Privacy Policy

Last updated: May 21, 2026

1. Introduction

This Privacy Policy describes how LOMOPAY collects, uses, shares, and protects your personal data when you use our international platform. It applies to all users, wherever they are in the world.

We are committed to respecting major applicable regulations, including the General Data Protection Regulation (GDPR) for European users and any equivalent legislation.

2. Data collected

We collect the following categories of data:

• Identification: first/last name, email, phone, profile photo, country of residence.
• Account: password (hashed), login history, 2FA settings, language preferences.
• Payment: transaction history, invoices, payment method used (full banking data stays with our secure providers).
• KYC: ID document, proof of address (only when verification is required for withdrawals or paylinks).
• Created content: AI prompts, generated content, uploaded files, shop products.
• Browsing data: IP address, device type, browser, pages visited, clicks, session duration, language.
• Communications: support messages, chat conversations, received emails.

3. Cookies and similar technologies

We use cookies for:

• Strictly necessary cookies: authentication, security, language preference (no consent required).
• Analytics cookies: Google Analytics, internal analytics — to measure audience and improve the Platform.
• Functional cookies: remember your preferences (theme, currency).
• Third-party cookies: payment integrations (Stripe, PayPal), captcha, embedded videos.

You can manage your preferences via the cookie banner shown on your first visit.

4. Purposes of processing

Your data is used to:

• Create and manage your account;
• Provide requested services (AI generation, payments, shop, etc.);
• Process and secure financial transactions;
• Combat fraud, money laundering, and abuse;
• Send you service notifications (transactions, security updates);
• With your consent: marketing, newsletter, promotional offers;
• Improve the Platform (analytics, statistics);
• Meet our legal obligations (KYC, accounting, judicial requests).

5. Legal bases (GDPR)

Processing relies on the following legal bases:

• Performance of contract: service delivery, payment processing.
• Legal obligation: KYC, anti-money-laundering, accounting.
• Legitimate interest: security, fraud prevention, service improvement.
• Consent: marketing, non-essential cookies — revocable at any time.

6. Recipients of your data

Your data may be shared with:

• Payment providers: Stripe, PayPal, CinetPay, Moneroo, Leekpay, Mobile Money operators, partner banks.
• AI providers: OpenAI, Google (Gemini) — only the prompts necessary for generation.
• Technical services: hosting, email (SMTP), analytics, anti-spam, anti-fraud.
• Authorities: only upon legal request.

We never sell your personal data to third parties.

7. International transfers

As LOMOPAY is an international platform, your data may be processed in countries outside the EU. When this happens, we implement appropriate safeguards: European Commission Standard Contractual Clauses, adequacy certification, or explicit consent.

8. Retention periods

• Account data: for the duration of the relationship + 3 years after deletion.
• Payment data and invoices: 10 years (accounting obligation).
• KYC data: 5 years after end of relationship (anti-money-laundering obligation).
• Browsing data: maximum 13 months.
• Cookies: maximum 13 months.

9. Your rights

You have the following rights over your personal data:

• Access: obtain a copy of your data.
• Rectification: correct inaccurate data.
• Erasure ("right to be forgotten"): subject to our legal retention obligations.
• Restriction of processing.
• Portability: receive your data in a structured format.
• Objection to processing based on legitimate interest or to direct marketing.
• Withdrawal of consent at any time.
• Complaint to a supervisory authority (CNIL in France, ICO in the UK, etc.).

To exercise these rights: vegambangaudric@gmail.com. We will respond within one month maximum.

10. Security

We implement technical and organizational measures to protect your data:

• HTTPS/TLS encryption on all communications;
• Password hashing (modern algorithms);
• Two-factor authentication (2FA) available;
• Web application firewall, DDoS protection, rate limiting;
• Access monitoring and audit logs;
• Data access restricted to authorized personnel.

In case of a data breach likely to affect your rights, we will inform you within 72 hours in accordance with GDPR.

11. Minors

The Platform is not intended for minors under 16. If we learn that a minor has created an account without parental consent, we will delete it.

12. Changes

This policy may be amended at any time. Material changes will be notified by email or in-app.

13. Contact

For any question regarding your data:

• Email: vegambangaudric@gmail.com
• Data Protection Officer (DPO): dpo@vegambangaudric@gmail.com