This policy also provides information based on laws related to the processing of your personal data. Further, this policy sets out the basis by which we will process any personal data that you provide to us or that we obtain from other sources.
For the purpose of data protection law, Allure ("we", "us", and "our") is the data controller with respect to your personal data.
In this policy:
We use your personal data for the following purposes based on our legitimate interests and/or with your consent:
Your personal data may be shared with the following recipients in the situations described below:
Authorized employees or affiliates. When necessary, these authorized individuals will access the minimum amount of data required to provide customer support, operate our system and services, or investigate fraud or security issues.
Manufacturers and service/shipping providers of products/services ordered through the application. We provide only the minimum amount of information necessary for them to carry out the specific services listed in our contract with them. Further, the information is only used for the exact purposes specified in the contract and all information is deleted after the required task has been completed.
Payment service providers. Payments for products/services ordered through the application are processed by secure and trusted payment processors, such as Xendit and Midtrans. We do not store payment information.
Infrastructure vendors and other service providers. We store all data on servers provided by secure infrastructure services. We also provide data to service providers who support our business, such as by analyzing how our application is used, providing customer service, conducting surveys, measuring promotional campaigns, and/or sending emails and push notifications to users, for the purpose of processing the data described in the above.
Law enforcement bodies. In response to legal requests, we will share the minimum amount of data necessary with law enforcement bodies.
Other users invited to your album by you or your partner. The only information accessible by other album members is information that you have provided when using the application.
In order to process personal data as described in “5. Purpose and Legal Basis of Processing Personal Data” above, we retain third-party service providers including the following:
Amazon Web Services, Google Cloud Platform (to store data, provide our service, etc.)
Google Firebase, Amplitude (for analytics, to send push notifications, etc.)
Facebook, Linkedin (for advertising and analytics)
NewRelic (to monitor our service)
SendGrid (to send emails)
Google Forms (to conduct user surveys)
In all cases, we apply strict measures to keep your data safe and your privacy protected. We share your personal data only for the purposes described in “5. Purpose and Legal Basis of Processing Personal Data” above. We do not sell your personal data to any third parties, even in the form of anonymized statistical data.
Whenever we transfer, store, or process your personal data, we take reasonable steps to safeguard the privacy of your data. Your privacy and safety are important for us.
We retain your personal data for the periods listed below, except when required by law to retain it for a longer period of time. In that case, we retain your data for the period required by law.
We retain your personal data until we receive a request from you to delete your account.
Photos and videos deleted from the application are removed from our servers automatically within 30 days.
Your personal data will be deleted from our servers within 30 days of receiving a request to delete your account.
We utilize cookies and similar technologies within the application in order to collect certain information, including the following:
We use the following first-party cookies based on your consent or without your consent only where permitted by applicable laws.
To keep you logged in while using the Allure Upload Site
10 minutes from last access
To connect you to the right album after clicking an invitation link
14 days from last access
To keep you logged in while using the browser version of the application
14 days from last access
We may change the expiration time frames listed above in order to optimize the application’s usability.
It is possible to disable cookies and other tracking IDs on your device. To learn more, visit the appropriate link below:
We acknowledge that you have the right to access and correct your personal data, discontinue our usage of your personal data, and other rights stipulated in each applicable jurisdictional law. You also have the right to lodge a complaint with a data protection authority in the jurisdiction where you reside, where you work, or where the alleged infringement of your rights took place. We will comply with any such request in full accordance with the applicable laws and regulations.
The following personal data is required to use the application:
Please note that you cannot use the application if we cannot obtain the personal data listed above.
We do not knowingly collect or solicit information from anyone under the age of 13 without parental consent. The application is not directed at children under the age of 13 who register themselves without parental consent, and we do not knowingly allow such persons to register. In the event that we learn that we have collected personal information from a child under age 13 without parental consent, we will delete that information as quickly as possible. If you believe that we might have obtained any information from a child under 13 without parental consent, please contact us.
Should you have any questions or concerns regarding this Privacy Notice, please do not hesitate to contact us.
Jl. KHM Naim III Nomor 1A, Cipete Utara, Kebayoran Baru, Jakarta Selatan, 12150, Indonesia