Umove Privacy Policy

    Effective Date: September 24, 2025

    TouchX Limited, a company incorporated in Hong Kong (“Umove”, “Umove App”, “Company”, “we”, or “us”), respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use the Umove mobile application, websites, and related services (collectively, the “App” or “Services”). By accessing or using the App, you agree to this Privacy Policy. If you do not agree, please do not use the App.

    ⚠️ Adult-only content & services

    The App may contain or be used to access intimate or sexually suggestive content and interactive device control features. The App is intended only for users 18 years of age or older. If you are under 18, or if it is illegal to access such content in your jurisdiction, you must not use the App.

    1. Who We Are and Applicable Laws

    • Data user / controller: TouchX Limited, Hong Kong.
    • We comply with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong (“PDPO”), including the six Data Protection Principles (DPPs).
    • Where applicable, we also take into account:
      • EU / EEA: General Data Protection Regulation (GDPR).
      • United States: for example, the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA).
    • In case of conflicts, mandatory laws of your country of residence may prevail.

    2. Eligibility and Children’s Privacy

    • The App is intended only for individuals 18 years of age or older.
    • We do not knowingly collect personal data from children under 13 years of age and do not target the App to children.
    • If we learn that we have collected personal data from a child under 13 (or under the minimum age in your jurisdiction), we will delete it as soon as reasonably practicable and may restrict access to the relevant account.
    • If you believe a minor has used the App or provided personal data, please contact us at umovetec@gmail.com.

    3. Information We Collect

    We may collect the following categories of information when you use the App:

    3.1 Account & Profile Information

    • Email address, username, password (hashed), avatar or profile picture, gender and basic profile info (e.g. language, time zone, self-description).
    • Age confirmation (e.g. year of birth or “I am over 18” checkbox).

    3.2 Device & Usage Data

    • Device identifiers (such as device ID, OS version, model), app version, IP address, connection type, crash logs and diagnostic logs.
    • In-App actions (e.g. opening screens, clicks, feature usage, session duration) for analytics, quality and abuse prevention.

    3.3 Communications & User-Generated Content

    Depending on how you use the App, we may process:

    • Text messages, images, short videos, and other content you send to or share with other users.
    • Voice and video call signaling information and technical data required to establish peer-to-peer or server-relayed connections.
    • In-App gifts, reactions, comments, and other interactive content.

    Delivery-only processing

    • We process messages, calls and other user-generated content only as needed to deliver them to the intended recipient(s) and to operate features such as moderation, anti-fraud, and safety.
    • Messages or media may be temporarily stored (for example when a recipient is offline) until delivery is completed or an expiry time is reached.
    • Unless we are legally required to keep them, we do not permanently store or routinely monitor the contents of your private conversations after they have been delivered or expired.
    • We may, however, retain and review specific content if:
      • required by applicable law, court order, or law enforcement request; or
      • it is necessary to investigate fraud, abuse, or safety issues (e.g. reports of illegal content, harassment, or threats).

    ⚠️ You understand that recipients may save or copy content on their own devices. We cannot control how other users choose to store, use, or share what you send to them.

    3.4 Intimate Device & Wellness Usage Data (If You Use These Features)

    If you choose to connect compatible devices or use rhythm/interactive features, we may process:

    • Device connection status and identifiers (e.g. Bluetooth ID, device model).
    • Control data (e.g. vibration patterns, intensity/curve information) necessary to send commands between devices or users.
    • Non-medical usage data such as frequency, duration, or patterns of sessions used to provide feedback or improve user experience.

    This information is processed only for personal wellness, entertainment, and interactive purposes and is not intended for medical diagnosis, treatment, or health-care use.

    3.5 Transaction & Payment Information (Gifts, Coins, Subscriptions)

    When you purchase virtual coins, gifts, or subscriptions within the App, we and our payment partners may process:

    • Purchase history (items purchased, coins bought, gifts sent/received, timestamps, amounts and currency).
    • Order identifiers, subscription IDs, and store receipts (e.g. Apple App Store / Google Play receipts).
    • Limited billing information as made available by the platform (we do not receive your full credit card number when payments are processed by Apple, Google, or other PCI-compliant processors).

    We use this information to:

    • Provide you with purchased items and gifts;
    • Maintain your in-App balance or entitlements;
    • Prevent fraud, abuse, and chargeback misuse;
    • Comply with accounting, tax, and anti-money-laundering obligations where applicable.

    3.6 Location Information

    • Approximate location (e.g., country, city, or timezone) may be inferred from IP address or device settings.
    • If you enable location permissions, we may collect more precise location for features that need it (e.g. localized content or compliance checks). You can disable location access via your device settings, though some features may not function properly without it.

    3.7 Cookies and Similar Technologies

    On our websites and web views, we may use:

    • Cookies, web beacons, SDKs, and similar technologies to remember your preferences, keep you signed in, analyze traffic, and improve performance.
    • Some cookies are strictly necessary (security, login, basic functions); others are used for analytics or (where allowed) for marketing.

    You can manage cookies via your browser settings. If you disable cookies, some features may not work correctly.

    3.8 Non-Identifiable & Aggregated Data

    We may collect and use non-identifiable information (such as general usage statistics) and create aggregated data that does not identify any individual. We may use and share such aggregated data for analytics, research, business reporting, or service improvements.

    4. How We Use Your Information

    We use your personal data for the following purposes (and, where GDPR applies, on the legal bases indicated):

    1. Provide and operate the App and its features
      • Create and manage accounts; enable messaging, calls, gifts, and device control.
      • Legal basis: performance of a contract (GDPR Art. 6(1)(b)).
    2. Maintain a safe and respectful community
      • Detect, prevent, and respond to fraud, abuse, spam, harassment, illegal content, or policy violations.
      • Legal basis: legitimate interests and legal obligations.
    3. Process payments and manage purchases
      • Handle coin and gift purchases, subscriptions, and related support (e.g. refunds where applicable).
      • Legal basis: performance of a contract; legal obligations (tax, accounting).
    4. Improve performance and develop new features
      • Analyze usage, fix bugs, optimize device and network performance, test new features.
      • Legal basis: legitimate interests in improving our services.
    5. Personalize your experience (where allowed)
      • Show relevant content or suggestions, adapt UI or language to your region.
      • Legal basis: legitimate interests; consent where required.
    6. Communicate with you
      • Send service messages (security alerts, updates), and with your consent (where required) optional marketing or promotional communications.
      • You can opt out of marketing emails at any time.
    7. Comply with legal obligations
      • Respond to lawful requests, court orders, or regulatory requirements.
      • Fulfill record-keeping, tax, and reporting obligations.

    5. How We Share Your Information

    We do not sell your personal information for money, and we do not “sell” or “share” personal information as those terms are defined under the CCPA/CPRA. We may share your information only in the following circumstances:

    5.1 Other Users

    • Information you choose to share (profile info, gifts, messages, content, live interactions) is visible to recipients or the audience you select.
    • Please use caution when sharing personal or sensitive information with others.

    5.2 Service Providers and Partners

    We work with trusted third parties who help us operate and improve the App, such as:

    • Hosting and cloud infrastructure providers;
    • Payment processors and app store platforms;
    • Analytics and crash-reporting tools;
    • Customer support and moderation tools;
    • Anti-fraud and security vendors.

    These providers may access personal data only as needed to perform services on our behalf, under contractual obligations to protect your data.

    5.3 Business Transfers

    If we are involved in a merger, acquisition, asset sale, financing, or similar transaction, your information may be transferred as part of that deal. We will continue to protect your information and will notify you of any material changes in ownership or control.

    5.4 Legal and Safety

    We may disclose information if we reasonably believe it is necessary to:

    • Comply with law, court orders, or valid law-enforcement requests;
    • Protect the rights, property, or safety of Umove, our users, or the public;
    • Enforce our Terms of Service and other policies;
    • Detect, prevent, or address fraud, security, or technical issues.

    6. Data Retention

    We retain personal data only for as long as reasonably necessary to:

    • Provide the Services to you;
    • Fulfill the purposes described in this Policy;
    • Comply with legal, tax, accounting, or regulatory requirements;
    • Resolve disputes and enforce our agreements.

    In general:

    • Account data is retained while your account is active. If you delete your account, we will delete or anonymize personal data subject to legal and operational retention needs (e.g. enforcing bans, preventing fraud, keeping minimal records for legal claims).
    • Transaction data (e.g. payments, invoices) may be retained for longer periods to comply with tax and financial regulations.
    • Log and security data may be retained for a limited period for security, abuse prevention, and legal compliance.

    If you request deletion, we will act in accordance with applicable law (see Section 8 – Your Rights). Note that some data may remain in backup or archive form for a limited time and will be deleted according to our standard rotation schedules.

    7. Data Security

    We implement reasonable and appropriate technical and organizational measures to protect personal data against unauthorized or accidental access, use, disclosure, alteration, loss, or destruction, in line with PDPO Data Protection Principle 4.

    Measures may include:

    • Encryption in transit and at rest where appropriate;
    • Access controls and authentication;
    • Network and application security;
    • Internal policies, training, and contractual protections for staff and service providers.

    However, no system is 100% secure. We cannot guarantee absolute security. You are responsible for keeping your account credentials secure and notifying us promptly of any suspected unauthorized access or security incident.

    8. Your Rights

    Your privacy rights depend on where you live. Regardless of region, you can always contact us at umovetec@gmail.com and we will do our best to help.

    8.1 Hong Kong and Most Other Regions

    Subject to local law, you may have the right to:

    • Request access to personal data we hold about you;
    • Request correction of inaccurate or incomplete personal data;
    • Request deletion of personal data (subject to legal retention obligations);
    • Object to certain processing or withdraw consent where processing is based on consent.

    We will handle such requests in accordance with PDPO and other applicable laws.

    8.2 EU / EEA Residents (GDPR)

    If you are in the EU/EEA or where GDPR applies, you may have the following rights:

    • Access to your personal data;
    • Rectification of inaccurate data;
    • Erasure (“right to be forgotten”) subject to legal retention;
    • Restriction of processing in certain circumstances;
    • Data portability for data you provided to us;
    • Objection to processing based on legitimate interests or direct marketing;
    • Withdraw consent at any time where we process data based on your consent.

    You also have the right to lodge a complaint with your local data protection authority.

    8.3 California Residents (CCPA/CPRA)

    If you are a California resident, you may have the right to:

    • Know / Access the categories and specific pieces of personal information we have collected about you;
    • Request deletion of personal information we collected from you;
    • Request correction of inaccurate personal information;
    • Know the categories of sources, purposes, and third parties involved in collection and disclosure;
    • Non-discrimination for exercising your privacy rights.

    We do not “sell” or “share” your personal information as defined under the CCPA/CPRA.

    To exercise any of these rights, California customers please contact us at umovetec@gmail.com and include “CCPA Request” in your email subject line. We may need to verify your identity before fulfilling your request and may deny requests as allowed by law (for example, when we must retain data to comply with legal obligations).

    9. International Data Transfers

    We may process and store your information in Hong Kong, the United States, the European Union, and other jurisdictions where we or our service providers are located.

    • For PDPO purposes, we act as a “data user” and may transfer personal data outside Hong Kong with appropriate safeguards.
    • Where GDPR applies, we will rely on appropriate legal mechanisms for cross-border transfers (such as Standard Contractual Clauses, or equivalently recognized safeguards), or other lawful bases permitted under GDPR.

    By using the App, you understand that your data may be transferred to countries that may have different data protection laws than your home jurisdiction. We will take steps to ensure your data is protected in line with this Policy and applicable law.

    10. Third-Party Links and Services

    The App may contain links to third-party websites, services, or content (for example, social login, app stores, payment partners, analytics tools). We are not responsible for the privacy practices of these third parties.

    We encourage you to review the privacy policies of any third-party services you access.

    11. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or business practices.

    • When we make material changes, we will notify you via the App, by email, or by other reasonable means.
    • The “Effective Date” at the top of this Policy shows when it was last updated.
    • Your continued use of the App after changes become effective means you accept the updated Policy. If you do not agree, you should stop using the App and may delete your account.

    12. Contact Us

    TouchX Limited
    📍 Hong Kong (SAR)
    📧 Email: umovetec@gmail.com

    13. Important Note (Non-Legal Advice)

    This Privacy Policy is intended to describe our practices and help you understand your rights. It is not legal advice. Because laws change and may apply differently depending on your situation, we strongly recommend you seek independent legal counsel before finalizing or relying on this document for regulatory compliance.