Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

• Account Registration: When you create an account, we collect your username, email address, phone number (with country code), password (stored as a cryptographic hash), and date of birth for age verification.
• Profile Information: Optional details you choose to share, including display name, profile picture, biography, location (city/country), website links, and social media handles.
• User-Generated Content: Videos, captions, hashtags, comments, likes, shares, and duets you create. This includes associated metadata such as creation timestamp, device information, approximate location at time of capture, and engagement metrics.
• Communications: Content of direct messages, comments, support tickets, survey responses, and communications with our community or moderation teams.
• Verification Documents: If required for account verification or age confirmation, we may collect government-issued ID (processed securely and deleted after verification unless legally required to retain).

1.2 Information Collected Automatically

• Usage Analytics: Videos viewed, watch time, interaction patterns (likes, shares, comments), search queries, features used, session duration, and navigation paths through the app.
• Device and Technical Data: Hardware model, operating system version, unique device identifiers (IDFA for iOS, AAID for Android), IP address, mobile carrier, browser type, language settings, time zone, and app crash reports.
• Location Information:
  • Approximate location: Derived from IP address for content localization and fraud prevention
  • Precise location: GPS coordinates (only with explicit opt-in permission) for location-based features, local trends, or augmented reality effects
• Cookies and Similar Technologies: We use essential cookies for authentication, preference cookies for language/settings, analytics cookies for performance measurement, and advertising cookies for relevant content delivery (see Section 9 for details).
• SDKs and Third-Party Tools: We integrate trusted software development kits (e.g., Firebase Analytics, Mixpanel, Adjust) to enhance functionality, measure performance, and prevent fraud. These partners operate under strict data processing agreements.

1.3 Information from Third Parties

• Social Media Integrations: If you connect your account to platforms like Instagram or YouTube, we may receive profile information and friend lists (only with your explicit authorization).
• Advertising Partners: Aggregated, non-personally identifiable data from ad networks to measure campaign effectiveness and serve relevant advertisements.
• Payment Processors: Transaction details (excluding full payment card numbers) from secure payment gateways like Stripe or PayPal when you make in-app purchases.

2. How We Use Your Information

We process your personal information for specific, legitimate purposes:

• Service Delivery: To create and manage your account, process transactions, deliver content, enable social features, and provide customer support.
• Personalization: To curate your "For You" feed using machine learning algorithms that analyze your interactions, preferences, and content engagement to surface relevant videos and creators.
• Safety, Security & Integrity:
  • Detect and prevent fraud, spam, abuse, security incidents, and illegal activities
  • Enforce our Community Guidelines and Terms of Service through automated content scanning and human review
  • Verify user identities and protect against unauthorized account access
• Analytics and Improvement: To analyze usage trends, conduct A/B testing, debug technical issues, and develop new features that enhance user experience.
• Communication: To send service-related notifications (account verification, security alerts, policy updates), respond to inquiries, and (with your consent) deliver marketing communications about new features or promotions.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests, and to protect the rights, property, or safety of TakeALook, our users, or the public.
• Research and Development: To conduct anonymized, aggregated research to improve content recommendation systems, accessibility features, and platform performance.

3. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases as defined by the GDPR and UK GDPR:

• Contractual Necessity: Processing required to perform our obligations under the Terms of Service (e.g., account creation, content delivery, payment processing).
• Legitimate Interests: Processing necessary for our legitimate business interests (e.g., security, fraud prevention, service improvement, personalization), provided these interests are not overridden by your data protection rights.
• Consent: Processing based on your freely given, specific, informed, and unambiguous consent (e.g., precise location access, marketing communications, certain cookies). You may withdraw consent at any time via app settings or by contacting us.
• Legal Obligation: Processing required to comply with applicable laws (e.g., tax records, responding to lawful subpoenas).
• Vital Interests: Processing necessary to protect someone's life (rarely applicable).

For more information about our legitimate interests assessment or to exercise your rights regarding processing based on legitimate interests, please contact our Data Protection Officer (Section 14).

4. Data Sharing and Disclosure

We do not sell your personal data to third parties. However, we may share information in the following circumstances:

4.1 Public Visibility

• By default, profiles and uploaded videos are publicly visible. You can adjust privacy settings to make your account private, limit comments, or restrict duets/stitches.
• Content shared publicly may be viewed, shared, or embedded by anyone on or off our platform, including search engines and third-party websites.

4.2 Service Providers and Processors

We engage trusted third-party vendors who process data on our behalf under strict contractual obligations:

• Infrastructure: Cloud hosting providers (AWS, Google Cloud Platform) for secure data storage and processing
• Content Delivery: CDN providers (Cloudflare, Fastly) to ensure fast, reliable content delivery globally
• Analytics: Tools like Firebase, Mixpanel, and Amplitude for anonymized usage insights
• Communication: Email/SMS services (SendGrid, Twilio) for transactional messages
• Moderation: AI-powered content safety tools and human review partners to enforce community standards
• Payment Processing: PCI-DSS compliant processors (Stripe, PayPal) for secure transactions

All processors are bound by Data Processing Agreements (DPAs) that prohibit using your data for any purpose other than providing services to TakeALook.

4.3 Legal and Safety Disclosures

• Legal Requirements: We may disclose information when required by law, subpoena, court order, or regulatory authority, including national security or law enforcement requests.
• Protection of Rights: To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to physical safety, or violations of our policies.
• Business Transfers: In connection with a merger, acquisition, sale of assets, financing, or bankruptcy, user information may be transferred as a business asset, subject to confidentiality commitments and notice to users.

5. International Data Transfers

TakeALook is a global service. Your information may be transferred to, stored, and processed in countries outside your country of residence, including the United States, Singapore, and Ireland, where data protection laws may differ.

To ensure your data remains protected during international transfers, we implement appropriate safeguards:

• Standard Contractual Clauses (SCCs): We use EU Commission-approved SCCs for transfers from the EEA/UK to countries without an adequacy decision.
• Data Processing Addendums: Contracts with all subprocessors include GDPR-compliant data protection obligations.
• Supplementary Measures: Technical safeguards like encryption in transit (TLS 1.3+) and at rest (AES-256), strict access controls, and regular security audits.
• Transparency: A list of our subprocessors and their locations is available at asmgx.com/subprocessors.

EEA/UK users may request a copy of our SCCs or other transfer mechanisms by contacting our Data Protection Officer (Section 14).

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

6.1 Core Rights (Available Globally)

• Access & Portability: Request a copy of your personal data in a structured, machine-readable format via Settings > Privacy > Download My Data.
• Correction: Update inaccurate or incomplete information directly in your profile settings.
• Deletion: Request account deletion via Settings > Account > Delete Account. We process valid requests within 30 days.
• Objection to Processing: Opt out of certain processing activities (e.g., personalized ads) via Settings > Privacy Controls.
• Restriction of Processing: Request temporary limitation of data processing while accuracy is verified or objections are reviewed.

6.2 Regional Rights

California Residents (CCPA/CPRA)

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information (with limited exceptions)
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising privacy rights
• Do Not Sell/Share: We do not sell personal information. California users may opt out of "sharing" for cross-context behavioral advertising via Settings > Privacy > Ad Preferences or our California Privacy Notice.

EEA/UK Residents (GDPR/UK GDPR)

• All rights listed in Section 6.1, plus:
• Right to withdraw consent at any time (without affecting prior processing)
• Right to lodge a complaint with a supervisory authority (e.g., ICO in UK, CNIL in France)
• Right not to be subject to solely automated decisions with legal/significant effects (see Section 11)

6.3 How to Exercise Your Rights

Submit requests via:

• Email: info@asmgx.com (include "Privacy Rights Request" in subject)

We verify your identity before fulfilling requests to protect your security. Most requests are processed within 30 days; complex requests may take up to 60 days with notification.

7. Data Retention and Security

7.1 Retention Periods

We retain personal information only as long as necessary:

• Active Accounts: Data retained while your account is active. You may delete content or deactivate anytime.
• Deleted Accounts: After account deletion request:
  • 30-day grace period for account recovery
  • Personal content (videos, messages) permanently deleted from primary systems within 90 days
  • Backup systems may retain residual data for up to 180 days for disaster recovery, inaccessible for normal operations
• Legal Holds: Data subject to litigation, investigation, or regulatory inquiry may be retained longer as legally required.
• Aggregated/Anonymized Data: Non-personal, aggregated statistics may be retained indefinitely for research and analytics.

7.2 Security Measures

We implement comprehensive technical and organizational safeguards:

• Encryption: TLS 1.3+ for data in transit; AES-256 encryption for sensitive data at rest
• Access Controls: Role-based access, multi-factor authentication for employees, and principle of least privilege
• Monitoring: 24/7 security monitoring, intrusion detection systems, and regular vulnerability assessments
• Employee Training: Mandatory privacy and security training for all staff with access to user data
• Certifications: Regular third-party audits (SOC 2 Type II, ISO 27001) to validate our security practices

8. Children's Privacy

TakeALook is not intended for children under the age of digital consent in their jurisdiction (typically 13 in the US, 16 in parts of Europe). We do not knowingly collect personal information from children below this age.

If we discover that a user under the minimum age has created an account:

• We will immediately terminate the account
• Delete all associated personal information from our active systems
• Implement technical measures to prevent re-registration

For Parents/Guardians: If you believe your child has provided us with information without your consent, please contact us at info@asmgx.com with details, and we will take prompt action to investigate and remove the information if verified.

Teen Accounts (13-17): Users aged 13-17 (where permitted) receive enhanced protections:

• Private accounts by default
• Restricted direct messaging (friends-only)
• Limited data collection for advertising
• Parental controls available via Family Pairing feature

9. Cookies and Tracking Technologies

We use cookies, pixels, SDKs, and similar technologies to enhance functionality, analyze usage, and personalize experiences.

9.1 Types of Technologies Used

• Essential Cookies: Required for core functionality (authentication, security, network management). Cannot be disabled.
• Preference Cookies: Remember your settings (language, region, accessibility preferences).
• Analytics Cookies: Help us understand how users interact with our Service (e.g., Google Analytics 4, Mixpanel). Data is aggregated and anonymized where possible.
• Advertising Cookies: Used by trusted partners to measure ad performance and deliver relevant content. We do not share personally identifiable information with ad networks for cross-site tracking.
• Device Identifiers: Mobile advertising IDs (IDFA/AAID) used for attribution and fraud prevention, resettable via device settings.

9.2 Managing Your Preferences

• Browser Settings: Most browsers allow you to block or delete cookies. Note: Disabling essential cookies may impair Service functionality.
• Mobile Settings:
  • iOS: Settings > Privacy > Tracking > disable "Allow Apps to Request to Track"
  • Android: Settings > Google > Ads > enable "Opt out of Ads Personalization"
• In-App Controls: Settings > Privacy > Tracking Preferences to manage personalization and ad settings
• Industry Opt-Outs:
  • US: aboutads.info or networkadvertising.org
  • EEA: youronlinechoices.eu

For a detailed list of cookies used, purposes, and durations, see our Cookie Policy.

10. Third-Party Services and Links

TakeALook may contain links to third-party websites, services, or integrations (e.g., YouTube, Instagram, payment processors). This Privacy Policy does not apply to those third parties.

We encourage you to:

• Review the privacy policies of any third-party service before providing information
• Understand that content shared from TakeALook to other platforms becomes subject to those platforms' policies
• Be cautious when clicking external links, as we cannot control their content or practices

When you use third-party login options (e.g., "Sign in with Google"), the third party may share certain profile information with us per their authorization flow. You can manage connected apps in your device or account settings.

11. Automated Decision-Making and Profiling

We use automated systems, including machine learning algorithms, to:

• Curate personalized content feeds based on your interactions and preferences
• Detect policy violations, spam, or harmful content through AI-powered moderation
• Prevent fraud and secure accounts via behavioral analysis
• Optimize video recommendations and discovery features

Your Rights Regarding Automation:

• Meaningful Information: We provide clear explanations of how our recommendation systems work in our Transparency Center.
• Human Review: If an automated decision significantly affects you (e.g., content removal, account restriction), you may request human review via Settings > Support > Appeal Decision.
• Opt-Out: EEA/UK users may object to profiling for direct marketing purposes via Settings > Privacy > Ad Preferences.

Our algorithms are regularly audited for fairness, bias mitigation, and compliance with applicable laws. We do not use sensitive categories (race, religion, health, etc.) as direct inputs for personalization.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements.

How We Notify You:

• Material changes will be communicated via in-app notification and/or email at least 30 days before effectiveness
• The "Last Updated" date at the top of this policy will be revised
• Continued use of TakeALook after changes take effect constitutes acceptance of the updated policy

13. Data Breach Notification

In the unlikely event of a data breach affecting your personal information:

• We will investigate promptly and contain the incident
• If required by law, we will notify affected users and relevant authorities without undue delay
• Notifications will include: nature of the breach, categories of data affected, potential consequences, measures taken, and recommendations for user protection
• We provide free credit monitoring or identity protection services where appropriate and legally required

Security concerns should be reported immediately to info@asmgx.com.

14. Contact Us

For questions about this Privacy Policy, to exercise your data rights, or to report a concern, please contact our Data Protection Officer:

Response Time: We aim to respond to all privacy inquiries within 15 business days. For urgent security matters, contact info@asmgx.com.