Privacy Policy (Version 1.0)

Last Updated: March 17, 2026

This Privacy Policy (hereinafter referred to as the "Policy") applies to the content, tools, features, and functionalities (collectively, the "Services") provided and controlled by the ViYa Technology Limited through the Diari platform (the "Platform"). This Policy is established in accordance with applicable laws to protect users' ("you" or "your") personal information.

1. Scope and Consent

This Policy explains the reasons, methods, and details of how we collect, use, store, process, share, transfer, and disclose your personal information, the security measures we implement, and the rights you have to access, update, delete, and control your personal data. Please read this Policy in conjunction with the Diari Terms of Use. If you do not agree with this Policy, you should stop using Diari and/or our Services.

We reserve the right to modify this Policy at any time. We encourage you to review it regularly for updates. If you do not accept the revised Policy, you should discontinue use of Diari.

Age Restrictions

• Global minimum: Users under the age of 13 are not allowed to use the Services.
• EEA/UK: Users under 16 are not allowed; where permitted by national laws (for example, Austria, age 14), explicit parental consent is required.
• Other jurisdictions: Users below the local legal age are prohibited.

If you are between 13 and the legal age of majority (13-16 in EEA), you must obtain written consent from a parent or guardian.

For children under 13 in the U.S. or under the legal age in other jurisdictions:

• We only provide limited services after obtaining verifiable parental/guardian consent.
• We collect only the minimum personal information necessary to provide functionalities.
• Parents/guardians can view, modify, or request deletion of their child's data.
• They may also deny further data collection.

Users must provide their age upon first use (whether guest or registered mode). Only registered users can modify incorrect age entries; guest users cannot. We reserve the right to suspend or permanently restrict access to Diari if false age information is detected.

Unless otherwise permitted or required by law, we do not collect, use, or disclose personal information of children without parental consent. Parents may access, delete, and request that we stop processing their child's data.

By accessing and/or using our Services, you confirm that you are of legal age in your jurisdiction, or that you are under the supervision of a parent or legal guardian who consents to your use of our Services and this Policy.

This Policy is a legally binding electronic contract under applicable laws and does not require physical, electronic, or digital signatures.

Please read this Policy carefully. By accessing or using Diari and/or our Services, you acknowledge, understand, and agree to this Policy and the collection, use, processing, sharing, transfer, and disclosure practices outlined herein.

2. What Information Do We Collect?

2.1 Information You Provide Directly

• Registration/Login: When registering via third-party platforms (for example, Google), we collect your Open ID, location, and device information. A nickname and age are required to use chat functions.
• Contact & Marketing: We may use your contact information (for example, email) to send product information, subject to prior consent where required by law.

2.2 Information Generated During Use

• Chats & Communications: We collect text/voice chat data strictly for safety purposes, such as filtering illegal content.
• Payments & Transactions: We collect user ID, country, payment amount, and may require ID verification when extracting virtual assets.
• Feedback & Reporting: We collect descriptions, screenshots, or reports to resolve issues.
• User Experience Improvement: We automatically collect data such as language, gender, click behavior, and device information for personalization.
• Security & Stability: We collect login status, device identifiers, and IP addresses to ensure service security.

3. Cookies and Similar Technologies

We use cookies and similar technologies (for example, pixel tags, device identifiers) to enhance your experience, analyze usage behavior, and provide personalized content or ads. First-party cookies are essential for core service operations.

4. User Consent

You may be asked to consent to the following:

• Photos/Storage: To upload images for display or AI training (uploaded to our servers).
• Microphone: For voice-to-text features.
• Internet Access: To optimize connectivity and access Diari.
• Camera: To capture photos/videos related to your queries.
• Identity: For login via third-party accounts (for example, Google or Apple).

5. How We Process Your Information

In brief: We use your information primarily to provide and improve our Services. We also use it for safety and to offer content you may find relevant. Detailed usage includes:

5.1 Managing Your Account and Services

• Creating and managing accounts
• Providing customer support
• Processing transactions
• Communicating service-related updates (orders, billing)

5.2 Service Improvement and Development

• Research and analysis to improve service and content
• Developing new features based on user behavior and interest

5.3 Fraud and Abuse Prevention

• Detecting and addressing misconduct
• Analyzing data to design countermeasures
• Retaining data related to fraud to prevent recurrence

5.4 Legal Compliance

• Complying with legal obligations
• Cooperating with law enforcement
• Exercising and enforcing our rights (for example, Terms of Use)

5.5 Legal Grounds for Processing

• Contractual necessity for service provision
• Legitimate interests such as fraud prevention and service enhancement
• Consent, where required
• Legal obligations, such as anti-money laundering compliance

5.6 Under GDPR, We Rely On

• Consent: for example, for marketing emails
• Contract performance: for example, registration and chat services
• Legal compliance: for example, regulatory requirements
• Legitimate interests: for example, fraud prevention, analytics, and service improvement

6. Advertising & Tracking

We use advertising technologies to provide relevant ads and measure their performance. Depending on your device and operating system:

On iOS (Apple Devices)

We may request your permission through Apple's App Tracking Transparency (ATT) prompt to access your device's Identifier for Advertisers (IDFA). If you allow, we and our advertising partners may use this identifier to deliver personalized ads. If you decline, you will still see ads, but they may be less relevant.

On Android (Google Devices)

We may collect and use your device's Google Advertising ID (AAID) to provide personalized ads. This identifier is resettable and does not reveal your personal identity. You can reset or limit the use of your Advertising ID at any time in your device's Settings → Privacy → Ads.

You can learn more about how Google and Apple handle advertising identifiers by visiting their official privacy pages.

7. Legal Basis by Processing Activity

7.1 Account Registration/Transactions

• EU/UK (GDPR): Performance of Contract
• USA (CCPA): Business Purposes
• Other Regions: Performance of Contract

7.2 Marketing Communications

• EU/UK (GDPR): Consent
• USA (CCPA): Business Purposes (including opt-out mechanism)
• Other Regions: Consent

7.3 Security Logs

• EU/UK (GDPR): Legitimate Interest
• USA (CCPA): Security and Fraud Prevention
• Other Regions: Legitimate Interest

8. Data Sharing and Disclosure

8.1 Stripe/PayPal

• Purpose: Payment processing
• Data Shared: User ID, transaction amount
• Compliance: PCI-DSS certified

8.2 Google Analytics

• Purpose: Traffic analysis
• Data Shared: Device ID, clickstream (anonymized)
• Compliance: GDPR-compliant data processing agreements

8.3 AWS/Azure

• Purpose: Cloud storage
• Data Shared: All business data
• Compliance: ISO 27001 certified

8.4 Law Enforcement

• Purpose: Legal requirements
• Data Shared: Minimum necessary data
• Compliance: Formal written request verification

9. Data Retention

We follow the principle of data minimization. Retention periods are:

• Regular User Account Data: 90 days post-deletion (EU)
• Regular User Account Data: 180 days post-deletion (US)
• Children's Data: Deleted within 72 hours of a deletion request
• User-Generated Content (UGC): Deleted 30 days after user removal
• If shared, third parties will be notified for synchronized deletion.

In the event of a personal data breach:

• Notify regulators within 72 hours (per GDPR)
• Notify users via email/app
• Type of exposed data
• Possible risks
• Recommended precautions

We will retain your data only as long as necessary, unless legally required to keep it longer. When no longer needed, we will delete, anonymize, or securely isolate it.

10. Children's Data (GDPR/KIDS COPPA)

• Age Verification: Mandatory at first launch; under-13 triggers child protection mode.
• Parental Controls: View list of collected data types.
• Parental Controls: Export or request deletion.
• Parental Controls: Deny consent to restrict specific functions (not full deactivation).

COPPA Compliance (USA): "We comply with COPPA and do not collect data from children under 13 without verifiable parental consent."

Parental Consent Verification

• US: Upload ID + proof of relationship (for example, family register) or credit card micro-payment
• EU: eIDAS electronic ID or bank verification

Parental Dashboard

• Real-time access to the timeline of data collected from children
• Third-party sharing history, including partner names

11. Your Privacy Rights

EEA/UK Users

• Right to Erasure (Right to Be Forgotten): Delete all personal data, including third-party copies
• Right to Data Portability: Obtain structured copy of your data
• Right to Object to Automated Decisions: Refuse profiling based solely on algorithms

US Users (CCPA)

• Right to Opt-Out of Data Sale: Disable data sharing via a [Do Not Sell My Info] link
• Right to Non-Discrimination: Exercise rights without service penalties

12. California Resident Rights

• Verification for Deletion Requests: Must provide two forms of proof (for example, email + photo ID/utility bill)
• Data Deletion Commitment: All data (including backups) deleted within 45 days
• In accordance with CCPA §1798.105(d) using NIST 800-88 Rev.1 standards

13. Cross-Border Transfers & Regulatory Representatives

When transferring data outside the EEA:

• Use EU Commission's 2023 Standard Contractual Clauses (SCCs)
• Sensitive data sent to the U.S. is triple-encrypted
• Transport Layer: TLS 1.3+
• Storage Layer: AES-256 segmented encryption
• Access Layer: HSM-managed keys
• Children's data is not transferred outside countries on the EU adequacy list (for example, not to the U.S.)
• All children's data is processed within AWS Frankfurt region (inside the EU)

14. Contact Us

If you have any questions or comments about this Policy, please contact us at: [email protected]