LOVELIKE PRIVACY POLICY

Effective Date: February 5, 2026

This Privacy Policy describes how Lovelike Inc. ("Lovelike," "we," "us," or "our") collects, uses, and shares your personal information when you use our Platform (website, mobile apps, and related services).

About This Privacy Policy

This Privacy Policy explains what personal information Lovelike collects, how we use and share it, your privacy rights, and our security practices. We comply with applicable U.S. privacy laws, including the CCPA/CPRA.

Important: Dual Data Controllers

• Lovelike controls platform data (profile information, activity, content).

• Stripe Connect independently controls identity verification, tax identification, and payment processing data.

You must review BOTH policies:

• Lovelike Privacy Policy (this document) – platform data practices

• Stripe Connect Privacy Policy (https://stripe.com/privacy) – verification data practices

Your Agreement

By creating a Lovelike account, you acknowledge you have read and agree to this Privacy Policy. You must be 18 years or older to use our platform.

Continued use after policy updates constitutes acceptance of updated terms.

1. SCOPE AND LEGAL FRAMEWORK

Here is the formatted version of your jurisdiction and service area clause, maintaining the original content and structure:

1.1 Jurisdiction & Service Area

Service Primarily for the United States: The Lovelike Platform, including all its services, is designed, intended, and primarily offered for use by residents of the United States. We do not target, market to, or intend to offer services to individuals located outside the United States.

Technical Restriction (Geo-blocking): We implement technical measures (such as IP-based geo-blocking) to restrict registration and access to our Platform from jurisdictions outside the United States. However, no technical measure is infallible, and we acknowledge that access from outside the United States may occur despite these restrictions.

Limited International Compliance: Lovelike is a United States company and this Privacy Policy is drafted in compliance with applicable United States federal and state privacy laws.

• No International Guarantee: Lovelike does not guarantee compliance with international privacy laws, including but not limited to the General Data Protection Regulation (GDPR), UK GDPR, or other non-US privacy frameworks.

• Exclusive Framework: To the extent any non-US user accesses the Platform despite our technical restrictions, such access is subject to the Terms of Service Section 24 (International Data Transfer Limitations), and the user acknowledges that US privacy law frameworks apply exclusively.

• User Responsibility: Users who access the Platform from outside the United States do so at their own risk and initiative and are solely responsible for compliance with all applicable local laws in their jurisdiction.

• Policy Violation: Circumvention of geo-blocking measures for the purpose of accessing the Platform from prohibited jurisdictions constitutes a violation of our Terms of Service.

1.2 Adult-Only Platform (18+)

Age Requirement: Platform is exclusively for users 18 years or older. Users under 18 are prohibited from creating accounts or accessing any features.

Age Verification:

• All Users: Self-declared date of birth during registration (system blocks under-18 registrations).

• Love Partners & Love Creators: Enhanced verification via Stripe Connect (government ID, DOB confirmation, SSN/EIN, bank account). Required for Love Partners immediately upon registration; for Love Creators before first paid campaign. Stripe Connect acts as independent data controller (see Section 2.1).

• Lovelikers: Self-declaration only (no government ID required).

Enforcement: Suspected underage accounts are immediately suspended. Confirmed underage access results in permanent termination.

COPPA Exclusion: By restricting access to 18+, Platform operates outside Children's Online Privacy Protection Act (COPPA) scope, eliminating all COPPA obligations.

Stripe's Use of Your Payment Data

When you transact with a Love Partner using Stripe payment processing, Stripe may use your transaction data for its own purposes including:

• Fraud detection and loss prevention

• Identity verification services

• Business Services improvement

• Advertising Stripe's services (where permitted by law)

For Stripe's full privacy practices as data controller, see: https://stripe.com/privacy

Lovelike is NOT responsible for Stripe's use of your data. You must review Stripe's Privacy Policy for complete details on how Stripe processes your payment and transaction information.

Aqui está a formatação rigorosa e fiel ao original para a Seção 1.3, mantendo o padrão de contrato jurídico e a precisão do conteúdo:

2. USER CATEGORIES & DATA COLLECTION

Lovelike serves three user types with different data collection practices:

• LOVE PARTNERS (Businesses): Sell products, create campaigns. Age verified via (1) self-declared date of birth when accepting Terms of Service and Privacy Policy, and (2) government-issued ID through Stripe Connect business verification (EIN/SSN, bank account).

• LOVE CREATORS (Influencers): Earn commissions from campaigns. Age verified via (1) self-declared date of birth when accepting Terms of Service and Privacy Policy, and (2) government-issued ID through Stripe Connect individual verification before first payout (SSN for 1099 tax, bank account).

All Stripe Connect verification is conducted by Stripe as independent data controller. Lovelike receives only verification status and age confirmation. See Section 2.1 for details.

Why Different Verification Requirements?

Lovelike follows "least privilege" data collection principles:

Why Verification for Payment-Receiving Accounts? Stripe Connect verification is required to comply with federal anti-money laundering (AML), tax reporting, and age verification laws.

Love Connectors (Ambassador Program) — Additional Data Processing

Love Connectors are Love Partners or Love Creators who have been invited by Lovelike to participate in the exclusive Ambassador Program (Terms of Service Annex I). In addition to the data collected for their underlying account type (Love Partner or Love Creator), the following additional data is collected and processed for Love Connectors:

• Referral Tracking Data: Unique referral codes, referral link click data, referred user registration dates, referred Love Partner subscription and campaign activity, referral attribution records, and conversion timestamps.

• Commission Data: Commission calculations, commission payment history, commission tier status, tapering schedule tracking, and payout records processed through Stripe Connect.

• Activity Requirement Data: Monthly activity metrics for Love Connector maintenance requirements (as specified in Annex I), including login frequency, referral activity levels, and underlying subscription compliance status.

• MY AIMÊ Participation Status: Whether the Love Connector has active MY AIMÊ participation (required for generating new referral links per Terms of Service Section 18.3).

  • Note: This status affects the Love Connector's ability to generate new referrals but does not affect existing commission entitlements.

Data Controller: Lovelike acts as data controller for all Love Connector program data. Commission payouts are processed through Stripe Connect (see Section 2.1).

Legal Basis: Contract performance (Ambassador Program agreement per Annex I) and legitimate business interest (program administration, fraud prevention, commission accuracy).

Retention: Love Connector program data is retained for the duration of the Ambassador Program agreement plus 7 years for tax and financial compliance (consistent with Section 5.6).

Data Collection Summary

• Love Partners: Business info, profile data (Lovelike); Government ID, EIN/SSN, bank account (Stripe Connect as independent controller).

• Love Creators: Personal info, profile data, content/earnings (Lovelike); Government ID, SSN, bank account (Stripe Connect as independent controller).

For complete data collection details, see below.

2.1 Third-Party Processing - Stripe Connect & Age Verification

Identity Verification Disclaimer

Lovelike does NOT directly collect, process, or store government-issued identification documents, biometric data, Social Security Numbers (SSN), Employer Identification Numbers (EIN), or conduct independent age/identity verification services.

Stripe Connect Verification Requirements

Who Must Complete Stripe Connect Verification:

• ✅ Love Partners (Business Accounts): Required immediately upon registration to activate business account

• ✅ Love Creators (Individual Accounts): Required before accepting first paid campaign or receiving commissions

• ❌ Lovelikers: NOT required (no payment receiving capability)

For Love Partners (Business Accounts):

Business account verification and age confirmation is conducted exclusively through Stripe Connect during the business onboarding process.

Information Collected by Stripe Connect for Love Partners:

Business Information:

• Legal business name and structure (LLC, Corporation, Sole Proprietorship, etc.)

• Business Employer Identification Number (EIN) or owner's Social Security Number (SSN)

• Business address and registration details

• Business type and industry classification

Authorized Representative Identity:

• Government-issued identification (driver's license, passport, state ID)

• Full legal name and date of birth (DOB) for 18+ age verification

• Social Security Number (SSN) for tax reporting and identity verification

• Personal address and contact information

Financial Information:

• Bank account information for payment processing

• Account routing and account numbers

• Beneficial ownership information (if applicable)

What Lovelike Receives from Stripe Connect (Love Partners):

• Verification status: approved/pending/rejected/suspended

• Age confirmation: 18+ verified (Yes/No)

• Stripe Connect account ID for payment processing

• Account type: business

• Business structure (for platform configuration)

What Lovelike DOES NOT Receive:

• Raw government ID images or documents

• EIN or SSN (tax identification numbers)

• Bank account numbers or routing numbers

• Full date of birth (only 18+ confirmation)

• Biometric data or facial recognition information

For Love Creators (Individual Accounts):

Individual account verification and age confirmation is conducted exclusively through Stripe Connect before accepting first paid campaign or receiving commissions.

Information Collected by Stripe Connect for Love Creators:

Personal Identity Information:

• Government-issued identification (driver's license, passport, state ID)

• Full legal name and date of birth (DOB) for 18+ age verification

• Social Security Number (SSN) for tax reporting (1099 forms)

• Personal address and contact information

Financial Information:

• Bank account information for commission payouts

• Account routing and account numbers

What Lovelike Receives from Stripe Connect (Love Creators):

• Verification status: approved/pending/rejected/suspended

• Age confirmation: 18+ verified (Yes/No)

• Stripe Connect account ID for commission processing

• Account type: individual

What Lovelike DOES NOT Receive:

• Raw government ID images or documents

• Social Security Number (SSN)

• Bank account numbers or routing numbers

• Full date of birth (only 18+ confirmation)

• Biometric data or facial recognition information

Stripe Connect as Independent Data Controller

Stripe Connect acts as an independent data controller for all identity verification data collected during the Love Partner and Love Creator onboarding processes. Stripe is solely responsible for:

(a) Collection, processing, and storage of government-issued IDs
(b) Verification of identity and age information (18+ requirement)
(c) Collection and storage of SSN/EIN for tax reporting and fraud prevention
(d) Bank account verification and secure storage
(e) Compliance with applicable identity verification regulations (Know Your Customer - KYC, Anti-Money Laundering - AML)
(f) Data security and breach notification for verification data
(g) User rights fulfillment for verification-related data (access, deletion, correction requests)

Stripe's Legal Responsibility

For complete information about how Stripe Connect handles identity verification data:

• Stripe Connect Privacy Policy: https://stripe.com/privacy

• Stripe Connect Terms of Service: https://stripe.com/legal/connect-account

• Stripe Connect Verification: https://stripe.com/docs/connect/identity-verification

• Stripe Data Processing: https://stripe.com/privacy-center/legal

No Biometric Data Processing by Lovelike

Lovelike does NOT:

• Collect biometric identifiers (facial recognition, fingerprints, iris scans, voiceprints)

• Process biometric information through any service or platform

• Store biometric data in any form

• Use Stripe Identity (biometric verification service) - this is a separate Stripe product NOT used by Lovelike

Important Distinction:

• Stripe Connect = Payment processing + identity verification + tax compliance (USED by Lovelike for Love Partners & Love Creators)

• Stripe Identity = Dedicated biometric identity verification service (NOT USED by Lovelike)

Note on Potential Biometric Processing by Stripe

While Lovelike does NOT use Stripe Identity or collect biometric data, Stripe Connect MAY use biometric or facial recognition technology as part of their independent identity verification process for government-issued IDs. Any such biometric processing is conducted solely by Stripe as an independent data controller.

Lovelike has ZERO visibility into and ZERO control over:

• Whether Stripe uses biometric verification

• What biometric data Stripe may collect or process

• How Stripe stores or uses biometric information

• Stripe's compliance with biometric privacy laws

For questions about biometric processing during Stripe Connect verification, contact Stripe directly:

• Email: privacy@stripe.com

• Stripe Privacy Center: https://stripe.com/privacy-center

Biometric Privacy Laws - Limited Applicability to Lovelike

Because Lovelike does not directly collect, process, or store biometric data, the following state biometric privacy laws have LIMITED or NO direct applicability to Lovelike's operations:

• Illinois: Biometric Information Privacy Act (BIPA) (740 ILCS 14/)

• Texas: Capture or Use of Biometric Identifier (CUBI) (Tex. Bus. & Com. Code § 503.001)

• Washington: Biometric Privacy Law (HB 1493)

• Arkansas: APIPA (Act 1105)

• California: CCPA/CPRA Sensitive Personal Information provisions related to biometric data

• New York: Proposed biometric privacy laws

• Other State Biometric Laws: Any other state-specific biometric privacy regulations

Lovelike's Position on Biometric Privacy Liability

Lovelike's direct liability under biometric privacy laws is LIMITED TO ZERO because:

(a) Lovelike does NOT directly collect biometric identifiers or biometric information
(b) Biometric processing (if any) is conducted solely by Stripe Connect as independent data controller
(c) Lovelike does NOT receive, store, or control any biometric data from Stripe Connect
(d) Any biometric processing is conducted by Stripe independently under Stripe's own privacy policy and legal framework

Stripe Connect's Responsibility

If Stripe Connect uses biometric processing as part of identity verification:

• Stripe is solely responsible for compliance with applicable biometric privacy laws

• Stripe must obtain required consents and provide required disclosures

• Stripe is responsible for biometric data security and breach notification

• Users must exercise biometric-related privacy rights directly with Stripe

Your Rights Regarding Stripe Connect Verification Data

For questions, requests, or concerns about identity verification data processed by Stripe Connect during Love Partner or Love Creator onboarding:

Contact Stripe Connect Directly:

• Email: privacy@stripe.com

• Stripe Privacy Center: https://support.stripe.com/topics/privacy

• Stripe Support: https://support.stripe.com/contact

Exercise Your Rights with Stripe:

• Access requests: Request copy of your Stripe Connect verification data

• Deletion requests: Request deletion of identity verification information (subject to Stripe's retention policies and legal obligations)

• Correction requests: Request correction of inaccurate verification data

• Opt-out requests: Opt-out of Stripe's data processing where applicable

• Complaints: File complaints about Stripe Connect's data practices

Lovelike Cannot Fulfill Stripe Connect Data Requests

Lovelike CANNOT fulfill requests related to identity verification data collected by Stripe Connect because:

(a) Lovelike does NOT possess raw verification data (government IDs, SSN/EIN, bank accounts, full DOB)
(b) Lovelike receives ONLY verification status and age confirmation from Stripe
(c) Stripe Connect acts as independent data controller for all verification data
(d) All verification data is stored exclusively by Stripe Connect

All identity verification data requests MUST be directed to Stripe Connect as the independent data controller.

Data Sharing Between Lovelike and Stripe Connect

Data Lovelike Shares with Stripe Connect:

• User email address and name (for account creation)

• Account type (Love Partner business account / Love Creator individual account)

• Platform account ID (for linking Stripe Connect account to Lovelike account)

• Product/service information (for payment processing and tax classification)

Data Stripe Connect Shares with Lovelike:

• Verification status ONLY (approved/pending/rejected/suspended)

• Age confirmation ONLY (18+ verified: Yes/No)

• Stripe Connect account ID (for payment processing and commission payouts)

• Account type (individual for Love Creators / business for Love Partners)

• Payout status and transaction history (for commission tracking)

No Raw Data Transfer

Raw identity verification data is NEVER transferred from Stripe Connect to Lovelike:

❌ Government ID images or documents
❌ Social Security Numbers (SSN) or Employer Identification Numbers (EIN)
❌ Bank account numbers or routing numbers
❌ Full date of birth (only 18+ confirmation)
❌ Biometric data or facial recognition information

This data remains exclusively with Stripe Connect as the independent data controller.

Identity Verification Through Stripe Connect

What Lovelike Uses:

Lovelike uses Stripe Connect to process payments for Love Partners and Love Creators. Stripe Connect includes built-in identity verification, tax compliance, and bank account verification features as part of its standard platform.

Stripe Connect's Identity Verification Process:

When you create a connected account through Lovelike, Stripe Connect performs identity verification automatically during account onboarding by:

1. Automatic Data Verification: Cross-referencing provided information (name, date of birth, SSN/EIN, address) with government databases and third-party verification services

2. Document Collection (when automatic verification is insufficient): Requesting government-issued ID documents (driver's license, passport, state ID)

3. Document Review: Analyzing submitted documents using automated technology, including:

   • Optical character recognition (OCR) to extract data from ID documents

   • Machine learning algorithms to detect forged or altered documents

   • Automated analysis of ID document images (barcode scanning, hologram detection, etc.)

4. Age Confirmation: Verifying that account representatives meet minimum age requirements (18+ for Stripe Connect accounts)

According to Stripe's Privacy Policy (Section 1.2(a) - Identity/Verification Information):

"We provide a verification and fraud prevention Service that our Business Users can use to verify Personal Data about you, such as your authorization to use a particular payment method. During the process, you'd be asked to share with us certain Personal Data (like your government ID and selfie for biometric verification, Personal Data you input, or Personal Data that is apparent from the physical payment method like a credit card image). To protect against fraud and determine if somebody is trying to impersonate you, we may cross-verify this data with information about you that we've collected from Business Users, Financial Partners, business affiliates, identity verification services, publicly available sources, and other third party service providers and sources."

What This Means

⚠️ Stripe Connect MAY use automated document verification technology as part of standard fraud prevention and compliance processes. This technology is used to:

• Verify the authenticity of identity documents

• Prevent fraud and identity theft

• Ensure compliance with financial regulations

• Confirm account holders meet age requirements

Important: Stripe Acts as Independent Data Controller

Stripe Connect conducts identity verification as an independent data controller, meaning:

✅ Verification methods and technologies are determined solely by Stripe
✅ Lovelike does NOT receive raw identity verification data (government ID images, full SSN/EIN, complete date of birth)
✅ Lovelike only receives verification status (approved/pending/rejected) and age confirmation (18+ Yes/No)
✅ All identity verification data is processed and stored by Stripe according to their privacy policy and retention requirements

Lovelike's Role vs. Stripe's Role

Your Rights Regarding Verification Data

Because Stripe Connect acts as an independent data controller for identity verification:

To exercise rights regarding your verification data, contact Stripe directly:

✅ Access requests (view your verification data) → privacy@stripe.com
✅ Deletion requests (subject to Stripe's legal retention obligations) → privacy@stripe.com
✅ Correction requests (update verification information) → Stripe Connect support
✅ Questions about verification methods and technologies → privacy@stripe.com

Lovelike CANNOT:

• Access your raw government ID images or documents

• View your full SSN/EIN (only receives masked/tokenized version for display purposes)

• See your complete date of birth (only receives 18+ confirmation)

• Modify or delete Stripe Connect verification data

• Change Stripe's verification methods or technologies

All identity verification data requests must be directed to Stripe Connect as the independent data controller.

For Questions About Stripe's Identity Verification Practices

Contact Stripe directly:

• Email: privacy@stripe.com

• Stripe Privacy Center: https://stripe.com/privacy-center

• Stripe Connect Documentation: https://stripe.com/docs/connect/identity-verification

• Stripe Privacy Policy (Identity Verification Section): https://stripe.com/privacy (Section 1.2(a))

Note on Biometric Processing

Stripe's Privacy Policy indicates they may use various automated technologies for identity verification and fraud prevention. While Lovelike does not use Stripe's dedicated biometric verification products, Stripe Connect's standard verification process may include automated analysis of identity documents. Any such processing is:

• Conducted solely by Stripe as an independent data controller

• Subject to Stripe's own privacy policy and legal obligations

• Not visible to or controlled by Lovelike

• Designed to prevent fraud and ensure compliance with financial regulations

For specific information about what verification technologies Stripe uses, please consult Stripe's Privacy Policy or contact them directly at privacy@stripe.com.

Tax Reporting and 1099 Forms

For Love Creators earning $600+ per year:

Stripe Connect is responsible for:

• Collecting SSN for IRS tax reporting requirements

• Generating and filing IRS Form 1099-NEC

• Providing 1099 forms to Love Creators and IRS

• Maintaining tax records per IRS requirements

Lovelike's Role:

• Reporting commission earnings to Stripe Connect

• Providing transaction data for tax calculations

• NOT collecting or storing SSN

• NOT filing 1099 forms directly

For Love Partners:

Stripe Connect handles all tax identification (EIN/SSN) collection and storage for business payment processing and tax reporting.

Verification Timeline and Account Access

Love Partners:

• Stripe Connect verification required: Immediately upon registration

• Platform access while pending: Limited (cannot sell products, cannot create paid campaigns)

• Full access granted: Only after Stripe Connect verification approved AND Lovelike profile completed

Love Creators:

• Stripe Connect verification required: Before accepting first paid campaign or receiving commissions

• Platform access while pending: Full access to free campaigns and platform features

• Commission payouts: Only after Stripe Connect verification approved

Verification Rejection

If Stripe Connect rejects verification:

• Love Partners: Cannot activate business account, cannot sell products

• Love Creators: Cannot accept paid campaigns, cannot receive commissions

• User must contact Stripe Connect directly to resolve verification issues

• Lovelike cannot override Stripe Connect verification decisions

Mandatory Disclosure - Financial Regulations

Love Partners and Love Creators acknowledge that Stripe Connect verification is required by:

(a) Bank Secrecy Act (BSA): Anti-Money Laundering (AML) compliance
(b) USA PATRIOT Act: Know Your Customer (KYC) requirements
(c) IRS Regulations: Tax identification and reporting (26 USC §6041, §6050W)
(d) Payment Card Industry (PCI): Fraud prevention and identity verification
(e) State Money Transmitter Laws: Identity verification for payment processing

Stripe Connect's compliance with these regulations is mandatory and cannot be waived.

2.2 Love Partner & Love Creator Onboarding Process

Two-Phase Onboarding Framework

Both Love Partner (business account) and Love Creator (individual account) creation require completion of BOTH phases before full platform access is granted.

PHASE 1: Stripe Connect Verification (External - Required)

For Love Partners (Business Accounts):

(a) Conducted entirely through Stripe Connect's independent platform
(b) Stripe acts as independent data controller for all information collected
(c) Information collected by Stripe Connect for Love Partners:

• Legal business name and structure (LLC, Corporation, Sole Proprietorship, Partnership, etc.)

• Business Employer Identification Number (EIN) or owner's Social Security Number (SSN)

• Business address and state of registration

• Business type and industry classification

• Authorized representative's government-issued identification

• Authorized representative's date of birth (DOB) for 18+ age verification

• Authorized representative's Social Security Number (SSN)

• Bank account details for payment processing

• Beneficial ownership information (if applicable under FinCEN regulations)

(d) Lovelike receives ONLY verification status from Stripe:

• Status: Approved / Pending / Rejected / Suspended

• Age confirmation: 18+ verified (Yes/No)

• Stripe Connect account ID for payment processing

• Account type: business

• NO raw personal or business data

(e) For Stripe's data practices, review: https://stripe.com/privacy

For Love Creators (Individual Accounts):

(a) Conducted entirely through Stripe Connect's independent platform
(b) Stripe acts as independent data controller for all information collected
(c) Information collected by Stripe Connect for Love Creators:

• Full legal name

• Government-issued identification (driver's license, passport, state ID)

• Date of birth (DOB) for 18+ age verification

• Social Security Number (SSN) for tax reporting (IRS 1099 forms)

• Personal address and contact information

• Bank account details for commission payouts

(d) Lovelike receives ONLY verification status from Stripe:

• Status: Approved / Pending / Rejected / Suspended

• Age confirmation: 18+ verified (Yes/No)

• Stripe Connect account ID for commission processing

• Account type: individual

• NO raw personal data (no SSN, no government ID images, no full DOB)

(e) For Stripe's data practices, review: https://stripe.com/privacy

When Stripe Connect Verification is Required:

• Love Partners: Immediately upon choosing to become a Love Partner during registration

• Love Creators: Before accepting first paid campaign OR when commission earnings trigger verification requirement

PHASE 2: Lovelike Profile Completion (Internal - Required)

Required ONLY AFTER Stripe Connect approves your account

Mandatory Profile Information for Full Account Activation:

(a) Profile Photo: A mandatory profile picture that you must upload to complete your account activation on the Lovelike Platform (uploaded to Lovelike servers)

(b) Bio and Personal Description: A required personal or business biography that helps other users understand who you are or what your business offers (stored in Lovelike database)

(c) Social Media Links: At least one verified social media account link (Instagram, TikTok, YouTube, and/or Facebook) must be provided and verified to complete your profile

(d) Professional Information and Credentials: Information about your professional background, business expertise, or credentials relevant to your Platform participation (optional but highly recommended for Love Partners; required for full verification status)

This information is collected, processed, and stored by Lovelike

Profile Completion is MANDATORY for:

• Creating Love Partner campaigns (Love Partners)

• Selling products on Lovelike Shop (Love Partners)

• Accepting paid campaigns (Love Creators)

• Full platform activation and visibility (all users)

Account Activation Status

Love Partners:

• Stripe Pending + No Profile: Account created, NOT ACTIVE, LIMITED ACCESS (cannot sell, cannot create campaigns)

• Stripe Approved + No Profile: Account verified, NOT ACTIVE, LIMITED ACCESS (cannot sell, cannot create campaigns)

• Stripe Approved + Profile Complete: Account FULLY ACTIVATED, FULL ACCESS (can sell products, create campaigns, full features)

• Stripe Rejected: Account cannot be activated, must resolve with Stripe Connect

Love Creators:

• No Stripe Verification: Full platform access for unpaid campaigns, cannot accept paid campaigns

• Stripe Pending + No Profile: Can browse paid campaigns, cannot accept until verification complete

• Stripe Approved + No Profile: Verification complete, still need profile to accept paid campaigns

• Stripe Approved + Profile Complete: FULLY ACTIVATED, can accept paid campaigns and receive commissions

• Stripe Rejected: Can use platform for unpaid campaigns only, must resolve with Stripe to earn commissions

Data Controller Responsibilities

• Stripe Connect: Independent data controller for Phase 1 verification data (government IDs, SSN/EIN, bank accounts, full DOB, identity verification)

• Lovelike: Data controller for Phase 2 profile information (photo, bio, social media links, professional credentials)

• Users: Must review BOTH Stripe Connect Privacy Policy (https://stripe.com/privacy) AND Lovelike Privacy Policy (this document)

Verification Failure or Rejection

If Stripe Connect rejects verification:

(a) Love Partners cannot activate business account features
(b) Love Creators cannot accept paid campaigns or receive commissions
(c) User receives notification with reason for rejection (from Stripe)
(d) User must contact Stripe Connect support directly to resolve issues
(e) Lovelike CANNOT override Stripe Connect verification decisions
(f) Lovelike CANNOT access the reason for rejection beyond status code

Common reasons for Stripe Connect rejection:

• Age under 18 (DOB verification failed)

• Government ID does not match provided information

• SSN/EIN verification failed

• Incomplete or inaccurate information

• Suspicious activity or fraud detection

• Prohibited business type or country restriction

Resolution:

• Contact Stripe Connect support: https://support.stripe.com

• Provide additional documentation as requested by Stripe

• Update incorrect information through Stripe Connect dashboard

• Lovelike support CANNOT resolve Stripe Connect verification issues

Tax Compliance for Love Creators

IRS 1099 Reporting Threshold:

Love Creators who earn $600 or more per calendar year in commissions are subject to IRS Form 1099-NEC reporting.

Stripe Connect handles:

• SSN collection for tax identification

• 1099-NEC form generation and filing with IRS

• Providing 1099-NEC to Love Creators (by January 31st following tax year)

• Maintaining tax records per IRS requirements (7 years)

Lovelike's role:

• Reporting commission earnings to Stripe Connect

• Providing transaction data for tax calculations

• NOT collecting or storing SSN directly

• NOT filing 1099 forms directly with IRS

Love Creator tax responsibilities:

• Report all commission earnings on tax returns (IRS Schedule C or Form 1040)

• Pay applicable income taxes and self-employment taxes

• Maintain records of commission income

• Consult tax professional for guidance

Data Security for Verification Information

Stripe Connect Security:

• PCI-DSS Level 1 certified (highest security standard)

• SOC 2 Type II compliance

• Encryption at rest and in transit

• Regular security audits and penetration testing

• Incident response and breach notification procedures

Lovelike does NOT store:

• Government ID images or documents

• Social Security Numbers (SSN) or Employer Identification Numbers (EIN)

• Bank account numbers or routing numbers

• Full date of birth (only 18+ confirmation)

• Raw identity verification data

User Rights During Verification

Right to Information:

• Users may request copy of Stripe Connect verification data from Stripe directly

• Users may request explanation of verification status from Stripe

• Lovelike can provide verification status only (approved/pending/rejected)

Right to Correction:

• Users must correct inaccurate verification data through Stripe Connect dashboard

• Lovelike cannot modify Stripe Connect verification data

Right to Deletion:

• Users may request deletion of Stripe Connect data from Stripe directly

• Deletion may affect ability to use Love Partner or Love Creator features

• Lovelike retains only verification status and age confirmation

Right to Withdraw:

• Users may disconnect Stripe Connect account through platform settings

• Disconnection prevents receiving payments (Love Partners) or commissions (Love Creators)

• Previously verified status may be retained for fraud prevention

International Users - Stripe Connect Availability

Stripe Connect identity verification is currently available ONLY for:

• United States residents

• Businesses registered in the United States

• Individuals with US Social Security Numbers

• Bank accounts at US financial institutions

Non-US users:

• Cannot complete Love Partner or Love Creator verification at this time

• Must wait for Stripe Connect international expansion

• No alternative verification method available currently

2.3 Information You Provide Directly

(a) Account Information: Name, email, phone number, username, password, date of birth (18+ verification). For Love Partners and Love Creators, we collect additional business information required for Stripe Connect verification (see Section 2.1).

(b) Age Verification Data:

All Users: Self-declared date of birth during registration (system blocks under-18 registrations).

Love Partners & Love Creators (Stripe Connect Verification):

Stripe Connect collects as independent data controller (see Section 2.1 for details):

• Government-issued ID (driver's license, passport, state ID)

• Date of birth for 18+ verification

• SSN (for Creators) or EIN/SSN (for Partners) for tax compliance

• Bank account information for payment processing

• Legal name and address

• For Love Partners: Business name, structure, registration details

What Lovelike Receives from Stripe Connect:

• Verification status ONLY (approved/pending/rejected)

• Age confirmation ONLY (18+ verified: Yes/No)

• Stripe Connect account ID

• Account type (individual/business)

What Lovelike DOES NOT Receive:

• Raw government IDs, full DOB, SSN/EIN, bank account numbers, biometric data.

Lovelikers: Self-declared DOB only (no government ID required).

Data Controller: Stripe Connect processes verification data as independent controller. See Stripe's Privacy Policy: https://stripe.com/privacy

(c) Profile Information:

Love Partners & Love Creators (Mandatory Profile Data): For Love Partners and Love Creators, the following data is mandatory for account activation (required after Stripe Connect approval, as per Section 2.2 - Love Partner & Love Creator Onboarding Process) to enable matchmaking, sales, and campaign features:

• Profile photo (mandatory)

• Bio and personal/business description (mandatory)

• At least one verified social media link (Instagram, TikTok, YouTube, and/or Facebook) (mandatory)

• Professional information and credentials (mandatory for Love Partners; mandatory for Love Creators)

Note: Stripe approval verifies Love Partners/Creators, but the account is not activated for monetization features until this Mandatory Profile is completed.

(d) Payment Information: Transaction history, payment method details, and billing information processed through Stripe Connect. Tax and bank information collected by Stripe only (see Section 2.1).

(e) User-Generated Content: Posts, comments, reviews, messages, and any content you upload or share.

(f) Support Communications: Support tickets, feedback, and correspondence records.

2.4 Information Collected Automatically

(a) Device and Technical Data: Device identifiers, IP addresses, browser type, operating system, device settings.

(b) Usage Data: Pages visited, features used, time spent, click patterns, search queries, navigation paths.

(c) Location: General geographic location (IP-based) for compliance, fraud prevention, service optimization.

(d) Performance Analytics: Platform metrics, error logs, crash reports, technical diagnostics.

(e) Age Compliance Monitoring: Automated monitoring of user behavior patterns to detect underage access attempts.

(f) Cookies and Tracking: See Section 11 (Cookies and Tracking Technologies) for details.

2.5 Information from Third-Party Sources

(a) Social Media Login Data:

If you choose to register or log in using a third-party service (e.g., Google, Facebook, Apple ID), we receive basic profile information as permitted by that service and your privacy settings, such as:

• Name and email address

• Profile picture

• Public profile information (if applicable)

We use this data solely for account creation, authentication, and profile setup. You control what information these services share with us through their privacy settings.

(b) Payment Processor Data:

When you make payments or receive payments through Lovelike, our payment processors (Stripe, or other authorized payment partners) provide us with limited transaction data necessary fo dispute resolution, and fraud prevention:

• Transaction confirmation (successful/failed payment status)

• Payment method type (e.g., Visa ending in 1234)

• Transaction amount and currency

• Timestamp and transaction ID

• Billing address (for tax compliance and fraud prevention)

We do NOT receive or store your full credit card numbers, CVV codes, or bank account credentials. Payment processors handle all sensitive financial data according to PCI-DSS standards. Refer to their privacy policies:

• Stripe Privacy Policy: https://stripe.com/privacy

• PayPal Privacy Policy: https://www.paypal.com/privacy

(c) Service Providers and Business Tools:

We work with trusted third-party service providers who process information on our behalf to operate Lovelike's platform. These partners may collect or receive limited data necessary for their specific functions:

Analytics & Performance Monitoring: Google Analytics, Mixpanel, or similar services collect anonymized usage data (page views, click paths, session duration, device type, browser type, geographic location) to help us improve platform performance and user experience. You may opt out of analytics tracking via browser settings or our Cookie Preference Center.

Customer Support & Communication: Zendesk, Intercom, or similar helpdesk platforms process support tickets, live chat conversations, and email communications to resolve your inquiries. Support agents may access your account information (order history, profile details, payment status) solely to assist you.

Cloud Infrastructure & Hosting: Amazon Web Services (AWS), Google Cloud Platform, or similar providers host Lovelike's platform infrastructure and databases. They process user data according to their enterprise privacy agreements and security certifications (SOC 2, ISO 27001).

Email & SMS Delivery: SendGrid, Twilio, or similar services deliver transactional emails (order confirmations, password resets, campaign notifications) and SMS messages (two-factor authentication codes, shipping updates). They do NOT use your contact information for their own marketing purposes.

Fraud Detection & Security: MaxMind, Sift Science, or similar fraud prevention tools analyze transaction patterns, device fingerprints, IP addresses, and behavioral signals to detect fraudulent activity, account takeovers, and payment abuse.

(d) Public Sources & Data Enrichment:

For Love Creators and Love Partners only, we may supplement your profile information with publicly available data to verify your identity, assess platform eligibility, and prevent fraud:

For Love Creators (Influencers):

• Social media follower counts, engagement rates, and audience demographics from public Instagram/TikTok/YouTube APIs (used for Creator DNA analysis and campaign matching)

• Public posts, content style, and posting frequency (used to assess brand alignment and campaign suitability)

• Publicly disclosed partnerships or brand collaborations (used to prevent conflicts of interest)

For Love Partners (Brands/Businesses):

• Business registration records from public government databases (company name, tax ID, registration status)

• Corporate website content, product catalogs, and brand messaging (used for Brand DNA analysis and Creator matching)

• Public reviews, ratings, and consumer feedback from third-party review sites (used to assess brand reputation)

For Users designated as Love Creators and Love Partners, the Company reserves the right to supplement the profile information provided directly by the User with data obtained from publicly available sources. This data enrichment is performed for the purposes of verifying identity, assessing eligibility for the Platform, and preventing fraud.

The Company may access, collect, and process publicly available data including, but not limited to, social media follower counts, engagement rates, and audience demographics. This data is sourced via public Application Programming Interfaces (APIs) of third-party platforms (including, without limitation, Instagram, TikTok, and YouTube) and is utilized to:
(i) Conduct "Creator DNA" analysis; and
(ii) Facilitate algorithmic matching for marketing campaigns and opportunities.

2.5.1 Beta Data Sources; Third-Party Social Media Analytics.

A. Beta Testing Disclosure.
The User acknowledges and agrees that during the current "Beta Testing Phase," and pending official approval for direct integration with the Instagram Graph API, TikTok Business API, and YouTube Data API, the Company utilizes Third-Party Data Aggregation Services to collect, aggregate, and process publicly available social media metrics for Love Creators and Love Partners.

B. Nature of Data Collection.
The User expressly understands that:
(a) Source: Social media metrics (including follower counts, engagement rates, and audience demographics) are derived from third-party aggregators and NOT through official, direct API partnerships with the respective social media platforms;
(b) No Official Partnership: The Company currently maintains no direct data partnership or official API status with Instagram, TikTok, or YouTube for the purposes of this data collection; and
(c) Future Migration: The Company is actively pursuing official API access. Upon securing such access, the Company intends to transition to official APIs to improve data accuracy and freshness, subject to User notification.

C. Data Limitations and Disclaimers.
The User acknowledges that data obtained via third-party aggregators is "Beta-Grade" and subject to the following inherent limitations:
(a) Latency: Metrics may reflect a delay of 24 to 48 hours or more compared to real-time data;
(b) Incompleteness: Certain metrics (e.g., reach, impressions, saves) may be unavailable or redacted; and
(c) Reliability: Data accuracy is contingent upon the reliability of the third-party service and the User’s privacy settings on external platforms.
THE COMPANY MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE ACCURACY, COMPLETENESS, TIMELINESS, OR RELIABILITY OF SOCIAL MEDIA METRICS DISPLAYED DURING THE BETA TESTING PHASE.

D. User Responsibility and Assumption of Risk.
By connecting social media accounts to the Platform during the Beta Testing Phase, the User agrees to the following:

1. Verification Duty: The User bears the sole responsibility for verifying critical metrics against their own official platform analytics prior to making any business decisions or entering into agreements based on such data.

2. No Reliance: The User shall not rely on Beta-Grade data for high-stakes decisions or significant financial commitments.

3. Third-Party Processing: The User acknowledges that their publicly available data is processed by third-party entities outside of the Company's direct control.

E. Legal Basis and Consent.
The collection of this data is conducted pursuant to:
(a) Legitimate Interest: To facilitate influencer-brand matching services essential to the Platform's functionality;
(b) Public Availability: The collection is strictly limited to information that the User has made publicly visible; and
(c) Express Consent: By connecting their accounts, the User affirmatively consents to the processing of this data by third-party aggregators.

F. Opt-Out and Withdrawal.
The User may revoke access to their social media accounts at any time via the Platform settings (Settings > Privacy > Social Media Connections). The User acknowledges that disconnecting accounts will limit Platform functionality, including Campaign Matching and Creator DNA analysis. For complete data erasure, the User must terminate their account in accordance with Section 7.4.

G. Inquiries.
Questions regarding Beta Data Sources may be directed to support@lovelike.ai with the subject line "Beta Data Sources Inquiry." The Company endeavors to respond to such inquiries within fifteen (15) business days.

All third-party data collection complies with applicable privacy laws and the terms of service of source platforms.

2.6 AI and Machine Learning Data

(a) AIMÊ Usage Data:

Interactions with AIMÊ AI systems across all platform features, available to all user types (Lovelikers, Love Creators, Love Partners):

For Lovelikers:

• Style Consultancy: Fashion preferences, body measurements, color preferences, style quiz responses, wardrobe analysis, outfit suggestions, and personalized styling recommendations

• Consumer DNA Analysis: Shopping behavior patterns, purchase history, brand affinity, product category preferences, price sensitivity, lifestyle indicators, browsing patterns, wishlist activity, and cart abandonment data

• Product Recommendations: AI-generated personalized product suggestions based on consumer DNA profile, past purchases, browsing behavior, and style preferences

• Shopping Assistant: Conversational AI support for product discovery, size recommendations, styling advice, and purchase decisions

• Trend Discovery: Personalized trend alerts, new product notifications, and curated shopping experiences based on individual preferences

For Love Creators:

• Influencer DNA Analysis: Content style patterns, audience demographics, engagement quality metrics, niche identification, collaboration success history, authenticity scores, posting frequency, content format preferences, and audience authenticity assessment

• Campaign Matching: AI-generated Love Partner-Love Creator compatibility scores, ROI predictions, audience overlap analysis, brand alignment assessment, and optimal campaign recommendations

• Content Performance Analytics: Real-time campaign tracking, engagement pattern analysis, conversion attribution, content optimization suggestions, and audience growth insights

• Creator Dashboard: Personalized performance benchmarks, competitor analysis, growth opportunities, and monetization optimization recommendations

For Love Partners:

• Brand DNA Analysis: Brand personality assessments, product category expertise, target audience insights, pricing strategy analysis, competitive positioning, brand values alignment, and market differentiation factors

• Love Creator Discovery: AI-powered influencer search based on brand DNA compatibility, audience alignment, engagement quality, authenticity scores, past campaign ROI, and budget optimization

• Campaign Performance Prediction: Estimated reach, engagement rates, conversion projections, ROI forecasts, and optimal creator-product pairings

• Consumer Insights: Aggregated and anonymized Loveliker shopping behavior, product preferences, trend analysis, and market demand signals for product development and marketing strategy

• Inventory & Sales Optimization: AI-driven product performance analysis, pricing recommendations, seasonal trend predictions, and restocking alerts

All User Types:

• Conversational AI Support: General platform assistance, feature tutorials, troubleshooting, and user onboarding

• Performance Analytics: Real-time dashboard metrics, progress tracking, goal setting, and personalized improvement recommendations

(b) MY AIMÊ Training Program (Voluntary Participation - Available to ALL Users):

Who Can Participate: Lovelikers, Love Creators, AND Love Partners may opt into MY AIMÊ AI Training Program.

What You Consent To:

Anonymized Data (Benefits All Platform Users):
De-identified conversation patterns, product preferences, style choices, shopping behavior, campaign performance data, interaction patterns, content engagement, and platform usage aggregated for AI model improvement across the entire Lovelike ecosystem.

Personalized Data (Benefits YOU Specifically):

For Lovelikers:

• Individual conversation history with AIMÊ for continuity across shopping sessions

• Shopping behavior and purchase history for personalized product recommendations

• Style preferences and wardrobe data for customized fashion consultancy

• Browsing patterns and wishlist activity for improved product discovery

• Feedback on AI recommendations for model refinement specific to your shopping needs

• Consumer DNA profile refinement over time for increasingly accurate personalization

For Love Creators:

• Campaign performance history for improved Love Partner-Love Creator matching

• Content style analysis for personalized campaign recommendations

• Audience insights for brand alignment optimization

• Feedback on campaign briefs and ROI predictions for model improvement

• Influencer DNA profile refinement over time for better monetization opportunities

For Love Partners:

• Product performance data for inventory and pricing optimization

• Consumer behavior insights for product development and marketing strategy

• Campaign ROI history for future Love Creator selection

• Brand positioning analysis for competitive advantage

• Feedback on Love Creator matches and campaign outcomes for model improvement

• Brand DNA profile refinement over time for optimal creator partnerships

Consent & Control:

By participating in MY AIMÊ Training Program, you explicitly consent to both anonymized and personalized AI training uses described above.

You may opt out at any time via:

• Account Settings → MY AIMÊ Training Program → Toggle OFF

• Emailing support@lovelike.ai with "MY AIMÊ Opt-Out" in subject line

Important Limitations:

✅ Opting out STOPS future data collection for AI training immediately
❌ Opting out DOES NOT delete historical training data already incorporated into AI models (anonymized data cannot be reversed; personalized data remains for 90 days post-opt-out for model stability, then deleted)
⚠️ Opting out MAY REDUCE personalization quality (AIMÊ recommendations become less accurate without your ongoing feedback)
✅ You can re-opt-in at any time to resume personalized AI training benefits

Data Retention Post-Opt-Out:

• Anonymized training data: Permanent (cannot be reversed from aggregated models)

• Personalized conversation history: Deleted after 90 days

• Personalized DNA profiles: Frozen (no longer updated, deleted after 90 days)

• Transaction history: Retained per Section 5 (Security and Retention) regardless of MY AIMÊ participation

IMPORTANT: MY AIMÊ REQUIRES EXPLICIT OPT-IN CONSENT

Participation in the MY AIMÊ program is NOT automatic upon account registration. You MUST actively choose to participate by providing explicit consent.

For detailed opt-in procedures and requirements, see:

• Terms of Service Section 7.5 (MY AIMÊ AI Improvement Program)

• Terms of Service Annex IX (MY AIMÊ AI Credits and Training Program)

Note: Simply accepting these Terms or creating a Lovelike account does NOT automatically enroll you in MY AIMÊ.

Management of Participation:

• How to Opt In: After creating your account, you must explicitly opt in via:

  • Account Settings → MY AIMÊ AI Training Program → Toggle ON.

• How to Opt Out: You may opt out at any time via:

  • Account Settings → MY AIMÊ AI Training Program → Toggle OFF.

See Section 2.6(b) of this Privacy Policy for details on what happens to your data after opting out.

(c) Model Improvement & Platform Optimization:

Anonymized usage patterns, performance feedback, A/B testing results, and system optimization data for AI enhancement across:

Matching & Discovery:

• Love Partner ↔ Love Creator compatibility algorithm accuracy

• Product recommendation relevance for Lovelikers

• Search and discovery optimization for all user types

• Campaign ROI prediction accuracy

Personalization & Experience:

• Style consultancy precision (AIMÊ fashion advisor for Lovelikers)

• Brand DNA assessment accuracy (Love Partners)

• Influencer DNA assessment accuracy (Love Creators)

• Consumer DNA assessment accuracy (Lovelikers)

• Conversational AI response quality and helpfulness

Safety & Compliance:

• Fraud detection and account security models

• Content moderation (prohibited products, spam, fake reviews)

• Age verification and underage access detection

• Payment dispute and chargeback prevention

Platform Performance:

• Site speed and loading time optimization

• Mobile app performance and crash prevention

• Feature usage analytics and user experience improvements

• Technical error detection and resolution

All AI processing is designed for adult users (18+) and includes safeguards against generating age-inappropriate content, prohibited products, or harmful recommendations.

AIMÊ Data Controller Role:

Lovelike acts as sole data controller for AIMÊ AI processing. AIMÊ combines proprietary machine learning models with third-party large language models (LLMs) to deliver hyper-personalized experiences.

Our AI Architecture:

(i) Proprietary Machine Learning (Internal Training):

Lovelike's internal ML models are trained exclusively on platform data to power:

• DNA Profile Analysis: Consumer DNA (Lovelikers), Influencer DNA (Love Creators), and Brand DNA (Love Partners)

• Matching Algorithms: Love Partner ↔ Love Creator compatibility scoring and campaign recommendations

• Personalization Engines: Product recommendations, content curation, and shopping experience optimization

• Fraud Detection & Security: Transaction monitoring, account security, and abuse prevention

These proprietary models are trained using anonymized and aggregated user data from MY AIMÊ Training Program participants (Section 2.7(b)) and general platform activity. All training occurs on Lovelike's secure infrastructure (AWS, Google Cloud Platform) without external AI vendor access to raw training data.

(ii) Third-Party Large Language Models (Analysis & Interaction):

For conversational AI, natural language understanding, and advanced analytics, we utilize external LLM providers who process certain data on our behalf:

LLM Providers We Use:

• OpenAI (GPT-5, ChatGPT API)

• Anthropic (Claude)

• Google (Gemini, PaLM API)

• Other enterprise-grade LLM services as needed

What Data These LLMs Process:

• User Conversations: Chat interactions with AIMÊ AI Assistant (product questions, style consultancy, campaign briefs, platform support)

• Content Analysis: Product descriptions, creator content evaluation, brand messaging assessment, review sentiment analysis

• Natural Language Queries: Search queries, filtering requests, conversational product discovery

• Text Generation: Personalized email content, campaign brief summaries, product recommendation explanations

Important Safeguards:

✅ Data Minimization: We send only necessary text data to LLMs (no full profiles, payment info, or sensitive personal data unless required for the specific request)
✅ Contractual Protections: All LLM providers operate under Data Processing Agreements (DPAs) that prohibit using Lovelike data to train their own public models
✅ Anonymization When Possible: User identifiers are removed or pseudonymized before LLM processing where feasible
✅ Enterprise Tier Services: We use business/enterprise API tiers with enhanced privacy protections (not consumer-facing ChatGPT)
✅ No Long-Term Storage: LLM providers process data transiently and do not retain it beyond necessary processing time per our agreements

Third-Party LLM Privacy Policies:

• OpenAI Business Privacy: https://openai.com/enterprise-privacy

• Anthropic Privacy Policy: https://www.anthropic.com/legal/privacy

• Google Cloud AI Privacy: https://cloud.google.com/privacy

(iii) How AIMÊ Insights Are Shared:

AIMÊ-generated insights (combining internal ML + external LLM analysis) are shared with platform users to enable hyper-personalized experiences:

• Love Creators see campaign opportunities matched to their influencer DNA and audience

• Love Partners see Love Creator recommendations matched to their brand DNA and target audience

These insights are described in detail in Section 2.8 (Operational Data Sharing).

Why This Hybrid Approach Matters:

✅ Internal ML = Your Data Control: Sensitive training data (purchase history, DNA profiles, behavioral patterns) stays within Lovelike infrastructure
✅ External LLMs = Advanced Capabilities: State-of-the-art natural language understanding, conversational AI, and content analysis without building everything from scratch
✅ Contractual Privacy Protections: LLM providers cannot use your data for their own model training or other purposes beyond processing your Lovelike requests
⚠️ Third-Party Processing Risk: While contractually protected, external LLM providers do process certain data—if you prefer to minimize third-party AI exposure, you may opt out of conversational AIMÊ features (though this limits personalization quality)

Opting Out of LLM Processing:

To reduce external LLM data processing:

• Account Settings → Privacy → AIMÊ Conversational AI → Toggle OFF

This disables chat-based features (AIMÊ Assistant conversations, natural language search, style consultancy chat) but retains internal ML-powered recommendations and DNA analysis

However, standard service providers (cloud hosting, data storage, analytics) still process your data as described in Section 2.5(c) and our Service Providers List.

2.7 Operational Data Sharing for Platform Functionality

To operate the Platform and provide essential services, we collect and share certain information with other platform users and service providers as strictly necessary for platform functionality:

(a) Love Creator to Love Partner Sharing (Campaign Operations):

When Love Creators accept campaigns, we share:

• Public Profile Information: Social media handles, follower counts, engagement metrics, profile photo, bio, and professional credentials with Love Partners for campaign matchmaking and performance evaluation

• Shipping Address: Your shipping address is shared with Love Partners when you accept a campaign that includes product sample delivery

• Campaign Performance Data: Views, clicks, conversions, and other performance metrics are shared with Love Partners who contracted the campaign

(b) Love Partner to Love Creator Sharing (Campaign Briefings):

When Love Partners create campaigns, we share:

• Campaign Briefings: Creative requirements, brand guidelines, and campaign specifications with Love Creators who participate

• Product Information: Product details and specifications for promotional content creation

• Payment Terms: Commission structures and payment schedules

Data Minimization Commitment:

We share only the minimum necessary information for each operational purpose. However, because complete profile information (photo, bio, social media, professional credentials) is MANDATORY for account activation, this information becomes part of your public profile and may be shared with other platform users and partners as part of normal platform operations.

Mandatory Profile Information Sharing:

Because profile photo, bio, social media links, and professional information are REQUIRED for account completion:

• This information becomes part of your public platform profile

• Love Partners can view this information when evaluating Love Creators for campaigns

• Other platform users may view this information based on privacy settings

• You cannot opt-out of sharing mandatory profile information while maintaining platform access

Opt-Out Limitations:

Operational data sharing is strictly necessary for Platform functionality. Additionally, because complete profile information is MANDATORY:

• You cannot opt-out of having a profile photo

• You cannot opt-out of providing bio/description

• You cannot opt-out of connecting at least one verified social media account

• You cannot opt-out of providing professional information

The only way to opt-out of sharing mandatory profile information is to close your account entirely.

However, you control your participation in optional features:

• Love Creators may decline campaigns requiring product delivery

• All users may adjust privacy settings for optional information

• All users may close their accounts at any time

Third-Party Data Recipient Obligations:

All parties receiving shared data through Platform operations are contractually bound to:

(a) Use shared data ONLY for the specified operational purpose
(b) Maintain appropriate technical and organizational security measures
(c) Not disclose shared data to unauthorized third parties
(d) Delete or return data upon completion of the operational purpose
(e) Comply with all applicable data protection laws
(f) Indemnify Lovelike for breaches of these data handling obligations

Love Partners as Independent Data Controllers:

By accepting these Terms, Love Partners specifically acknowledge that they act as independent data controllers for consumer data received for order fulfillment and are solely responsible for compliance with applicable privacy laws in their processing of such data.

Age Verification Integration:

All operational data sharing is restricted to verified users 18 years of age or older, consistent with our adult-only platform framework.

3. HOW WE USE YOUR INFORMATION

3.1 Platform Operation and Service Provision

We use your information to operate and provide Platform services including:

(a) Account Management: Creating, maintaining, and securing user accounts, processing registrations, verifying age eligibility, validating mandatory profile information (photo, bio, social media, professional credentials), and managing subscription status for users 18 years and older.

(b) Age Verification and Compliance: Verifying user age eligibility, monitoring for underage access attempts, and maintaining compliance with our adult-only platform framework.

(c) Transaction Processing: Facilitating campaign payments, commission calculations, and financial operations through Stripe Connect for verified adult users.

(d) Content Management: Hosting, displaying, and managing user-generated content appropriate for adult users, facilitating content discovery, enabling platform interactions, and displaying mandatory public profile information (photo, bio, social media links, professional credentials).

(e) Customer Support: Providing customer service, resolving disputes, processing appeals, and maintaining user satisfaction for adult platform users.

(f) Platform Security: Fraud detection, account security, compliance monitoring, age verification enforcement, profile completeness validation, and maintaining platform integrity.

(g) Essential Operational Data Sharing: Sharing necessary information between platform users (Love Creators, Love Partners) to enable core platform functionality including:

• Campaign matchmaking and execution (sharing Creator profiles, mandatory profile information, and metrics with Partners)

• Campaign content creation (sharing campaign briefings with participating Creators)

• Public profile display (displaying mandatory profile photo, bio, social media links, and professional credentials to other platform users based on account type and privacy settings)

This operational sharing is strictly necessary for the Platform to function and is conducted in accordance with our data minimization principles, while recognizing that mandatory profile information becomes part of your public platform presence.

3.2 AI and Machine Learning for Adult Platform

We use information for AI system operations including:

(a) AIMÊ System Operation: Providing AI-assisted content generation, platform optimization, and user experience enhancement tailored for adult users, utilizing mandatory profile information to personalize interactions.

(b) MY AIMÊ Model Training: For users voluntarily participating in our MY AIMÊ AI Training Program:

• Anonymized Training: Using de-identified conversation patterns, product preferences, and interaction data to improve AIMÊ's general capabilities for all users

• Personalized Training: Using your individual conversation history, shopping behavior, feedback, and mandatory profile information to train AIMÊ specifically for your personalized experience and recommendations

• Consent-Based Processing: All MY AIMÊ training data use requires your explicit voluntary consent and acknowledgment that both anonymized and personalized data (including profile information) will be used for AI model improvement

• Opt-Out Rights: You may opt out of MY AIMÊ participation at any time, though previously contributed training data may remain in trained models

(c) Personalization: Customizing user experience, improving content recommendations, optimizing platform functionality for adult users, and utilizing mandatory profile information for enhanced personalization.

(d) Performance Analytics: Monitoring AI system performance, detecting biases, and implementing improvements for adult-focused features.

3.3 Business Operations and Compliance

We use information for business operations including:

(a) Legal Compliance: Meeting tax reporting obligations, anti-money laundering compliance, sanctions screening, age verification requirements, profile completeness verification, and regulatory requirements.

(b) Business Analytics: Understanding adult user behavior, improving platform features, making business decisions, and analyzing profile completion trends.

(c) Marketing and Communications: With appropriate consent, sending platform updates, promotional communications, and service announcements to adult users, potentially utilizing mandatory profile information for personalization.

(d) Risk Management: Fraud prevention, security monitoring, age compliance enforcement, profile authenticity verification, and maintaining platform operational integrity.

4. INFORMATION SHARING AND DISCLOSURE

4.1 Service Providers and Business Partners

We share information with trusted third-party service providers including:

(a) Payment Processing: Stripe Connect for transaction processing, compliance, and fraud prevention for adult users.

(b) Identity Verification and Payment Processing Services: Stripe Connect for:

- Love Partner business account verification (business identity, authorized representative verification, age confirmation, payment processing)

- Love Creator individual account verification (individual identity, SSN collection for tax reporting, age confirmation, commission payouts)

(c) AI Services: OpenAI, Anthropic, Google/Gemini, and other AI providers for platform AI functionality and model improvement, with appropriate safeguards for adult-only content.

(d) Infrastructure Providers: Cloud hosting, data storage, content delivery, and technical infrastructure providers with appropriate adult content safeguards.

(e) Business Tools: Analytics providers, customer support platforms, and operational service providers.

(f) Professional Services: Legal counsel, accountants, auditors, and other professional service providers as necessary for business operations.

(g) Platform User Data Sharing: Sharing information between platform users (Love Creators, Love Partners, Lovelikers) as necessary for platform operations, including:

• Love Creator social media metrics, mandatory profile information (photo, bio, social media, professional credentials), and shipping addresses with Love Partners for campaign execution

• Love Partner product information and brand assets with all platform users for campaign marketplace functionality

• Campaign performance data with Love Partners who contracted the campaigns

• Mandatory public profile information visible to other users based on account type

All inter-user data sharing is governed by contractual obligations requiring recipients to use data only for specified purposes, maintain security measures, and comply with applicable privacy laws.

4.2 Legal and Regulatory Disclosure

We may disclose information when required by law or in good faith belief that disclosure is necessary:

(a) Legal Process: Responding to subpoenas, court orders, search warrants, and other valid legal processes.

(b) Law Enforcement: Cooperating with law enforcement investigations, regulatory inquiries, governmental requests, and age verification enforcement.

(c) Emergency Situations: Protecting user safety, preventing fraud, investigating security incidents, addressing imminent threats, and reporting suspected underage access.

(d) Regulatory Compliance: Meeting obligations under applicable federal and state laws including tax reporting, anti-money laundering, sanctions compliance, and age verification requirements.

4.3 Business Transactions

In connection with business transactions including mergers, acquisitions, asset sales, or bankruptcy proceedings, we may transfer user information to successors or assigns, subject to appropriate notice, user rights, and adult-only platform continuity requirements.

4.4 Aggregated and De-Identified Information

We may share aggregated, de-identified, or anonymized information that cannot reasonably identify individual adult users for business purposes including research, analytics, and platform improvement.

4.5 User-Directed Sharing

We share information as directed by verified adult users including:

(a) Public Content: Displaying user-generated content as intended by users on profiles, marketplace listings, and platform features, including mandatory profile information (photo, bio, social media, professional credentials).

(b) Social Media Integration: Sharing content to connected social media platforms as authorized by users, with appropriate age-related safeguards.

(c) Referral Programs: Processing referral activities and commission calculations for Love Connectors and General Referral Program participants.

4.6 User-Directed Operational Sharing for Adult Platform

We share information as directed by verified adult users and as necessary for platform functionality:

(a) Campaign Participation Sharing:

When Love Creators accept campaigns:

• Automatic Profile Sharing: Your public social media profile information (name, handles, follower counts, engagement metrics) and mandatory profile information (photo, bio, professional credentials) are automatically shared with the Love Partner who created the campaign

• Shipping Address Sharing: If you accept a campaign requiring product sample delivery, your shipping address is shared with the Love Partner for fulfillment

• Performance Data Sharing: Campaign performance metrics (views, clicks, conversions) are shared with the Love Partner for evaluation and payment calculation

(b) Public Content Sharing:

• User Profiles: Mandatory profile information (photo, bio, social media links, professional credentials, etc) is visible to other platform users based on account type and cannot be hidden while maintaining platform access

(d) Social Media Integration Sharing:

When you connect social media accounts:

• Public Metrics: Publicly available follower counts, engagement rates, and content statistics are shared with Love Partners for campaign matching

• Content Sharing: Content you choose to share to social media platforms is governed by those platforms' privacy policies

• Authorization Scope: Social media data sharing is limited to what you authorize through platform connection settings

(e) Referral Program Sharing:

When you participate in referral programs:

• Referral Code Tracking: Your unique referral code is tracked to calculate commissions for successful referrals

• Performance Metrics: Aggregated referral performance data may be shared with you for program participation tracking

Consent and Control:

• Implied Consent: By creating an account and completing mandatory profile requirements, you provide implied consent for necessary operational data sharing of mandatory profile information

• Explicit Consent: We obtain explicit consent for any non-essential data sharing or uses beyond core platform functionality

• Withdrawal of Consent: You may withdraw consent by:

  • Declining to participate in campaigns requiring data sharing

  • Not making purchases on the marketplace

  • Closing your account (complete withdrawal of all profile information)

Note: Mandatory profile information (photo, bio, social media, professional credentials) cannot be hidden or opted-out while maintaining active platform access. The only way to remove this information from the platform is to close your account entirely.

Limitations and Protections:

• Purpose Limitation: Shared data may only be used for the specific operational purpose disclosed

• Security Requirements: All data recipients must maintain appropriate security measures

• Retention Limits: Data must be deleted or returned upon completion of the operational purpose

• No Re-sharing: Recipients cannot re-share your data without your additional consent

• Age Restriction: All sharing is limited to verified adult users 18+ only

4.7 Referral, Ambassador, and Affiliate Programs

Your participation in our voluntary partner programs, such as the Referral Program, Ambassador Program, or other affiliate structures ("Partner Programs"), is governed by separate terms and conditions ("Program Terms") which you must agree to upon enrollment. This Privacy Policy governs your general Platform account data, but the Program Terms will specifically govern data processing related to program performance, commission calculations, tax reporting (if applicable), payments, and the use of your likeness or profile for program marketing.

5. DATA RETENTION

5.1 General Retention Framework

We retain your personal information only for as long as is reasonably necessary and proportionate to fulfill the purposes for which it was collected, as outlined in this Privacy Policy. Our retention periods are determined based on our legal obligations (such as for tax, accounting, and regulatory compliance), the need to resolve disputes, our legitimate business operations, and to enforce our agreements. For example, age verification records and mandatory profile information may be retained for specific periods to demonstrate compliance with our adult-only platform policies and operational requirements.

5.2 Account Data Retention

(a) Active Accounts: Information including mandatory profile data (photo, bio, social media, professional credentials) is retained while accounts remain active and for a reasonable period thereafter to facilitate account reactivation for verified adult users.

(b) Terminated Accounts: Following account termination, we retain information for the period specified in our Terms of Service or as required by applicable law, including age verification records and mandatory profile information.

(c) Business Records: Financial transaction records, compliance documentation, age verification records, profile completion records, and business records are retained according to applicable legal requirements and industry standards.

5.3 Age Verification Records

(a) Age verification documentation is retained for the minimum period required by applicable law and business necessity;

(b) Verification records may be retained longer for legal compliance and audit purposes;

(c) Failed age verification attempts are recorded and retained for fraud prevention and compliance monitoring;

(d) Age verification data is subject to enhanced security measures and access controls.

5.4 Content Retention

(a) User-Generated Content: Content including mandatory profile information may be retained after account closure for operational continuity, legal compliance, and platform integrity.

(b) MY AIMÊ AI Training Data - Retention and Deletion Limitations:

For users participating in the MY AIMÊ AI Training Program:

• What Data is Used for Training:

  • Anonymized: Conversation patterns, product preferences, interaction data (aggregated across all users)

  • Personalized: Your individual conversation history, shopping behavior, feedback (specific to you)

• Retention Period: Indefinitely within trained AI models

• Why Indefinite Retention:
  Once AI training data is incorporated into a machine learning model, it becomes structurally integrated into the model's neural network weights and parameters. This means:

  • Technical Reality:

    • Training data is NOT stored as separate records or files

    • It is transformed into mathematical patterns within the model

    • Individual user contributions cannot be isolated or extracted

    • Deleting your data would require retraining the entire model from scratch (affecting all users)

  • CCPA/CPRA Exception:
    This retention is permitted under CCPA §1798.105(d)(9) (research purposes) and §1798.105(d)(8) (maintaining or servicing accounts of other users).

• Your Rights and Options:

  • Before Participating in MY AIMÊ:

    • ✅ You can DECLINE to participate (opt-out during onboarding)

    • ✅ MY AIMÊ participation is 100% VOLUNTARY

    • ✅ Platform functionality works without MY AIMÊ (you just won't get personalized AI features)

  • After Participating in MY AIMÊ:

    • ✅ You can OPT-OUT at any time (stops future data collection for training)

    • ⚠️ Previously contributed data REMAINS in trained models (cannot be extracted)

    • ✅ You can REQUEST deletion of your personalized conversation history stored separately from the model

    • ✅ You can CLOSE YOUR ACCOUNT (stops all future AI training data collection)

• What IS Deleted When You Opt-Out or Close Account:

  • ✅ Your personalized conversation history (stored logs)

  • ✅ Your MY AIMÊ profile preferences

  • ✅ Your participation records and consent history

  • ❌ Training data already incorporated into the model (technically impossible to extract)

• Analogy to Help Understand:
  Think of AI training like baking a cake:

  • Your data (eggs, flour, sugar) is mixed with thousands of other users' data

  • Once baked into the cake (the AI model), you cannot "un-mix" your eggs

  • We can throw away the recipe (your separate logs), but the cake (trained model) remains

• Transparency Commitment:
  If technical capabilities change and extraction becomes possible in the future, we will:

  • Update this Privacy Policy

  • Notify MY AIMÊ participants

  • Offer retroactive deletion options

(c) Mandatory Profile Information: Profile photos, bios, social media links, and professional credentials may be retained in anonymized or aggregated form for platform analytics and improvement even after account closure.

5.5 Legal and Compliance Retention

We retain information as required by applicable law including:

(a) Tax Records: Financial transaction records for tax reporting periods required by law.

(b) Compliance Documentation: Records necessary for regulatory compliance, investigations, legal proceedings, age verification audits, and profile authentication verification.

(c) Security Logs: Access logs and security records for reasonable periods to investigate incidents and maintain platform security.

5.6 Specific Data Retention Periods

To provide transparency regarding how long we retain different categories of personal information, we disclose the following retention periods:

Retention Periods by Data Category:

Third-Party Data Retention:

Some data is processed and retained by third-party service providers who act as independent data controllers:

(a) Stripe Connect retains the following data according to their retention policies:

• Payment card information and transaction data

• Identity verification documents (government ID, business documents)

• Tax identification information (SSN, EIN)

• Age verification records (18+ confirmation for Brands and Influencers)

• Bank account information for payouts

Stripe's retention periods are governed by their Privacy Policy and legal obligations including PCI-DSS compliance, tax reporting requirements, and anti-money laundering regulations. See Stripe's Privacy Policy at https://stripe.com/privacy for details.

(b) AI Service Providers (OpenAI, Anthropic, Google/Gemini) retain AI interaction data according to their own retention policies. See Section 4.1(c) for provider details and their respective privacy policies.

(c) Enzuzo (Cookie Consent Management Platform) processes cookie consent data on our behalf. We retain cookie consent records for 12 months from consent or until withdrawal, as specified in the Data Retention table above. Enzuzo processes this data according to our instructions and our Data Processing Agreement.

Important: Lovelike does not control third-party retention periods. Please review each provider's privacy policy for their specific retention practices.

Retention Period Exceptions:

The standard retention periods listed above may be extended in the following circumstances:

(a) Legal Holds: Data subject to litigation hold, government investigation, or regulatory inquiry will be retained until the hold is lifted, regardless of standard retention period.

(b) Active Litigation: Data relevant to ongoing legal proceedings will be retained until case closure plus applicable appeals periods.

(c) Regulatory Investigations: Data subject to regulatory investigation will be retained as required by investigating agency.

(d) Security Incidents: Data related to security breaches or fraud investigations will be retained for investigation duration plus 2 years.

(e) Age Verification Failures: Records of failed age verification attempts may be retained longer for fraud prevention and platform protection purposes.

(f) Profile Authentication Issues: Mandatory profile information involved in fraud investigations or authenticity disputes may be retained longer for platform protection.

Automated Deletion Process:

When retention periods expire, we follow this deletion process:

Step 1: Data is automatically flagged for deletion when retention period expires

Step 2: Primary systems purge flagged data within 30 days

Step 3: Backup systems purge data in next backup cycle (maximum 90 days)

Step 4: Anonymization is applied where deletion is not technically feasible

Step 5: Deletion confirmation is logged in audit trail for compliance verification

User-Initiated Deletion Requests:

Users may request deletion of their personal information before the standard retention period expires:

How to Request:

• Online portal: https://lovelike.ai/privacy/delete

• Email: support@lovelike.ai (subject: "Deletion Request")

• Phone: +1 305 590 3903 (Monday-Friday, 9 AM - 6 PM ET)

Verification Required: Government-issued photo ID and account authentication

Response Timeline: 45 days (may extend additional 45 days for complex requests)

Important Limitations on Deletion:

(a) Mandatory Profile Information: While your account is active, mandatory profile information (photo, bio, social media, professional credentials) CANNOT be deleted as it is required for platform participation. You must close your account to delete this information.

(b) MY AIMÊ AI Training Data: Once incorporated into AI models, training data cannot be extracted or deleted due to technical limitations. You may opt-out to stop future data collection, but previously contributed data remains in trained models. See Section 5.4(b) for complete details.

(c) Legal Exceptions: If we deny deletion due to legal exception (tax records, active litigation, security investigation), we will provide written explanation with details of the exception and your right to appeal the decision.

Questions About Data Retention?

For questions about how long we retain specific types of data or to request information about data retention practices:

• Email: support@lovelike.ai

• Subject Line: Data Retention Inquiry

• Response Time: 15 business days

────────────────────────────────────────────────────────────
6. DATA SECURITY

6.1 Security Measures

We protect personal information using:
(a) Encryption (AES-256 at rest, TLS 1.3 in transit)
(b) Access controls and multi-factor authentication
(c) Secure infrastructure (SOC 2 Type II certified)
(d) 24/7 monitoring and incident response

6.2 Third-Party Security

Service providers must implement appropriate security measures through Data Processing Agreements.

6.3 Security Incidents

If a breach occurs, we will notify affected users and regulators as required by law.

6.4 User Responsibilities

You must:
(a) Use strong passwords and enable MFA
(b) Keep credentials confidential
(c) Report unauthorized access
(d) Prevent minor access to your account

We offer financial incentives, including AIMÊ Credits, to users who voluntarily participate in our MyAIMÊ AI Training Program (see Section 2.6(b)). By opting in to the MyAIMÊ program, you agree to provide data for AI training in exchange for these benefits.

Earning Potential & Conditions:

By voluntarily participating in the MyAIMÊ AI Training Program (Section 2.6(b)), users are eligible to earn AIME credits. Users who are not enrolled in the MyAIMÊ program are not eligible for these specific subscription-based credits.

Love Partners & Love Creators: Earn up to 50,000 AIME credits/month (estimated $75 value) upon subscription renewal, conditional on active participation in the MyAIMÊ AI Training Program.

Lovelikers:May earn AIME credits through other activities as defined in the MyAIMÊ program terms.

Value Calculation: Based on market rates for similar engagement and AI training data ($6–$24 annually per user), we believe the program benefits (up to $900 annually for Love Partners & Creators who participate in MyAIMÊ) substantially exceed the value of the data collected, constituting a fair value exchange.

Participation is voluntary and you may opt-out anytime without penalty to basic Platform access.

For questions: support@lovelike.ai (subject: "CCPA Financial Incentive")

────────────────────────────────────────────────────────────

7. YOUR PRIVACY RIGHTS

Residents of certain U.S. states (California, Colorado, Virginia) age 18+ have specific rights regarding their personal information.

───────────────────────────────────────────────────────────
7.1 Right to Opt-Out of Sale/Sharing

What Constitutes "Sale" or "Sharing" Under State Privacy Laws:

"Sale" means disclosing personal information to a third party for monetary or other valuable consideration.

"Sharing" means disclosing personal information to a third party for cross-context behavioral advertising (tracking you across websites).

What Lovelike "Sells" or "Shares":

When you ACCEPT advertising cookies via our consent banner, we share the following data with advertising partners (Facebook, Google Ads, TikTok):

• Browsing activity (pages viewed, products browsed, search queries, time on site)

• Device information (device type, browser, hashed IP address)

• Engagement metrics (clicks, scroll depth, video views)

• Approximate location (city/state level from IP address)

• Inferred interests (product categories viewed, campaign types engaged)

This constitutes "sharing" under CCPA/CPRA because these partners use your data for cross-context behavioral advertising.

Campaign Matching Data Sharing:

When Love Creators apply to campaigns, we share the following with Love Partners:

• Public profile information (photo, bio, social media links, professional credentials)

• Campaign performance metrics (if applicable)

• Application materials submitted by the Love Creator

This does NOT constitute "sale" under CCPA because:

• Disclosure is necessary to provide the campaign matching service you requested

• No monetary consideration is exchanged for this data disclosure

• It falls under the "service provider" exception (CCPA §1798.140(t)(2)(C))

Love Creator Affiliate Commissions:

When Love Creators earn affiliate commissions:

• Tracking occurs through unique affiliate links

• Lovelike does NOT share consumer personal information with Love Partners for commission tracking purposes

• Love Partners may collect data independently on their own websites as separate controllers

• Lovelike receives only commission confirmation data (amount, date, creator ID)

This is NOT "sale" because Lovelike does not disclose consumer personal information to third parties in exchange for commissions.

What Lovelike Does NOT Sell:

We do NOT sell for monetary consideration:

• Your name, email address, or phone number to data brokers

• Government ID or age verification documents

• Payment information or credit card numbers

• Social Security Number or tax identification

• Shipping address or billing address to marketing lists

• Account login credentials

Mandatory Profile Information - Public Visibility:

Your mandatory profile information (photo, bio, social media links, professional credentials) is publicly visible to other Platform users as part of core platform functionality.

Legal Basis for Mandatory Profile Requirement:

• Lovelike is an influencer marketing platform, marketplace, social commerce platform, and personalized AI service

• Complete public profiles are essential for: (1) campaign matching between Love Partners and Love Creators, (2) brand discovery by Lovelikers, (3) campaign marketplace functionality, (4) AI personalization, and (5) community trust and safety

• Mandatory profile requirements are disclosed during registration and constitute contractual necessity under CCPA §1798.145(a)(3)

This public visibility is NOT "sale" or "sharing" under CCPA because:

• You provide explicit consent during registration

• Disclosure is necessary to provide the services you requested

• No third-party advertising networks receive this data for cross-context behavioral advertising

However, you CAN opt-out of:

• Advertising cookies tracking your browsing behavior across websites

• Sharing your activity data with advertising platforms (Facebook, Google Ads, TikTok)

• Cross-context behavioral advertising based on your Lovelike activity

How to Opt-Out of Sale/Sharing:

Click "Do Not Sell or Share My Personal Information" link in website footer. This will:

• Block advertising cookies (Facebook Pixel, Google Ads, TikTok Pixel)

• Prevent sharing of your browsing data with advertising platforms

• Maintain essential cookies (age verification, security, session management)

• Keep your mandatory profile information visible on Platform (for operational purposes)

Alternative: Enable Global Privacy Control (GPC) in your browser to automatically opt-out across all GPC-compliant websites. Our platform automatically recognizes GPC signals.

────────────────────────────────────────────────────────────
7.2 Right to Limit Use of Sensitive Personal Information

Under state privacy laws, "Sensitive Personal Information" (SPI) includes:

• Precise geolocation (within 1,850 feet)

• Racial or ethnic origin

• Religious or philosophical beliefs

• Genetic data

• Biometric data for identification

• Health information

• Sexual orientation

• Account login credentials (username + password)

Lovelike's Collection and Use of SPI:

We collect and use only the following SPI:

(a) Account Login Credentials: Used exclusively for authentication and account security. This use cannot be limited as it is necessary for Platform access.

(b) Government-Issued ID for Age Verification: Processed exclusively by Stripe

Connect as independent data controller. Lovelike does NOT use Stripe Identity

(Stripe's dedicated biometric verification product). Lovelike receives ONLY the

Stripe Connect account ID, verification status (approved/pending/rejected), and

age confirmation (18+ verified: Yes/No) — NOT the government ID document itself,

SSN/EIN, full date of birth, bank account numbers, or any data extracted from

the ID. See Section 2.1 for complete details on Stripe Connect's role and

Section 7.5 for data subject rights.

We do NOT collect:

• Precise geolocation

• Racial or ethnic origin

• Religious or philosophical beliefs

• Genetic data

• Biometric data for identification purposes

• Health information

• Sexual orientation (any such information in profiles is voluntarily provided and optional)

Because we collect only account credentials (necessary for service) and do not access government ID data directly, there is no additional SPI use subject to limitation rights under state privacy laws.

────────────────────────────────────────────────────────────
7.3 Other Privacy Rights

Subject to legal exceptions, you have the right to:

(a) Know/Access: Request disclosure of:
- Categories of personal information collected
- Specific pieces of personal information we hold about you
- Sources of information
- Purposes for collection
- Categories of third parties with whom we share data

(b) Delete: Request deletion of your personal information, subject to exceptions described in Section 7.4

(c) Correct: Request correction of inaccurate personal information in your account

(d) Non-Discrimination: Not be discriminated against for exercising your privacy rights

────────────────────────────────────────────────────────────
7.4 Limitations on Deletion Rights - Mandatory Profile Information

While your account is ACTIVE, you CANNOT delete mandatory profile information (photo, bio, social media links, professional credentials).

Legal Basis for Retention (CCPA §1798.105(d)):

Mandatory profile information must be retained to:
(a) Complete the transaction for which the information was collected (maintaining your active Platform account)
(b) Provide a good or service reasonably expected by you (campaign matching, brand discovery, campaign marketplace functionality, AI personalization)
(c) Perform a contract between Lovelike and you (Terms of Service requirements)

Rationale:

• Lovelike is an influencer marketing platform, marketplace, social commerce platform, and personalized AI service

• Complete public profiles are essential for core platform functionality

• Other users rely on this information for campaign matching, brand discovery, and campaign marketplace transactions

• Deleting mandatory profile information while maintaining an active account would breach contractual obligations

• Platform participation requires complete profile as disclosed during registration

How to Delete Mandatory Profile Information:

To exercise your right to delete mandatory profile information, you must CLOSE YOUR ACCOUNT ENTIRELY.

Account Closure Process:

1. Visit Settings → Account → Close Account

2. Confirm deletion request via email verification

3. Account and all personal information (including mandatory profile data) will be deleted within 30 days

4. You will receive deletion confirmation email

Data Retention After Account Closure:

Deleted Within 30 Days:

• Mandatory profile information (photo, bio, social links, credentials)

• Account credentials and login information

• Browsing history and engagement metrics

• Direct messages and communications

Retained for Legal/Operational Purposes:

• Transaction records: 7 years (tax compliance under IRS requirements)

• Fraud prevention data: 3 years (security and legal compliance)

• Legal hold data: Duration of litigation or investigation

Anonymized/Aggregated Data:

• Some data may be retained in anonymized or aggregated form for analytics (cannot identify you individually)

Other Exceptions to Deletion:

We may deny deletion requests when necessary to:
(a) Complete transactions or provide requested services
(b) Detect and prevent security incidents, fraud, or illegal activity
(c) Debug and repair Platform errors
(d) Comply with legal obligations (tax reporting, court orders, law enforcement)
(e) Exercise free speech or ensure others' right to free speech
(f) Engage in research in the public interest with appropriate safeguards
(g) Enable internal uses reasonably aligned with your expectations based on your relationship with us

7.5 Age Verification Data - Controller Clarification

Lovelike uses Stripe Connect as our identity verification and payment processing

provider. Lovelike does NOT use Stripe Identity (Stripe's dedicated biometric

verification product).

Controller Relationship:

Stripe Connect acts as an INDEPENDENT DATA CONTROLLER for all identity verification

data collected during the Love Partner and Love Creator onboarding processes. Lovelike

and Stripe operate as separate, independent controllers with distinct responsibilities:

What Stripe Connect Collects and Controls as Independent Data Controller:

* Government-issued identification documents (driver's license, passport, state ID)

* Full legal name and date of birth (DOB) for 18+ age verification

* Social Security Number (SSN) or Employer Identification Number (EIN) for tax reporting

* Business information and registration details (for Love Partners)

* Bank account information for payment processing

* Personal address and contact information

* Document verification metadata

Note: Stripe Connect MAY use automated document verification technology (including

potential biometric or facial recognition analysis of government-issued ID documents)

as part of its independent identity verification process. Any such processing is

conducted solely by Stripe as an independent data controller, is not visible to or

controlled by Lovelike, and is governed by Stripe's Privacy Policy. See Section 2.1

for complete details on Stripe Connect's independent verification process.

What Lovelike Receives from Stripe Connect:

* Verification status ONLY (approved/pending/rejected/suspended)

* Age confirmation ONLY (18+ verified: Yes/No)

* Stripe Connect account ID for payment processing

* Account type (individual/business)

* NO access to government ID documents, images, or raw personal data

* NO access to SSN/EIN, bank account numbers, or full date of birth

* NO access to biometric data or facial recognition information

Data Subject Rights for Age Verification:

For requests regarding identity verification data held by Stripe Connect

(government IDs, SSN/EIN, bank accounts, full DOB):

Contact: Stripe directly at privacy@stripe.com

Privacy Policy: https://stripe.com/privacy

Stripe Privacy Center: https://stripe.com/privacy-center

For requests regarding verification status and Stripe Connect account ID held

by Lovelike:

Contact: support@lovelike.ai

Lovelike CANNOT fulfill requests related to identity verification data collected

by Stripe Connect because Lovelike does not possess, access, or control such data.

All identity verification data requests MUST be directed to Stripe Connect as the

independent data controller. Stripe processes identity verification data under its

own privacy policy and is solely responsible for compliance with applicable identity

verification regulations.

7.6 How to Submit a Privacy Rights Request

To exercise any of your privacy rights:

Email: support@lovelike.ai
Subject Line: "Privacy Rights Request - [Type of Request]"
Include: Your full name, email address associated with account, specific request details

Or: Use automated tools in Settings → Privacy → Data Rights

Response Timeline:

• Initial response within 45 days of receipt

• May extend once by 45 additional days if necessary (90 days total)

• You will be notified of any extension within the initial 45-day period

Identity Verification:
We verify your identity before processing requests by:

• Matching email address to account records

• Requesting additional account information (username, registration date)

• Age verification confirmation (required for adult-only Platform)

Authorized Agent Requests:
You may authorize an agent to submit requests on your behalf by providing:

• Written authorization signed by you

• Agent verification of identity and authority to act on your behalf

────────────────────────────────────────────────────────────
7.7 Right to Appeal

If we deny your privacy rights request (in whole or in part), we will provide written explanation including:

• Reason for denial

• Legal basis and specific statutory exceptions cited

• Instructions for submitting an appeal

How to Appeal:
Email: support@lovelike.ai
Subject Line: "Privacy Rights Appeal - [Request ID]"
Include: Original request details, reason you believe denial was incorrect

Appeal Timeline:
We will respond to appeals within 45 days. Appeal decision is final unless you pursue additional remedies under state law.

State-Specific Appeal Rights and Contacts:

California Residents:
California Attorney General - Office of Privacy Protection
Website: https://oag.ca.gov/privacy
File Complaint: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company

Colorado Residents:
Colorado Attorney General - Consumer Protection Section
Website: https://coag.gov/office-sections/consumer-protection
File Complaint: https://coag.gov/file-complaint

Virginia Residents:
Virginia Attorney General - Consumer Protection Section
Website: https://www.oag.state.va.us/consumer-protection
File Complaint: https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint

──────────────────────────────────────────────────────────── 7.8 Limitations on Privacy Rights

Your privacy rights are subject to legal and contractual limitations, including:

Legal Exceptions (CCPA §1798.145):

• Compliance with federal, state, or local legal obligations

• Law enforcement requests, subpoenas, and court orders

• Exercise or defense of legal claims

• Security purposes and fraud prevention

Operational Exceptions:

• Mandatory profile requirements for active accounts (see Section 7.4)

• Data necessary to complete pending transactions

• Data required under Terms of Service contractual obligations

• Data subject to legal hold during litigation or investigation

Age Verification Requirement:
All privacy rights requests require age verification. Only verified users age 18 years or older may exercise privacy rights under state privacy laws.

───────────────────────────────────────────────────────────

8. ARTIFICIAL INTELLIGENCE AND ALGORITHMIC PROCESSING

8.1 AI System Disclosure

The Platform utilizes artificial intelligence systems designed for adult users age 18+ including:

(a) AIMÊ System: Our proprietary AI assistant for personalized recommendations, content generation, and platform optimization. AIMÊ provides:

• Product and campaign recommendations based on your conversation history, browsing behavior, profile information (excluding email address, phone number, and exact street address), and expressed preferences

• Strategic consulting for Love Partners using advanced RAG (Retrieval-Augmented Generation), GraphRAG, and machine learning to analyze brand DNA, ideal customer personas, influencer portfolios, and product catalogs

• Campaign matching recommendations analyzing Love Creator portfolios, brand briefs, audience demographics, and historical performance data

• Personalized platform assistance tailored to your user type and engagement patterns

(b) Third-Party AI: Integration with OpenAI, Anthropic, Google/Gemini, and other AI providers with appropriate adult content safeguards.

(c) Recommendation Algorithms: AI-powered personalized recommendations incorporating:

• Your mandatory profile information (photo, bio, social media links, professional credentials)

• Conversation history with AIMÊ

• Browsing behavior and product views

• Campaign engagement and application history

• Inferred interests and preferences based on Platform activity

• EXCLUDES: email address, phone number, exact street address, payment information, government ID data, passwords

(d) Fraud Detection: AI-based security monitoring, fraud prevention systems, age verification monitoring, and profile authenticity verification.

(e) Age Compliance AI: Automated systems to detect potential underage access attempts and maintain platform age restrictions.

(f) Profile Authenticity AI: Automated verification systems to detect fake profiles, stolen photos, or fraudulent mandatory profile information.

────────────────────────────────────────────────────────────
8.2 Automated Decision-Making with Human Oversight

We use AI-assisted decision-making (with human review/approval) for:

(a) Campaign Matching Recommendations:

• AIMÊ analyzes brand briefs, Love Creator portfolios, audience demographics, and campaign requirements using advanced RAG, GraphRAG, and machine learning

• AI recommends Love Creator matches and campaign strategies to Love Partners

• Human Decision Required: Love Partners manually review and approve all AI recommendations before final hiring decisions

• Love Creators voluntarily apply to campaigns and may be matched based on AI recommendations

• Legal Basis: This is AI-assisted recommendation (not automated decision-making) because humans make final decisions

• 
  

(b) Account Security (Fully Automated with Appeal Rights):

• Fraud detection and risk assessment

• Security incident response

• Age verification enforcement

• Profile authenticity validation

• Appeal Process Available: If your account is automatically suspended, you may request human review via support@lovelike.ai

(c) Content Moderation (Hybrid Automated + Human Review):

• Automated content review flags potential policy violations

• Human moderators make final decisions on content removal or account actions

• You may appeal moderation decisions for human re-review

────────────────────────────────────────────────────────────
8.3 MYAIMÊ AI Training Program

Adult users may voluntarily participate in MYAIMÊ to contribute data for AI model improvement.

What MYAIMÊ Collects for Training:

(a) Anonymized Training Data (Improves AIMÊ for All Users):

• De-identified conversation patterns and interaction data

• Aggregated product preferences and browsing behavior

• Anonymized profile behavior patterns (trends, not individual identities)

• Platform engagement metrics in aggregate form

(b) Personalized Training Data (Improves AIMÊ for Your Experience):

• Your individual conversation history with AIMÊ

• Your shopping behavior and product preferences

• Your feedback and ratings

• Your mandatory profile information (photo, bio, social links, credentials)

• Your campaign application history and engagement patterns

What MYAIMÊ Does NOT Collect:

• Email address, phone number, or exact street address

• Government-issued ID or age verification documents

• Payment information or credit card numbers

• Account passwords or login credentials

• Private/encrypted messages between users

Facial Recognition Disclosure:
AIMÊ does NOT use facial recognition technology or biometric analysis on profile photos. Your photo is used only for visual display and campaign portfolio presentation, not for biometric identification.

Important MYAIMÊ Acknowledgments:

By participating in MYAIMÊ, you acknowledge and agree that:

✓ Your data will be used for BOTH:

• Anonymized training (general model improvement for all users)

• Personalized training (creating better recommendations specifically for you)

✓ Training data is permanently integrated into AI models and cannot be extracted after training completion

✓ Your contributions help improve AIMÊ for all users (anonymized use) AND create better personalized experiences for you (personalized use)

✓ You may opt out at any time via Settings → Privacy → AI Training → Toggle OFF, but previously contributed data will remain in trained models

✓ Opting out prevents future data contribution but does not affect Platform functionality or existing trained models

────────────────────────────────────────────────────────────8.4 AI Data Processing Rights

(a) General AI Training Opt-Out:

• You may opt out of contributing data to MYAIMÊ AI training via Settings → Privacy → AI Training → Toggle OFF

• Opting out prevents future data contribution to model training

• Previously contributed data cannot be removed from already-trained models

• Opting out does NOT affect Platform functionality, personalized recommendations, or your ability to use AIMÊ

(b) Operational AI Processing (Cannot Opt-Out):

The following AI processing is essential for Platform functionality and cannot be opted out of while maintaining an active account:

• Personalized Recommendations: AIMÊ uses your profile information, conversation history, and browsing behavior to provide product and campaign recommendations tailored to you. This is core Platform functionality.

• Campaign Matching Assistance: AIMÊ analyzes your profile (for Love Creators) or brand brief (for Love Partners) to recommend relevant matches.

• 
  

• Fraud Detection and Security: AI monitors account activity for security threats, fraud prevention, and age compliance. This is necessary for Platform safety.

• Profile Authenticity Verification: AI validates mandatory profile information to prevent fake accounts. This is necessary for community trust.

Legal Basis for Mandatory AI Processing:

• Contractual Necessity (CCPA §1798.145(a)(3)): These AI functions are essential to provide the influencer marketing, marketplace, and personalized commerce services you requested when creating your account

• Legitimate Interest: Fraud prevention and security protect all users and are legally required

• Disclosed at Registration: AI-powered personalization and matching are disclosed during account creation as core Platform features

(c) Right to Human Review:

• You may request human review of automated security decisions (account suspensions, fraud flags) by emailing support@lovelike.ai with subject "Appeal Automated Decision"

• Campaign matching recommendations are already human-reviewed (Love Partners manually approve all AI suggestions)

(d) Algorithmic Transparency:

• We implement bias detection and mitigation measures in AI systems

• We do NOT guarantee algorithmic fairness or perfect accuracy

• AI recommendations are probabilistic and may contain errors

• You are not obligated to follow AI recommendations

(e) Age and Profile Requirement:

• All AI processing is designed for and restricted to verified users 18 years or older

• Complete mandatory profile information is required for full AI-powered personalization and matching functionality

9. [RESERVED]

This Section is reserved for future use and does not contain operative provisions.

Future editions of this Privacy Policy may utilize this Section for additional

privacy disclosures. The absence of content in this Section does not affect the

validity or enforceability of any other Section of this Privacy Policy.

────────────────────────────────────────────────────────────
10. INTERNATIONAL DATA TRANSFERS

10.1 Data Transfer Locations

Your personal information may be transferred to and processed in the following locations:

(a) Primary Data Hosting: United States

(b) Third-Party Service Providers (See Section 10.5 for complete list):

• Stripe Connect (payment processing): United States and European Union

• AI services: United States, European Union, Asia

• Enzuzo (privacy compliance): United States and Canada

• Social Media Platforms (Facebook, Instagram, TikTok, YouTube, Pinterest): United States and global operations

• Essential business services: United States and other jurisdictions with adequate data protection

(c) Data Transferred Internationally Includes:

• Mandatory profile information (photo, bio, social media links, professional credentials)

• Transaction and payment data (processed by Stripe, Avalara)

• Shipping address data (processed by EasyPost)

• AI training and personalization data (processed by OpenAI, Anthropic, Google)

• Privacy compliance data (processed by Enzuzo)

• Social media integration data (processed by Facebook, Instagram, TikTok, YouTube, Pinterest)

• Platform activity and engagement metrics

• Fraud prevention and security data

────────────────────────────────────────────────────────────
10.2 Transfer Safeguards

Safeguards for Service Providers: As a U.S. company, we engage service providers (as listed in Section 10.5) who may process data in other countries (e.g., Canada, New Zealand). When we do so, we implement appropriate safeguards: (a) Contractual Protections: We use Data Processing Agreements (DPAs) and other robust contractual clauses to ensure our service providers protect Lovelike data. (b) Technical Safeguards: Encryption in transit (TLS 1.3) and at rest (AES-256) for all data transfers to our providers. (c) Adult Content Restrictions: Third-party processors agree to appropriate adult content safeguards and age restrictions. (d) Limited Transfers: Data transfers to our providers are limited to what is necessary for them to perform their functions for us.

────────────────────────────────────────────────────────────
10.3 Consent to International Transfers

Consent to Processing in the United States and by Service Providers:

(a) By creating an account, you, as a resident of the United States, consent to your data being processed and stored in the United States, primarily in the AWS US-East-1 (Virginia) region. (b) You further acknowledge and consent that our third-party service providers (as listed in Section 10.5) may process your data in other countries (such as the United States, Canada, or New Zealand) as necessary to provide their services to us.

(b) You acknowledge that the Platform is operated from the United States and data processing occurs primarily in the United States with US data protection standards

(c) You understand that international data transfers are necessary to provide influencer marketing, marketplace, AI personalization, social commerce, tax compliance, shipping services, and privacy management services

10.4 Non-US User Considerations

As stated in Section 1.1, the Platform is designed, intended, and primarily offered for use by residents of the United States. While we implement technical geo-blocking measures to restrict access from outside the United States, no technical measure is infallible, and access from non-US jurisdictions may occur despite these restrictions.

Key Provisions:

• Exclusive Jurisdiction: Any such access is subject to the Terms of Service Section 24 (International Data Transfer Limitations) and the user acknowledges that US privacy law frameworks apply exclusively.

• Prohibited Access: Circumvention of geo-blocking measures for the purpose of accessing the Platform from prohibited jurisdictions constitutes a violation of our Terms of Service.

• Compliance Disclaimer: We do not guarantee compliance with any non-US privacy laws.

10.5 Third-Party Service Providers and Data Sharing

We share your personal information with the following third-party service providers to operate the Platform:

(A) CLOUD INFRASTRUCTURE

Amazon Web Services (AWS)

• Purpose: Cloud hosting and data storage

• Data Shared: All Platform data (encrypted)

• Location: United States

• Privacy Policy: https://aws.amazon.com/privacy

(B) PAYMENT PROCESSING

Stripe Connect

• Purpose: Payment processing, payouts, age verification, tax reporting (1099 forms to IRS)

• Data Shared: Payment information, transaction history, government-issued ID (processed by Stripe as independent controller), tax identification (SSN/EIN for 1099 reporting per Annex IV Section 11.2)

• Location: United States and European Union

• Privacy Policy: https://stripe.com/privacy

• Note: For age verification data, contact Stripe at privacy@stripe.com

Avalara

• Purpose: Sales tax compliance

• Data Shared: Transaction amounts, billing address

• Location: United States

• Privacy Policy: https://www.avalara.com/us/en/legal/privacy-policy.html

(C) SHIPPING

EasyPost

• Purpose: Shipping and package tracking

• Data Shared: Shipping address, recipient name, package details

• Location: United States

• Privacy Policy: https://www.easypost.com/privacy

(D) ARTIFICIAL INTELLIGENCE

OpenAI, Anthropic, Google/Gemini

• Purpose: AIMÊ AI assistant and personalized recommendations

• Data Shared: Conversation history, profile information (excludes email/phone/passwords), browsing behavior, training data (if opted in)

• Location: United States

• Opt-Out: Settings → Privacy → AI Training → Toggle OFF

• Privacy Policies:

  • OpenAI: https://openai.com/privacy

  • Anthropic: https://www.anthropic.com/privacy

  • Google: https://policies.google.com/privacy

(E) PRIVACY COMPLIANCE

Enzuzo

• Purpose: Cookie consent and CCPA compliance

• Data Shared: Cookie preferences, opt-out status, IP address

• Location: United States and Canada

• Privacy Policy: https://www.enzuzo.com/privacy-policy

(F) SOCIAL MEDIA PLATFORMS

Meta (Facebook & Instagram), TikTok, Google (YouTube), Pinterest

• Purpose: Social login, profile linking, advertising (if cookies accepted)

• Data Shared: Public profile info, social handles, browsing activity (if cookies accepted)

• Location: United States and global

• Opt-Out: Click "Do Not Sell or Share My Personal Information" in footer

• Privacy Policies:

  • Meta: https://www.facebook.com/privacy/policy

  • TikTok: https://www.tiktok.com/legal/privacy-policy

  • Google: https://policies.google.com/privacy

  • Pinterest: https://policy.pinterest.com/privacy-policy

(G) ANALYTICS AND TAG MANAGEMENT

Google Analytics 4

• Purpose: Website analytics (anonymized)

• Data Shared: Browsing behavior, device info, approximate location

• Location: United States

• Opt-Out: https://tools.google.com/dlpage/gaoptout

• Privacy Policy: https://policies.google.com/privacy

Google Tag Manager (GTM)

• Purpose: Tag and tracking code management, deployment of analytics and marketing tags

• Data Shared: Page views, click events, custom events, dataLayer variables

• Location: United States

• Privacy Policy: https://policies.google.com/privacy

• Note: GTM itself doesn't collect data; it deploys other tracking tags (e.g., Google Analytics, Facebook Pixel, TikTok Pixel) based on your cookie consent

(H) CUSTOMER SUPPORT

Freshdesk

• Purpose: Customer support (support@lovelike.ai)

• Data Shared: Name, email, support conversations

• Location: United States and India

• Privacy Policy: https://www.freshworks.com/privacy/

(I) COMMUNICATIONS

SMTP2GO

• Purpose: Email and SMS delivery

• Data Shared: Email/phone numbers, message content, engagement metrics

• Location: United States and New Zealand

• Opt-Out: Click "Unsubscribe" in marketing messages

• Privacy Policy: https://www.smtp2go.com/privacy/

(J) SECURITY

Cloudflare

• Purpose: DDoS protection and web security

• Data Shared: IP address, HTTP headers

• Location: United States and global

• Privacy Policy: https://www.cloudflare.com/privacypolicy

Google reCAPTCHA

• Purpose: Bot detection

• Data Shared: IP address, browser info

• Location: United States

• Privacy Policy: https://policies.google.com/privacy

Additional Disclosures:

We may also share data with:

• Legal and professional advisors

• Government agencies (when legally required)

• Business transfer recipients (merger/acquisition)

Your Rights:

• Privacy requests: support@lovelike.ai

• Advertising opt-out: "Do Not Sell or Share" in footer

• AI training opt-out: Settings → Privacy

• Marketing opt-out: "Unsubscribe" links

────────────────────────────────────────────────────────────

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 What Are Cookies?

Cookies are small text files stored on your device (computer, smartphone, tablet) when you visit websites. Cookies allow websites to recognize your device, remember your preferences, and improve your experience.

Similar Tracking Technologies:

In addition to cookies, we may use similar technologies including:

• Web Beacons (Pixels): Small graphic images embedded in web pages or emails to track user activity

• Local Storage: HTML5 local storage for enhanced functionality

• Session Storage: Temporary storage that expires when you close your browser

• Mobile SDKs: Software development kits for mobile app tracking and analytics

11.1.1 Automatic Cookie Detection and Categorization

How We Identify Cookies on Our Platform:

Lovelike uses Enzuzo's automated cookie scanning technology to:

1. Detect All Cookies: Scan our website to identify all cookies set by our platform and third-party services

2. Categorize Cookies: Automatically classify each cookie into the correct category (Essential, Functional, Analytics, Advertising)

3. Update Cookie List: Regularly re-scan to detect new cookies or changes to existing ones

4. Maintain Accuracy: Ensure our cookie disclosures remain current and complete

Cookie Scanning Process:

• Frequency: Automated scans run monthly (or when significant platform changes occur)

• Coverage: All pages, features, and third-party integrations

• Detection Method: Browser-based scanning technology that simulates user interactions

• Categorization: AI-powered categorization with manual review for accuracy

What Cookie Scanning Detects:

• ✅ First-party cookies (set by lovelike.ai domain)

• ✅ Third-party cookies (set by external services like Google Analytics, Facebook)

• ✅ Session cookies (temporary)

• ✅ Persistent cookies (stored long-term)

• ✅ HTTP cookies and JavaScript cookies

• ✅ LocalStorage and SessionStorage items

Cookie Table Accuracy:

The cookie tables in this Privacy Policy (Sections 11.2, 11.3) are generated based on:

• Automated scanning results from Enzuzo

• Manual verification by our privacy team

• Vendor documentation for third-party services

• Real-time monitoring for cookie changes

Important Note:

While we strive for 100% accuracy, new cookies may be set between scanning cycles. If you identify a cookie NOT listed in this Privacy Policy, please contact us at support@lovelike.ai so we can update our records.

Cookie Scanning Technology Provided By: Enzuzo (https://www.enzuzo.com)

11.2 How We Use Cookies

Lovelike uses cookies and similar tracking technologies for the following purposes on our adult-only platform (available exclusively to users 18 years of age or older):

(a) Essential Cookies (Always Active):

Purpose: Enable core platform functionality including login, account management, security, age verification status maintenance, profile completeness verification, and session management for verified adult users.

Legal Basis: Legal Basis: Necessary to provide the Platform and its services, or for our legitimate interest in security and functionality.

Cannot be disabled without preventing platform use

Examples:

• Session management and user authentication

• Authentication tokens and security credentials

• Age verification status and eligibility confirmation

• Profile completeness verification status

• Security features (CSRF protection, XSS prevention)

• Load balancing and platform performance optimization

• Shopping cart and transaction processing

• Fraud prevention and account security

Specific Essential Cookies:

(b) Functional Cookies:

Purpose: Remember user preferences and settings to enhance user experience for adult users

Legal Basis: Legal Basis: User consent (where required by applicable law) or our legitimate interest in improving user experience.

Can be disabled via cookie preferences without affecting core platform functionality

Examples:

• Language preferences and localization settings

• Display settings (theme, layout, accessibility options)

• Notification preferences and communication settings

• Remembered login information (optional)

• Customization preferences for adult content and features

• Profile visibility preferences

Specific Functional Cookies:

(c) Analytics Cookies:

Purpose: Understand how adult users interact with the Platform, measure performance, and improve user experience

Legal Basis: Legal Basis: User consent. This use may be considered a "Sale" or "Sharing" under the CCPA/CPRA, subject to your opt-out rights.

Can be disabled via cookie preferences

Examples:

• Google Analytics for traffic analysis and user behavior insights

• Platform usage statistics and feature engagement metrics

• Performance monitoring and error tracking

• A/B testing and feature optimization

• Age-appropriate content engagement analytics

• Profile completion funnel analysis

Specific Analytics Cookies:

Data Shared with Analytics Providers:

• Page views and navigation patterns

• Feature usage and interaction metrics

• Device and browser information

• General geographic location (city/state level)

• Age-appropriate content engagement data

• Profile completion status (aggregated)

(d) Advertising Cookies:

Purpose: Deliver personalized ads appropriate for adult users and measure campaign effectiveness

Legal Basis: Legal Basis: User consent. This use constitutes a "Sale" or "Sharing" under the CCPA/CPRA, subject to your opt-out rights.

Can be disabled via cookie preferences

Examples:

• Retargeting pixels for adult-appropriate advertising

• Social media advertising (Facebook, Instagram, TikTok)

• Ad performance tracking and conversion measurement

• Cross-site behavioral advertising for adult users

• Campaign attribution and ROI measurement

Specific Advertising Cookies:

Advertising Cookie Disclosures:

• CCPA/CPRA Classification: Use of advertising cookies may constitute "sale" or "sharing" of personal information under California law

• Opt-Out Rights: You may opt-out via "Do Not Sell or Share" link or Global Privacy Control (GPC)

• Third-Party Advertisers: Advertising partners may use cookies subject to their own privacy policies

• Profile Data: Advertising cookies do NOT have access to your mandatory profile information (photo, bio, social media, professional credentials)

#### **(e) Consent Performance Analytics:**

**Purpose:** Analyze user interactions with our cookie consent banner to improve opt-in rates and user experience

**Legal Basis:** Legitimate interest (improving user experience and consent transparency)

**Can be disabled:** No (essential for consent management optimization)

**Examples:**

- Tracking consent banner acceptance/rejection rates

- Measuring time-to-consent (how long users take to make a choice)

- A/B testing different banner designs and messaging

- Identifying technical issues with banner display or functionality

- Analyzing consent choices by category (which categories are most/least accepted)

**Important Notes:**

- Consent analytics are **privacy-compliant** (no personal identification)

- Data is **aggregated and anonymized** (no individual user tracking)

- Used solely to **optimize banner performance** (improve user experience)

- Managed by Enzuzo (our consent management platform) as independent data processor

**Data Collected for Consent Analytics:**

- Consent choice (accept all, reject all, customize)

- Categories selected (analytics, advertising, functional)

- Timestamp of consent decision

- Banner interaction events (viewed, clicked, closed)

- Device type (desktop, mobile, tablet)

- Geographic region (country/state level only)

**What is NOT collected:**

- ❌ No personal identification (no names, emails, phone numbers)

- ❌ No cross-site tracking (analytics limited to consent banner only)

- ❌ No individual user profiling (all data aggregated)

(f) **Geofencing and Jurisdiction-Based Banner Display:**

**What is Geofencing?**

Geofencing is a feature that allows us to display different cookie consent banners (or no banner at all) based on the user's geographic location.

How We Use Geofencing:

As stated in Section 1.1, we use technical geo-blocking measures to prevent access from outside the United States.

Within the United States, we use geofencing to display the correct consent banner based on state law: California Users: CCPA/CPRA-compliant banner (opt-out available, "Do Not Sell or Share" link). Other US States (e.g., Virginia, Colorado): State-specific consent banner as required by law. All Other US States: Standard US consent banner.

**Location Detection Method:**

- **IP Address Geolocation:** User's IP address is analyzed to determine country/state

- **Accuracy:** Country-level (highly accurate), State-level (moderately accurate)

- **Privacy:** IP address is NOT stored long-term (used only for real-time geofencing)

**Why We Use Geofencing:**

1. **Regulatory Compliance:** Different jurisdictions have different consent requirements

2. **User Experience:** Avoid showing irrelevant consent options to users outside regulated jurisdictions

3. **Conversion Optimization:** Reduce banner friction for users in non-regulated areas

**Important Notes:**

- Geofencing is **automated** (based on IP address detection)

- Users can **manually override** by adjusting browser settings or using VPN

- Consent choices are **always respected** regardless of detected location

- Platform remains **US-only service** (geofencing does not imply international compliance)

**Geofencing is managed by Enzuzo** (our consent management platform) as part of our automated compliance framework.

11.3 Third-Party Cookies and Services

We use third-party services that may set cookies on your device for our adult-only platform. Below are examples of third-party services we currently use or may use.

Important: This list is not exhaustive and may change as we integrate additional services to improve Platform functionality, security, and user experience. We may add, remove, or replace third-party providers as necessary for business, legal, or technical reasons without updating this Privacy Policy for each individual change.

#### **Tag Management Platform:**

| Category | Provider | Purpose | Cookie Types |

|----------|----------|---------|--------------|

| **Tag Management** | **Google Tag Manager (GTM)** | **Centralized tag deployment, consent-based tag firing** | **Functional** |

**What is Google Tag Manager?**

Google Tag Manager (GTM) is a tag management system that allows us to deploy and update tracking codes (tags) on our website without modifying the codebase directly.

**How GTM Works with Consent Management:**

1. **User visits site → Enzuzo consent banner appears**

2. **User makes consent choice → Consent preferences sent to GTM**

3. **GTM fires tags based on consent:**

- ✅ **Consent Granted:** Analytics/Advertising tags fire (Google Analytics, Facebook Pixel, etc.)

- ❌ **Consent Denied:** Tags are blocked (no tracking cookies set)

**Consent-Based Tag Firing:**

GTM respects user consent choices by:

- **Essential Tags:** Always fire (necessary for platform functionality)

- **Functional Tags:** Fire if user accepts functional cookies

- **Analytics Tags:** Fire if user accepts analytics cookies

- **Advertising Tags:** Fire if user accepts advertising cookies

**Tags Managed by GTM:**

- Google Analytics (GA4)

- Google Ads Conversion Tracking

- Facebook Pixel

- TikTok Pixel

- Custom event tracking

- Heatmap tools (if applicable)

**GTM Cookie:**

GTM may set a functional cookie (`_gtm`) to manage tag firing logic. This cookie:

- Expires when browser session ends

- Categorized as "Functional" (not essential)

- Can be blocked if user rejects functional cookies

**GTM Privacy Policy:** https://policies.google.com/privacy

**GTM Terms of Service:** https://marketingplatform.google.com/about/analytics/terms/us/

**Important Note:**

GTM is a **tag deployment tool**, not a tracking service itself. Actual tracking is performed by individual tags (Google Analytics, Facebook Pixel, etc.), which are subject to user consent.

Third-Party Services by Category:

Key Third-Party Privacy Policies:

For detailed information about how specific third parties handle your data, please review their privacy policies:

Analytics:

• Google Analytics: https://policies.google.com/privacy

Advertising:

• Facebook (Meta): https://www.facebook.com/privacy/policy

• Google Ads: https://policies.google.com/privacy

• TikTok: https://www.tiktok.com/legal/privacy-policy

Social Media:

• Instagram: https://help.instagram.com/privacy/policy

• YouTube: https://policies.google.com/privacy

Payment & Commerce:

• Stripe: https://stripe.com/privacy

• Avalara: https://www.avalara.com/us/en/legal/privacy-policy.html

• EasyPost: https://www.easypost.com/privacy

AI Services:

• OpenAI: https://openai.com/policies/privacy-policy

• Anthropic: https://www.anthropic.com/privacy

• Google (Gemini): https://policies.google.com/privacy

Security & Infrastructure:

• Cloudflare: https://www.cloudflare.com/privacypolicy/

Third-Party Cookie Control:

Disclaimer:

• No Control Over Third Parties: We do not control third-party cookies or their privacy practices. Each third-party service is governed by its own privacy policy.

• Third-Party Changes: Third parties may update their cookie practices, privacy policies, or terms of service without notice to us. We recommend reviewing third-party privacy policies directly for current information.

• Service Changes: We may add, remove, or replace third-party providers as necessary for Platform operations, security, or feature enhancements.

• Adult Content Safeguards: All third-party providers are contractually required to comply with our adult-only platform requirements (18+).

• Profile Data Protection: Third-party cookies do NOT have access to your raw mandatory profile information (photo, bio, social media credentials, professional details) unless you explicitly share such information through their services.

Third-Party Data Sharing:

What Data Third Parties May Receive:

Depending on the service and your cookie preferences:

• Analytics Providers: Aggregated usage data, page views, device information, general location (city/state level)

• Advertising Partners: Hashed identifiers, behavioral data for adult-appropriate ad targeting, conversion metrics

• Payment Processors: Transaction data, fraud prevention signals, payment method information

• Tax Compliance Providers: Transaction amount, product category, buyer/seller location for tax calculation

• Shipping Providers: Shipping address, package details, tracking information

• AI Providers: Content and interaction data per their terms of service (anonymized profile patterns may be included in MY AIMÊ training if you opt-in)

• Social Media Platforms: Publicly shared content, engagement metrics, integration-related data

• Security Providers: Threat detection data, IP addresses, security event logs

Legal Basis for Sharing:

• Essential Services: Contractual necessity and legitimate interest

• Analytics & Advertising: User consent via cookie banner or settings

• Security & Fraud Prevention: Legal obligation and legitimate interest

User Controls:

All third-party data sharing is subject to:

• Applicable U.S. privacy laws (CCPA/CPRA, other state privacy laws)

• User consent requirements (where applicable)

• Cookie preference controls (Section 11.5)

• Global Privacy Control (GPC) signals (Section 11.8)

• "Do Not Sell or Share" rights (Section 7.1)

Essential vs. Optional Third-Party Services:

Cannot Be Disabled (Essential):

• Payment processors (Stripe) - Required for transactions

• Tax compliance (Avalara) - Required for legal compliance

• Shipping providers (EasyPost) - Required for order fulfillment

• Security services (Cloudflare, reCAPTCHA) - Required for Platform security

• CDN services (Cloudflare, Fastly) - Required for Platform performance

• Age verification cookies - Required for adult-only compliance

• Profile completion verification - Required for platform functionality

Can Be Disabled (Optional):

• Analytics cookies (Google Analytics, Mixpanel)

• Advertising cookies (Facebook Pixel, Google Ads, TikTok Pixel)

• Some functional cookies (language preferences, theme settings)

• Some social media cookies (when not required for core functionality)

Partial Control:

• AI service cookies - Some essential for features you request, others optional

• Social media integration - Embedding requires some cookies, tracking can be disabled

To manage optional cookies, see Section 11.5 (Managing Your Cookie Preferences).

Third-Party Opt-Out Resources:

Industry-Wide Opt-Out Tools:

Beyond Platform controls and GPC, you may opt-out of third-party advertising cookies via:

Digital Advertising Alliance (DAA):
https://optout.aboutads.info/

Network Advertising Initiative (NAI):
https://optout.networkadvertising.org/

Google Ads Settings:
https://adssettings.google.com/

Facebook Ad Preferences:
https://www.facebook.com/ads/preferences/

TikTok Ad Settings:
Available in TikTok app settings

Important Notes:

• Industry opt-outs are cookie-based and device-specific

• Clearing cookies will reset opt-outs (you'll need to re-opt-out)

• Industry opt-outs are separate from Platform cookie controls

• Platform cookie controls apply where you manage them (browser/device)

Questions About Third-Party Cookies?

For cookie-related inquiries:

Email: support@lovelike.ai
Subject Line: Third-Party Cookie Inquiry
Response Time: 15 business days
Eligibility: Available to verified users 18 years and older

Common Inquiries:

• Specific third-party providers currently active

• How to opt-out of specific third-party cookies

• Technical issues with third-party integrations

• Privacy concerns about third-party data sharing

• Requests for list of all cookies set on your device

Your Rights:

For privacy rights related to third-party cookies (e.g., CCPA/CPRA opt-out of sale/sharing, deletion requests), see Section 7 - Your Privacy Rights.

11.4 Cookie Duration

Cookies may be session-based or persistent depending on their purpose:

Expiration Management:

• Cookies expire automatically after their specified duration

• You may delete cookies manually at any time via browser settings

• Some cookies may be renewed upon each visit to maintain functionality

• Age verification cookies are set for extended periods (up to 1 year) to minimize repeated verification requests for verified adult users

• Profile completion cookies persist for 1 year to maintain seamless platform access

11.5 Managing Your Cookie Preferences

You have multiple options to control cookies and tracking technologies:

(a) Cookie Consent Banner:

When you first visit the Platform, you'll see a cookie consent banner with the following options:

Option 1 - Accept All Cookies:

• Enables all cookie categories including analytics and advertising

• Provides full Platform functionality and personalized experience

• Supports platform optimization and revenue generation

Option 2 - Reject Non-Essential Cookies:

• Enables only essential cookies required for Platform operation

• Disables analytics and advertising cookies

• May limit some personalization features

• Age verification and profile completion cookies remain active as essential

Banner Behavior:

• Banner appears on first visit and upon consent expiration

• Consent choice is stored in a preference cookie

• Consent applies to the specific browser/device used

Available Controls:

• Essential Cookies: Always active (cannot be disabled)

• Functional Cookies: Toggle on/off

• Analytics Cookies: Toggle on/off

• Advertising Cookies: Toggle on/off

• Age Verification Cookies: Always active for adult platform compliance

• Profile Completion Cookies: Always active for platform functionality

Real-Time Application:

• Changes take effect immediately upon saving

• Some changes may require browser refresh

• Preference changes are logged for compliance purposes

• You may revert to default settings anytime

(c) Browser Cookie Settings:

You can also manage cookies directly through your browser settings:

Google Chrome:

1. Settings → Privacy and Security → Cookies and other site data

2. Options: Block all cookies, Block third-party cookies, Allow all cookies

3. Manage exceptions and site-specific permissions

4. Clear cookies and site data

Mozilla Firefox:

1. Options → Privacy & Security → Cookies and Site Data

2. Standard, Strict, or Custom tracking protection

3. Manage exceptions and permissions

4. Clear cookies and site data

Apple Safari:

1. Preferences → Privacy → Cookies and website data

2. Block all cookies or Allow from current website only

3. Manage website data

4. Remove all website data

Microsoft Edge:

1. Settings → Privacy, search, and services → Cookies and site permissions

2. Block all cookies, Block third-party cookies, or Allow all cookies

3. Manage and delete cookies

4. Clear browsing data

Mobile Browsers:

• iOS Safari: Settings → Safari → Privacy & Security → Block All Cookies

• Android Chrome: Settings → Site Settings → Cookies → Block/Allow

• Cookie management options vary by mobile browser

Important Notes:

• Disabling essential cookies (including age verification and profile completion) will prevent Platform use and may require repeated age verification and profile setup

• Some features may not function properly with cookies disabled

• Browser settings override Platform cookie preferences

• Clearing all cookies will log you out and remove your preferences

(d) Cookie Management Link in Footer:

A direct link to cookie preferences is available in the Platform footer on all pages:

Link Text: "Cookie Settings" or "Manage Cookies"
Location: Website footer (bottom of every page)
Function: Opens cookie preference center without requiring login
Accessibility: WCAG 2.1 AA compliant for all users

11.6 Industry Opt-Out Tools & Advertising Preferences

Beyond Lovelike's cookie controls, you can opt out of interest-based advertising across multiple websites using industry opt-out tools.

Universal Opt-Out Platforms:

Digital Advertising Alliance (DAA) WebChoices Tool:

• Website: https://optout.aboutads.info/

• Purpose: Opt-out of interest-based ads from 100+ advertising networks

• How It Works:

  1. Visit the WebChoices tool website

  2. The tool scans and detects participating companies tracking your browser

  3. Select which companies you want to opt-out from

  4. Submit your preferences (saved as opt-out cookies in your browser)

• Coverage: DAA member companies including Google, Meta, Adobe, and others

• Limitation: Opt-outs are device-specific and browser-specific

Network Advertising Initiative (NAI) Consumer Opt-Out:

• Website: https://optout.networkadvertising.org/

• Purpose: Opt-out of targeted advertising from NAI member companies

• Coverage: Major advertising networks and data analytics providers

• Same Limitations: Cookie-based and device-specific opt-outs

Important Limitations of Industry Opt-Out Tools:

Recommended Comprehensive Privacy Approach:

Step 1 (Most Effective): Enable Global Privacy Control (GPC)

• See Section 11.8 for setup instructions

• Automatically opts you out across all GPC-compliant websites

• No cookies needed (browser-based privacy signal)

• Works automatically on new websites you visit

Step 2: Configure Lovelike Privacy Settings

• Visit [Settings > Privacy > Cookie Preferences]

• Toggle off "Marketing Cookies" and "Analytics Cookies"

• Provides direct control over Lovelike tracking

Step 3 (Optional Backup): Use Industry Opt-Out Tools

• Use DAA/NAI tools for websites that don't support GPC

• Remember to re-opt-out if you clear your browser cookies

• Consider browser extensions like Privacy Badger for automated protection

Platform-Specific Advertising Preferences:

For direct control over how specific platforms use your data for advertising:

Which Privacy Method Should You Choose?

For Maximum Privacy Protection:

1. ✅ Enable Global Privacy Control (GPC) on all browsers and devices

2. ✅ Configure Lovelike Settings > Privacy (toggle off marketing/analytics cookies)

3. ✅ Use DAA/NAI opt-out tools as backup for non-GPC websites

4. ✅ Configure platform-specific ad preferences (Facebook, Google, TikTok)

5. ✅ Consider privacy-focused browser extensions (Privacy Badger, uBlock Origin)

For Basic Privacy Protection:

1. ✅ Configure Lovelike Settings > Privacy (toggle off marketing cookies)

2. ✅ Adjust Facebook and Google ad preferences

3. ✅ Enable your browser's built-in tracking protection

Questions About Opt-Out Tools?
Contact us at support@lovelike.ai with subject line "Opt-Out Assistance"
Response time: 15 business days

11.7 Do Not Track (DNT)

DNT Signal Status:

Some browsers offer a "Do Not Track" (DNT) signal that requests websites not to track user activity.

Our DNT Response:

• Currently, there is no industry consensus on how to respond to DNT signals

• Lovelike does not currently respond to DNT browser signals

• We do honor Global Privacy Control (GPC) signals as a valid opt-out of sale/sharing for applicable US state laws (see Section 11.8)

Why We Don't Respond to DNT:

• Lack of standardized DNT implementation across browsers

• Unclear legal requirements regarding DNT signal compliance

• Technical challenges in distinguishing DNT from other privacy signals

• Preference for explicit user consent via cookie banners and settings

Alternative Privacy Controls:

• Use our cookie consent banner to reject non-essential cookies

• Manage cookies via Platform settings or browser settings

• Enable Global Privacy Control (GPC) for automatic opt-out (Section 11.8)

• Exercise your CCPA/CPRA opt-out rights via "Do Not Sell or Share" link

11.8 Global Privacy Control (GPC)

GPC Recognition and Compliance:

Lovelike recognizes and honors Global Privacy Control (GPC) signals as a valid, user-enabled universal privacy mechanism.

What is GPC?

• A browser/extension signal that communicates your privacy preferences

• Automatically opts you out of "sale" and "sharing" of personal information

• Legally recognized under CCPA/CPRA and other US state privacy laws

• Works across websites that honor the signal

How Lovelike Responds to GPC:

When we detect a GPC signal from your browser or device:

1. Automatic Opt-Out: We treat it as a valid request to opt out of the "sale" and "sharing" of your personal information for that browser/device

2. Cookie Restrictions: Non-essential cookies for advertising and cross-context behavioral tracking are blocked

3. Data Processing Limitations: We limit data processing to essential platform functions and operations that do not constitute "sale" or "sharing"

4. Preference Persistence: Your GPC preference is honored for as long as the signal is active

GPC Scope and Limitations:

• ✅ Applies to: Advertising cookies, cross-site tracking, data sharing with third parties for behavioral advertising

• ❌ Does NOT apply to: Essential cookies (including age verification and profile completion), functional cookies necessary for services you request, data processing for legal compliance, security, or fraud prevention, sharing of mandatory profile information for platform functionality

How to Enable GPC:

Browser Support:

• Firefox: Install Privacy Badger or Global Privacy Control extension

• Chrome: Install Global Privacy Control extension or DuckDuckGo extension

• Edge: Install Global Privacy Control extension

• Safari: Use built-in tracking prevention (partial GPC support)

Extension Options:

• Privacy Badger: https://privacybadger.org/

• Global Privacy Control Extension: https://globalprivacycontrol.org/

• DuckDuckGo Privacy Essentials: https://duckduckgo.com/app

Mobile Devices:

• iOS: Use Safari with tracking prevention enabled, or install privacy-focused browsers (DuckDuckGo, Brave)

• Android: Install privacy-focused browsers (DuckDuckGo, Brave, Firefox Focus) with GPC support

GPC vs. Cookie Banner:

• GPC provides automatic opt-out without manual interaction

• Cookie banner allows granular control over specific cookie categories

• Both are valid and respected methods for managing privacy preferences

• GPC takes precedence if both are present

Checking GPC Status:

• Visit our Platform with GPC enabled

• Look for confirmation banner: "We've detected your Global Privacy Control signal and have opted you out of sale/sharing"

• Verify in Platform privacy settings: [Account] → [Privacy] → [GPC Status]

11.9 Children's Privacy (Adult Platform Framework)

Absolute Age Restriction:

The Platform is exclusively available to users 18 years of age or older. We do not knowingly collect any information, including cookies, from individuals under 18 years of age.

Age Verification Cookies:

• Essential cookies are used to maintain age verification status for verified adult users

• Age verification prevents repeated authentication requests

• Age verification cookies are retained for up to 1 year for user convenience

Profile Completion Cookies:

• Essential cookies track mandatory profile completion status (photo, bio, social media, professional credentials)

• Profile completion cookies prevent platform access until requirements are met

• Profile completion status is retained for seamless user experience

Underage Access Prevention:

• We implement age verification systems to prevent underage access

• Suspected underage accounts are immediately suspended pending verification

• Confirmed underage accounts are permanently terminated

• All data (including cookies and profile information) from terminated underage accounts is deleted

If We Discover Underage Access:

1. Immediate Suspension: Account access is immediately suspended

2. Data Deletion: All cookies, profile information, and personal information are deleted within 48 hours

3. Parent/Guardian Notification: Where contact information is available

4. System Enhancement: Review and enhance age verification measures

Parental Controls:

• Parents/guardians should implement parental control software to restrict access to adult-only platforms

• Browser cookie controls can be used to limit tracking of minors on family devices

• We recommend family discussions about age-appropriate internet use

11.10 Updates to This Cookie Policy

Policy Revision Process:

We may update this Cookie Policy to reflect:

• Changes in our cookie usage practices

• New tracking technologies or third-party services

• Applicable law changes (CCPA/CPRA, other state privacy laws)

• Industry best practices and user feedback

• Changes to mandatory profile requirements

Notification of Changes:

Material changes to this Cookie Policy will be communicated via:

1. Email Notification: Sent to all registered adult users at least 30 days before effective date

2. Platform Banner: Prominent notice on Platform homepage and dashboard

3. In-App Notification: Push notification or in-app message for mobile users

4. Updated Date: "Last Updated" date at the top of this section

What Constitutes Material Changes:

• New cookie categories or tracking technologies

• Changes in data sharing practices with third parties

• Expansion of advertising or analytics providers

• Modifications to essential cookie requirements (including profile completion cookies)

• Changes affecting user privacy rights or opt-out options

Non-Material Changes:

• Minor wording clarifications or corrections

• Updated third-party privacy policy links

• Technical specification updates

• Enhanced disclosure language

Your Acceptance:

• Continued use of the Platform after the effective date constitutes acceptance

• If you do not agree with changes, you may:

  • Adjust your cookie preferences to reject non-essential cookies

  • Discontinue Platform use and close your account

  • Contact us with concerns: support@lovelike.ai

Change History:

We maintain a version history of this Cookie Policy available upon request to support@lovelike.ai.

11.11 Contact Us About Cookies

For cookie-related questions, concerns, or requests:

Email: support@lovelike.ai
Subject Line: Cookie Policy Inquiry - [Your Question]
Response Time: 15 business days for standard inquiries
Eligibility: Available only to verified users 18 years of age or older

Common Cookie Inquiries:

• How to disable specific cookie categories

• List of all cookies used on the Platform

• Third-party cookie provider privacy policies

• Technical issues with cookie preferences

• GPC signal troubleshooting

• Age verification cookie questions

• Profile completion cookie questions

Cookie Audit Requests:

You may request a comprehensive list of all cookies set on your device by the Platform, including:

• Cookie names and purposes

• Expiration dates and durations

• Third-party providers

• Data collected and processed

Cookie-Related Privacy Rights:

For CCPA/CPRA privacy rights related to cookies (e.g., opt-out of sale/sharing, deletion requests), see Section 7 - Your Privacy Rights of this Privacy Policy.

Last Updated: February 5, 2026
Cookie Policy Version: Integrated with Privacy Policy v1.0
Effective Date: February 5, 2026

Integration Note: This Cookie Policy is fully integrated into Section 11 of the Lovelike Privacy Policy (v1.0). This section has the same legal force and effect as the rest of the Privacy Policy.

For Comprehensive Privacy Information: Visit the complete Privacy Policy at: https://lovelike.ai/privacy

Cookie Preference Controls: Manage your cookie settings at: https://lovelike.ai/settings/privacy

Questions About Cookies? Contact: support@lovelike.ai (Subject: Cookie Policy Inquiry)

12. MARKETING AND COMMUNICATIONS

12.1 Communication Types for Adult Users

We may send communications to verified adult users including:

(a) Service Communications: Account notifications, security alerts, essential service updates, age verification reminders, and profile completion notifications.

(b) Promotional Communications: With appropriate consent, marketing messages, feature announcements, and promotional offers appropriate for adult users.

(c) Legal Communications: Policy updates, terms changes, and legal notices.

12.2 Communication Preferences for Adults

(a) Service communications (including profile completion reminders) are necessary for Platform operation and cannot be opted out;

(b) Promotional communications may be managed through account settings or unsubscribe links;

(c) Legal communications are required for account maintenance and compliance;

(d) All communications are designed specifically for adult users 18 years and older with complete mandatory profile information.

12.3 Third-Party Marketing for Adult Platform

(a) We do not sell personal information (including mandatory profile information) to third parties for their marketing purposes;

(b) Marketing integrations with business partners are governed by separate consent and opt-in procedures appropriate for adult users;

(c) Social media advertising may use Platform data (excluding raw mandatory profile information) in accordance with platform policies and user consent;

(d) Adult users may opt-out of data sharing for marketing purposes through privacy settings, though mandatory profile information remains visible on the platform for operational purposes.

13. BIOMETRIC DATA AND SENSITIVE INFORMATION

Biometric Data Restrictions

(a) Lovelike does NOT collect, process, or store biometric identifiers or biometric information;

(b) Age verification that may involve biometric processing is conducted exclusively by Stripe Connect, acting as an independent data controller (see Section 2.1);

(c) Adult users are prohibited from uploading biometric information through Platform features;

(d) Violations of biometric data restrictions may result in account termination.

13.2 No Biometric Privacy Law Liability

Because Lovelike does not collect, process, or store biometric data:

(a) Illinois Biometric Information Privacy Act (BIPA) does NOT apply to Lovelike;

(b) Texas Capture or Use of Biometric Identifier (CUBI) law does NOT apply to Lovelike;

(c) Washington, Arkansas, and other state biometric privacy laws do NOT apply to Lovelike;

(d) All biometric privacy law compliance responsibilities rest exclusively with Stripe Connect.

13.3 Sensitive Personal Information for Adults

(a) We minimize collection of sensitive personal information to what is necessary for Platform operation for adult users;

(b) When collected (tax reporting, payment processing, identity verification, age verification), sensitive information receives enhanced protection;

(c) Sensitive information is processed only for specific business purposes and in compliance with applicable laws;

(d) Additional consent may be required for processing certain categories of sensitive information;

(e) Mandatory profile information (photo, bio, social media, professional credentials) is NOT classified as Sensitive Personal Information under CCPA/CPRA.

13.4 Health and Financial Information

(a) We do not intentionally collect health information through Platform features;

(b) Financial information is collected only as necessary for payment processing and tax compliance for adult users;

(c) Professional financial services are not provided through the Platform;

(d) Adult users should not submit health or financial information through general Platform features.

14. THIRD-PARTY SERVICES AND LINKS

14.1 Third-Party Integrations for Adult Platform

The Platform integrates with third-party services including:

(a) Social Media Platforms: Instagram, Facebook, YouTube, TikTok, and other platforms with adult content considerations. **Social media account connection and verification is MANDATORY** for complete profile activation.

(b) Identity Verification and Payment Processing Services: Stripe Connect for:

- Love Partner business account verification (business identity, authorized representative verification, age confirmation, payment processing)

- Love Creator individual account verification (individual identity, SSN collection for tax reporting, age confirmation, commission payouts)

Stripe Connect acts as an independent data controller for all identity verification, tax identification, and payment processing data. Lovelike receives only verification status (approved/pending/rejected) and age confirmation (18+ verified: Yes/No). See Section 2.2 and Section 2.1 for complete details.

(c) AI Services: OpenAI, Anthropic, Google/Gemini, and other AI providers with adult content safeguards.

(d) Business Tools: Analytics, customer support, and operational service providers.

(e) Analytics and Advertising Services: Third-party analytics (Google Analytics) and advertising providers (Facebook Pixel, Google Ads) that may use cookies and tracking technologies as detailed in Section 11.3 (Third-Party Cookies).

14.2 Third-Party Privacy Policies

(a) Third-party services have separate privacy policies and terms of service;

(b) We are not responsible for third-party privacy practices or data handling;

(c) Identity Verification and Payment Processing: Stripe Connect for:

- Love Partner business onboarding, identity verification, age confirmation, and payment processing

- Love Creator individual onboarding, identity verification, age confirmation, tax reporting (SSN collection), and commission payouts

Stripe Connect acts as an independent data controller for all verification and payment data. See Section 2.1 and Section 2.2 for complete details.

(d) Third-party data collection and use is governed by their respective policies;

(e) For Stripe Connect identity verification, payment processing, and tax reporting, review:

- Stripe Connect Privacy Policy: https://stripe.com/privacy

- Stripe Connect Terms of Service: https://stripe.com/legal/connect-account

\-

\-

\-

(f) For social media integrations (Instagram, Facebook, TikTok, YouTube), review their respective privacy policies before connecting accounts.

14.3 External Links for Adult Users

(a) The Platform may contain links to external websites and services appropriate for adult users;

(b) External sites are not operated by Lovelike and have separate privacy practices;

(c) We do not endorse or take responsibility for external site privacy practices;

(d) Adult users should review external site privacy policies before providing information.

15. COMPREHENSIVE PRIVACY DISCLAIMERS

15.1 Service Limitations

WE PROVIDE THE ADULT-ONLY PLATFORM "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES REGARDING DATA SECURITY, PRIVACY PROTECTION, OR INFORMATION ACCURACY. TO THE FULLEST EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES RELATED TO PRIVACY AND DATA PROTECTION.

15.2 Third-Party Disclaimer

WE ARE NOT RESPONSIBLE FOR THE PRIVACY PRACTICES, DATA SECURITY, OR INFORMATION HANDLING OF THIRD-PARTY SERVICES, INTEGRATIONS, OR EXTERNAL WEBSITES. ALL THIRD-PARTY PRIVACY MATTERS MUST BE RESOLVED DIRECTLY WITH THE THIRD PARTY.

15.3 Data Processing Limitations

WE DISCLAIM ALL LIABILITY FOR:

(a) Data processing errors, inaccuracies, or technical failures;

(b) Third-party data breaches, security incidents, or privacy violations;

(c) International data transfer compliance or cross-border privacy law violations;

(d) AI processing errors, algorithmic bias, or automated decision-making outcomes;

(e) User content privacy, intellectual property exposure, or information disclosure risks;

(f) Age verification system failures, errors, or false positives/negatives;

(g) Profile information authenticity, accuracy, or unauthorized access;

(h) User failure to complete mandatory profile requirements or maintain profile accuracy.

15.4 Legal Compliance Disclaimer

WE COMPLY WITH APPLICABLE US PRIVACY LAWS. AS STATED IN SECTION 1.1, THE PLATFORM IS RESTRICTED TO THE UNITED STATES AND WE DO NOT GUARANTEE COMPLIANCE WITH ANY INTERNATIONAL PRIVACY REGULATIONS.

15.5 Adult Platform Specific Disclaimers

WE DISCLAIM ALL LIABILITY FOR:

(h) Consequences of underage access attempts or verification system limitations;

(i) Adult content exposure to minors through third-party systems or user misconduct;

(j) Age verification data accuracy or third-party verification service failures;

(k) Legal consequences arising from user misrepresentation of age or eligibility;

(l) User failure to maintain mandatory profile information accuracy or completeness;

(m) Unauthorized access to accounts due to user sharing of credentials or negligence;

(n) Disclosure of mandatory profile information through normal platform operations.

16. LIABILITY LIMITATIONS FOR PRIVACY MATTERS

16.1 Maximum Liability Cap

TO THE FULLEST EXTENT PERMITTED BY LAW, OUR TOTAL LIABILITY FOR ALL

PRIVACY-RELATED CLAIMS SHALL BE SUBJECT TO AND SHALL NOT EXCEED THE

AGGREGATE LIABILITY CAPS SET FORTH IN SECTION 13.7 OF THE TERMS OF

SERVICE, WHICH ARE INCORPORATED HEREIN BY REFERENCE. SPECIFICALLY:

(a) FOR USERS HOLDING A STANDARD 'LOVELIKER' ACCOUNT OR ANY OTHER

NON-COMMERCIAL ACCOUNT, LOVELIKE'S TOTAL AGGREGATE LIABILITY FOR

PRIVACY-RELATED CLAIMS IS LIMITED TO ONE HUNDRED U.S. DOLLARS (US$100).

(b) FOR USERS HOLDING A 'LOVE CREATOR' OR 'LOVE PARTNER' ACCOUNT OR

ANY OTHER COMMERCIAL OR MONETIZED ACCOUNT, LOVELIKE'S TOTAL AGGREGATE

LIABILITY FOR PRIVACY-RELATED CLAIMS IS LIMITED TO THE GREATER OF:

(I) FIVE HUNDRED U.S. DOLLARS (US$500); OR (II) THE TOTAL AMOUNT OF

FEES PAID BY YOU TO LOVELIKE DURING THE TWELVE (12) MONTH PERIOD

IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

IN THE EVENT OF ANY CONFLICT BETWEEN THIS SECTION AND THE TERMS OF

SERVICE SECTION 13.7, THE TERMS OF SERVICE SHALL CONTROL PURSUANT TO

THE LEGAL SUPREMACY CLAUSE IN TERMS OF SERVICE SECTION 20.16.

16.2 Excluded Damages

WE SHALL NOT BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING FROM PRIVACY MATTERS INCLUDING:

(a) Data breaches, security incidents, or information disclosure;

(b) Third-party privacy violations or data misuse;

(c) International data transfer complications or regulatory violations;

(d) AI processing privacy issues or algorithmic decision-making consequences;

(e) Business interruption, reputation harm, or lost opportunities related to privacy matters;

(f) Age verification failures, underage access incidents, or age compliance issues;

(g) Adult content exposure or age-related legal consequences;

(h) Disclosure of mandatory profile information through normal platform operations;

(i) User failure to complete or maintain mandatory profile requirements.

16.3 User Indemnification

You agree to indemnify Lovelike for all privacy-related claims arising from:

(a) Your violation of this Privacy Policy or misuse of Platform privacy features;

(b) Your submission of false, misleading, or unauthorized information including age misrepresentation or fake profile information;

(c) Your violation of third-party privacy rights or applicable privacy laws;

(d) Your failure to maintain account security or unauthorized access due to your negligence;

(e) Providing false age information or allowing minor access to your account;

(f) Any claims arising from underage access through your account or negligence;

(g) Your failure to complete mandatory profile requirements or maintain profile information accuracy;

(h) Your negligent disclosure of login credentials or account access to unauthorized parties;

(i) Claims arising from your public disclosure or sharing of your own mandatory profile information through social media or other channels.

17. DISPUTE RESOLUTION FOR PRIVACY MATTERS

17.1 Privacy Rights Requests

Requests to exercise privacy rights (access, delete, correct, opt-out, etc.) are NOT disputes and are processed through our Privacy Rights Portal or support@lovelike.ai as detailed in Section 7.

17.2 Privacy-Related Disputes

For disputes regarding interpretation or enforcement of this Privacy Policy:

(a) Mandatory Pre-Arbitration Process

• Submission: Submit dispute to support@lovelike.ai with Subject Line: "Privacy Dispute - [Brief Description]"

• Negotiation Period: 60-day good faith negotiation period.

• Mediation: Mediation available upon request.

(b) Arbitration (If Applicable):

• Governed by Section 15 of Terms of Service

• JAMS Comprehensive Arbitration Rules

• Delaware venue

• Individual arbitration only

17.3 Exceptions to Arbitration

The following privacy matters are NOT subject to arbitration:

(a) Statutory Privacy Rights:

• CCPA/CPRA private right of action claims

• BIPA claims (if applicable)

• State privacy law claims where arbitration prohibited

(b) Regulatory Proceedings:

• FTC investigations or enforcement

• State AG investigations or enforcement

• Data protection authority proceedings

(c) Equitable Relief:

• Requests for injunctive relief for ongoing violations

• Emergency privacy protection orders

17.4 Class Action Waiver - CCPA Exception

General class action waiver in ToS Section 15.2 applies to privacy disputes EXCEPT:

• CCPA class actions where waiver is prohibited by law

• State privacy law class actions where waiver is void

17.5 Right to Court for Privacy Rights

If arbitration of privacy claims is found unenforceable, such claims may be brought in court in Delaware or your state of residence, at your option.

17.6 Governing Law

This Privacy Policy is governed by Delaware law without regard to conflict-of-law principles.

17.7 Adult User Eligibility for Dispute Resolution

Only verified adult users 18 years of age or older are eligible to participate in dispute resolution procedures. Age verification may be required for all dispute resolution processes.

18. CHANGES TO THIS PRIVACY POLICY

18.1 Policy Updates

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or business operations. We will provide notice of material changes through:

(a) Email notification to registered adult users at least 30 days before the effective date;

(b) Prominent notice on the Platform homepage and user dashboard;

(c) In-app notifications and account alerts;

(d) Updated "Last Updated" date at the top of this Policy.

18.2 Continued Use Consent

Continued use of the Platform after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree to changes, you must discontinue Platform use and may close your account.

18.3 Emergency Updates

We may implement immediate Privacy Policy changes when required by law, court order, regulatory directive, or security emergency, with notice provided as soon as reasonably practicable.

18.4 Age Verification for Policy Updates

Age verification may be required to acknowledge and accept material privacy policy changes, ensuring continued compliance with our adult-only platform framework.

18.5 Profile Requirement Updates

Changes to mandatory profile requirements will be communicated with at least 60 days advance notice to allow users to update their profiles accordingly.

19. CONTACT INFORMATION

19.1 Privacy Inquiries

For privacy-related questions, requests, or concerns, contact us at:

Email: support@lovelike.ai
Subject Line: Privacy Inquiry - [Your Request Type]
Response Time: Up to 45 days for complex requests, 15 business days for standard inquiries
Eligibility: Available only to verified users 18 years of age or older

Mailing Address:
Lovelike Inc.
Attn: Privacy Team
8 The Green Ste A
Dover, DE 19901
United States

Office Hours: Monday-Friday, 9:00 AM - 6:00 PM ET (UTC-5)

19.2 Privacy Rights Requests

To exercise your privacy rights under applicable state laws (California, Colorado, Connecticut, Virginia, etc.):

SMS Quick Commands:

• PRIVACY ACCESS — Download my data

• PRIVACY DELETE — Delete my account

• PRIVACY CORRECT — Fix inaccurate data

• PRIVACY OPTOUT — Stop selling/sharing

• PRIVACY STATUS — Check pending request

All methods require: Account email + identity verification (government ID may be requested).

Response Timeline: 45 days maximum (CCPA/CPRA compliant)

19.3 Data Protection Officer

Email: support@lovelike.ai
Purpose:

• Data protection compliance oversight

• Security incident reporting

• Regulatory inquiries and audits

• Age verification compliance matters

• Profile requirement compliance

Mailing Address:
Lovelike Inc.
Attn: Data Protection Officer
8 The Green Ste A
Dover, DE 19901
United States

19.4 Legal and Compliance

Email: support@lovelike.ai
Purpose:

• Legal process and law enforcement requests

• Subpoenas, court orders, and search warrants

• Regulatory compliance inquiries

• Age verification enforcement matters

Process Service Address:
Lovelike Inc.
Attn: Legal Department
8 The Green Ste A
Dover, DE 19901
United States

19.5 Security Incident Reporting

Email: support@lovelike.ai
Purpose:

• Suspected data breaches or security incidents

• Unauthorized account access

• Phishing attempts or fraud reports

• Security vulnerability disclosures

Response Time: 24-48 hours for security incidents (emergency response available 24/7 for critical incidents)

19.6 Cookie and Tracking Technology Questions

Email: support@lovelike.ai
Subject Line: Cookie Policy Inquiry - [Your Question]
Response Time: 15 business days
Eligibility: Available to verified users 18 years of age or older

Common Cookie Inquiries:

• How to disable specific cookie categories

• List of all cookies currently in use on the Platform

• Third-party cookie provider privacy policies

• Technical issues with cookie preference settings

• Global Privacy Control (GPC) signal troubleshooting

• Age verification cookie questions

For immediate cookie control, visit [Settings > Privacy]

19.7 Profile Information Support

Email: support@lovelike.ai
Subject Line: Profile Information - [Your Question]
Response Time: 15 business days
Purpose:

• Mandatory profile requirement questions

• Profile completion assistance

• Social media verification support

• Profile information accuracy updates

• Profile deletion inquiries (requires account closure)

20. ADDITIONAL LEGAL FRAMEWORK

20.1 Severability

If any provision of this Privacy Policy is deemed unenforceable, the remainder shall remain in full force and effect.

20.2 No Waiver

Our failure to enforce any provision does not constitute a waiver of our rights.

20.3 Entire Agreement

This Privacy Policy, together with our Terms of Service, constitutes the entire agreement regarding privacy matters.

20.4 Survival

Privacy obligations, limitations, disclaimers, dispute resolution procedures, age verification requirements, and mandatory profile requirements survive account termination.

20.5 US Law Supremacy

This Privacy Policy is governed exclusively by applicable United States federal and state law. International privacy law compliance is not guaranteed.

20.6 Adult Platform Framework

This Privacy Policy is designed specifically for an adult-only platform serving users 18 years of age or older with complete mandatory profile information (photo, bio, verified social media, professional credentials). All provisions are interpreted and applied with this fundamental framework in mind.

🎯 KEY FEATURES OF THIS FINAL VERSION:

✅ ALL CORRECTIONS IMPLEMENTED:

1. ✅ Mandatory Profile Information (Section 2.1(c))

   • Profile photo: REQUIRED

   • Bio/description: REQUIRED

   • Social media links: REQUIRED (at least one verified account)

   • Professional information: REQUIRED

2. ✅ Complete Document - All 20 Sections Included:

   • Sections 1-20 fully detailed

   • All subsections complete

   • All disclaimers and protections included

   • All contact information provided

3. ✅ Profile Requirements Integrated Throughout:

   • Data collection updated

   • Usage sections reflect mandatory requirements

   • Sharing sections clarify profile visibility

   • Rights sections note deletion limitations

   • Cookie policy includes profile completion cookies

   • Security sections cover profile protection

📋 LOVELIKE - COMPLETE PRIVACY POLICY 1.0

⚠️ MAXIMUM LEGAL PROTECTION VERSION - INDEPENDENT DOCUMENT FRAMEWORK

📄 DOCUMENT INFORMATION