OPTIFLOW LUDUS LABS LTD. Global Privacy Policy and Data Protection Statement
24/7 Privacy Compliance & Emotional Support Line: [email protected]
Chapter 1: Introduction, Policy Purpose, and Legally Binding Commitments
• 1.1 Fundamental Purpose and Core Values of the Policy
Welcome to the online interactive platform, applications, customer support service architecture, and all related online experience systems (collectively referred to as the "Service" or "Platform") developed, operated, and provided by OPTIFLOW LUDUS LABS LTD. (hereinafter referred to as the "Company", "we", "us", "our", or "Data Controller"). At OPTIFLOW LUDUS LABS LTD., we are not only committed to providing you with an exceptional online leisure interactive experience, but we also regard the protection of your personal privacy and data security as the ultimate foundation for our company's survival and development.
This "Global Privacy Policy and Data Protection Statement" (hereinafter referred to as this "Policy") is an exhaustive, transparent, and legally binding formal contract. The fundamental purpose of this Policy is to disclose to you, in a legally compliant manner, without reservation: when you visit our platform, create a user authorized account, acquire "Online Value-Added Services," or communicate with our 24/7 customer service team, how we comprehensively collect, use, store, share, transmit, and protect your personal data.
• 1.2 Scope of Application and Disclaimer Regarding Third-Party Links
The scope of this Policy covers all personal information received and processed by the Company through our official website, mobile applications, various service interfaces, and the official designated customer service email channel ([email protected]).
Please pay special attention: To enhance your experience and ensure transaction security, this Platform includes links to independent third-party secure payment gateways. When you click these links and enter the payment processing environment, you are directly governed by the privacy statements of those third-party payment institutions. OPTIFLOW LUDUS LABS LTD. assumes no direct joint legal liability for the data collection practices or security measures of these independent third parties. When you leave our Platform's pages, we strongly advise you to carefully read the independent privacy policies of the relevant third-party platforms.
• 1.3 Legally Binding Acceptance and Consent Mechanism
Before providing us with any personal information, creating a user account, or conducting any checkout operations through compliant third-party payment gateways, please spend sufficient time carefully reading the entire contents of this Policy.
By actively checking the box "I have read, understood, and agree to the Privacy Policy" on our registration or checkout pages, or by actually starting to use any services provided by this Platform, you indicate that you fully understand all terms of this Policy at a legal level and explicitly and voluntarily agree that we may process your personal information in accordance with the rigorous rules described in this Policy. If you have any objections to any terms of this Policy, you must immediately stop accessing and terminate your use of this Platform.
Chapter 2: Core Privacy Terms and Global Compliance Dictionary
To ensure that this Policy remains consistent, rigorous, and unambiguous in legal interpretation across different global jurisdictions (particularly regions governed by the European General Data Protection Regulation (GDPR), the UK GDPR, and the US California Consumer Privacy Act (CCPA)), we strictly apply the following definitions in this Policy:
• "Personal Data" or "Personal Information": Refers to any information relating to an identified or reasonably identifiable natural person (i.e., a "Data Subject"). This includes individual data that can be identified directly or indirectly by referring to specific identifiers (such as names, online identifiers, contact information, etc.).
• "Processing": Refers to any operation performed on personal data or sets of personal data, whether or not by automated means. This includes the collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, transmission, arrangement or combination, restriction, erasure, or permanent destruction of data.
• "Data Controller": Refers to the legal entity that determines the purposes and means of the processing of personal data, alone or jointly with others. Under this Policy, the Data Controller is OPTIFLOW LUDUS LABS LTD.
• "Data Processor": Refers to an external entity that processes personal data on behalf of the Data Controller (e.g., our contracted secure cloud server providers, third-party customer support ticketing systems, etc.).
• "Anonymized Data": Refers to data that has undergone irreversible technical processing such that it is impossible to identify a specific individual under any circumstances. Such data does not fall under the category of "Personal Data" in law and is not restricted by this Policy.
• "Online Value-Added Services" or "Platform-Exclusive Privileges": Refers to the online experience authorizations provided by us to users within the Platform. These privileges are strictly limited to interactive use within the Platform and do not possess any real-world fiat currency equivalent or financial investment value.
Chapter 3: How We Comprehensively and Prudently Collect Your Personal Data
To strictly adhere to the "Data Minimization" and "Purpose Limitation" principles required by global data protection laws, we promise to collect only the limited information absolutely necessary to achieve explicit business purposes:
• 3.1 Identity and Contact Data
To provide you with exclusive account services and establish necessary service contracts, we collect basic contact and identity information when you decide to create a "User Authorized Account" to experience the features of this Platform:
Basic Account Credentials: Your full name, the user nickname you have set, and a valid email address belonging to you.
Security Authentication Information: The account password you set yourself (all passwords are automatically processed via one-way secure encryption before being stored; we never retain plaintext passwords).
• 3.2 Payment, Billing, and Basic Order Data
【Crucial Compliance Statement: We Never Touch or Store Your Core Payment Data】
To process your orders smoothly and fully comply with the Payment Card Industry Data Security Standard (PCI-DSS), we cooperate with globally compliant third-party payment processors under strict regulation.
Necessary Billing Information We Collect: To complete order delivery, reconciliation, and subsequent customer service, we collect and retain your billing contact information (such as country, state/province, city, and zip code), order transaction ID, the specific category of services purchased, and the fiat currency amount of the transaction.
Sensitive Financial Data We Absolutely Do Not Collect: Your full credit card Primary Account Number (PAN), card security code (CVV/CVC), third-party payment platform login credentials, and other core information are collected and encrypted directly in your browser by the secure components of the third-party payment gateway. Our Company's own servers do not collect, touch, or store this sensitive financial data. We only receive necessary transaction status confirmations (e.g., payment successful) and highly desensitized masked information (such as the last four digits of a card) from the payment institution to help you verify the source of billing in your account background.
• 3.3 Basic Technical Equipment and Network Security Data
To guarantee the stable operation of the Platform and guard against routine network security risks, our security firewall automatically logs standard technical parameters when you visit this Platform:
Network and Positioning Basics: Your Internet Protocol (IP) address. This is primarily used for basic system security protection and to help the system adapt to macro-regional network nodes and perform basic compliance reviews.
Device and Environment Information: Standard device types, operating system versions, and basic environment parameters such as browser types and screen resolutions.
Basic Access Logs: The page loading status and access timestamps within the Platform. Such data aims to help us continuously optimize the Platform's response speed and user interface compatibility, ensuring service availability.
• 3.4 Interactive Experience and Rational Consumption Setting Data
To provide you with a seamless online interactive experience and implement our "Rational Consumption and Experience Advocacy" mechanism, the system records your basic behaviors within the Platform:
Platform Interactive History: The time of acquisition, consumption status, specific visual appearance preferences, and system settings for "Online Value-Added Services."
Rational Self-Management Settings: If you actively set a "Consumption Firewall" (such as self-setting a maximum daily or monthly expenditure limit reminder) in the account security center, we will record these setting values. When you are about to reach the set alert line, the system will trigger a reminder or lock settlement permissions to provide you with necessary "cooling-off period" support.
• 3.5 24/7 Customer Support and Emotional De-escalation Communication Data
The Company takes "Emotional De-escalation and Psychological Guidance" as its core competitive advantage in customer service. When you contact us through the only designated official channel [email protected], we collect the following information to ensure we provide you with the most professional service:
Communication Metadata and Body: The sender's email address, exact time of sending, email subject, and all text descriptions or screenshots voluntarily attached by you in the email body.
Service Dispatch Judgment Mechanism: To better implement our de-escalation commitment, our support system performs routine service priority scheduling based on the urgency or difficulty type reported in your email. This helps us prioritize the most complex or patient-requiring tickets to specialized support staff who have received advanced de-escalation training, ensuring we actively guide you in resolving issues during communication.
Chapter 4: Data Acquisition Channels and Collection Methods
We obtain your personal information through highly transparent, legitimate, and compliant channels:
• 4.1 Interactions Provided Voluntarily and Directly by You
The vast majority of personal information is provided voluntarily, explicitly, and directly by you during your interaction with us. This includes, but is not limited to: filling out forms on our registration page; actively completing or updating personal profiles and security preferences in account backgrounds; entering billing contact addresses when entering the checkout page to acquire "Online Value-Added Services"; sending support emails to our 24/7 line; or participating in official experience satisfaction surveys.
• 4.2 Data Implicitly Collected via Automated Technologies
When you browse and interact on our website or application, we use industry-standard automated data collection technologies (such as Cookies and basic server log files) to passively collect the "Technical Equipment Data" mentioned above. We will provide detailed disclosure regarding the specific usage mechanism of Cookies in a dedicated chapter of this Policy.
• 4.3 Data Supplementation from Legitimate Third-Party Sources
When processing orders, we receive basic returned status information about your transactions (such as transaction successful, failed, or rejected by risk control) from legitimate third-party payment service providers, allowing us to accurately and timely fulfill and deliver services to you.
Chapter 5: Purposes of Data Processing and Legal Basis (Compliance Cornerstone)
In line with the core spirit of top global data protection laws (such as GDPR), we never engage in purposeless data abuse. Every processing operation of your personal data must be based on at least one statutory "Lawful Basis":
• 5.1 Performance of a Contract
When you accept the "Terms of Use" of this Platform, a legally binding service contract is established. To fulfill this contract, we process your data to:
Create, verify, and continuously maintain your exclusive account;
Accurately distribute and activate the "Online Value-Added Services" you have successfully settled;
Process your payment instructions, generate compliant billing records, and respond to inquiries about order status;
Provide you with uninterrupted 24/7 technical troubleshooting and customer support via [email protected].
• 5.2 Legitimate Interests
Without overriding your fundamental privacy rights, freedom, and expectations, we engage in necessary data processing based on legitimate business interests to maintain the healthy operation of the platform and prevent business risks:
Fraud Prevention and Platform Security: Monitoring abnormal login behaviors to prevent account misappropriation; cooperating with payment service providers to handle complaints and disputes or malicious chargeback events, ensuring safe commercial order.
Emotional De-escalation and Service Quality Optimization: Summarizing communication patterns and response cycles of complaint handling to continuously optimize our "Emotional De-escalation" training system and improve the team's empathetic communication efficiency.
Network Facility Protection and Business Optimization: Recording system error reports, troubleshooting server vulnerabilities, and analyzing anonymized interactive data to evaluate service stability and iterate product features.
• 5.3 Compliance with a Legal Obligation
As a legally registered business entity, we are subject to strict territorial laws:
Retaining basic transaction invoicing and billing flow records as mandated by relevant tax and accounting standards.
Providing necessary records to cooperate with legitimate investigations when receiving legally binding court summons or official inquiries from competent authorities.
• 5.4 Explicit Consent
In certain non-essential scenarios, we will specifically seek your explicit consent: e.g., sending direct marketing emails regarding promotional activities or discount codes (you have the right and can unconditionally withdraw such consent at any time); or deploying non-essential experience-optimized Cookies on your terminal device.
Chapter 6: How We Share, Transfer, and Publicly Disclose Your Personal Data
【Absolute Core Confidentiality Commitment: We Firmly Do Not Sell Your Personal Data】
OPTIFLOW LUDUS LABS LTD. solemnly promises to you: At no time, under no circumstances, will we ever sell, rent, exchange, or trade your personal information as a commercial consideration to any third-party data brokers, advertising networks, or external marketing agencies. We share your data only in the following strictly limited, legal, and necessary scenarios:
• 6.1 Secure Sharing with Trusted Third-Party Service Providers
To maintain the vast and complex global operation of this Platform, we rely on top-tier global third-party technical service providers. We have signed Data Processing Agreements (DPA) containing strict confidentiality clauses with these third parties, mandating that they act only upon our explicit instructions:
International Compliant Payment Processors: Used to securely and compliantly process your order payment settlement requests and related risk reviews.
Cloud Server and Infrastructure Hosts: Used to provide a highly secure data storage environment and Global Content Delivery Network (CDN) to ensure service availability.
Enterprise-Grade Customer Support System Providers: Used to centrally and securely manage support emails sent to [email protected], supporting the customer service team in efficiently following up and resolving your issues.
Compliant Email Distribution Service Providers: Used to send account notifications, security links for password resets, and official billing receipts to you on time.
• 6.2 Disclosure for Legal Regulations, Administrative Rules, and Public Interest
In extreme and special legal circumstances, we reserve the right to disclose your personal information to competent authorities without prior notice or consent: to comply with applicable national laws; to enforce the Platform's "Terms of Use" and investigate breaches; or to protect the safety and property of OPTIFLOW LUDUS LABS LTD., our user community, or the public from imminent and significant harm.
• 6.3 Commercial Restructuring and Asset Transfer
If the Company undergoes a significant commercial restructuring (such as a merger, acquisition, or asset restructuring) in the future, your personal data may be securely transferred as a core commercial asset to a qualified successor. We will issue a pre-warning notice at least thirty (30) days in advance and ensure that the new Data Controller remains bound by the same standards as this "Privacy Policy."
Chapter 7: Global Data Cross-Border Transfer Mechanism
Given the global operational nature of online interactive platforms, OPTIFLOW LUDUS LABS LTD. is based in London, UK. Consequently, personal information you submit on this Platform may be legally transmitted to, stored in, or processed by service providers located in jurisdictions outside the United Kingdom and the European Economic Area (EEA).
To ensure that your personal data enjoys extreme protection not lower than UK or EU standards throughout its entire lifecycle during cross-border transmission, we implement rigorous legal and technical isolation mechanisms:
• Adequacy Decisions Priority: We prioritize transmitting data to countries or regions officially recognized as having an "adequate level of data protection" by relevant Information Commissioner's Offices or Commissions.
• Standard Contractual Clauses (SCCs): For transmission to countries without adequacy recognition, we strictly sign legally approved "Standard Contractual Clauses" or international transfer addenda with the data receiver, mandating that the overseas receiver provides equally rigorous security guarantees.
• Advanced Transmission Encryption: We fully enable advanced encrypted communication protocols at the network protocol layer for any data cross-border transmission, ensuring the absolute security of data circulation in international backbone networks.
Chapter 8: Data Retention Periods and Advanced Security Protection Systems
• 8.1 Strict Time Limits for Data Retention
We adhere to a restraint principle for data retention and absolutely do not store your personal information indefinitely.
Account Information and Interactive Data: We continue to save this data as long as your account remains normally activated. Once you apply to deregister your account and after assessment that there are no outstanding disputes, the system will execute permanent erasure of your primary database records within thirty (30) calendar days.
Compliant Transaction and Financial Billing Records: To comply with hard legal requirements for accounting standards and tax audits, your basic payment reconciliation information and order records will be forcibly encrypted and archived for the statutory period (e.g., seven years). This data will be moved out of the production environment, available only for statutory audits.
Customer Complaint and Emotional De-escalation Ticket Records: Deep communication records sent to our dedicated mailbox will be retained for three (3) years after the issue is completely closed, used to guard against repeat disputes regarding the same incident and to optimize internal service process training.
• 8.2 Comprehensive Data Security Protection Measures
We deeply understand the severe consequences of data security breaches. Consequently, we have constructed a security defense system conforming to high industry standards across physical, technical, and internal management dimensions:
Technical Active Defense: We have deployed advanced firewalls at network boundaries, all core databases are deployed within isolated secure network environments, and key credential information is encrypted and stored using industry-standard irreversible algorithms.
Physical Facility Protection: We rely on the unassailable physical security measures of top-tier cloud providers. Their data center infrastructure possesses the highest level of security and disaster recovery capabilities.
Management Privilege Internal Control: Internally, we strictly implement the "Least Privilege" principle. All internal staff behavior regarding data access is strictly controlled to prevent unauthorized data theft.
Chapter 9: Strict Legal Age Admission and Minor Protection Policy
【Strict Exclusion and Intervention Clause regarding Minor Admission】
OPTIFLOW LUDUS LABS LTD. attaches extremely high importance to the all-around protection of minors' physical and mental health, rational consumption concepts, and digital privacy. As per the principles established in our "Terms of Use":
• 18 Years of Age Hard Threshold: This Platform and all "Online Value-Added Services" and interactive experiences are exclusively provided to adults who are 18 years of age or older and possess full civil capacity in their jurisdiction. We have absolutely no intention of, and will absolutely never knowingly collect or solicit any personal data from any minor under the age of 18.
• Non-Invasive Identity Confirmation: To protect the core privacy of the vast majority of adult users, we do not employ invasive practices such as requiring the upload of identity documents. We legally rely on the user's mandatory checkbox self-declaration upon registration and the close supervision of legal guardians.
• Zero-Tolerance Immediate Blocking: If you are a legal guardian and discover that a minor under 18 has registered on this Platform or consumed services without authorization, please immediately send an emergency email to our 24/7 emotional support line: [email protected]. Once verified, we will immediately initiate intervention procedures: permanently freeze the account's usage rights, block subsequent payment operations, and thoroughly erase all non-essential interactive data and personal information accumulated in that account in the system, retaining no mirror backups.
Chapter 10: Global User Statutory Privacy Rights System
Regardless of where you are in the world, we are committed to providing you with Data Subject Rights that comply with current high global standards. According to GDPR and related legal frameworks, you possess the following control over your personal data:
• 10.1 Checklist of Your Core Data Rights
A. Right to Access and Information: You have the absolute right to inquire whether we are processing your personal data and to request a complete electronic copy.
B. Right to Rectification: If you discover that your personal profile is inaccurate or outdated, you have the right to request that we immediately rectify or supplement it.
C. Right to Erasure / Right to be Forgotten: Under statutory circumstances (such as the purpose being fulfilled, you withdrawing consent, etc.), you may request that we thoroughly and permanently destroy your digital footprint from our primary and backup servers.
D. Right to Restriction of Processing: During specific dispute verification periods, you may request that we suspend any processing of your data other than sealing it.
E. Right to Data Portability: You have the right to receive core data provided by you in a standard format and, where technically feasible, request its transmission to another service provider.
F. Right to Object: You have the unconditional and immediately effective right to opt-out regarding data processing for purposes such as direct marketing.
• 10.2 California Consumer Privacy Act (CCPA/CPRA) Exclusive Declaration
If you are a resident of California, USA, in addition to the rights above, you possess the following statutory rights:
Right to Know: Request that we disclose categories of personal information collected in the past 12 months, sources, commercial purposes, and categories of third parties shared with.
"Do Not Sell" Iron-Clad Declaration: This Company has not, and will not in the future, sell or share your personal information with any third party for cross-context behavioral advertising purposes.
Right to Non-Discrimination: We will never retaliate against you for exercising your privacy rights (e.g., refusing service or lowering service quality).
• 10.3 24/7 Response Mechanism for Exercising Rights
If you wish to exercise any of the rights above, please send a formal request directly from your registered email to: [email protected]. We promise to provide a detailed reply and feedback on processing results within thirty (30) calendar days of receiving a valid request. To ensure account security, we reserve the right to reasonably verify your identity before processing the request.
Chapter 11: Privacy Boundaries of Rational Consumption Advocacy and Emotional De-escalation
This Platform is the first in the industry to incorporate "Rational Interaction" and "Emotional Cooling-down" into the core logic, applying necessary data in an extremely restrained manner to realize this commitment.
• 11.1 Rational Consumption Reminder Data Loop
We resolutely resist any irrational behavior beyond personal endurance. We provide account-level self-limit settings. When you turn on limits, we only record your limit threshold locally for reminders or system blocking. Data generated by this blocking mechanism will absolutely never be extracted to analyze your financial profile or for any form of precision commercial marketing.
• 11.2 Privacy Boundaries of Emotional De-escalation Mechanism
When you encounter service obstacles and feel frustrated, our [email protected] team provides not only technical troubleshooting but also dedicated "Emotional De-escalation." During the ticket cycle, customer service may add priority or urgency status labels. We assure you: these internal service identifiers exist only in short-term session logs to match you with the most experienced de-escalation specialist. These identifiers will absolutely never be bound to your permanent financial account, nor will they be retained for a long period or used for non-service purposes after the issue is completely resolved, achieving extreme psychological privacy protection.
Chapter 12: Cookies and Similar Tracking Technology Declaration
To ensure the basic infrastructure of this Platform operates normally and to provide you with a smooth online experience, we cautiously use Cookies and similar technologies.
• 12.1 Categories of Cookies We Deploy
A. Strictly Necessary Cookies: Absolutely indispensable for maintaining the Platform's underlying architecture, login session, and settlement security. Such Cookies operate without your prior consent.
B. Performance Analytics Cookies: Used to collect anonymous statistical information on how visitors use our website, helping us optimize website response speed.
C. Functionality Cookies: Remember personalized choices you actively make (such as system display language), providing you with a customized interface.
D. Marketing and Targeting Cookies: Used to deliver information about official platform activities within a limited scope, activated only after your active confirmation and consent.
• 12.2 Your Absolute Control Right
When you first visit this Platform, you can freely choose to enable or disable non-essential Cookies through the "Cookie Preference Center" that pops up on the screen. You can also implement comprehensive blocking or forced deletion through the underlying privacy settings of mainstream browsers (such as Chrome, Safari, Firefox).
Chapter 13: Policy Dynamic Revision Mechanism and Transparency Warning
With the updating of global laws and the needs of platform compliant operations, OPTIFLOW LUDUS LABS LTD. reserves the right to revise this "Privacy Policy" in a timely manner.
• Version Control: We will always prominently mark the "Effective and Publication Date" and "Agreement Version Number" at the top of this Policy document.
• Major Change Pre-warning: If we make substantive major changes to the purpose of data collection or sharing methods, we will send a notification email via your registered official email or require you to read and re-confirm through prominent means such as full-screen pop-ups or top banners before such changes take effect.
After any legal updated version is released and becomes effective, your continued use of the Platform's various services is legally deemed as your full awareness and agreement to be bound by the latest version of the "Privacy Policy."
Chapter 14: 24/7 Privacy Compliance Inquiry and Emotional Support Channel
We have poured significant effort into creating this comprehensive, exhaustive privacy protection blueprint, the ultimate goal of which is to ensure that you feel absolutely solid, private, and secure when experiencing our online leisure services anywhere in the world.
If you have any reading doubts about this Policy, want to exercise your deletion rights immediately, or simply need a professional, gentle listener to interpret and explain your concerns due to worries about data network security, please contact us at any time through the only official exclusive channel:
• 24/7 Privacy Compliance & Exclusive Emotional Support Official Email: [email protected]
For every email sent to this designated mailbox involving privacy appeals, our advanced backend scheduling system will immediately trigger the highest priority response mechanism. The support specialists who receive you not only possess solid legal knowledge of compliance but are also advanced customer service talents who have undergone systematic "Emotional Empathy De-escalation" training. We promise to listen to your appeals with the most sincere patience, provide you with answers in the most transparent language, and safeguard your privacy dignity in the digital interactive world with the warmest and most empathetic attitude.
(Final Declaration of the Full Text)
By this point, you have thoroughly read the "Global Privacy Policy and Data Protection Statement" compiled by OPTIFLOW LUDUS LABS LTD. The total word count and legal detail coverage of this Policy have thoroughly exhausted our profound understanding and executive determination regarding international high-standard data protection and privacy compliance obligations. Thank you for your long-term trust and unremitting support, and may we open a comfortable experience journey belonging to you on this rock-solid foundation of security, privacy, and compliance.