Privacy Policy
This Privacy Policy explains what personal data is collected when you use the Moonlia mobile app (the “App”) and the services provided through it (together with the App, the “Service”), how such personal data will be used, shared.

BY USING THE SERVICE, YOU PROMISE US THAT (I) YOU HAVE READ, UNDERSTAND, AND AGREE TO THIS PRIVACY POLICY, AND (II) YOU ARE OVER 16 YEARS OF AGE (OR HAVE HAD YOUR PARENT OR GUARDIAN READ AND AGREE TO THIS PRIVACY POLICY FOR YOU). If you do not agree or are unable to make this promise, you must not use the Service. In such case, you must (a) cancel any subscriptions using the functionality provided by Apple; and (b) delete the App from your devices.

“GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

“EEA” includes all current member states to the European Union and the European Economic Area.
“Process”, in respect of personal data, includes the collection, storage and disclosure to others.

TABLE OF CONTENTS

1.PERSONAL DATA CONTROLLER
2.CATEGORIES OF PERSONAL DATA WE COLLECT
3.FOR WHAT PURPOSES WE PROCESS PERSONAL DATA
4.UNDER WHAT LEGAL BASES WE PROCESS YOUR PERSONAL DATA (Applies only to EEA-based users)
5.WITH WHOM WE SHARE YOUR PERSONAL DATA
6.HOW YOU CAN EXERCISE YOUR PRIVACY RIGHTS
7.AGE LIMITATION
8.INTERNATIONAL DATA TRANSFERS
9.CHANGES TO THIS PRIVACY POLICY
10.CALIFORNIA PRIVACY RIGHTS
11.DATA RETENTION
12.HOW “DO NOT TRACK” REQUESTS ARE HANDLED
13.CONTACT US

1. PERSONAL DATA CONTROLLER
4AVS Limited (registered in RM B 12/F HANG SENG CAUSEWAY BAY BLDG, 28 YEE WO ST, Causeway Bay, Hong Kong) will be the controller of your personal data.

2. CATEGORIES OF PERSONAL DATA WE COLLECT
We collect data you give us voluntarily (for example, date of birth). We also collect data automatically (for example, your IP address).

2.1. Data you give us
We may ask you to provide information about yourself when using the Service. This information includes: gender, date of birth, place of birth, and time of birth.
However, sometimes you may also need to provide us with an email address and some other information in the communication to our Support Team to fulfill your request or support you.

2.2. Data we collect automatically:
2.2.1. Data about how you found us
We collect data about your referring app or URL (that is, the app or place on the Web where you were when you clicked on our ad).

2.2.2. Device and location data.
We collect data from your mobile device. Examples of such data include: language settings, IP address, time zone, type and model of a device, device settings, operating system, Internet service provider, mobile carrier, hardware ID, and Facebook ID.

2.2.3. Usage data
We record how you interact with our Service. For example, we log with what features and content you interact with, how often you use the App, how long you are in the App, what sections you use, and your subscription orders.

2.2.4. Advertising IDs
We collect your Apple Identifier for Advertising (“IDFA”). You can typically reset these numbers through the settings of your device’s operating system (but we do not control this).

3. FOR WHAT PURPOSES WE PROCESS YOUR PERSONAL DATA
We process your personal data:

3.1. To provide our Service
This includes enabling you to use the Service in a seamless manner and preventing or addressing Service errors or technical issues.
We use Firebase Performance Monitoring and Firebase Crash Reporting, which are monitoring services provided by Google. To learn more, please visit Google’s Privacy policy and Privacy and Security in Firebase.

3.2. To customize your experience
We process your personal data, such as your date of birth, to adjust the content of the Service and make offers tailored to your personal preferences. As a result of such processing, we will offer content tailored to your bodygraph.

3.3. To provide you with customer support
We process your personal data to respond to your requests for technical support, Service information or to any other communication you initiate.

3.4. To communicate with you regarding your use of our Service
We communicate with you, for example, by push notifications. These may include reminders or other information about the App. As a result, you may, for example, receive a push notification every day at a particular time reminding you to check your daily affirmations. To opt out of receiving push notifications, you need to change the settings on your device.
The services that we use for these purposes may collect data concerning the date and time when the message was viewed by our App’s users, as well as when they interacted with it, such as by clicking on links in the message.
To communicate with you we also use Firebase Cloud Messaging and Firebase Notifications, which are message sending services provided by Google. Firebase Cloud Messaging allows us to send messages and notifications to users of our App across platform. We integrate Firebase Notifications with Firebase Analytics to create analytics-based audiences and track opening and conversion events. As a result, we can, for example, send reminders only to users who used the App more frequently. Google's privacy policy.

3.5. To research and analyze your use of the Service
This helps us to better understand our business, analyze our operations, maintain, improve, innovate, update, design, and develop the App and our new products. We also use such data for statistical analysis purposes, to test and improve our offers. This enables us to better understand what features and sections of the App our users like more, what categories of users use our App. As a consequence, we often decide how to improve the App based on the results obtained from this processing. For example, if we discover that users frequently use “Recommendations” section, we may focus on improving and providing more information and features to this section.

To track and analyze behavior of our App’s users (in particular, how they react to changes of the App structure, text or any other component), we use Firebase Remote Config. Firebase Remote Config is an A/B testing and configuration service provided by Google, which also enables us to tailor the content that our App’s users see (for example, it allows us to show different onboarding screens to different users).
Privacy Policy and Privacy and Security in Firebase.
Amplitude is an analytics service provided by Amplitude Inc. We use this tool to understand how customers use our Service. Amplitude collects various technical information, in particular, time zone, type of device (phone or tablet), unique identifiers (such as IDFA). Amplitude also allows us to track various interactions that occur in our App. As a result, Amplitude helps us to decide what features/languages we should focus on. Amplitude provides more information on how they process data in its Privacy Policy.
We also use Firebase Analytics, which is an analytics service provided by Google. In order to understand Google's use of data, consult Google's partner policy. Firebase Privacy information. Google’s Privacy Policy.
To perform standard product analysis, we also use Fabric Answers, which is an analytics service provided by Crashlytics, a business division of Google. Data Processing and Security Terms. Privacy information.

3.6. To enforce our Terms and Conditions of Use and to prevent and combat fraud
We use personal data to enforce our agreements and contractual commitments, to detect, prevent, and combat fraud. As a result of such processing, we may share your information with others, including law enforcement agencies (in particular, if a dispute arises in connection with our Terms of use).

3.7. To comply with legal obligations
We may process, use, or share your data when the law requires it, in particular, if a law enforcement agency requests your data by available legal means.

4. UNDER WHAT LEGAL BASES WE PROCESS YOUR PERSONAL DATA (Applies only to EEA-based users)
In this section, we are letting you know what legal basis we use for each particular purpose of processing. For more information on a particular purpose, please refer to Section 2. This section applies only to EEA-based users.
We process your personal data under the following legal bases:

4.1. your consent;
4.2. to perform our contract with you;
Under this legal basis we:
4.3. for our (or others') legitimate interests, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data;

We rely on legitimate interests:

This includes, for example, sending you push notifications reminding you to check your daily affirmations. The legitimate interest we rely on for this purpose is our interest to encourage you to use our Service more often).
Our legitimate interest for this purpose is our interest in improving our Service so that we understand users’ preferences and are able to provide you with a better experience (for example, to make the use of the App easier and more enjoyable, or to introduce and test new features).
The legitimate interest we rely on for this processing is our interest to promote our Service in a measured and appropriate way.
The legitimate interest we rely on for this processing is our interest to promote our Service in a reasonably targeted way.
Our legitimate interests for this purpose are enforcing our legal rights, preventing and addressing fraud and unauthorised use of the Service, non-compliance with our Terms of use.

4.4. to comply with legal obligations.

5. WITH WHOM WE SHARE YOUR PERSONAL DATA
We share information with third parties that help us operate, provide, improve, integrate, customize, support, and market our Service. We may share some sets of personal data, in particular, for purposes and with parties indicated in Section 2 of this Privacy Policy. The types of third parties we share information with include, in particular:

5.1. Service providers
We share personal data with third parties that we hire to provide services or perform business functions on our behalf, based on our instructions.

5.2. Law enforcement agencies and other public authorities

We may use and disclose personal data to enforce our Terms of use, to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others, and to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, or in other cases provided for by law.

5.3. Third parties as part of a merger or acquisition
As we develop our business, we may buy or sell assets or business offerings. Customers’ information is generally one of the transferred business assets in these types of transactions. We may also share such information with any affiliated entity (e.g. parent company or subsidiary) and may transfer such information in the course of a corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

6. HOW YOU CAN EXERCISE YOUR RIGHTS
To be in control of your personal data, you have the following rights:
Accessing / reviewing / updating / correcting your personal data. You may review, edit, or change the personal data that you had previously provided in the settings of the App.
You may also request a copy of your personal data collected during your use of the App.

Deleting your personal data. You can request erasure of your personal data by sending us an email at
support.
When you request deletion of your personal data, we will use reasonable efforts to honor your request. In some cases we may be legally required to keep some of the data for a certain time; in such an event, we will fulfill your request after we have complied with our obligations.
Objecting or restricting the use of your personal data. You can ask us to stop using all or some of your personal data or limit our use thereof by sending a request at support.

Additional information for EEA-based users

If you are based in the EEA, you have the following rights in addition to the above:
The right to lodge a complaint with supervisory authority. We would love you to contact us directly, so we could address your concerns. Nevertheless, you have the right to lodge a complaint with a competent data protection supervisory authority, in particular in the EU Member State where you reside, work or where the alleged infringement has taken place.
The right to data portability. If you wish to receive your personal data in a machine-readable format, you can send respective requests at support.

7. AGE LIMITATION
We do not knowingly process personal data from persons under 16 years of age. If you learn that anyone younger than 16 has provided us with personal data, please contact us at support.

8. INTERNATIONAL DATA TRANSFERS
We may transfer personal data to countries other than the country in which the data was originally collected in order to provide the Service set forth in the Terms of use and for purposes indicated in this Privacy Policy. If these countries do not have the same data protection laws as the country in which you initially provided the information, we deploy special safeguards.
In particular, if we transfer personal data originating from the EEA to countries with not adequate level of data protection, we use one of the following legal bases: (i) Standard Contractual Clauses approved by the European Commission (details available here), or (ii) the EU-U.S. Privacy Shield Framework (details available here), or (iii) the European Commission adequacy decisions about certain countries (details available here).

9. CHANGES TO THIS PRIVACY POLICY
We may modify this Privacy Policy from time to time. If we decide to make material changes to this Privacy Policy, you will be notified through our Service or by other available means and will have an opportunity to review the revised Privacy Policy. By continuing to access or use the Service after those changes become effective, you agree to be bound by the revised Privacy Policy.

10. CALIFORNIA PRIVACY RIGHTS
California’s Shine the Light law gives California residents the right to ask companies once a year what personal information they share with third parties for those third parties' direct marketing purposes. Learn more about what is considered to be personal information under the statute.
To obtain this information from us, please send an email message to support. which includes “Request for California Privacy Information” on the subject line and your state of residence and email address in the body of your message. If you are a California resident, we will provide the requested information to you at your email address in response.

11. DATA RETENTION
We will store your personal data for as long as it is reasonably necessary for achieving the purposes set forth in this Privacy Policy (including providing the Service to you). We will also retain and use your personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

12. HOW “DO NOT TRACK” REQUESTS ARE HANDLED
Except as otherwise stipulated in this Privacy Policy, this App does not support “Do Not Track” requests. To determine whether any of the third-party services use honor the “Do Not Track” requests, please read their privacy policies.

13. CONTACT US
You may contact us at any time for details regarding this Privacy Policy and its previous versions. For any questions concerning your account or your personal data please contact us at support.
Effective as of: 30 May 2023