Welcome to Imivo (the "Product and/or Service"). Imivo ("we," "our," or "us") understands the importance of protecting your personal information and respects your right to privacy. In accordance with applicable laws and regulations of Singapore, we implement reasonable and appropriate safeguards to ensure the security and confidentiality of your personal data.
This Privacy Policy (the "Policy") is designed to clearly explain how we collect, use, disclose, store, and protect your personal information. It also outlines your rights and choices regarding your data, as well as how we handle sensitive personal information. We encourage you to read this Policy in full to better understand our data protection practices.
Important Notice
Before accessing or using this Product and/or Service, please read this Policy carefully, paying special attention to sections that are highlighted, bolded, or underlined. By clicking "Agree" or continuing to use our services, you acknowledge that you have read, understood, and accepted the terms of this Policy and consent to our handling of your personal information as described herein.
1. Scope of This Privacy Policy
1.1 Applicability
This Privacy Policy applies to:
- Individuals who access or use the products and services provided by Imivo; and
- All websites, applications, and related service interfaces operated by Imivo.
1.2 Exclusions
This Policy does not apply to the following circumstances:
- Third-Party Services: Any products or services provided by third parties through embedded pages, hyperlinks, redirects, or other integrations are governed by their own privacy policies. We encourage you to review the data protection statements of such third parties carefully. You are solely responsible for any personal information you provide to or share with third-party platforms.
- Enterprise Data Processing: When we process personal information on behalf of enterprise customers as part of our business services, such processing is subject to separate agreements and does not fall under this Policy.
2. Personal Information We Collect
We collect and process personal information in accordance with the principles of lawfulness, fairness, relevance, and necessity. We do not collect information that is prohibited by applicable laws or regulations.
Before collecting personal information, we conduct necessity and risk assessments based on the specific business scenario, data type, purpose, and processing method. Where collection is required, we will clearly inform you of the purpose and scope of processing, allowing you to decide whether to provide your consent. You may refuse to provide certain information; however, this may affect the availability of specific features or services, while other functions will remain accessible.
Where required for legal compliance, risk control, or anti-corruption obligations, we may process collected information based on your valid consent or other lawful bases.
2.1 Methods of Collection
During your use of our products and services, we may collect personal information through the following channels:
- Information You Provide Voluntarily:
- Information Collected Automatically:
- Information Obtained from Third Parties:
Information you submit when registering an account, completing forms, applying for services, contacting us, or interacting with our products. This may also include transaction and activity data generated during service use.
Technical and usage data transmitted by your device (such as computers or mobile devices) when accessing or using our services.
With your authorization or as permitted by law, we may receive personal information from affiliated companies, partners, or trusted third-party service providers to enhance service quality, functionality, and security. We require such providers to confirm the legality and authorization scope of the data source. If further processing exceeds the original authorization, we will obtain your explicit consent in advance.
If we intend to use your personal information for purposes beyond the scope of your original consent, we will notify you and obtain your additional authorization beforehand. The categories of personal information collected may vary depending on the specific product or service provided.
2.2 Business Scenarios
(1) Account Registration and Login
When you register for or log in to Imivo, we collect necessary information based on the registration method selected to create and manage your account and enable data synchronization across devices.
- Email: We collect your email address and verify your identity using a verification code. Your email address is used solely for account creation, login verification, and security purposes.
(2) Personal Profile Management
You may optionally provide or edit name and personal signature. When uploading or modifying your avatar, we may request access to camera or photo storage permissions to process the image. If uploaded images contain sensitive personal information, they may impact your privacy rights. Please avoid uploading content that includes sensitive or unnecessary personal data. All uploaded images are protected in accordance with applicable laws.
2.3 Service Operation and Security
To ensure stable service operation, account security, and service quality, we may collect and process the following information:
- Device and system information (such as device model, operating system version, device identifiers, IP address, network type, and software version);
- Network and performance data (including access methods, usage logs, crash reports, and performance metrics);
- Application usage information (such as installed applications, running processes, usage frequency, and source information);
- Account identifiers, service logs, and information legally shared by authorized partners.
Such information is used for security monitoring, identity verification, statistical analysis, fraud prevention, and improvement of service performance and user experience.
2.4 User Support and Feedback
(1) Customer Support
When you contact us for inquiries, complaints, or technical support, we may retain communication records, account details, order information, and supporting materials you provide to help resolve issues efficiently.
(2) Dispute and Complaint Handling
Where necessary to protect the lawful rights and interests of all parties, we may submit relevant account, identity, contact, and complaint-related information to competent authorities in accordance with the law.
(3) Surveys and Feedback
We may collect responses to surveys or questionnaires to improve service quality. Participation is voluntary, and you may choose not to take part without affecting your use of our services.
2.5 Device Permissions
2.5.1 Permission Management
Certain features require device permissions to function properly. Sensitive permissions are disabled by default and will only be requested with your explicit consent. When requesting permissions for the first time, we will explain their purpose. You may revoke permissions at any time through your device settings.
2.5.2 Impact of Permission Withdrawal
Disabling permissions may limit the availability of related features but will not affect other services unless the permission is essential (such as account login). Revoking permissions does not affect prior data processing conducted with your consent.
2.6 Communications from Us
You agree that we may send service-related notifications, verification messages, security alerts, and research communications using the contact details you provide. You may opt out of promotional messages at any time via the method specified in the message or by contacting us directly. Critical service announcements may still be sent when necessary (e.g., system maintenance).
2.7 Facial Image Processing
When you voluntarily upload images containing facial features, the application may temporarily process the images to generate visual effects such as filters or background removal. We do not conduct facial recognition, identity verification, or biometric identification, nor do we retain facial data.
- For Logged-in users: Generated content is stored in the cloud until deleted by the user.
- For Non-logged-in users: Generated content is retained for up to 7 days and then automatically deleted.
2.8 Changes to Data Use Purposes
As our services evolve, product features and processing purposes may change. Where new data processing activities are reasonably related to existing purposes, we may process information accordingly. If new purposes are unrelated, we will notify you through appropriate means and obtain your consent in compliance with applicable laws.
2.9 Situations Where Consent Is Not Required
In accordance with applicable laws and regulations, we may process personal information without prior consent in the following circumstances:
- To comply with legal or regulatory obligations;
- For matters involving national security, public safety, or significant public interests;
- For criminal investigations, judicial proceedings, or law enforcement activities;
- To protect vital interests such as life, health, or property where consent cannot be obtained in a timely manner;
- For information that has been lawfully disclosed to the public by you;
- For contract formation or performance at your request;
- For data obtained from lawful public sources;
- To maintain secure and stable operation of our systems and services;
- For lawful news reporting or academic research conducted in the public interest with de-identified data;
- Other circumstances permitted by applicable laws and regulations.
3. Use of Cookies and Similar Technologies
3.1 How We Use Cookies
When you access or use our products and/or services, we may use Cookies and similar tracking technologies to collect certain information, such as your browsing behavior, access records, and login status, in order to enhance functionality and improve your user experience.
These technologies allow us to place one or more Cookies or anonymous identifiers on your device to collect and store information during your interactions with our services. Cookies are used strictly for the purposes outlined in this Privacy Policy and are not applied for any unrelated activities.
We primarily use Cookies to support the following functions:
- Service Security and Performance: Cookies help us verify user identity, prevent unauthorized access, detect fraudulent or malicious activity, and ensure the stable and efficient operation of our products and services. They also enable faster login processes and improved system responsiveness.
- User Convenience: Cookies allow us to remember your preferences and activity history, reducing the need to repeatedly enter the same information (such as form data or search queries) and making your interactions more seamless.
3.2 Managing Cookies
Most web browsers provide options to manage, restrict, or delete Cookies through their settings. You may adjust your browser preferences or clear stored Cookies at any time. Please note that disabling Cookies may affect the availability or functionality of certain features of our products and services.
4. Processing by Third Parties, Data Sharing, Transfer, and Disclosure
4.1 Entrusted Processing
All core features of our products and services are operated and managed directly by us, and the personal information required for these functions is processed under our control.
If we engage third-party partners to develop or support new features or service modules, we will:
- Conduct thorough due-diligence and qualification assessments;
- Enter into strict data protection and confidentiality agreements;
- Require such partners to process personal information only in accordance with our instructions, this Privacy Policy, and applicable security standards.
Where third-party processing involves your personal information, we will notify you in advance and obtain your consent as required by law.
4.2 Sharing of Personal Information
4.2.1 General Principles
To support service delivery and operational needs, we may share limited personal information with trusted third-party partners who process data on our behalf. Such sharing is conducted only for lawful, necessary, and specific purposes as described in this Policy.
We share only the minimum amount of information required, and our partners are prohibited from using the shared data for any purpose beyond our instructions unless otherwise authorized by you or required by law. All partners are bound by strict contractual obligations regarding confidentiality, data security, and compliance.
4.2.2 Categories of Authorized Partners
Our authorized partners may include, but are not limited to, the following categories:
- Advertising and Analytics Partners:
These partners assist with measuring advertising reach and effectiveness. We do not share directly identifiable personal information, or we apply de-identification or anonymization measures to prevent individual identification. Such partners may combine the processed data with other lawfully obtained information to fulfill analytical or optimization services on our behalf. - Service Providers and Vendors:
With your authorization, we may share necessary information with third-party vendors that provide infrastructure support, technical services, data analysis, security services, or customer support. This enables us to maintain service quality and improve user experience. - Affiliates and Shared Account Systems:
To ensure consistent service quality, account security, and seamless user experience, we may share personal information with our affiliated entities or within shared account systems that maintain equivalent data protection standards.
4.3 Transfer of Personal Information
4.3.1 Transfer Conditions
We do not transfer your personal information to any third party except in the following circumstances:
- With your prior explicit consent;
- Where required by applicable laws, regulations, legal proceedings, or binding administrative or judicial orders;
- In connection with corporate transactions such as mergers, acquisitions, asset transfers, or bankruptcy proceedings.
4.3.2 Protection During Corporate Changes
If your personal information is transferred as part of a corporate restructuring or similar event, we will ensure that the receiving entity continues to comply with this Privacy Policy or provides equivalent levels of protection. If this is not possible, the receiving party will be required to obtain your renewed consent.
4.4 Public Disclosure of Personal Information
We do not publicly disclose your personal information unless:
- We are legally required to do so; or
- We have obtained your explicit consent.
Where public disclosure is necessary, we will apply appropriate safeguards such as anonymization, de-identification, or removal of direct identifiers to protect your privacy. If disclosure is mandated by law, we will inform you of the purpose, scope, and categories of information involved, and ensure disclosure complies with the principle of data minimization.
4.5 Circumstances Where Consent Is Not Required
In accordance with applicable laws, regulations, and national standards, we may share, transfer, or publicly disclose personal information without prior consent in the following situations:
- To fulfill legal obligations or comply with lawful requests from government authorities;
- In matters involving national security or defense;
- In connection with public safety, public health, or significant public interests;
- For criminal investigations, judicial proceedings, enforcement of judgments, or law enforcement activities;
- To protect vital interests such as life, health, or property when obtaining consent is impracticable;
- Where the personal information has been lawfully made public by you;
- Where the information is obtained from lawful public sources, including government disclosures or legitimate news reporting.
5. Storage and Protection of Personal Information
5.1 Data Retention Period
5.1.1 Retention Principles
We retain your personal information only for the minimum period necessary to fulfill the purposes described in this Privacy Policy, unless:
- You request deletion or account cancellation; or
- A longer retention period is required by applicable laws or regulations.
Once the retention period expires and continued processing is no longer legally required, we will securely delete your personal information or anonymize it so that it can no longer be used to identify you.
In determining retention periods, we consider the following principles:
- Personal information is retained only as long as necessary to achieve the intended purpose;
- Retention complies with applicable legal, contractual, and regulatory obligations;
- Where required for contractual performance or legal compliance, retention may be extended with appropriate safeguards;
- Temporary Storage: When you use our web-based services without logging into an account, relevant information will be temporarily stored on our cloud servers for up to 7 days.
5.1.2 Cessation of Services
If we discontinue operation of this software or service, we will stop collecting personal information immediately and notify users through announcements or individual notices. After service termination, we will delete or anonymize personal information in accordance with applicable laws.
5.1.3 Data Storage Location
Our cloud infrastructure is provided by Cloudflare, and the relevant servers are located in the United States.
5.2 Security Safeguards and Protection Measures
5.2.1 Organizational and Technical Controls
In compliance with applicable laws and regulations, we have appointed a dedicated Personal Information Protection Officer and established a specialized data protection team. We have implemented a comprehensive data security management framework covering the entire data lifecycle, including organizational governance, system design, personnel management, and technical safeguards.
We apply industry-recognized security measures to protect personal information against unauthorized access, disclosure, alteration, loss, or destruction. These measures include, but are not limited to, encryption, intrusion prevention mechanisms, access controls, and regular employee training on data protection and privacy awareness.
While we take all reasonable and appropriate steps to safeguard your information, please be aware that no system can guarantee absolute security in an online environment.
5.2.2 Specific Security Measures
To further protect your personal information, we implement the following practices:
- Collect only personal information that is necessary and relevant to the stated processing purposes;
- Encrypt personal information during storage and transmission and apply trusted defenses against cyberattacks;
- Restrict access to personal information through role-based and approval-based authorization mechanisms;
- Require business partners and service providers to comply with data protection obligations through contractual agreements, audits, and evaluations;
- Conduct ongoing security and privacy training programs to reinforce employee accountability.
5.2.3 User Responsibilities
You are responsible for safeguarding your account credentials. If you suspect any unauthorized access or data leakage, please notify us promptly using the contact details provided in this Policy so that we can take appropriate remedial action.
5.3 Response to Security Incidents
5.3.1 Preventive and Monitoring Measures
We maintain robust security controls, including:
- Encryption, de-identification, and anonymization technologies to protect data during processing, storage, and transmission;
- Strict access control policies with minimized personnel exposure to sensitive data;
- A dedicated incident response team and internal management procedures to monitor, assess, and mitigate data security risks.
5.3.2 Incident Notification and Remediation
In the event of a personal information breach or other security incident, we will take immediate corrective actions and notify affected users and relevant regulatory authorities as required by law. Notifications will include the nature of the incident, potential impacts, and recommended protective measures.
5.4 Data Handling Upon Service Termination
If our products or services are discontinued, we will notify you through reasonable means such as push notifications or public announcements. Your personal information will be deleted or anonymized within a reasonable timeframe, unless retention is required by applicable laws or regulations.
6. Updates and Revisions to This Privacy Policy
6.1 Policy Updates
To continuously improve our products and services, we may update certain features or service content from time to time. Such updates may require corresponding changes to this Privacy Policy. Any revised content will form an integral part of this Policy and have the same legal effect.
Without your explicit consent, we will not reduce or limit your rights under the version of the Privacy Policy currently in effect.
6.2 Notification of Changes
We may revise this Privacy Policy periodically. When updates are made, we will publish the latest version and you visit the page to understand the changes in a timely manner.
If you continue to use our products and/or services after the updated Policy takes effect, this will be deemed as your acceptance of the revised Privacy Policy. Where changes are material or significant, we will provide enhanced notice, such as:
- Prominent announcements on our website or application;
- Push notifications or in-product alerts;
- Email or SMS notifications, where applicable.
If you do not agree with the updated Policy, you should discontinue use of the relevant products or services immediately.
6.3 What Constitutes a Material Change
Material changes to this Policy include, but are not limited to:
- Significant adjustments to the purpose, scope, type, or method of processing personal information;
- Major changes to our ownership, organizational structure, or corporate status (such as mergers, acquisitions, or bankruptcy);
- Substantial changes to the recipients of shared, transferred, or publicly disclosed personal information;
- Changes to your rights regarding personal information processing or how those rights may be exercised;
- Updates to the department responsible for personal information protection, contact details, or complaint channels;
- Situations where personal information security impact assessments indicate a high level of risk.
7. Contact Information
7.1 How to Reach Us
If you have any questions, concerns, suggestions, complaints, or requests related to this Privacy Policy or the protection of your personal information, or if you wish to inquire about our data processing activities, you may send email to contact us.
7.2 Response Time
To protect your information and ensure efficient handling of your request, we may need to verify your identity before processing your inquiry. Under normal circumstances, we will respond within 24 hours after receiving your request. If additional time is required due to complexity, we will inform you of the delay within the same period.
8. Miscellaneous Provisions
8.1 Governing Law and Dispute Resolution
The interpretation, execution, and resolution of disputes related to this Privacy Policy shall be governed by the laws of the United Kingdom.
Any dispute arising from this Policy or from our processing of personal information shall first be resolved through amicable negotiation. If negotiation fails, either party may bring legal proceedings before a competent people's court at the defendant's place of domicile. If you believe your lawful rights and interests have been infringed due to our data processing activities, you may also report the matter to relevant regulatory authorities.
8.2 Third-Party Services
During your use of our products and/or services, you may be redirected to or interact with third-party applications or services. These third parties may independently collect and process your personal information.
We strongly recommend that you review the applicable terms, conditions, and privacy policies of any third-party services before using them, so you can fully understand how your personal information will be handled. If you have questions regarding a third party's data practices, please contact that third party directly.
