Duolov Celebrate Your Love Story

1. Introduction

Your privacy is important to us.

This Policy explains what data we collect, how we use it, with whom we share it, how long we keep it, and what your rights are when using the Duolov platform ("Platform" or "Service").

The Policy applies to all users, taking into account the data-protection laws of their country of residence (for example: GDPR, UK GDPR, LGPD, CCPA/CPRA, and others).

2. Data Controller

Controller: www.duolov.com

Contact / DPO email: support@duolov.com

3. Data We Collect

3.1 Data you provide

Name and email address.
Relationship start date and personalized messages.
Couple photos and information added to your page through the customer Dashboard.
Information sent in support or contact requests.

3.2 Payment data

Email used during checkout.
Transaction metadata processed through Stripe.
Duolov does not store full credit card data. Processing occurs directly on Stripe's secure servers.

3.3 Automatically collected data

IP address, browser type, language, access date and time, visited pages, and session identifiers.
Essential and analytics cookies used for functionality and performance.

3.4 Minors

The Service is for users 18 years or older. If a minor provides data, please contact us for immediate removal.

4. Purposes and Legal Bases

We use your data for the purposes listed below, together with the primary legal bases under GDPR and LGPD.

Purpose: Create and host your personalized page.

Legal basis: Contract performance.
Purpose: Process payments and issue receipts.

Legal basis: Contract performance and legal obligation.
Purpose: Send transactional emails (access, renewal, confirmation).

Legal basis: Contract performance.
Purpose: Ensure security, provide support, and prevent fraud.

Legal basis: Legitimate interest.
Purpose: Send promotional messages when applicable.

Legal basis: Consent or soft opt-in, depending on jurisdiction.
Purpose: Comply with tax and legal obligations.

Legal basis: Legal obligation.

5. Marketing and Communication

We may send service-related emails, renewal notices, and occasional promotions related to your subscription.

You can unsubscribe at any time by clicking "Unsubscribe" at the bottom of any email.

We apply the soft opt-in model only for existing customers, according to UK and EU data-protection laws.

6. Cookies

We use essential cookies (login, security, language) and limited analytics cookies for performance improvement.

You can manage preferences directly in the cookie banner or in your browser settings.

7. Data Sharing

Stripe, Inc. for payment processing.
Hosting and email providers for data storage and communication delivery.
Government authorities when required by law or court order.

We do not sell or share any data for third-party advertising purposes.

8. International Transfers

When data is transferred outside your country (for example, from the EU or EEA to the United States), we rely on Standard Contractual Clauses (SCCs) and additional safeguards to ensure an adequate level of protection.

9. Security

We implement appropriate technical and organizational measures such as encryption, authentication, access control, and log auditing. Although we do our best to protect your data, no Internet transmission is completely secure.

If a security incident occurs, we will notify you and the authorities as required by law.

10. Data Retention

We retain data for the periods outlined below.

Account and couple data. Stored while the account is active and up to 90 days after cancellation. Data is deleted automatically after the grace period.
Technical logs. Retained for up to 12 months, with automatic rotation and anonymization.
Payment data (Stripe). Kept for five years or as required by law, then deleted once fiscal obligations end.
Backups. Retained for up to 90 days, followed by secure periodic deletion.

11. Your Rights

You have the right to:

Access, correct, or delete your data.
Receive a copy of your data (data portability).
Withdraw consent at any time.
Restrict or object to processing.
Opt out of marketing communications.
Request information about how your data is used and how long we retain it.

To exercise your rights, use the Dashboard or send an email to support@duolov.com. We may request identity verification before processing your request.

12. Regional Rights

European Union and United Kingdom

Right of withdrawal within 14 days for distance contracts.
International transfers based on SCCs.
Soft opt-in allowed only for active customers.
Easy cancellation ("click-to-cancel") according to DMCC guidance in the United Kingdom.

Brazil (LGPD)

Rights of access, correction, anonymization, portability, and deletion.
Data subject contact channel: support@duolov.com.
Main legal bases: contract performance and legitimate interest.

California (CCPA / CPRA)

Rights to know, correct, delete, and opt out of sharing data.
Notice of collection covering purposes and categories.
Duolov does not sell or share personal data for advertising purposes.

13. Automated Decisions

We do not use automated decision-making that produces legal or significant effects on users without human involvement.

14. Security Incidents

In case of a personal-data breach, we will notify the competent authority within 72 hours (or the local legal deadline) and affected individuals if required.

15. Changes to This Policy

We may update this Policy periodically. The new version will display the update date, and when required, we will notify you by email.

16. Contact

Support: support@duolov.com

Privacy / DPO: support@duolov.com

Postal address: support@duolov.com

EU legal representative (if applicable): support@duolov.com

UK legal representative (if applicable): support@duolov.com

17. California Collection Notice (CCPA)

Duolov collects name, email, payment metadata, photos, and relationship content only to provide the contracted Service. We do not sell or share personal information for advertising purposes. Data is retained only for the period necessary for the purposes described in this Policy.

Privacy Policy