Privacy Policy

1. Introduction

CiaoJin S.r.l. ("CiaoJin", "we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our mobile application and website (collectively, the "Platform"). It applies to all users worldwide and is drafted in compliance with the EU General Data Protection Regulation (GDPR), the Italian Personal Data Protection Code (Legislative Decree 196/2003 as amended), and other applicable privacy laws.

2. Data Controller

The data controller for your personal data is:

CiaoJin S.r.l. Email: privacy@ciaojin.com

For GDPR-related enquiries, you may contact our Data Protection Officer at dpo@ciaojin.com.

3. Data We Collect

We collect the following categories of personal data:

Account data: name, email address, date of birth, profile photo, and username when you register.

Financial data: bank account details, payment method information, and transaction history necessary for processing earnings withdrawals. Payment data is handled via PCI-DSS-compliant third-party processors and is never stored unencrypted on our servers.

Usage data: posts, reactions, comments, shares, and other interactions you perform on the Platform, along with timestamps and engagement metrics used to calculate your earnings.

Device & technical data: IP address, device type, operating system, browser type, app version, crash logs, and performance metrics collected automatically when you use the Platform.

Communications: any messages you send to our support team or via in-app messaging features.

Cookies & tracking: session cookies, analytics cookies, and similar technologies as described in Section 9 below.

4. How We Use Your Data

We process your personal data for the following purposes and legal bases:

• Performance of contract: to create and manage your account, calculate and distribute earnings, and provide core Platform features.

• Legitimate interests: to improve the Platform, detect and prevent fraud, abuse, and security incidents, perform analytics, and personalise your experience in a non-intrusive way.

• Legal obligation: to comply with anti-money-laundering (AML), know-your-customer (KYC), tax reporting, and other applicable legal requirements.

• Consent: to send you marketing communications and use non-essential cookies, where you have opted in. You may withdraw consent at any time.

5. Earnings, KYC & Financial Processing

To process withdrawals, we are required by financial regulations to verify your identity. This involves collecting a copy of a government-issued identity document and, in some cases, proof of address. This data is processed under our legal obligation and retained for the minimum period required by applicable AML and tax laws (typically 5–10 years). KYC verification is handled by our third-party identity-verification partner under strict data-processing agreements.

6. Data Sharing & Transfers

We do not sell your personal data. We share data only in the following circumstances:

• Service providers: cloud hosting, payment processors, identity verification, analytics, and customer support tools that process data on our behalf under data processing agreements.

• Legal requirements: when required to disclose data to law enforcement, regulatory authorities, or courts.

• Business transfers: in connection with a merger, acquisition, or sale of assets, in which case we will notify you before your data is transferred and becomes subject to a different privacy policy.

Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses or adequacy decisions).

7. Data Retention

We retain your personal data for as long as your account is active and for a reasonable period thereafter to allow you to reactivate your account, resolve disputes, and fulfil legal obligations. Specifically:

• Account and profile data: retained for the duration of your account plus 2 years after deletion. • Financial and transaction data: retained for 7 years from the date of the transaction (tax and AML obligations). • Support communications: retained for 3 years.

You may request earlier deletion subject to Section 8 below.

8. Your Rights

Under the GDPR and other applicable laws, you have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you. • Rectification: request correction of inaccurate or incomplete data. • Erasure: request deletion of your data ("right to be forgotten"), subject to legal retention obligations. • Restriction: request that we restrict processing of your data in certain circumstances. • Portability: receive your data in a structured, machine-readable format. • Objection: object to processing based on our legitimate interests or for direct marketing. • Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@ciaojin.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority (in Italy: Garante per la Protezione dei Dati Personali, www.gpdp.it).

9. Cookies & Tracking

We use cookies and similar technologies to operate the Platform and understand how it is used. Categories include:

• Strictly necessary cookies: required for authentication, security, and basic Platform functionality. Cannot be disabled. • Analytics cookies: help us understand usage patterns (e.g., page views, session duration). Collected in anonymised or aggregated form where possible. Require consent. • Marketing cookies: used only with your explicit consent to deliver relevant promotions.

You can manage your cookie preferences via the cookie settings banner on your first visit or at any time through your account settings.

10. Security

We implement industry-standard technical and organisational measures to protect your data from unauthorised access, alteration, disclosure, or destruction. These include encryption in transit (TLS 1.3) and at rest, access controls, regular security audits, and employee training. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

11. Children's Privacy

CiaoJin is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected such data, we will delete it promptly. If you believe a child under 16 has provided us with personal data, please contact us at privacy@ciaojin.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via email or an in-app notification at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

For any privacy-related questions, requests, or complaints, please contact:

CiaoJin S.r.l. Email: privacy@ciaojin.com Data Protection Officer: dpo@ciaojin.com