Last Updated: June 2025
Interest-Based Advertising: To learn more about data disclosures, click here
Opt-Out Option: Do not use my data
Hong Kong Endless Flow Technology Limited("we," "our," or "the Company") values your privacy. This Privacy Policy (“Privacy Policy”) outlines our data protection practices and explains the types of personal information we may process when you install and/or use the ChatLulu mobile software application (the “App” or “this App”).
When we refer to personal data (or personal information), we mean any information that relates to an identified or identifiable natural person, either directly or indirectly.
This Privacy Policy applies to all individuals who access or use the App (“users”).
I.Please read the following Privacy Policy carefully. By using the App, you acknowledge that you have read, understood, and agreed to be bound by its terms.
Under the California Consumer Privacy Act of 2018 (CCPA), California residents have the right to request:
Please use the following links to quickly navigate to the relevant sections of this Policy:
NOTE: Under the CCPA, "personal information" does not include de-identified or aggregated consumer data.
Please also note that all third parties involved in processing user data are service providers who use such information based on agreements and for business purposes.
To submit a verifiable consumer request for access, portability, or deletion of personal data, please contact us via the contact form. In the body of your message, please include the phrase “Your California Privacy Rights.”
When submitting a verifiable request, you should be prepared to:
Provide sufficient information to allow us to reasonably verify that you are the person whose personal information we collected, or an authorized representative. This may include your name, address, city, state/province, ZIP code, and email address. We may use this information to present you with a series of security questions to verify your identity. If you are submitting the request through an authorized agent acting on your behalf, that agent must provide written authorization or a power of attorney signed by you.
Please clearly describe your request so that we can properly understand, evaluate, and respond to it.
If we are unable to: (i) verify your identity or the authority of the person submitting the request; or (ii) confirm that the personal information is related to you, we will not be able to respond to your request or provide personal information. We may ask you to provide additional information or documents to verify your identity. Before taking any action on your personal information, we may also verify it, including using third-party identity verification services. This is a safeguard to prevent your personal information from being disclosed due to fraudulent or deceptive requests.If we are unable to: (i) verify your identity or authority to make the request; or (ii) confirm the personal information relates to you, we will not be able to respond to your request or provide you with personal information. We may request additional information or documentation to verify your identity. Before taking any action on your personal information, we may also conduct verification, including the use of third-party identity authentication services. This is considered a safeguard to prevent your personal information from being disclosed in response to a fraudulent or deceptive request.
We ensure that any personal information provided in a verifiable consumer request will be used solely to verify the requester’s identity or authority to make the request and for no other purpose. We will retain this information for only as long as reasonably necessary for the purposes described above, and delete it once those purposes have been fulfilled.
We aim to respond to verifiable consumer requests within forty-five (45) days of receipt. If more time is needed, we will inform you in writing of the reason and extension period. Please note that we are only required to respond to two requests per customer per year.
The manner in which we handle your requests shall not be interpreted as discriminatory. This means that if you choose to exercise your rights, we will not treat you differently in terms of pricing, products, or levels or quality of service. However, in certain cases, if you choose to have your personal information deleted from our records, we may be unable to provide certain services.
We do not sell any of your personal data to third parties.
FUNCTIONAL INFORMATION
The following information is requested and processed when you use the App. This type of information is necessary to fulfill the contract between you and us and to provide the full functionality of the App. Without this information, we would not be able to offer you the complete service.
Several categories of information may be processed.
To provide the real-time avatar animation feature (“AR Mask Effects”), the App may request access to your device’s TrueDepth camera upon your explicit authorization. Collection & Use: When you enable this feature and grant permission, the App analyzes your facial expressions and movements (such as smiles, blinks, head rotations) in real time. This processing occurs entirely locally on your device. We do not upload raw facial images, video, or any biometric data that can identify you personally to our servers or share it with any third parties. Data Flow: The data captured by the camera is used solely to drive the virtual avatar in real time and is discarded immediately after processing. We do not collect, store, or retain any facial data. The intermediate data generated during animation (such as mathematical coefficients of facial landmarks) exists only in the device’s active memory (RAM) and is immediately and permanently purged when you close the feature or end your App session. Sharing & Disclosure: We do not share your facial data with any third-party service providers, advertisers, or partners. All facial processing is completed on-device and does not involve any data transmission. Data Retention: We do not retain any facial data. As stated above, all related data exists only in memory during the active use of the feature and is destroyed at the end of the session. No copy is retained on any server or in local device storage. Security: We rely on system-level frameworks provided by Apple (such as ARKit) for secure on-device processing. Since the data never leaves your device, it avoids potential risks associated with network transmission or server storage.
AUTOMATICALLY PROCESSED INFORMATION
With your consent, we use third-party automated data processing technologies (advertising/analytics tools) to analyze certain information transmitted from your device via the App, including your advertising identifier (IDFA).
Some integrated advertising or analytics tools (see Section IV) may automatically process your personal data, including “profiling”: automated evaluation of characteristics related to your personal preferences, interests, behavior, location, or movement.
The following are examples of information that may be automatically collected and processed (list consistent with the original English version):
The above information is typically collected automatically by third parties, and we do not have direct control over their processing methods. Therefore, responsibility for processing such data lies with the respective third parties. Some of these third parties may use their own technologies to link this data with known user information (e.g., age, gender), over which we have no control, oversight, or guarantee.
PAYMENT INFORMATION
Our e-commerce provider, Apple, is responsible for billing, processing, and charging in-app purchases, and securely stores the related personal information. We do not have access to or use your credit or debit card information.
EMALL COMMUNICATIONS
If you purchase a subscription on aimeo.net and activate it using “Sign in with Apple,” we may, based on legitimate interest, use your email address to send you communications (newsletters), which may include: special subscription offers, updates on features and services, and other messages related to the App.
You also acknowledge and agree that we may process certain personal data (such as your name, subscription purchase date, geographic data, and activity information) as part of market analysis activities to deliver more relevant and targeted communications based on your needs and interests.
You may unsubscribe at any time by clicking the “Unsubscribe” link included in any of our emails. Your unsubscribe request will be processed within a reasonable timeframe.
Our mission is to continuously improve the App and deliver new experiences for you. The primary purposes for which we use your information include:
If new purposes for processing arise in the future, we will notify you by updating this Privacy Policy.
We only share your information with third parties as described in this Privacy Policy. We adhere to the Digital Advertising Alliance (DAA) Self-Regulatory Principles for the Mobile Environment.
Security and Responsibility:When integrating external services, we select third parties that can demonstrate the use of appropriate technical and organizational measures to protect user data. However, we cannot guarantee absolute security during the transmission of data to third parties and are not responsible for any accidental loss or unauthorized access resulting from third-party actions. We do not share any facial data with third parties, as all facial processing occurs exclusively on your device and no facial data is collected or stored by us.
We do not rent or sell your personal data, but we may share cookie data, log files, device identifiers, and location information with third-party organizations that provide automated data processing technologies. These third parties may subsequently use this information to serve you targeted advertising.
Below is a list of key third-party service providers that support the App’s infrastructure, functionality, or service enhancements. (If new providers are added in the future, such as for AI video generation, we will update this list accordingly):
| Entity Name | Service Provided | Entity Location | Privacy Policy Link |
| Amazon.com, Inc. | Cloud Storage | USA | https://aws.amazon.com/privacy/ |
| Amplitude Inc. | Analytics Service | USA | https://amplitude.com/privacy |
| Anthropic PBC | AI-Generated Content | USA | https://console.anthropic.com/legal/privacy |
| AppsFlyer Inc. | Analytics Services | USA | https://www.appsflyer.com/legal/services-privacy-policy/ |
| Adjust Inc. | User Authentication, Analytics & Marketing | USA | https://www.adjust.com/terms/privacy-policy/ |
| Fireworks AI Inc. | AI Model Deployment Cloud Platform | USA | https://fireworks.ai/privacy-policy |
| Meta Platforms Inc. | Analytics / Ad Management | USA | https://www.facebook.com/privacy/explanation |
| Google LLC | Internet Search Results | USA | https://policies.google.com/privacy |
| Microsoft Corporation | Internet Search Results | USA | https://privacy.microsoft.com/en-us/privacystatement |
| OpenAI, L.L.C. | AI-Generated Content | USA | https://openai.com/privacy/ |
| Stability AI Ltd. | AI-Generated Content | UK | https://stability.ai/privacy-policy |
| Qonversion Inc. | In-App Subscription Implementation & Analytics | USA | https://qonversion.io/page/privacy |
To learn about each service’s privacy options, including opt-out mechanisms, please refer to the respective links.
We may disclose your personal information under the following circumstances:
We operate globally and provide this App to users around the world. We, along with third-party service providers or advertising partners that deliver automated data processing technologies for the App, may transfer automatically processed information across borders—that is, from your country or jurisdiction to other countries or jurisdictions around the world.
If you are located in the European Union or other regions with data protection laws that differ from those in the United States, please note that we may transfer information (including personal information) to countries or jurisdictions that may not provide the same level of data protection as your own.
This means your personal information may be transferred to a third country, a region within that third country, one or more specific sectors, or to an international organization where the laws on data protection and confidentiality may not provide the same level of protection as those in your jurisdiction.
We will make every effort to ensure that any party receiving personal data provides adequate protection for that data in accordance with applicable data protection laws. By using the App, you consent to the transfer of your personal data as described above.
For data storage purposes, we rely on hosting providers that have passed our security and reliability assessments; where feasible, personal data is encrypted prior to transfer.
We generally retain your personal information only for as long as necessary to provide functionality and services through the App and to comply with legal obligations. If you no longer wish for us to use the information we have actual access to and store, you may request that we delete your personal information and close your account.
However, some data may need to be retained for a certain period for purposes such as compliance with legal obligations (e.g., tax, accounting, or auditing), maintaining security and data backups, and preventing fraud or other malicious activities. Such data will never be retained beyond the duration necessary to fulfill its storage purpose.
Facial data is not retained. The numerical coefficients generated from facial expression analysis exist only in active memory during your App session and are immediately deleted when the session ends. We do not store any facial data on our servers or your device.
Applicable data protection laws grant you several rights regarding your personal information. For the personal information we collect about you, you may:
To exercise any of the above rights, please contact us via the in-app Support Form. Please note that we can only guarantee the fulfillment of these rights for data we actually access and store.
If you believe your rights under applicable data protection laws have been violated, you also have the right to file a complaint with your local data protection or supervisory authority.
If you are located in the EU, you may also contact our representative for privacy-related matters:**Nick**Email: [email protected]
Opting Out of Marketing Tracking
You can manage activity tracking permissions on your own. For example, if you do not want third-party service providers to deliver personalized ads based on your interests, you can take the following steps:
For more information, visit https://support.apple.com/en-us/HT212025.
Please note that even if you opt out of certain interest-based advertising, you may still receive contextual ads (based on non-personal information).
Opting Out of Location Data Processing
If you do not want third-party service providers to use your precise location data or street-level location information, you can take the following steps:
iOS 11 or later: Go to Settings > Privacy > Location Services, turn off location services for the relevant product. Then select this App and set Share My Location to Never.
We take the security of your personal information very seriously and follow industry-standard practices to protect the personal data you submit, both during transmission and once received. We implement reasonable and appropriate measures, aligned with the risks and nature of the personal information processed, to prevent loss, misuse, unauthorized access, disclosure, alteration, or destruction.
We have put in place suitable technical and organizational measures to uphold data protection principles (such as data minimization) and incorporate necessary safeguards throughout processing. Where feasible, personal data is encrypted (including hashing) during both transmission and storage.
However, no method of internet transmission or electronic storage is 100% secure. In the event of a security breach that compromises your personal information, we will notify you promptly in accordance with applicable law.
If you have any concerns about the App’s security, you may contact us at any time via the in-app Support Form.
This App is not intended for use by children. Under this policy, the definition of “children” is determined according to the applicable data protection laws. In general, we consider individuals under the age of 16 to be “children” (unless otherwise specified by local law or with verified parental consent).
We do not knowingly or intentionally collect personal information from children. No user considered a “child” may provide personal information to the App without verifiable parental consent.
If we become aware that we have collected personal information from a child without parental consent, we will promptly delete such data. If you believe we may be holding information about a child, please contact us immediately.
We do not process facial data from children. If we become aware that a child has used the facial animation features, we will immediately terminate the session and ensure no data is retained.
We specifically emphasize that we do not knowingly process facial data from children. If we inadvertently discover that facial data from a child has been processed, we will immediately terminate the session and ensure all related data is destroyed.
This Privacy Policy will be updated periodically. Whenever we make changes to the policy, we will post the revised version on this page and in other places we deem appropriate; where applicable, we will also provide additional notice.
If you have any questions about this Privacy Policy, please contact us via the in-app Support Form or by sending an email to [email protected].