1. Who We Are
Vialovia ("we," "us," "our") develops and operates the ApprovedByLama mobile application and the associated website ApprovedByLama.com. Vipo is a services platform that helps users with immigration, visa, education, and related consulting services in Germany.
Website: vialovia.com
App Website: ApprovedByLama.com
Contact Email: [email protected]
Google Play: com.alphaag.approved
2. Scope of This Policy
This privacy policy applies to the Vipo mobile application (available on Android and iOS) and the website ApprovedByLama.com. It describes what personal data we collect, how we use it, who we share it with, how we protect it, and your rights regarding your data.
Third-party websites, services, or apps linked from within Vipo are governed by their own privacy policies. We encourage you to review those policies before providing them with any personal data.
3. Data We Collect
We collect the following categories of personal data. The specific data collected depends on which features you use and the services you apply for.
3.1 Data You Provide Directly
| Category | Examples | Purpose |
|---|---|---|
| Account Information | Name, email address, phone number, password | Account creation and authentication |
| Personal & Identity Information | Full name, date of birth, birthplace, gender, nationality, marital status, current address, spouse and family details | Service applications (visa, immigration, education consulting) |
| Government Documents & Legal Data | Passport number, passport issue/expiry dates, residence permit details, visa application history, visa refusal history, police clearance certificates | Immigration and visa service processing |
| Educational Background | School and university names, degrees, graduation dates, grades, academic references | Education consulting and university application services |
| Professional Information | Work experience, employer details, skills, language proficiency, professional certifications | Career and immigration consulting services |
| Financial Information | Funding source, insurance information (travel, health, liability) | Visa and immigration application requirements |
| Uploaded Documents & Photos | Scanned documents, photos taken via camera, images selected from gallery | Document verification and service applications |
| Communications | Messages sent via in-app chat, support requests, email correspondence | Customer support and service delivery |
3.2 Data Collected Automatically
| Category | Examples | Purpose |
|---|---|---|
| Device Information | Device model, operating system version, app version, unique device identifiers | App compatibility, debugging, security |
| Usage Data | Screens viewed, features used, interaction timestamps, session duration | App improvement and performance optimization |
| Crash & Diagnostic Data | Crash logs, error reports, performance metrics | Bug fixing and app stability |
| Push Notification Tokens | Firebase Cloud Messaging (FCM) token | Delivering push notifications you opted into |
3.3 Data We Do NOT Collect
- We do not collect precise geolocation data.
- We do not collect contacts or call logs from your device.
- We do not record audio or video without your explicit action (camera use is user-initiated only).
- We do not sell your personal data to third parties.
4. How We Use Your Data
We use your personal data for the following purposes:
- Provide Services: Process your immigration, visa, education, and consulting service applications.
- Account Management: Create and manage your user account, authenticate your identity.
- Communication: Send service updates, respond to inquiries, and deliver notifications you opted into.
- App Operation & Security: Maintain, secure, and improve the app; detect and prevent fraud or abuse.
- Customer Support: Respond to your requests and resolve issues.
- Legal Compliance: Fulfill legal obligations, respond to lawful requests from authorities.
- App Improvement: Analyze usage patterns to improve features, fix bugs, and enhance user experience.
5. Legal Bases for Processing (EEA/UK)
If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your personal data based on the following legal grounds:
| Legal Basis | Applies To |
|---|---|
| Performance of a Contract | Processing necessary to provide the services you requested (visa applications, consulting, etc.). |
| Consent | Processing based on your explicit consent, such as push notifications, camera/gallery access, and optional marketing communications. You can withdraw consent at any time. |
| Legitimate Interests | App security, fraud prevention, product improvement, and analytics, where these interests are not overridden by your rights. |
| Legal Obligation | Where we are required by law to retain or disclose certain data. |
6. Data Sharing and Third-Party Services
6.1 Service Providers (Data Processors)
We use the following third-party services that may process your data on our behalf, under contractual obligations to protect your data:
| Service | Provider | Purpose | Data Processed |
|---|---|---|---|
| Firebase Cloud Messaging | Google LLC | Push notifications | Device tokens, notification content |
| Firebase Authentication | Google LLC | User authentication | Email, phone number, authentication tokens |
| Firebase Cloud Firestore | Google LLC | Data storage | User account data, application data |
| Branch.io | Branch Metrics, Inc. | Deep linking | Device identifiers, link interaction data |
| Cloudflare Workers | Cloudflare, Inc. | API proxy | API request data (transient processing) |
| WordPress (Hosting) | Self-hosted | Content management and backend services | User account data, service data |
6.2 Other Disclosures
- Legal Requirements: We may disclose data if required by law, regulation, legal process, or governmental request.
- Protection of Rights: We may disclose data to protect the safety, rights, or property of Vialovia, our users, or the public.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred. We will notify affected users before their data is subject to a different privacy policy.
7. App Permissions
Vipo requests the following device permissions. Each permission is requested only when the related feature is used, and you can change permissions at any time in your device settings.
| Permission | Why We Need It | Required? |
|---|---|---|
| Internet | Core app functionality; communicate with our servers. | Yes |
| Network State | Detect connectivity to handle offline/online behavior. | Yes |
| Camera | Capture photos of documents for service applications. | No (optional) |
| Storage / Media Images | Select existing photos or documents from your device for upload. | No (optional) |
| Push Notifications | Receive service updates and important alerts. | No (optional) |
| Biometric (Fingerprint/Face) | Optional biometric login for added security. | No (optional) |
8. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law.
| Data Type | Retention Period |
|---|---|
| Account data | As long as your account is active, plus 6 months after deletion to handle any follow-up. |
| Service application data | For the duration of the service engagement, plus any legally required retention period. |
| Uploaded documents | Until service completion, then deleted unless retention is legally required. |
| Diagnostic and crash logs | Up to 12 months. |
| Push notification tokens | Until you uninstall the app or revoke notification permissions. |
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit: All data transmitted between the app and our servers uses HTTPS/TLS encryption.
- Encrypted local storage: Sensitive data stored on your device (such as authentication tokens) is kept in encrypted storage.
- Access controls: Access to personal data is restricted to authorized personnel on a need-to-know basis.
- No cleartext traffic: The app does not allow unencrypted HTTP connections.
- No device backup of app data: App data is excluded from device backups to prevent unauthorized access.
- Biometric authentication: Optional biometric login adds an extra layer of protection.
While no system can guarantee absolute security, we continuously work to protect your data and promptly address any security incidents.
10. International Data Transfers
Your data may be processed in countries outside your country of residence, including countries where our service providers operate (e.g., the United States for Google/Firebase services). When transferring data outside the EEA/UK, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.
11. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data (see Section 12 for in-app account deletion).
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Data Portability: Request a machine-readable copy of data you provided to us.
- Objection: Object to processing based on legitimate interests.
- Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
For EEA/UK Residents
You also have the right to lodge a complaint with your local data protection authority if you believe your data has been processed unlawfully.
For California Residents (CCPA/CPRA)
You may request disclosure of the categories and specific pieces of personal data we have collected, request deletion, and opt out of the "sale" or "sharing" of personal data. We do not sell personal data. To exercise these rights, contact us at the email address below. We will verify your identity and respond within the timeframe required by law.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or as required by applicable law).
12. Your Choices and Account Deletion
Account Deletion
You can delete your account directly within the app:
- Open Vipo and go to Settings.
- Navigate to Account.
- Tap Delete Account.
- Confirm by typing "PERMANENTLY DELETE" when prompted.
Account deletion is permanent and irreversible. Upon deletion, we will delete or anonymize your personal data, except where retention is required by law.
Alternatively, you can request account deletion by emailing [email protected].
Push Notifications
You can opt out of push notifications at any time through your device's system settings or within the app settings.
Marketing Communications
You can unsubscribe from marketing emails by using the unsubscribe link in any marketing email or by adjusting your preferences in the app settings.
Device Permissions
You can revoke camera, storage, notification, and biometric permissions at any time through your device's system settings. Some features may not function without certain permissions.
13. Children's Privacy
14. Third-Party Links and Services
Vipo may contain links to third-party websites or services (e.g., WhatsApp, Telegram, Facebook Messenger) for communication purposes. When you use these links, you leave our app and your interaction is governed by the third party's privacy policy. We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.
15. Cookies and Similar Technologies
Our website (ApprovedByLama.com) may use cookies and similar technologies for basic site functionality and analytics. You can control cookies through your browser settings. Disabling cookies may affect some website functionality. The Vipo mobile app does not use cookies.
16. Changes to This Policy
We may update this privacy policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy.
- Notify you via in-app notification or on our website.
Your continued use of the app after changes take effect constitutes acceptance of the updated policy. If you do not agree with changes, you should stop using the app and delete your account.
17. Contact Us
If you have questions, concerns, or requests regarding this privacy policy or your personal data, contact us:
We aim to respond to all inquiries within 30 days.