following rights:

1. Access and Correction: Request to view and update personal information via in-app settings or customer support.
2. Deletion: Request deletion of personal information via the "Delete Account" feature.
3. Suspension of Processing and Withdrawal of Consent: Request to suspend processing or withdraw consent for data used in personalized advertising or subscription services.
4. Subscription Management: Manage subscription details (payments, renewals, cancellations, etc.) directly via the store account or the in-app Settings > Go Ad-Free section.
   • Note: Currently, the in-app purchase function in the iOS version is disabled and will be activated in future updates. The Android version supports in-app purchases normally.

6.2 How to Exercise Rights

• Requests regarding personal information (access, correction, deletion) can be submitted via email (admin@toktoktalk.com) or through in-app customer support.
• Identity verification may be required, and requests will be processed in accordance with applicable laws.

Chapter 7: Security Measures for Protecting Personal Information

7.1 Technical Measures

• Encryption During Transmission: Data is transmitted using the HTTPS protocol with encryption.
• Encryption of Stored Data: Stored data is protected using robust encryption algorithms such as AES-256-CBC.

7.2 Administrative and Physical Measures

• Access Control: Access to personal information is limited, and all access is logged.
• Regular Security Audits: Regular application of security patches and periodic reviews of vulnerabilities.

Chapter 8: Compliance with App Store and Google Play Policies

8.1 Payment and Subscription

• In-app purchases and subscription services are processed through the payment systems of the Apple App Store and Google Play Store.
• Payment information is managed in accordance with the policies of the respective stores, and the Company does not store specific payment details.
• Auto-renewal, cancellation, and refund procedures follow the policies of the stores; details can be found on the customer guidance page.

8.2 Legal Notice

• The Company may update this Policy in accordance with changes in store policies or applicable laws, and such changes will be communicated at least 7 days in advance.

Chapter 9: Amendments and Notices

9.1 Amendments

• This Policy may be amended due to changes in laws, service content, or operating procedures.
• Important changes will be notified via email, in-app notices, or other appropriate means at least 7 days prior to their implementation.

9.2 User Consent

• Continued use of the Service after the effective date of any changes constitutes acceptance of the amended Policy.

Chapter 10: Miscellaneous

10.1 Disclaimer

• To the extent permitted by law, the Company is not liable for any loss or damage resulting from the disclosure or loss of personal information due to events beyond its control (e.g., natural disasters, hacking).
• The Company may collect additional personal information for supplementary services with prior consent from the user.

10.2 Contact Information

For any inquiries or complaints regarding personal information, please contact:

• Email: admin@toktoktalk.com
• Customer Support: Please refer to the support section within the Service.

Chapter 11: Supplementary Provisions

11.1 Effective Date

This Policy is effective as of [2025-03-15].

11.2 Other

Any matters not specified in this Policy shall be governed by applicable laws and the internal regulations of the Company.