Privacy Policy - Tossee

Privacy Policy

1. Introduction

This Privacy Policy (“Policy”) describes how the Website Operator (“we,” “our,” or “us”) collects, uses, processes, and safeguards personal data of users (“you,” “your,” or “User”) when you access or use our websites, mobile applications, and related services (the “Services”).

We are committed to protecting your privacy and ensuring that your personal data is processed in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), applicable national laws, and international data protection principles.

By using our Services, you acknowledge that you have read, understood, and agreed to the practices described in this Policy. If you do not agree, you must cease using the Services immediately.

2. Age Restriction and Children’s Privacy

  • The Services are intended solely for individuals aged eighteen (18) years or older.
  • We do not knowingly collect or process personal data of individuals under 18.
  • If we become aware that personal data has been collected from a minor, we will promptly delete such data and may notify relevant authorities.
  • Parents or guardians who believe their child has accessed the Services should contact us immediately.

3. Categories of Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Account and Profile Data

  • Username, email address, password, and profile details (e.g., age, gender, interests).
  • Uploaded profile photos or other media.

3.2 Communication Data

  • Messages, audio, or video shared through the Services.
  • Reports or complaints filed against other users.
  • Communications with our support team.

3.3 Technical Data

  • IP address, device identifiers, browser type, operating system.
  • Date, time, and duration of Service usage.
  • Log files and error reports.

3.4 Usage Data

  • Interactions with features, functions, and other users.
  • Preferences, chat history, session activity.

3.5 Payment and Transaction Data (if applicable)

  • Subscription details, virtual currency purchases, billing data (processed securely via third-party providers).

3.6 Data from Third Parties

  • Information from connected accounts (e.g., social networks, payment providers).
  • Data obtained from partners for fraud prevention, analytics, or security.

4. Legal Bases for Processing

We process personal data under the following legal bases as defined in GDPR:

  1. Contractual necessity – to provide you with Services you requested.
  2. Consent – where you have given explicit consent (e.g., for optional cookies, marketing emails).
  3. Legal obligation – to comply with EU and Lithuanian laws.
  4. Legitimate interests – for security, fraud prevention, Service improvements, and user protection.

5. How We Use Personal Data

We use your data for the following purposes:

  • To provide and operate the Services.
  • To authenticate and verify user identity.
  • To prevent, detect, and investigate fraud, abuse, or underage use.
  • To moderate user-generated content and enforce Terms of Use.
  • To communicate with you regarding updates, security alerts, or support.
  • To process transactions and manage subscriptions.
  • To analyze Service usage and improve performance.
  • To comply with legal requirements and law enforcement requests.

6. Sharing of Personal Data

We may share personal data under strict conditions:

6.1 Service Providers

  • Hosting providers, content delivery networks, and technical partners.
  • Moderation and security service providers.
  • Payment processors (for subscriptions or purchases).

6.2 Legal and Regulatory Authorities

  • When required by law or valid legal process.
  • To cooperate with law enforcement and protect public safety.

6.3 Corporate Transactions

  • In the event of merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity.

6.4 Other Users

  • Certain information (e.g., username, profile photo) may be visible to other users by default.
  • Content you voluntarily share may become accessible to other users.

7. International Data Transfers

  • Personal data may be processed outside your country of residence.
  • We ensure appropriate safeguards (e.g., EU Standard Contractual Clauses) are in place when transferring data internationally.

8. Retention of Data

  • Account data: kept until deletion of account and up to 2 years after inactivity.
  • Logs and security data: retained for limited periods as required for investigation.
  • Financial/transactional data: retained as required by Lithuanian accounting laws (up to 10 years).
  • Certain minimal records may remain in backups for compliance purposes.

9. Your Rights Under GDPR

You have the following rights:

  1. Right of access – request a copy of your personal data.
  2. Right to rectification – correct inaccurate data.
  3. Right to erasure – request deletion of your data (“right to be forgotten”).
  4. Right to restriction of processing – limit how we process your data.
  5. Right to data portability – receive your data in a portable format.
  6. Right to object – object to processing based on legitimate interests.
  7. Right to withdraw consent – withdraw any consent previously given.
  8. Right to lodge a complaint – with the State Data Protection Inspectorate (VDAI, Lithuania) or your local supervisory authority.

Requests can be submitted via email at support@[yourdomain].com. We may require proof of identity to protect user data.

10. Security Measures

We apply technical and organizational measures to protect your data, including:

  • SSL/TLS encryption.
  • Firewalls, intrusion detection systems.
  • Access controls, role-based permissions.
  • Regular audits and monitoring.
  • Employee training on data protection.

While we take all reasonable measures, no system is 100% secure. Users share and transmit data at their own risk.

11. Cookies and Tracking

Our Services use cookies and similar technologies. Please refer to our Cookie Policy for details on the categories of cookies, purposes, and how to manage consent.

12. Marketing and Communications

  • We may send you service-related announcements and administrative messages.
  • Marketing communications are sent only with your consent and may be unsubscribed at any time.
  • Even if you opt out, you may still receive important transactional messages.

13. Government Requests

We may disclose data in response to lawful government requests, emergencies, or valid court orders. Where permitted, we will notify affected users unless prohibited by law.

14. Changes to This Policy

We may amend or update this Policy at any time. The latest version will always be posted on the Service. Your continued use of the Service after changes constitutes acceptance of the revised Policy.

15. Contact

If you have questions regarding this Policy, please contact:
📧 support@[yourdomain].com

Operator Details (for GDPR compliance only, displayed discreetly)

UAB “Refiksas”
Company code: 30320169
I. Simonaitytės g. 5, 95128 Klaipėda, Lithuania
Email: refiksas@gmail.com | Tel: +37067866703

(Provided here solely for compliance purposes, not prominently displayed.)