Effective 21 June 2026 · Version 1.1
Privacy Policy
We respect your privacy. This document explains what we collect, why, who we share it with, and your rights. By using Goldy, you agree to this Policy.
Applies to: the Goldy mobile application.
Data Controller: Nam Dinh (individual) ("we", "us", "Goldy").
ℹ️ This is a courtesy English translation; the Vietnamese version prevails for users in Vietnam.
1. Quick summary
- Goldy helps you record & track gold. You create an account to sync your data across devices.
- We collect: account information, the gold data you enter, technical/crash data, and a push-notification token.
- We do not sell your data. The current version does not use behavioral analytics or tracking-based advertising.
- Payments (if any) are processed by Apple, we never see your card details.
- You can delete your account & data directly in the App at any time.
2. Data we collect
a) You provide
- Account information: an identifier from Sign in with Apple or Sign in with Google (including the email or relay email returned by the provider, and an account identifier), and a display name (if any).
- Gold data (Your Content): gold quantity, purchase price, date, unit, notes and the items you enter.
- Support contact: the content of your emails/messages to us.
b) Collected automatically
- Technical & crash data: device type, OS version, app version, crash identifiers and error logs (via a crash-reporting tool) to fix bugs.
- Push notifications: a device token to send price alerts/notifications (if you allow them).
c) We do NOT collect (in the current version)
- No third-party behavioral analytics; no tracking-based advertising / IDFA; no precise location; no contacts; no health data; no card/payment details (handled by Apple).
3. Purposes & legal basis
| Purpose | Data used | Legal basis |
|---|---|---|
| Provide & sync core features | Account, gold data | Performance of a contract (Terms of Service) |
| Send notifications/price alerts | Push token | Your consent |
| Fix bugs, stability, security | Technical/crash data | Legitimate interest |
| Customer support | Contact information | Contract / consent |
| Legal compliance | When lawfully required | Legal obligation |
We process data in accordance with Decree 13/2023/ND-CP on Personal Data Protection (Vietnam) and applicable laws.
4. Who we share data with
We do not sell or rent personal data. We share only with:
- Cloud/infrastructure provider Google (Google Cloud Platform / Firebase), to store & sync your data.
- Crash-reporting service, to receive error logs to fix the app.
- Push-notification service, to deliver notifications to your device.
- Apple, to process in-app purchases (we only receive a purchase confirmation, not card details).
- Government authorities, when lawfully required.
- Business transfer, in a merger/transfer, we will notify you and ensure an equivalent level of protection.
Parties processing data on our behalf are bound by confidentiality and act only on our instructions.
5. Storage, security & data location
- Data is stored on the infrastructure of Google (Google Cloud Platform / Firebase). As Google's infrastructure is located outside Vietnam, your data is transferred and stored internationally; where required by law, we conduct the Cross-Border Personal Data Transfer Impact Assessment under Decree 13/2023/ND-CP and apply appropriate safeguards.
- We apply reasonable technical & organizational measures: encryption in transit (HTTPS/TLS), access controls, backups. No system is perfectly secure; we cannot guarantee 100%.
- Data breach notification: In the event of a personal-data breach, we will notify the competent authority (Department of Cyber Security & High-Tech Crime Prevention, A05, Ministry of Public Security) within 72 hours of becoming aware, per Decree 13/2023/ND-CP, and notify you if the breach is likely to result in a high risk to your rights and interests.
6. Retention
We retain data for as long as your account is active or as needed to provide the Service. When you delete your account, we delete or anonymize your personal data within a reasonable period (typically ≤ 30 days), except where law requires retention (e.g., transaction records). Technical/crash logs are kept for a limited period and then deleted automatically.
7. Your rights
Under Decree 13/2023/ND-CP (and applicable laws), you have the right to:
- Access and obtain a copy of your data;
- Correct inaccurate data;
- Delete your data / delete your account;
- Withdraw consent (e.g., turn off notifications) at any time;
- Restrict / object to certain processing;
- Request provision/portability of your data;
- Lodge a complaint with us or the competent authority.
Data export: you may request a copy of your gold data in CSV or JSON format; we provide it within a reasonable period (typically ≤ 30 days).
How to exercise: use the in-App feature (Settings → Account) or email hello@lumilabs.space. We respond within the statutory time limit (per Decree 13/2023/ND-CP and applicable law).
8. Account & data deletion
You can delete your account and all related data directly in the App: Settings → Account → Delete Account, or by emailing hello@lumilabs.space. (Apple requires every app that supports account creation to support in-app account deletion.)
9. Children & minors
- Goldy is intended for users aged 12 and above. We do not knowingly collect data from children under 12.
- Users under 18 require parent/guardian consent. For users under 16, processing follows Vietnam's child-protection rules (including parent/guardian consent where required by law).
- If you believe a child under the permitted age has provided us data, contact
hello@lumilabs.spaceand we will delete it.
10. Push notifications
If you allow them, we send notifications (e.g., gold-price alerts). You can turn them off at any time in Device Settings → Notifications → Goldy or in the App.
11. Advertising & tracking (forward-looking)
The current version does not show ads and does not track you for advertising. When we introduce advertising:
- We may use third-party ad networks, which may process certain device data/identifiers under their own policies;
- On iOS, if access to the advertising identifier (IDFA) is needed, we will request permission via App Tracking Transparency (ATT);
- You can purchase "Remove Ads" to remove ads.
We will update this Policy & the App Privacy details before enabling these features.
12. (Internal worksheet) App Privacy mapping (Apple)
| Data type | Collected? | Purpose | Linked to you? | Used for tracking? |
|---|---|---|---|---|
| Email / login ID | Yes | App functionality, account | Yes | No |
| Display name | Yes (if provided) | Personalization | Yes | No |
| User content (gold data) | Yes | Core functionality | Yes | No |
| Device identifier (push token) | Yes | Notifications | Yes | No |
| Diagnostics / crash data | Yes | Bug-fixing, performance | No* | No |
| Purchase data | Apple-handled | "Remove Ads" purchase | — | No |
| Location, contacts, health, browsing | No | — | — | — |
13. Changes to this Policy
When we update, we will change the "Effective date" and notify you in the App/by email for material changes. Please review periodically.
14. Contact
For any questions or requests about privacy:Nam Dinh · Email: hello@lumilabs.space · Web: getgoldy.space
Goldy is committed to being transparent about your data. If anything is unclear, reach out, we're happy to help.
© 2026 Goldy, Nam Dinh · hello@lumilabs.space · getgoldy.space