We collect personal information only for legitimate purposes, following the principles of "data minimization" and "purpose limitation" as required by GDPR . The information we collect falls into three categories:
Account Information: To create a Togi account, you must provide an email address (for login, verification, and communication) and a password (stored via industry-standard bcrypt encryption). You may optionally provide a username, profile photo, or bio—this information may be visible to other users based on your privacy settings.
User-Generated Content (UGC): If you use UGC features (e.g., posting text, images, videos, comments), any information contained in your UGC (including text, visuals, or location tags) is collected. You retain ownership of your UGC, but grant us a non-exclusive license to host, display, and moderate it .
Communication Data: If you contact our support team (via TogiteamApp@togionline.com
Identity Verification Data: To comply with UGC management regulations , we may require you to provide identity verification materials (e.g., government-issued ID) if you repeatedly upload content or if suspicious activity is detected.
1.2 Automatically Collected Information
Device & Technical Data: We collect device model (e.g., iPhone 15 Pro), iOS version (e.g., iOS 18.3), Identifier for Vendors (IDFV), IP address, and network type. This data is used to optimize app performance and troubleshoot issues.
Usage Data: We track interactions with the App, including feature usage (e.g., UGC uploads, in-app purchases), session duration, and error logs. This data is anonymized unless linked to your account for service improvement.
Location Data (Optional): If you enable location services, we collect approximate or precise location data to provide location-based UGC features. You can disable this at any time via device settings.
1.3 In-App Purchase (IAP) Related Information
To facilitate in-app purchases (e.g., premium features, virtual items), we collect:
Purchase Details: Transaction ID, purchase date, item name, and price (provided by Apple's App Store Connect).
Payment Instrument Metadata: We do not store full payment details (e.g., credit card numbers)—all payments are processed by Apple Pay, which complies with PCI DSS standards .
2. How We Use Your Information
We use your information only for the purposes disclosed at collection, including:
Manage your account (login authentication, password reset).
Host and display UGC (subject to moderation rules in Section 4).
Process in-app purchases (verify transactions, deliver purchased items).
2.2 Service Improvement & Personalization
Analyze usage patterns to optimize features (e.g., refining UGC recommendation algorithms).
Tailor content to your preferences (e.g., showing relevant UGC based on your interactions).
Moderate UGC to prevent violations of laws and our rules .
Detect and block fraudulent activities (e.g., unauthorized account access, fake purchases).
Respond to legal requests (e.g., subpoenas) and report illegal content (e.g., child sexual abuse material) to authorities.
Send essential updates (e.g., account security alerts, service outages).
Notify you of in-app purchase renewals (at least 24 hours before automatic billing ).
Respond to support inquiries sent to TogiteamApp@togionline.com
3. GDPR Compliance: Your Rights as a Data Subject
For users in the EEA, UK, or Switzerland, GDPR grants you the following enforceable rights :
3.1 Right to Access & Rectification
Access: Request a copy of all personal information we hold about you. Email us at TogiteamApp@togionline.com
Rectification: Correct inaccurate or incomplete data (update account details directly in the App’s "Settings," or contact us for other corrections).
3.2 Right to Erasure ("Right to Be Forgotten")
Request deletion of your data if:
It is no longer necessary for the purpose collected.
You withdraw consent (and no other legal basis for processing exists).
Email us at TogiteamApp@togionline.com with the subject line "GDPR Erasure Request." We will delete your data within 1 month, unless retention is required by law (e.g., tax records).
3.3 Right to Restriction & Portability
Restriction: Request temporary suspension of processing (e.g., if you dispute data accuracy).
Portability: Receive your data in a machine-readable format (e.g., CSV) for transfer to another service provider.
3.4 Right to Withdraw Consent & Lodge Complaints
Withdraw consent for non-essential processing (e.g., location access) via device settings or by contacting us.
Lodge a complaint with your local data protection authority (e.g., ICO in the UK) if you believe we violated GDPR.
If a data breach risks your rights, we will notify you and the relevant supervisory authority within 72 hours of discovery .
4. UGC Management: Rules & Prohibited Content
Togi implements a "pre-review before publication" system for all UGC , managed by a trained 审核 team (with 1 审核员 per 1,000 daily new UGC items as a minimum standard). You are solely responsible for your UGC, and we prohibit the following content:
4.1 Strictly Prohibited UGC Categories
(1) Pornographic & Obscene Content
Explicit depictions of sexual acts, child sexual abuse material (CSAM)—we immediately report CSAM to authorities .
Content using titles like "uncut version" or "deleted scenes" to promote pornographic material .
(2) Distressing & Harmful Content
Depictions of extreme violence, self-harm, mutilation, or graphic accidents.
Content promoting animal abuse, illegal wildlife trade, or destruction of ecosystems .
Promotion of unlicensed gambling, betting, or lotteries.
Links to gambling websites, tutorials on "how to gamble," or content encouraging betting .
Glorification or instruction on using illegal drugs (e.g., heroin, methamphetamine) or misusing prescription drugs.
Links to drug dealers or images of drug manufacturing/distribution.
(5) Political & Sensitive Content
Unauthorized dissemination of government documents or state secrets .
Impersonation of political figures or parody/humorously distort of revolutionary leaders/heroes .
Overly entertaining interpretations of political events that undermine mainstream values .
(6) Discriminatory & Hate Content
Speech or imagery targeting individuals/groups based on race, ethnicity, gender, religion, disability, or sexual orientation.
Slurs, stereotypes, or threats that incite hatred or violence .
Content Removal: Non-compliant UGC is deleted within 24 hours of detection.
Account Sanctions: Users who upload 3+ violations in a week, or 1 major violation (e.g., CSAM), are added to our "Illegal Account List" . Sanctions include:
1-year ban for minor repeat violations.
3-year ban for severe violations (e.g., drug promotion).
Permanent ban for illegal content (e.g., terrorism advocacy).
Reporting Mechanism: Report violating UGC via TogiteamApp@togionline.com
5. In-App Purchase (IAP) Terms
To ensure transparency and comply with consumer protection laws :
All in-app purchases are clearly labeled with price, item description, and billing frequency (for subscriptions).
Free trials require explicit opt-in (no default 勾选), and we disclose:
Post-trial subscription price.
Subscriptions auto-renew unless canceled at least 24 hours before the renewal date.
We send renewal reminders to your registered email 24–48 hours before billing .
iOS: "Settings" > [Your Name] > "Subscriptions" > "Togi" > "Cancel Subscription".
Refund requests are processed via Apple’s App Store (we do not handle direct refunds).
Contact Apple Support at https://support.apple.com/
We never sell your personal information for marketing. We disclose data only in the following cases:
6.1 Third-Party Service Providers
Payment Processors: Apple Pay (receives transaction data only to process payments).
Cloud Storage: AWS (hosts UGC and account data, bound by GDPR-compliant data processing agreements ).
Content Moderation: Trusted vendors (access UGC only for moderation, no access to personal account data).
Comply with court orders, subpoenas, or regulatory requirements.
Protect our rights, users, or third parties (e.g., disclosing fraud-related data to law enforcement).
If we undergo a merger or acquisition, your data may be transferred to the acquiring entity (we will notify you 30 days in advance).
Encryption: Data in transit (TLS/SSL) and at rest (AES-256) .
Vulnerability Testing: Monthly scans for database flaws (e.g., SQL injection ).
Access Controls: Only authorized staff can access personal data (role-based permissions).
Account Data: Retained for the duration of your account + 30 days after deletion (to resolve disputes).
UGC: Deleted when you remove it, or when your account is terminated.
Purchase Data: Retained for 7 years (to comply with tax laws).
We may update this Policy to reflect legal changes or service updates. We will:
Notify you via in-app alert and email (to TogiteamApp@togionline.com
Post the updated Policy in the App’s "Settings" > "Privacy Policy".
Give you 30 days to review changes—continuing to use Togi means you accept the update.
9. Prohibited Content Overview
When using our service, you will encounter content from various sources. Some content is not allowed, and we must impose restrictions on certain types of content to maintain a safe and respectful environment. These include:
Language or images that may be considered offensive, harassing, unsettling, embarrassing, alarming, or infuriating to others, such as targeted insults or graphic visuals that trigger distress.
Obscene, pornographic, violent, or other content that may violate personal dignity—including non-consensual sexual content, extreme brutality, or degrading depictions of individuals.
Abusive, insulting, threatening, discriminatory, or content that promotes racism, gender bias, hatred, or prejudice, such as slurs against marginalized groups or calls for discrimination.
Encouragement of illegal activities, including but not limited to terrorism, incitement of racial hatred, or engaging in criminal activities like theft, fraud, or drug trafficking.
Defamation or slander—false statements that harm the reputation of individuals or organizations, including unsubstantiated claims about someone’s character or conduct.
Involvement in commercial activities without authorization, including sales of goods/services, unregulated contests, advertisements for external brands, links to third-party websites, or sharing premium phone numbers for profit.
Transmission of “spam” emails or “junk mail,” such as unsolicited mass messages promoting content or services to other users.
Any content containing spyware, adware, viruses, corrupted files, worms, or other malicious code intended to disrupt, damage, or limit the functionality of software, hardware, telecommunications, networks, servers, or other devices. This also includes Trojan horses or materials that intercept or misappropriate data or personal information.
Content that itself or when published infringes upon the rights of any third party—including copyrights (e.g., unlicensed music/film clips), trademarks, or privacy rights (e.g., leaked personal contact information).
Displaying content created or distributed without the consent of others, such as reposting someone’s private photos, videos, or written work without explicit permission.
For questions about this Policy, UGC rules, or in-app purchases, contact us at TogiteamApp@togionline.com.