Home LegalPrivacy Policy

Privacy Policy

How we collect, use, and protect your information.

Last updated: April 2, 2026

This Privacy Policy describes how Avora Tech Company Limited (collectively, "Company," "we," or "us") collect, process, retain, and disclose personal information about our consumers who reside in the United States of America (the "U.S.") when providing services to you through our websites (looda.net), looda nettether or other products, including hardware (U-Key), software, applications, and services that link to or reference this policy (our "Services") and our practices for using, maintaining, protecting, and disclosing that information.

Personal Information Collected

We collect and use information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household ("personal information"). Personal information does not include:

Publicly available information, including from government records, through widely distributed media, or that the consumer made publicly available without restricting it to a specific audience.
Lawfully obtained, truthful information that is a matter of public concern.
Deidentified or aggregated consumer information.
Information excluded from the applicable law and regulations.
Information collected by us offline or through any other means, including on any other website operated by Company or any third party (including our affiliates and subsidiaries) that does not link to this policy; or
Information collected by any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or through the Services.

Personal Information Categories Chart

The chart below identifies the categories of personal information we may collect and/or have collected from our consumers since the effective date hereof. We have not collected the following categories of personal information from consumers in the twelve (12) months preceding the effective date of this Privacy Policy.

Category	Examples	Collected
A. Identifiers.	A real name, alias, unique personal identifier, online identifier, email address, account name, mobile phone number, profile picture (or avatar), UID (User ID), unique device identifier (IMEI/Android ID/IDFA/OPENUDID/GUID/OAID/SN number).	YES
B. Customer Records	A name, alias, physical characteristics or description, telephone number, email address, verification code matching result.	YES
C. Protected classification characteristics under California or federal law ("Protected Classes").	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, reproductive health decision-making, military and veteran status, or genetic information (including familial genetic information).	NO
D. Commercial information.	Records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	NO
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	NO
F. Internet or other similar network activity.	Activity on our websites, mobile apps, or other digital systems, such as device model, operating system version, browser type and setting, product version number, log information, search history, usage duration, crash logs, network access method, network quality data, space usage (hard disk, memory, flash memory), use of search, return time, result status), file metadata (excluding file content) including file title, duration, directory information for uploaded or downloaded files).	YES
G. Geolocation data.	Physical location or movements including location derived from the IP address, latitude and longitude (via a third-party map SDK).	NO
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information, including customer service call monitoring and store video surveillance.	NO
I. Professional or employment-related information.	Current or past job history or performance evaluations.	NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) ("FERPA Information").	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	NO
K. Inferences drawn from other personal information.	Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	NO
L. Sensitive personal information.	Complete account access credentials, such as usernames, account logins, account numbers combined with required access/security code or password.	YES

Sensitive personal information we will collect or have collected from consumers is not used to infer characteristics about them.

Retention Period

We retain personal data only for so long as necessary to fulfill the purposes for which it was collected, including as described in this Privacy Policy or in our service-specific privacy notices, or as required by law. We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Policy and our service-specific privacy notices. When assessing retention periods, we first carefully examine whether it is necessary to retain the personal data collected and, if retention is required, work to retain the personal data for the shortest possible period permissible under law.

Sources of Personal Information

We obtain the categories of personal information listed above from the following categories of sources:

Directly from you, such as from the information and/or files you provide to the Company, grant us access to your information on your devices or applications, account registration, technical support, service logs, or device connection.
Indirectly from you or collected automatically, such as from your interactions with the Company's software and hardware devices, websites, mobile applications, device permissions for mobile features, user's actions, and authorized login.
From our service providers.
We also collect and process certain information through our data processing service provider, RudderStack, which helps us collect event data for internal analysis, product optimization, and business operations.

How We Use Personal Information

Personal Information Collection, Use, and Disclosure Purposes

We may use and disclose the personal information, including sensitive personal information, we collect to advance the Company's business and commercial purposes, specifically to:

Manage your consumer relationship with us, including for online account creation, maintenance, security; reaching you, when needed, about your account.
Provide continuous, stable registration services.
Implement SMS verification code auto-fill for streamlined login.
Verify user identity during the signup and login process.
Utilize third-party authorized logins (e.g., Google) to share profile pictures and nicknames for a unified user experience.
Assess account risks based on factors like hardware device monitoring.
Detect and monitor for security incidents, fraud, and malicious programs.
Utilize third-party tools (e.g., Google Firebase) to enhance anti-fraud measures and account protection for security purposes.
Ensure data security warnings and stable hardware operation.
Provide file upload, download, and browsing services, including basic backup functionality.
Access photo/album permissions specifically for cloud backup and QR code scanning for registration.
Improve search algorithms to provide better results and user satisfaction.
Use cloud algorithms to match audio/video titles and durations to return relevant graphic information.
Verify identity to resolve user-reported issues and preserve evidence.
Reproduce reported bugs and performing technical diagnostics to solve system errors.
Analyze usage habits and conducting statistical analysis to optimize product performance.
Collect optional supplementary information to improve services (without affecting core functionality).
Use analytics (e.g., Google Firebase) for maintenance and product optimization. We use RudderStack as our Customer Data Platform (CDP) to collect, process, route, and analyze user behavior and event data for internal analytics, business intelligence, product improvement, and operational purposes.
Develop, offer, and provide you with our products and services.
Improve our products or services, marketing, or customer relationships and experiences.
Notify you about changes to our products or services.
Administer our systems and conduct internal operations, including for troubleshooting, data analysis, testing, research, statistical, and survey purposes.
Enable your participation in our websites' or mobile apps' interactive, social media, or other similar features.
Protect our Company, employees, or operations.
Perform data analytics and benchmarking.
Administer and maintain the Company's systems and operations, including for safety purposes.
Engage in corporate transactions requiring review of consumer records, such as for evaluating potential Company mergers and acquisitions.
Comply with all applicable laws and regulations.
Exercise or defend the legal rights of the Company and its employees, affiliates, customers, contractors, and agents.
Respond to law enforcement requests and as required by applicable law or court order.

Sensitive Personal Information Use and Disclosure Purposes

We may use or disclose sensitive personal information for the following statutorily approved reasons (Permitted SPI Purposes):

Performing actions that are necessary for our consumer relationship and that an average consumer in a relationship with us would reasonably expect.
Preventing, detecting, and investigating security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information.
Defending against and prosecuting those responsible for malicious, deceptive, fraudulent, or illegal actions directed at the Company.
Ensuring physical safety.
Short-term, transient use, such as non-personalized advertising shown as part of your current interactions with us, where we do not:
- disclose the sensitive personal information to another third party; or
- use it to build a profile about you or otherwise alter your experience outside your current interaction with the Company.
Services performed for the Company, including maintaining or servicing accounts, processing or fulfilling transactions, verifying consumer information, processing payments, or providing financing, analytic services, storage, or similar services for the Company.
Activities required to:
- verify or maintain the quality or safety of a product, service, or device that we own, manufacture, had manufactured, or control; or
- improve, upgrade, or enhance the service or device that we own, manufacture, had manufactured, or controlled.
Collecting or processing sensitive personal information that we do not use for the purpose of inferring characteristics about a consumer.

We do not use or disclose sensitive personal information for purposes other than the Permitted SPI Purposes, include disclosing information to our service providers and vendors to perform necessary business functions on our behalf as described in the "Personal Information Collection, Use, and Disclosure Purposes" section.

Additional Categories or Other Purposes

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. If required by law, we will also seek your consent before using your personal information for a new or unrelated purpose.

We may collect, process, and disclose aggregated or deidentified consumer information for any purpose, without restriction. When we collect, process, or disclose aggregated or deidentified consumer information, we will maintain and use it in deidentified form and will not to attempt to reidentify the information, except to determine whether our deidentification processes satisfies any applicable legal requirements.

Business Purpose Disclosures

We may disclose the personal information we collect, including sensitive personal information, to third parties for the business purposes described in the "Personal Information Collection, Use, and Disclosure Purposes" section and in the table below, such as to engage third parties/service providers and contractors to support our business functions.

We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, prohibit using the disclosed information for any purpose except performing the contract, and meet the applicable contract requirements for engaging service providers or contractors under the applicable laws and regulations.

We have not disclosed our consumers' personal information for a business purpose over the preceding 12 months as of the effective date hereof.

The chart below identifies the categories of entities to whom we disclose our consumers' personal information for a business purpose, along with the personal information categories disclosed and the disclosure's business purposes.

Business Purposes Disclosure, Recipient Category, Personal Information Category, and Purposes Chart

Category of Business Purpose Disclosure Recipients	Personal Information Categories Disclosed	Sensitive Personal Information Categories Disclosed	Business Purpose Disclosures
Order Fulfillment and Shipping Providers	A. Identifiers. B. Customer Records. D. Commercial information.	None	To deliver products, service or subscriptions you purchased from us.
Customer Service Support Providers	A. Identifiers. B. Customer Records. D. Commercial Information. E. Internet or other similar network activity. F. Inferences.	None	To support customers with using our products and services, including online account registration, login and management, troubleshooting, collect statistical analysis information; perform APP message push notifications; provide anti-cheating/anti-fraud capabilities; implement carrier-based one-click login and authentication using the native phone number; provide payment functionality; facilitate registration or login via third-party providers such as Google, Apple, or email, official account connection, and sharing features; identify the user's phone number for quick login and risk control.
Analytics and Data Processing Service Providers (e.g. RudderStack)	A. Identifiers F. Internet or other similar network activity	None	To collect, process, route and analyze user event data for internal analytics, product optimization, business intelligence, fraud detection, and overall business operations.

We do not sell your personal information, including sensitive personal information, to third parties and have not sold it in the preceding 12 months as of the effective date hereof. We do not share your personal information with third parties for cross-context behavioral advertising purposes and have not shared your personal information in the preceding 12 months as of the effective date hereof for such purposes.

Our personal information sharing does not include information about consumers we know are under age 16.

Your Rights and Choices

Depending on your state of residency, you may have certain rights related to your personal data, including:

Right to Know and Data Portability Requests

You have the right to request that we disclose certain information to you about our collection and use of your personal information (the "right to know"), including the specific pieces of personal information we have collected about you (a "data portability request"). You may exercise your right to know twice in any 12-month period. Once we receive your request and confirm your identity (see "How to Exercise Your Rights"), we will disclose to you:

The categories of:
- personal information we collected about you; and
- sources from which we collected your personal information.
The business or commercial purpose for collecting your personal information and, if applicable, selling or sharing your personal information.
If applicable, the categories of persons, including third parties, to whom we disclosed your personal information, including separate disclosures identifying the categories of your personal information that we:
- disclosed for a business purpose to each category of persons; and
- sold or shared to each category of third parties.
When your right to know submission includes a data portability request, a copy of your personal information, subject to any permitted redactions.

For more on exercising this right, see "Exercising the Rights to Know, Delete, or Correct".

Right to Delete and Right to Correct

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions and limitations (the "right to delete"). Once we receive your request and confirm your identity, we will delete your personal information from our systems unless an exception allows us to retain it. We will also notify our service providers, contractors, and other recipients to take appropriate action.

You also have the right to request correction of personal information we maintain about you that you believe is inaccurate (the "right to correct"). We may require you to provide documentation, if needed, to confirm your identity and support your claim that the information is inaccurate. Unless an exception applies, we will correct personal information that our review determines is inaccurate and notify our service providers, contractors, and other recipients to take appropriate action.

For more on exercising these rights, see "Exercising the Rights to Know, Delete, or Correct".

Right to Limit Sensitive Personal Information Use and Disclosure to Permitted SPI Purposes

You may have a right to ask businesses that use or disclose your sensitive personal information to limit those actions to just the Permitted SPI Purposes under applicable laws (the "right to limit"). As we do not use or disclose sensitive personal information beyond the Permitted SPI Purposes, we do not currently provide this consumer right.

For more on the Permitted SPI Purposes, see "Sensitive Personal Information Use and Disclosure Purposes".

You have the right to request that businesses stop selling or sharing your personal information at any time (the "right to opt-out"), including through a user-enabled opt-out preference signal. Similarly, the applicable laws may prohibit businesses from selling or sharing the personal information of consumers it actually knows are under 16 years old without first obtaining consent from consumers who are between 13 and 15 years old or the consumer's parent or guardian for consumers under age 13 (the "right to opt-in").

As we do not sell or share consumers' personal data, we do not currently provide these consumer rights.

ADMT Rights

When a business uses automated decision-making technology (ADMT) to make significant decisions about you, you may have rights to:

Obtain certain information about how the business uses ADMT, that is specific to you (the "ADMT access right").
Opt-out of the ADMT use (the "ADMT opt-out right") unless the business provides you with a method to appeal the decision to a human reviewer with the authority to overturn the decision (the "ADMT appeal right") or another exception applies.

ADMTs are technologies that process personal information and use computation to execute a decision and either replace or substantially replace human decision-making, resulting in decisions made without human involvement. Decisions are significant when they result in the provision or denial of financial or lending services, housing, education enrollment or opportunities, employment or independent contracting opportunities or compensation, or healthcare services. Advertising is not a significant decision.

We do not currently use ADMT to make significant decisions about consumers, so we do not provide ADMT access, opt-out, or appeal rights.

Right to Non-Discrimination

You have the right not to be discriminated or retaliated against for exercising any of your privacy rights under applicable laws.

How to Exercise Your Rights

Exercising the Rights to Know, Delete, or Correct

To exercise the right to know (including data portability), delete, or correct described above, please submit a verifiable request to us by either:

Emailing us at service@looda.net
Visiting looda.net

Please describe your request with sufficient detail so we can properly understand, evaluate, and respond to it. You or your authorized agent may only submit a request to know, including for data portability, twice in a 12-month period.

Verification Process and Authorized Agents

Only you, or someone legally authorized to act on your behalf, may make a request to know, delete, or correct related to your personal information. We may request specific information from you or your authorized representative to confirm your or their identity before we can process your right to know, delete, or correct your personal information.

We cannot respond to your request to know, delete, or correct if we cannot verify your identity or authority to make the request and confirm the personal information relating to you. We will only use personal information provided in the request to verify the requestor's identity or authority to make the request.

We consider requests made through your password-protected account with our company sufficiently verified when the request relates to personal information associated with that specific account.

We may ask for the information necessary to complete the request, which may include, for example, the consumer's name, email address, or account username.

Responding to Your Requests to Know, Delete, or Correct

We will confirm receipt of your request within ten business days. If you do not receive confirmation within the ten-day timeframe, please contact service@looda.net

We endeavor to substantively respond to a verifiable request within 45 days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. We will deliver our written response to your verified email address. Our substantive response will tell you whether or not we have complied with your request. If we cannot comply with your request in whole or in part, we will explain the reason, subject to any legal or regulatory restrictions. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, deleted, or made your personal information anonymous in compliance with our record retention policies and obligations.

Any disclosures we provide will cover information for the 12-month period preceding the request's receipt date. We will consider requests to provide a longer disclosure period that do not extend past January 1, 2022, unless providing the longer timeframe would be impossible or involves disproportionate effort.

For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

How We Protect Your Personal Data

We use commercially reasonable administrative, physical, and technical measures designed to protect your personal data from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure. However, no website, mobile application, system, electronic storage, or online service is completely secure, and we cannot guarantee the security of your personal data transmitted to, through, using, or in connection with the Services. In particular, email, texts, and chats sent to or from the Services may not be secure, and you should carefully decide what information you send to us through these communications channels. Any transmission of personal data is at your own risk.

The safety and security of your information also depend on you. You are responsible for taking steps to protect your personal data against unauthorized use, disclosure, and access.

Privacy Policy Changes

We reserve the right to update this Privacy Policy at any time. If we make any material changes to this Privacy Policy, we will update the policy's effective date and post the updated policy on privacy. We encourage you to check privacy to review the current Privacy Policy in effect.

Contact Information

If you have any questions or comments about this policy, the ways in which we collect and use your information described here, your choices and rights regarding such use, or wish to exercise your rights under applicable laws, please do not hesitate to contact us at:

Website: looda.net

Email: legal@looda.net

Postal Address:

Avora Tech Company Limited

8 The Green, Ste A, Dover, Kent County, Delaware

Depending on your state of residence, you may possess additional or specific rights regarding your personal information under applicable state data protection laws (including, but not limited to, the CCPA/CPRA, VCDPA, CPA, and CTDPA). While this Privacy Policy is designed to provide a high baseline of protection for all United States consumers, we recognize that local statutes may offer protections that differ from or exceed those described herein.

We are committed to complying with the most restrictive privacy requirements applicable to your jurisdiction. In the event of an irreconcilable conflict between the terms of this Privacy Policy and the requirements of any applicable local law, the provision offering the greatest protection and highest degree of privacy to your personal information shall prevail and govern our data practices.

If you need to access this Privacy Policy in an alternative format due to a disability, please contact service@looda.net.