Privacy Policy

Effective date: July 19, 2024

This Privacy Policy is a legally binding contract between Laraun Limited, a Limited Liability Company incorporated and registered in the Republic of Cyprus under registration number, ΗΕ 312319 having its registered address at Evropis 4, Flat/Office 3, Strovolos, P.C. 2064, Nocisia, Cyprus (referred to as "we," "us," or "our"), and users of the Image to PDF Converter ＋Editor application, which is distributed via application stores (referred to as the "App"). We act as the controller of your personal data processed through the App, meaning we determine the purposes and methods of processing your personal data.

This Privacy Policy outlines how we collect, store, process, and use your personal data when you use our App. By accessing or using our App, you agree to the terms of this Privacy Policy.

We encourage you to review this Privacy Policy whenever you access the App to convert files or otherwise interact with us via email, post, telephone, or any other means of communication. If you do not agree with the terms of this Privacy Policy, please refrain from accessing or using the app.

Types of information that we process

1.1. Information that you submit

We process the following personal information about you when you use the App. This information is necessary for the adequate performance of the contract between you and us. Without such information, it is impossible to provide the complete functionality of the App and perform the requested services:

1.1.1. Activity Information: Information about the device itself, information about the internet connection, location-related information, and device identifiers.
1.1.2. Contact Information: Your name, email address, and any other content included in the email when you contact us via email or support form. This information is used for communication purposes.
1.1.3. Other Information: Directly related to your use of the App, such as photos and documents you upload. The app does not collect, store, or use pictures or files from your device unless explicitly uploaded or shared.
1.1.4. File Conversion Process:
- When you convert a file on the cloud, you upload a file from your device to a cloud server owned by us;
- Our proprietary PDF Converter intermediary server communicates with a reputable third-party API (e.g., CloudMersive) to provide you with the desired file type output.
- The third-party API converts your file and returns it to us, which we then make available for download through the app.
- Your file is stored encrypted on our servers until you delete it.

1.2. Information That is Processed Automatically

We may collect automatically-collected information when you access our services ("Usage Data"), such as:

1.2.1. Personal Information: Received when you visit, use, and interact with the App, including order information from in-app purchases and the Identifier for Advertisers (IDFA) on your mobile device. Billing, processing, and charging for in-app purchases are organized on the application stores side; we cannot access or use your credit or debit card information.
1.2.2. Log Data: Specific information transmitted by your mobile device, such as device identifier, user preferences, operating system details, and data about interactions with the App. Additionally, data from your web browser, such as IP address, browser type, referring/exit pages, URLs, pages visited, and other relevant engagement details.
1.2.3. Analytics Usage: We use online analytics tools like Amplitude and AppsFlyer, employing cookies to assess user interactions with our services and enhance your app experience.
1.2.4. Ad-Related Information: Data about ads viewed, including date and time served, "click" or "conversion" events, ad content, type (e.g., text, image, video), placement within the app, and user responses.
1.2.5. In-App Events: Analytics tools automatically record in-app information, such as tutorial steps, leveling up, payments, in-app purchases, custom events, and progression events. The methods for limiting the processing of user data are also noted.

This information is generally non-personal, meaning it does not, on its own, permit direct association with any specific individual, and we may access it only in aggregated form. We process this information on the grounds of our legitimate interest in improving our App and providing our users with the best experience.

2. Purpose of processing your personal information

We use your information for the following purposes:

2.1.1. Availability of the Service: We use the information that you submit and information that is processed automatically to provide you with all requested services.
2.1.2. Testing, Monitoring, and Improvement of our App: We use the information that is processed automatically to analyze behavior and patterns, detect potential outages and technical issues, and to operate, protect, improve, and optimize our App.
2.1.3. Communication: We use the information we have to respond to your requests, communicate with you through newsletters, send you marketing notifications, receive your feedback about our App experience, and inform you about our policies and terms.
2.1.4. Interest-Based/Targeted Content: We may use information that is processed automatically for marketing purposes, such as to show ads that may be of interest to you based on your preferences.
2.1.5. Compliance and Law Enforcement: We strive to protect you from spam and fraudulent content. We may use your information to prevent, detect, and investigate fraud, security breaches, and potentially prohibited or illegal activities.
2.1.6. Safety and Security: We use your information to enhance the safety and security of our App and to help us detect abuse, fraud, and illegal activity within our services.

3. Legal basis of processing your personal information

Our processing of your personal data is based on legal foundations that align with the specific purposes for which we collect and use your personal data. These legal grounds include:

3.1.1. Consent: We process your personal data if you have provided explicit consent.
3.1.2. Legal Obligation: Processing occurs when required to comply with legal obligations.
3.1.3. Legitimate Business Interests: Processing aligned with our legitimate business interests.

Specific Legal Foundations for Data Processing:

3.2.1. Communications (Legitimate Interest): We process your personal data for effective communication, arranging meetings, calls, or virtual sessions. Recordings are stored within our corporate system.
3.2.2. Marketing and Public Relations (Consent): We use cookies for marketing research, analyzing visitor characteristics, evaluating marketing communications, and tailoring them to identify trends. We use your personal data to share promotional materials, service updates, email notifications, and newsletters.
3.2.3. Automated Processing (Legitimate Interest): Essential cookies and third-party services automatically process data to gain insights into user preferences and enhance the overall app experience.
3.2.4. Security Measures (Legitimate Interest): We process personal data to maintain app security, prevent fraudulent activities, and protect the rights and interests of our Company and third parties, including Intellectual Property rights.

We are committed to upholding data protection principles, ensuring transparent and lawful processing based on appropriate legal grounds.

4. Data sharing with third parties

To enhance your experience and provide you with the best possible service, we may share certain information with third-party providers, affiliated entities, contractors, government entities, and authorities (collectively referred to as "data processors"). These entities are entrusted with specific tasks related to hosting, maintenance, analytics, marketing, or compliance with legal requirements.

We want to emphasize that any sharing of information is conducted in strict compliance with applicable data protection laws. We take comprehensive measures to ensure that these data processors handle your information with the same level of care, confidentiality, and security as we do. It is important to note that we do not sell your personal information to third parties for any purpose.

When processing your data, we may use the following data processors:

Name	Services	Location	Privacy Policy
DigitalOcean, LLC	Cloud storage provider	USA	Privacy policy
AppsFlyer Ltd.	Analytics and marketing service provider	USA	Privacy policy
Amplitude, Inc.	Analytics and marketing service provider	USA	Privacy policy
Firebase (Google LLC)	Analytics service provider	USA	Privacy policy
Cloudmersive, LLC	API for document conversion	USA	Privacy policy

5. International data transfer

In the event of transferring personal data from the European Economic Area (EEA) to countries lacking an adequate level of data protection, we rely on one of the following legal bases: (i) Implementation of Standard Contractual Clauses approved by the European Commission, or (ii) Adherence to adequacy decisions made by the European Commission regarding specific countries (details accessible here).

6. Data Safety

6.1. We employ a variety of administrative, technical, and physical security measures to safeguard your information. While we have implemented reasonable steps to protect the information you provide to us, it's important to understand that no security measures are infallible. Despite our efforts, no method of data transmission or storage can be guaranteed against all interception or misuse.

6.2. Any information disclosed online or through cloud services may be vulnerable to interception and misuse by unauthorized parties. Therefore, while we strive to protect your information, we cannot guarantee complete security if you choose to provide us with your information.

7. Data Subject Rights

7.1. As a data subject residing in the European Economic Area (EEA) or the United Kingdom (UK), you have specific rights regarding your personal data:

7.1.1. Right to Access: You have the right to obtain confirmation of whether we process your personal data and, if so, to request access to that data.
7.1.2. Right to Rectification: You can request the correction of inaccurate or incomplete personal data.
7.1.3. Right to Erasure: You have the right to request the deletion of your personal data from our systems, unless legal obligations require retention.
7.1.4. Right to Restrict Processing: You can request the restriction of processing your personal data under certain circumstances.
7.1.5. Right to Data Portability: You can receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller.
7.1.6. Right to Object: You may object to the processing of your personal data based on specific grounds relating to your particular situation.
7.1.7. Right to Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
7.1.8. Right to Lodge a Complaint: If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with a supervisory authority.

7.2. To exercise any of these rights, please contact us using the details provided in the "Contact Us" section of this Privacy Policy.

For EEA Residents: We will respond to your requests within one month. If you are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority. You can find more information here.

For UK Residents: We will respond to your requests within one month. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) via phone at 0303-123-1113 or online at www.ico.org.uk/concerns.

8. Data Storage

8.1. We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. We are committed to ensuring that your data is not held longer than necessary for the specified purposes.

8.2. Once the legitimate business need to process your personal data no longer exists, we take appropriate steps, which may include deleting or anonymizing the information. In cases where immediate deletion is not feasible, such as when data is stored in backup archives, we securely store the information to prevent further processing. We maintain this secure state until deletion is possible.

8.3. As a user, you have the right to restrict us from processing your data by submitting a request for data erasure or objecting to the processing of your data. It's important to note that exercising these rights will prevent us from processing your data and may lead to its deletion. This action could result in loss of access to our services and may limit our ability to respond effectively to your inquiries.

9. Children’s Privacy

We do not knowingly collect or solicit personal information from children under the age of 18. If we discover that we have inadvertently collected personal information from a child under 18 without verified parental consent, we will promptly delete that information from our records. If you believe that we may have collected information from or about a child under 18, please contact us at [email protected].

10. CALIFORNIA RESIDENT NOTICE

Under the California Consumer Privacy Act of 2018 (CCPA) California residents shall have the right to request: a) the categories of personal information that is processed; b) the categories of sources from which personal information is obtained; c) the purpose for processing of user personal data; d) the categories of third parties with whom we may share your personal information; e) the specific pieces of personal information that we might have obtained about a particular user provided that the data given in the request is reliable enough and allows to identify the user.

PERSONAL INFORMATION.

All about the categories of information, its sources and purposes of processing is described above. Be informed that according to CCPA personal information does not include de-identified or aggregated consumer information.

DATA SHARING.

Data sharing scope and basis are defined above. All third parties that are engaged in processing user data are service providers that use such information on the basis of agreement and pursuant to business purpose.

OPT-OUT OPTIONS.

If you don’t want us to process your personal information any more, please contact us through [email protected]. Please be informed that such opt out may impact App’s further operation without functional data and you will be advised to remove the App from your device. If you don’t want us to share device identifiers and geolocation data with service providers, please check your device settings to opt out as described above.

REQUESTS.

To submit a verifiable consumer request please contact us through the email [email protected]. When submitting a verifiable request, you should be ready to: a) Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include: name, address, city, state, and zip code and email address. We may use this information to surface a series of security questions to verify your identity. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide written authorization confirming or a power of attorney, signed by you; b) Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will not be able to respond to your request or provide you with personal information if we cannot: (i) verify your identity or authority to make the request; or (ii) confirm that personal information relates to you. We may ask you for additional information or documents to verify your identity. We may also carry out checks, including with third party identity verification services, to verify your identity before taking any action with your personal information. This is regarded as a safeguard measure to prevent disclosure of your personal information under a fake or scum request. We ensure that personal information provided in a verifiable consumer request will be used only to verify the requestor’s identity or authority to make the request and not for any other purpose. We will keep it for the adequate term reasonably needed for the purpose described above and delete after the purpose is fulfilled. We try to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. Please note that we are only required to respond to two requests per customer each year.

CALIFORNIA PRIVACY RIGHTS.

Access: Request disclosure of personal information collected, used, and disclosed in the past 12 months (twice per 12-month period).
Prohibit Sale: Request cessation of processing for direct marketing purposes. We do not sell personal information for profit.
Correction: Request correction of inaccurate personal information.
Non-Discrimination: No discriminatory treatment for exercising privacy rights.
Automated Decision-Making: No decisions based solely on automated processing with significant impacts.
Restriction: Contact us to stop processing sensitive information. We do not process sensitive information to infer characteristics.
Deletion: Request deletion of personal information with exceptions (e.g., completing transactions, legal obligations).
Portability: Receive personal information in an electronic format for transfer to another party.

SALE OF DATA.

We do not sell any of your personal data to third parties.

11. COLORADO RESIDENT NOTICE

This section applies only to Colorado residents in addition to the rest of this Privacy Policy. We process personal data in compliance with the Colorado Privacy Act that requires us to disclose the following additional information related to our privacy practices.

If you are unable to access this Privacy Policy due to a disability or any physical or mental impairment, please contact us and we will provide you with the required information in an alternative format that you can access.

PERSONAL INFORMATION.

All about the categories of information, its sources and purposes of processing is described above.

DATA SHARING

REQUESTS.

COLORADO PRIVACY RIGHTS.

Access: Know if a controller is processing your data.
Portability: Receive data in a portable, machine-readable format (twice per calendar year).
Opt-Out: Object to processing for data sale, targeted advertising, or profiling.
Correction: Request rectification of inaccurate information.
Deletion: Request deletion or cessation of processing personal data.
Appeal: Appeal if dissatisfied with request resolution by contacting [email protected] with "Appeal to answer on privacy request" in the subject line. Appeals are considered within 45 days, extendable by 60 days if necessary. If denied, contact the Attorney General's Office via the Online Consumer Complaint Form.

HOW TO EXERCISE YOUR PRIVACY RIGHTS.

You can exercise any of your privacy rights specified above using any of the ways described in the Section “Contact information”. Please, specify clearly what you want to exercise and identify yourself. Please note that we are not required to comply with the request if we are unable to authenticate your request using commercially reasonable efforts. If you send us a request we will reply to you within 45 calendar days free of charge, except that, for a second or subsequent request within a twelve-month period, we may charge a reasonable fee. If we refuse to take action on your request, you can follow the appeal procedure within 45 days after receiving such refusal sending your appeal to this email [email protected]. adding in the subject of email “Appeal to answer on privacy request”. We are obliged to consider your appeal within 45 after receipt of the appeal and inform you of any action taken or not taken in response to the appeal. We can extend this term by 60 additional days where reasonably necessary, taking into account the complexity and number of requests serving at this time. If your appeal is denied, you may contact the Attorney General to submit a complaint by visiting the Office of the Attorney General’s website to complete an Online Consumer Complaint Form.

AUTHENTICATION.

For the purpose of safeguarding your Personal Data against unauthorized access or deletion, we may need to authenticate your credentials before accepting a request pertaining to your rights. If you do not possess an account with us or if we suspect unauthorized access to your account, we may request additional personal information from you to verify your identity. If after these steps we are unable to verify your identity, we reserve the right to decline your rights request.

SALE OF DATA.

We do not sell any of your personal data to third parties.

12. VIRGINIA PRIVACY NOTICE

The following section pertains exclusively to residents of Virginia. It outlines our practices regarding the collection, utilization, and sharing of Personal Data belonging to Virginia residents, in our capacity as a business operating under the Virginia Consumer Data Protection Act ("VCDPA"). Additionally, it outlines your rights in relation to your Personal Data. Please note that the term "Personal Data" used in this section holds the definition ascribed to it by the VCDPA, with the exception of information exempted from the VCDPA's scope.

PERSONAL INFORMATION.

All about the categories of information, its sources and purposes of processing is described above.

DATA SHARING.

REQUESTS.

o submit a verifiable consumer request please contact us through the email [email protected]. When submitting a verifiable request, you should be ready to: a) Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include: name, address, city, state, and zip code and email address. We may use this information to surface a series of security questions to verify your identity. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide written authorization confirming or a power of attorney, signed by you; b) Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will not be able to respond to your request or provide you with personal information if we cannot: (i) verify your identity or authority to make the request; or (ii) confirm that personal information relates to you. We may ask you for additional information or documents to verify your identity. We may also carry out checks, including with third party identity verification services, to verify your identity before taking any action with your personal information. This is regarded as a safeguard measure to prevent disclosure of your personal information under a fake or scum request. We ensure that personal information provided in a verifiable consumer request will be used only to verify the requestor’s identity or authority to make the request and not for any other purpose. We will keep it for the adequate term reasonably needed for the purpose described above and delete after the purpose is fulfilled. We try to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. Please note that we are only required to respond to two requests per customer each year.

VIRGINIA PRIVACY RIGHTS.

As a resident of Virginia, we would like to inform you about your privacy rights, which are outlined below. While we respect and uphold these rights, it is important to note that they are not absolute, and there may be instances where we are unable to fulfill your request in accordance with applicable laws and regulations.

Access: Confirm processing of personal data and request a copy.
Rectification: Correct inaccuracies in personal data.
Deletion: Request deletion of personal data.
Portability: Obtain copies of personal data collected.
Opt-Out: Opt out of targeted advertising, sale of data, or profiling.
Restriction: Restrict processing of sensitive personal data. We do not process sensitive data to infer characteristics.
Appeal: Appeal valid refusals by contacting [email protected] with "Appeal to answer on privacy request" in the subject line. Appeals are considered within 45 days, extendable by 60 days if necessary. If denied, contact the Attorney General's Office via the Online Consumer Complaint Form.

HOW TO EXERCISE YOUR PRIVACY RIGHTS.

AUTHENTICATION.

SALE OF DATA.

We do not sell any of your personal data to third parties.

13. CONNECTICUT PRIVACY NOTICE

This notice outlines the manner in which we, acting as a "Controller" under Connecticut's Data Protection Act ("CTDPA"), collect, utilize, and disclose your personal data, as well as the rights you have concerning your personal data, including sensitive personal data. In this context, "personal data'' and "sensitive data'' carry the definitions provided in the CTDPA and do not encompass information excluded from the scope of the CTDPA.

PERSONAL INFORMATION.

All about the categories of information, its sources and purposes of processing is described above.

DATA SHARING.

REQUESTS

To submit a verifiable consumer request please contact us through the email [email protected]. Before processing most requests, we will need to verify your identity and confirm that you are a resident of the State of Connecticut. When submitting a verifiable request, you should be ready to: a) Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include: name, address, city, state, and zip code and email address. We may use this information to surface a series of security questions to verify your identity. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide written authorization confirming or a power of attorney, signed by you; b) Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will not be able to respond to your request or provide you with personal information if we cannot: (i) verify your identity or authority to make the request; or (ii) confirm that personal information relates to you. We may ask you for additional information or documents to verify your identity. We may also carry out checks, including with third party identity verification services, to verify your identity before taking any action with your personal information. This is regarded as a safeguard measure to prevent disclosure of your personal information under a fake or scum request. We ensure that personal information provided in a verifiable consumer request will be used only to verify the requestor’s identity or authority to make the request and not for any other purpose. We will keep it for the adequate term reasonably needed for the purpose described above and delete after the purpose is fulfilled. If you are submitting a request on behalf of a Connecticut resident, including a minor child, we will also need sufficient information to verify that the individual is the person about whom we collected personal data, and that you are authorized to submit the request on their behalf. We try to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. Please note that we are only required to respond to two requests per customer each year.

CONNECTICUT PRIVACY RIG

As a resident of Connecticut, we would like to inform you about your privacy rights, which are outlined below. While we respect and uphold these rights, it is important to note that they are not absolute, and there may be instances where we are unable to fulfill your request in accordance with applicable laws and regulations. Right to know. You have the right to verify whether we are processing your personal data or not. Right to deletion. You have the right to request the deletion of your personal data under certain circumstances. If you make such a request, we will assess whether we are legally obligated to comply or if there are reasons that limit the scope of the deletion. If there are any reasons, we will provide you with an explanation in our response. Right to access. The right to access and obtain a copy of personal data you previously provided to us, in a readily usable format that allows you to transmit the information to another entity without hindrance, to the extent technically feasible. The right to opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or further profiling. The right to ppt out of profiling. You have the right to choose not to have your personal data processed for profiling purposes that could lead to decisions with significant legal or similar effects on you. If you wish to exercise this right, you can opt out of such profiling activities. The right to appeal our valid refusal of your initial request. If we reject your request relating to any of the rights outlined in the above sections, you have the option to request a reconsideration of our decision.

HOW TO EXERCISE YOUR PRIVACY RIGHTS.

You can exercise any of your privacy rights specified above using any of the ways described in the Section “Contact information”.

If we refuse to take action on your request, you can follow the appeal procedure within 45 days after receiving such refusal sending your appeal to this email [email protected] adding in the subject of email “Appeal to answer on privacy request”. If your appeal is denied, you may contact the Attorney General to submit a complaint by visiting the Office of the Attorney General’s website to complete an Online Consumer Complaint Form.

14. Changes to this Privacy Policy

We may update this Privacy Policy periodically. When we make significant changes, we will notify you under certain circumstances, such as when required by applicable privacy laws or when the changes are material. If required by law, we will seek your consent for these changes. The "last updated" date at the bottom of this Privacy Policy will reflect the most recent revisions. We encourage you to review this page periodically for any updates. We may notify you of changes by updating the Privacy Policy date within the App or through other methods such as in-app notifications.

15. Contact us

If you have any questions, please contact us via [email protected].