1. Introduction
This is Privacy Policy (“Policy”) governs the processing of personal data by Leto (“we,” “us,” “our”) in connection with the services provided through our website, mobile application, and other platforms (collectively referred to as the “Service”).This Policy is issued in compliance with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (“PDPL”) and outlines the principles and practices adopted by Leto to ensure the lawful, transparent, and secure handling of personal data.
**Scope**
1. **Application**:- This Policy applies to all users of the Service and governs the collection, use, storage, transfer, and disclosure of personal data.
- By using the Service, you consent to the processing of your personal data as outlined in this Policy.
1. **Definitions**:- **“Personal Data”** refers to any information related to an identified or identifiable natural person, as defined under the PDPL.
- **“Processing”** includes any operation or set of operations performed on Personal Data, such as collection, storage, use, or disclosure.
1. **Purpose**:- To ensure compliance with the PDPL by providing transparency regarding our data processing activities.
- To inform users of their rights concerning their personal data and how they can exercise those rights.**Key Principles**1. **Lawfulness and Transparency**:
- We process personal data in accordance with the PDPL and other applicable laws.
- Users are informed of the purposes, methods, and legal bases for processing their personal data.
1. **Data Security**:- We adopt robust technical and organizational measures to protect personal data from unauthorized access, alteration, loss, or disclosure.
1. **User Rights**:- Users have the right to access, correct, delete, and restrict the processing of their personal data as specified in this Policy.
1. **Purpose Limitation**:- Personal data is collected and processed solely for specified, explicit, and legitimate purposes outlined in this Policy.
1. **Data Minimization**:- Only the personal data necessary for fulfilling the purposes of processing is collected and retained.**2. Data We Collect**Leto collects personal data to provide seamless and efficient services, tailored to your needs. This section outlines the types of data we collect, how it is gathered, and its purpose.**A. Types of Data Collected**1. **Personal Identification Information**:
- Name, email address, phone number, and physical address.
1. **Behavioral and Task Data**:- Preferences for tasks, service usage patterns, and task history.
1. **Calendar and Scheduling Data**:- Information related to events, appointments, and task deadlines.
1. **Communication Data**:
- Information exchanged through supported communication channels to facilitate tasks.
1. **Transaction Data**:- Credit card details provided by users for processing payments through secure, pre-authorized withdrawals.
- Details of transactions, including amounts and service descriptions.
1. **Device and Usage Data**:- Information automatically collected during platform interactions, such as:
- Device type, browser version, and operating system.
- IP address and usage patterns.**B. Methods of Data Collection**1. **Direct User Input**:
- Data provided during:
- Registration and account setup.
- Profile updates.
- Task submissions or service requests.
1. **Automated Collection**:- Data generated through interactions with our platform, such as:
- User preferences and behavioral insights.
- Metadata from tasks and communications.
1. **Third-Party Integrations**:- Data obtained through integrations with payment processors, scheduling tools, and communication platforms to enhance service delivery.**C. Purpose of Data Collection**1. **Service Provision**:
- To process tasks, handle payments, and manage scheduling efficiently.
1. **Personalization**:- To provide tailored recommendations and improve user experience.
1. **Payment Processing**:- To securely manage transactions through pre-authorized withdrawals for third-party services.
1. **Security and Compliance**:- To ensure platform integrity and adhere to legal requirements.**D. Optional Data**1. **Additional Preferences**:
- Users may provide optional details to customize services further.
1. **User Control**:- Users can review, update, or delete optional data through their account settings.**E. Data Minimization and Necessity**Leto collects only the data necessary to fulfill its stated purposes and provide a high-quality service. We do not collect or retain unnecessary information.**3. How We Collect Data**Leto collects personal data in a manner that is transparent, secure, and aligned with applicable data protection regulations. This section explains the methods we use to gather information and ensures users understand how their data is obtained.
**A. Methods of Data Collection**1. **Direct User Input**:- Information you provide directly through:
- Registration forms.
- Profile creation and updates.
- Task submissions or service requests.
1. **Automated Collection**:- Data automatically generated during your interactions with our platform, such as:
- Device information (e.g., browser type, operating system).
- Usage patterns and preferences.
- Location-based data (if enabled).
1. **Third-Party Integrations**:- Information received through connected services and tools, such as:
- Scheduling platforms for managing appointments.
- Communication tools for exchanging messages related to tasks.
- Secure payment gateways for processing transactions.**B. User Consent**1. **Explicit Consent**:
- Leto collects data only when users provide clear and informed consent, such as:
- Agreeing to the privacy policy during registration.
- Authorizing access to integrated services (e.g., calendar or messaging tools).
1. **Withdrawal of Consent**:- Users can withdraw consent at any time, which may impact the availability of certain features or services.**C. Transparency in Data Collection**1. **Clear Communication**:
- We inform users about what data is being collected and the purpose behind it at the time of collection.
1. **Accessible Documentation**:- Users can review and manage the information they provide through their account settings or the privacy dashboard.**D. Special Considerations**1. **Children’s Data**:
- Leto’s services are not intended for users under the age of 18. We do not knowingly collect data from minors.
1. **Sensitive Data**:- We do not collect or process sensitive categories of personal data (e.g., health, political, or religious information) unless explicitly required and consented to by the user.**4. How We Use Your Data**Leto processes personal data responsibly to provide personalized, efficient, and secure services. This section details the purposes for which we use the data and how it benefits you as a user.
**A. Providing and Improving Services**1. **Core Service Delivery**:- Manage and automate tasks such as scheduling, reminders, and reservations.
- Facilitate communications with third-party service providers to fulfill your requests.
1. **Personalization**:- Customize service recommendations and interactions based on your preferences, task history, and behavior.
- Example: Automating recurring tasks or suggesting preferred vendors.
1. **Customer Support**:- Assist with inquiries, resolve issues, and provide guidance to enhance your experience.**B. Transaction Processing**1. **Approved Withdrawals**:
- Handle payments to third-party service providers on your behalf through secure, pre-authorized credit card withdrawals.
- Ensure seamless financial transactions to fulfill user-requested services.
1. **Fraud Prevention**:- Monitor transactions for unauthorized or suspicious activities to protect users and maintain platform integrity.**C. Platform Maintenance and Analytics**1. **Operational Efficiency**:
- Use data to ensure platform reliability, address bugs, and optimize system performance.
1. **Usage Insights**:- Analyze anonymized data to identify trends, improve features, and enhance the overall user experience.**D. Communication with Users**1. **Service Notifications**:
- Send updates on task status, payment confirmations, and reminders.
1. **Feedback and Surveys**:- Collect user feedback to improve our services and align with user expectations.**E. Legal and Compliance Obligations**1. **Regulatory Compliance**:
- Ensure adherence to UAE data protection laws and other applicable regulations.
1. **Security Assurance**:- Implement measures to safeguard personal data and ensure compliance with legal obligations.**F. Limitations on Data Use**- Personal data is used only for the purposes outlined in this policy.
- Data is not sold, shared, or used for third-party marketing without explicit user consent.**5. Data Sharing**Leto ensures that personal data is shared only to facilitate service delivery, meet legal requirements, and improve user experience. All data-sharing activities are conducted securely and transparently, in compliance with UAE PDPL.**A. Sharing with Third Parties**1.
**Service Providers**:- **Purpose**: To execute user requests such as reservations, deliveries, or other task-related services.
- **Data Shared**: Name, contact details, address, and task-specific information.
- **Example**: Sharing user details with a restaurant to confirm a reservation or providing an address for a delivery.
1. **Payment Processing**:- **Purpose**: To pay third-party service providers on behalf of users through approved withdrawals.
-
**Data Shared**: Credit card information (processed securely), transaction details, and amounts.
-
**Process**: Users pre-authorize withdrawals, allowing Leto to process payments directly to service providers.
- **Safeguards**: All payment activities are conducted through PCI DSS-compliant gateways to ensure data security.
1. **Technology Partners**:- **Purpose**: To enable essential functionalities such as communication, scheduling, and task coordination.
- **Data Shared**: Limited data required for integration, such as task or communication details.**B. Internal Access**1.
**Authorized Personnel**:- Limited access to personal data for personnel managing payments, tasks, and customer support.
1. **Confidentiality and Training**:- All personnel undergo regular training in data protection and adhere to strict confidentiality agreements.**C. Legal and Regulatory Compliance**1. **Authorities**:
- **Purpose**: To comply with legal obligations such as audits or investigations.
- **Data Shared**: Limited to what is required by law and only disclosed with proper documentation.
1. **User Notification**:- Users will be informed of such disclosures unless prohibited by law.**D. Cross-Border Data Transfers**1. **Data Residency**:
- User data is primarily stored on UAE AWS servers to meet residency requirements.
1. **Third-Party Interactions**:- Payment processing and communication tools may involve cross-border data transfers.
- **Safeguards**:- Transfers are governed by Standard Contractual Clauses (SCCs) or explicit user consent.**E. User Consent for Data Sharing
**1. **Transparency**:- Users are informed about how their payment and personal data are shared and used.
1. **Authorization**:- Users provide consent for approved withdrawals and data sharing during registration or task authorization.
**F. Retention of Shared Data**- Payment data and related transaction details are retained to meet compliance requirements and provide a seamless user experience.
- Data is securely stored and used to improve user convenience, such as by streamlining recurring payments.**G. Prohibited Data Sharing**• Leto does not sell user data to marketing agencies or unrelated third parties.• Data is not shared for purposes beyond those explicitly outlined in this policy.**6. Data Storage and Security**At Leto, the security of your personal data is our top priority. We have implemented robust measures to ensure your data is stored safely and handled responsibly, in compliance with UAE PDPL and international best practices.**A. Data Storage**1. **Secure Location**:
- Your personal data is securely stored on servers located within the UAE, using Amazon Web Services (AWS) Middle East infrastructure to comply with data residency requirements.
1. **Retention Period**:- We retain your data as long as your account remains active to provide uninterrupted service.
- If you cancel your account, your data will be securely stored for up to one year to meet compliance requirements and offer a seamless reactivation experience if needed.**B. Security Measures**1. **Encryption**:
- Your data is encrypted during transmission and while stored to protect it from unauthorized access.
1. **Access Controls**:- Access to your personal data is restricted to authorized personnel only and is granted based on the principle of least privilege.
1. **Regular Monitoring**:- We use advanced monitoring tools to detect and respond to potential security threats in real-time, ensuring your data remains protected.
1. **Compliance with Industry Standards**:- Our security practices align with internationally recognized frameworks, including ISO/IEC 27001 and the NIST Cybersecurity Framework, to ensure a robust security posture.**C. Protecting Against Data Breaches**1.
**Proactive Measures**:- We conduct regular security assessments to identify and mitigate vulnerabilities.
1. **Incident Response**:- In the unlikely event of a data breach, we will:
- Notify affected users promptly.
- Take immediate action to contain and resolve the breach.
- Report the incident to relevant authorities as required by UAE law.**7. Your Rights**Leto is committed to ensuring you have control over your personal data. This section outlines your rights under UAE PDPL and how you can exercise them.**A. Access and Correction**1. **Right to Access**:
- You have the right to request access to the personal data we hold about you, including details about how it is being processed.
1. **Right to Correction**:- If your personal data is inaccurate or incomplete, you can request corrections or updates at any time.**B. Data Portability**1. **Your Choice**:
- You may request a copy of your personal data in a structured, commonly used, and machine-readable format.
1. **User Accessibility**:- Data will be provided to you directly for personal use upon request.**C. Erasure and Restriction**1. **Right to Erasure**:
- You can request the deletion of your personal data in the following cases:
- It is no longer necessary for the purposes for which it was collected.
- You withdraw your consent for processing.
- The data has been unlawfully processed.
- **Exceptions**:
- We may retain data to comply with legal obligations, resolve disputes, or enforce agreements.
1. **Right to Restriction**:- You may request the temporary suspension of processing your personal data in certain circumstances, such as during a dispute about its accuracy.**D. Right to Object**- You have the right to object to the processing of your personal data if you believe it infringes on your rights or freedoms. This includes the right to object to direct marketing activities.**E. Withdrawal of Consent**- You can withdraw your consent for data processing at any time. Please note that withdrawing consent may limit certain functionalities or features of the Service.**F. How to Exercise Your Rights**1. **Submitting Requests**:
- To exercise your rights, contact us at **[support@letoapp.com]** or use the settings in your account dashboard.
1. **Verification Process**:- To protect your data, we may request additional information to verify your identity before processing your request.**G. Response Time**- We will respond to all verified requests promptly, typically within 30 days, in accordance with UAE PDPL. For complex or multiple requests, we may require additional time and will inform you accordingly.**8. Data Sharing with Third Parties**Leto shares personal data only when necessary to deliver services, comply with legal obligations, or improve user experience. This section explains the circumstances under which your data may be shared and the safeguards we implement.**A. Service Providers**1. **Purpose**:
- To execute tasks requested by users, such as reservations, payments, and delivery services.
1. **Data Shared**:- Only the minimum data necessary to fulfill the task, such as name, contact details, and address.
1. **Examples**:- Sharing delivery details with logistics providers or providing reservation information to a restaurant.**B. Payment Processing**1. **Approved Withdrawals**:
- When users authorize payments, Leto processes transactions on their behalf directly with service providers using secure, PCI DSS-compliant payment gateways.
1. **Data Shared**:- Credit card details, payment amounts, and relevant transaction information are handled securely and only as necessary for the service.**C. Technology and Platform Integrations
**1. **Purpose**:- To enable essential functionalities such as scheduling, communication, and task automation.
1. **Data Shared**:- Limited to the specific information required for integrations with third-party tools and APIs (e.g., calendar synchronization or messaging facilitation).
**D. Legal Obligations**1. **Compliance with Laws**:- We may share personal data with regulatory authorities, law enforcement, or other government bodies when required to comply with applicable laws.
1. **Transparency**:
- Where permitted, users will be notified of such disclosures.**E. Data Sharing Safeguards**1. **Minimization**:
- Only the data required for the stated purpose is shared.
1. **Contractual Protections**:
- All third-party service providers are bound by contractual agreements to comply with applicable data protection laws and ensure the confidentiality and security of your data.**F. Cross-Border Transfers**1. **Data Residency**:
- Personal data is primarily stored on servers located in the UAE to meet data residency requirements.
1. **Limited Transfers**:- If a third-party service requires cross-border data transfer, it will be conducted under strict safeguards, such as Standard Contractual Clauses (SCCs), or with user consent.**G. Transparency in Data Sharing**1. **User Consent**:
- Users are informed about data-sharing practices during registration and through task-specific disclosures.
1. **Opt-Out Options**:- Where applicable, users can choose to opt out of certain types of data sharing via account settings.
**9. Data Retention**Leto retains personal data only as long as necessary to fulfill the purposes outlined in this Privacy Policy or to comply with legal obligations. This section explains our retention practices and the rationale behind them.
**A. Retention Periods**1. **Active Accounts**:- Personal data is retained as long as your account remains active to ensure uninterrupted service and personalized task management.
1. **Post-Account Cancellation**:- After account cancellation, personal data will be retained for up to one year to:
- Comply with legal or regulatory requirements.
- Address disputes or enforce agreements.
- Provide a seamless reactivation experience if requested.
**B. Legal and Regulatory Compliance**- Certain types of data may be retained beyond the standard retention period to meet specific legal, tax, or regulatory requirements under UAE law.
**C. Secure Deletion**1. **Data Deletion**:- When data is no longer needed, it is securely deleted or anonymized to prevent unauthorized access or misuse.
1. **User Requests**:- Users may request the deletion of their personal data at any time, subject to legal and regulatory obligations that may require extended retention.
**D. Exceptions to Retention
**1. **Ongoing Disputes**:- Data related to disputes, complaints, or investigations will be retained until the issue is resolved.
1. **Aggregated or Anonymized Data**:- Non-identifiable data may be retained indefinitely for research, statistical, or analytical purposes.**E. User Rights and Transparency**- Users are informed about retention practices during registration and can review specific retention timelines for different data categories by contacting us at
support@letoapp.com.
10. Data Breach Response**At Leto, we prioritize the security of your personal data and have established measures to respond effectively in the unlikely event of a data breach. This section outlines our approach to ensuring transparency, prompt action, and user protection.**A. Prevention and Detection**1. **Monitoring and Alerts**:
- We employ robust systems to continuously monitor for unusual activity or potential vulnerabilities.
1. **Proactive Assessments**:- Regular security audits and vulnerability assessments help us identify and address risks before they become issues.
**B. Incident Response Plan**1. **Containment and Analysis**:
- If a breach occurs, our first priority is to secure affected systems and determine the extent of the incident.
1. **Investigation**:- We conduct a detailed analysis to:
- Identify the cause of the breach.
- Assess the data involved.
- Understand potential impacts on users.**C. Communication and Notifications**1.
**User Notification**:- If your personal data is impacted, we will notify you as soon as possible with:
- Details of the breach.
- Actions being taken to mitigate risks.
- Recommendations for protecting your information.
1. **Regulatory Reporting**:- We will notify relevant authorities as required by UAE PDPL and comply with all investigation and reporting obligations
.
**D. Mitigation and Support**1. **Preventive Measures**:- Following a breach, we implement corrective actions to strengthen our systems and prevent recurrence.
1. **User Assistance**:- We provide guidance to help affected users safeguard their information and mitigate risks.**E. Transparency and Accountability
**1. **Commitment to Transparency**:- We are dedicated to keeping users informed about how we handle data security incidents.
1. **Learning and Improvement**:- Lessons learned from any incident are used to improve our security policies and procedures.**11. Third-Party Management**Leto collaborates with third-party service providers to deliver a seamless experience for our users. This section explains how we manage third-party interactions to ensure the security and privacy of your data.**A. Selection and Evaluation**1. **Due Diligence**:
- We carefully select third-party service providers based on their ability to meet stringent data protection and security standards.
1. **Regular Assessments**:
- Ongoing evaluations ensure third parties continue to comply with applicable laws and maintain robust security practices.**B. Data Sharing with Third Parties
**1. **Limited Scope**:- Only the data necessary to perform specific services is shared with third parties. For example:
- Sharing your address with a delivery service.
- Providing reservation details to a restaurant.
1. Contractual Safeguards:- All third-party providers are bound by agreements that require them to:
- Use your data solely for the specified purpose.
- Implement security measures to protect your data.
- Comply with UAE PDPL and other relevant regulations.
**C. Monitoring and Compliance**1. **Auditing**:- We conduct regular audits and reviews of third-party providers to ensure compliance with our privacy and security requirements.
1. Incident Management:- If a third-party provider is involved in a data breach, we work closely with them to address the issue and minimize its impact on our users.D. Cross-Border Transfers
1. Data Residency:- Wherever possible, data is stored and processed within the UAE to meet local regulations.
1. Safeguards for Transfers:- For services requiring cross-border data transfers, we:
- Use Standard Contractual Clauses (SCCs) or similar mechanisms.
- Obtain user consent when necessary.**E. Transparency and User Control**1.
Informed Decisions:- Users are informed about third-party data sharing practices through this Privacy Policy and task-specific disclosures.
1. Opt-Out Options:
- Where applicable, users may choose to limit data sharing by adjusting their preferences in account settings.
11. Policy Updates
This policy may be updated to reflect changes in laws or business practices. Users will be notified of updates via email or in-app notifications. Continued use of our services constitutes acceptance of the revised policy.
12. Contact InformationFor questions or concerns regarding this privacy policy or to exercise your rights, contact us at:
support@letoapp.com
