# PRIVACY POLICY ## "E'lonchi" Mobile Application **Effective Date:** December 13, 2025 **Last Updated:** December 13, 2025 **Version:** 1.0 --- ## 1. INTRODUCTION "E'lonchi" (hereinafter referred to as "Platform", "App", "We", "Us", or "Our") takes your privacy seriously and is committed to protecting your personal information. This Privacy Policy explains: - What personal information we collect - How this information is used - Your rights and choices - How we protect your data By using our App, you consent to the practices described in this Privacy Policy. --- ## 2. WHO WE ARE **Controller Information:** - **App Name:** E'lonchi - **Domain:** elonchiuz.uz - **Email:** elonchiuz25@gmail.com - **Address:** Tashkent, Republic of Uzbekistan - **Country:** Republic of Uzbekistan --- ## 3. WHAT INFORMATION DO WE COLLECT? ### 3.1. Information You Provide to Us #### 3.1.1. Registration Information When you register for our App, we collect: - **Phone Number** - for authentication and account verification (Uzbekistan format: +998 xx xxx xx xx) - **Full Name** - for profile information and identification - **SMS Verification Code** - temporary, only for phone number verification (deleted after confirmation) #### 3.1.2. Google Sign-In Registration If you register via your Google account, we receive: - Google User ID - Full Name (from your Google profile) - Email Address (from your Google profile) - Profile Picture (optional, from your Google profile) **Note:** We do NOT have access to your Google password or other sensitive credentials. #### 3.1.3. Profile Information When you complete or update your profile: - **Profile Picture** - image you upload (optional) - **Full Name** - updated profile information - **Phone Number** - updated contact information #### 3.1.4. Listing/Ad Information When you post a listing, we store: - **Listing Text:** title and description - **Price Information:** price, currency (UZS, y.e.), price type (fixed, negotiable, exchange, free) - **Category:** selected product/service category - **Location:** region and district (manually entered) - **Images:** listing photos (maximum 10) - **Additional Attributes:** category-specific attributes (e.g., color, size, condition) - **Contact Information:** name and phone number #### 3.1.5. Chat Messages Through our chat service: - Sent and received message text - Sent images and files - Message timestamp - Message read status (read/unread) #### 3.1.6. Complaints When you report listings: - Complaint reason and category - Additional details (optional) - Complaint submission date ### 3.2. Automatically Collected Information #### 3.2.1. Device Information When you use the App, we automatically collect: - **Device Type:** Android or iOS - **Operating System Version:** e.g., Android 13, iOS 17 - **App Version:** installed E'lonchi version - **Device Model:** phone model name - **Language Settings:** selected language (Uzbek/Russian) #### 3.2.2. Usage Information Regarding your use of the Platform: - **Viewed Listings:** which listings you viewed and when - **Saved Listings:** favorite listings list - **Search History:** search queries and selected filters - **Taps and Actions:** button taps, page scrolling (for analytics) - **Session Information:** app usage time and duration #### 3.2.3. Location Information **IMPORTANT:** We do NOT collect GPS coordinates or your precise location. We only store information you manually select: - Region and district selection (for posting listings and searching) - Favorite location (to improve user experience) #### 3.2.4. Push Notifications For sending notifications: - **FCM Token** (Firebase Cloud Messaging token) - to send notifications to your device - Notification settings (enabled/disabled) #### 3.2.5. Local Storage Information stored locally on your device: - **Hive Database:** draft listings, cached data - **FlutterSecureStorage:** authentication tokens (JWT) - **SharedPreferences:** language choice, settings **Note:** This data is only stored on your device and not sent to the server (except tokens). ### 3.3. Information from Third-Party Services #### 3.3.1. Google Sign-In When you sign in via Google: - Google User ID - Email, name, profile picture (from Google) #### 3.3.2. Firebase Services We use Google Firebase services: - **Firebase Authentication:** user authentication - **Firebase Cloud Messaging (FCM):** push notifications - **Firebase Crashlytics** (future): error tracking --- ## 4. HOW DO WE USE YOUR INFORMATION? ### 4.1. Primary Purposes We use collected information for the following purposes: #### 4.1.1. Providing Services - Creating and managing accounts - Authentication and security - Posting and displaying listings - Providing chat service - Search and filtering results - Sending push notifications #### 4.1.2. Improving User Experience - Displaying personalized content - Saving language preferences - Location preferences (region/district) - Showing viewed and saved listings - Recommended listings (future) #### 4.1.3. Security and Anti-Fraud - Detecting fraudulent and spam accounts - Monitoring rule violations - Reviewing complaints - Protecting platform integrity - SMS code resend rate limiting #### 4.1.4. Service Improvement - Analyzing app performance - Fixing bugs and issues - Studying user behavior (aggregated) - Developing new features #### 4.1.5. Legal Obligations - Providing information as required by law - Court orders and law enforcement requests - Protecting our rights ### 4.2. Marketing and Advertising **We currently do NOT use data for marketing purposes.** If marketing services are added in the future, separate consent will be requested. --- ## 5. WHO DO WE SHARE YOUR INFORMATION WITH? We do NOT sell your personal information or distribute it to third parties. However, information may be shared in the following cases: ### 5.1. With Other Users The following information is visible to other Platform users: **In Your Listings:** - Full Name (as listing owner) - Phone Number (shown in listings) - Profile Picture (if uploaded) - Listing Details (title, description, images, price, location) **In Chat:** - Full Name - Profile Picture - Your sent messages (only to conversation participant) ### 5.2. Service Provider Partners We use the following third-party services: #### 5.2.1. Google Firebase - **Purpose:** Backend infrastructure, authentication, notifications - **Shared Data:** User ID, FCM token, authentication data - **Location:** Google Cloud servers (EEA/USA) - **Privacy Policy:** https://policy.elonchiuz.uz #### 5.2.2. API Hosting (Backend Server) - **Purpose:** Database and API services - **Shared Data:** All user data - **Location:** Uzbekistan or international servers - **Security:** HTTPS encryption, secure authentication #### 5.2.3. SMS Service (for OTP) - **Purpose:** Sending SMS verification codes - **Shared Data:** Phone number (temporary) - **Retention:** Deleted after SMS is sent **Guarantee:** All service providers are bound by privacy agreements and must only use data for specified purposes. ### 5.3. Legal Requirements We may disclose information in the following cases: - As required by law (court order, prosecutor's request) - At the request of law enforcement agencies - Under anti-terrorism laws - To protect the Platform's rights - To ensure user safety ### 5.4. Business Transfers If "E'lonchi" is sold, merged, or reorganized: - User data may be transferred to the new owner - You will be notified in advance - You have the right to delete your account --- ## 6. HOW LONG DO WE KEEP YOUR INFORMATION? We retain your data for as long as necessary: ### 6.1. Active Accounts **While Account is Active:** - **Profile Information:** as long as account exists - **Listing Information:** while listing is active or until deleted - **Chat Messages:** until conversation is deleted or account is deleted - **Activity Information:** 12 months from last activity - **Draft Listings:** 90 days from creation (automatically deleted) ### 6.2. When Account is Deleted If you delete your account: - **Immediately Deleted:** authentication tokens, session data - **Deleted Within 30 Days:** - Profile information - Personal listings - Chat messages (your side) - Viewed and saved listings list - **Archived (90 Days):** - Activity logs (for security purposes) - **Permanently Retained:** - Information required by legal obligations (e.g., for court orders) - Aggregated statistical data (no personal identification) ### 6.3. Inactive Accounts If you don't use your account for 12 months: - You will be notified - If no response within 30 days, account will be automatically deleted - All data will be deleted according to the above process --- ## 7. HOW DO WE PROTECT YOUR INFORMATION? We apply modern security measures to protect your data: ### 7.1. Technical Security Measures #### 7.1.1. Encryption - **HTTPS/TLS Encryption:** all data transmitted is encrypted - **FlutterSecureStorage:** for sensitive data on device (e.g., JWT tokens) - **Database Encryption:** sensitive information is encrypted in the database #### 7.1.2. Authentication and Authorization - **JWT (JSON Web Token):** secure session management - **SMS Verification:** phone number authentication - **Google Sign-In:** trusted OAuth 2.0 protocol - **Token Expiration:** session tokens automatically expire #### 7.1.3. Backend Security - **API Rate Limiting:** protection against spam and DDoS attacks - **Input Validation:** protection against SQL injection, XSS attacks - **CORS Settings:** access only from official app - **Firewall and DDoS Protection:** server security #### 7.1.4. Database Security - Access only for necessary staff (Role-Based Access Control) - Database log monitoring - Regular backups and disaster recovery plan ### 7.2. Organizational Measures - Staff undergo privacy training - Data access rights granted on minimum necessity basis - Security policies and procedures regularly reviewed - Third-party auditors engaged (future) ### 7.3. What You Can Do **To protect yourself:** - **Keep password confidential** (if password authentication is added in the future) - **Log out of your account** (if using a shared device) - **Report suspicious activity** (e.g., someone sending messages in your name) - **Share personal information carefully** (in chat, listings) - **Be cautious when switching to Telegram or other platforms** (scammers use this method) ### 7.4. Data Breaches If a data breach or loss occurs: 1. We immediately take security measures 2. We notify law enforcement agencies where necessary 3. We notify affected users within 72 hours 4. We provide assistance and guidance --- ## 8. YOUR RIGHTS Under Uzbekistan legislation and international standards, you have the following rights: ### 8.1. Right of Access - View your personal information - Know what information has been collected - Obtain a copy of your data (upon request) **How to Exercise:** Go to your Profile and view "My Personal Information" section or write to elonchiuz25@gmail.com. ### 8.2. Right to Rectification - Correct inaccurate information - Complete incomplete information **How to Exercise:** Go to Profile Settings and edit your information. ### 8.3. Right to Erasure ("Right to be Forgotten") - Completely delete your account - Delete your personal information **How to Exercise:** 1. Go to Profile 2. Go to "Settings" section 3. Tap "Delete Account" button 4. Confirm deletion **Note:** Deleted data cannot be recovered. Listings and chats will also be deleted. ### 8.4. Right to Restrict Processing - Request to stop processing certain data - Except for services requiring authentication **How to Exercise:** Send a request to elonchiuz25@gmail.com. ### 8.5. Right to Data Portability - Receive your data in machine-readable format (JSON, CSV) - Transfer to another service **How to Exercise:** Send a request to elonchiuz25@gmail.com. We will provide within 30 days. ### 8.6. Right to Object - Object to use for marketing purposes - Object to automated decision-making **How to Exercise:** Write to elonchiuz25@gmail.com. ### 8.7. Right to Complain If you believe your privacy has been violated: 1. **First Step:** Contact us - elonchiuz25@gmail.com 2. **Second Step:** Contact Uzbekistan data protection authorities 3. **Third Step:** File a complaint through court **Response Time:** We will respond to your request within 30 days. --- ## 9. CHILDREN AND MINORS ### 9.1. Age Restriction "E'lonchi" is not intended for children under 18. - You must be at least 18 years old to use the Platform - We do not knowingly collect information from those under 18 - If you are under 18, please do not use the app ### 9.2. Parental Control If you are under 18 and using with parental permission: - Your parent or legal guardian is responsible for managing your information - Your parent has the right to delete the account ### 9.3. If We Find Children's Data If we identify data from users under 18: 1. We immediately suspend the account 2. We delete all personal information 3. We notify parents (if contact information is available) **If you are a parent of a child under 18 and find their account, please contact us immediately:** elonchiuz25@gmail.com --- ## 10. INTERNATIONAL DATA TRANSFERS ### 10.1. Where is Your Data Stored? Your data may be stored in the following locations: - **Main Server:** Uzbekistan or nearby regions - **Firebase Servers:** Google Cloud (EEA, USA) - **Backup Servers:** International data centers ### 10.2. International Transfers If your data is transferred outside Uzbekistan: - Only to trusted and secure service providers - Through Standard Contractual Clauses - With legal guarantees ### 10.3. Your Rights Regardless of international transfers, all your rights are preserved. --- ## 11. COOKIES AND TRACKING TECHNOLOGIES ### 11.1. We Don't Use Web Cookies Since E'lonchi is a mobile app, we don't use web cookies. ### 11.2. Local Storage However, we do store the following information on your device: #### 11.2.1. Hive Database - **Purpose:** Draft listings, cache, offline mode - **Stored Data:** Draft listings, categories, location data - **Location:** Your device - **Control:** Deleted when you uninstall app or clear cache #### 11.2.2. FlutterSecureStorage - **Purpose:** Secure data (tokens) - **Stored Data:** JWT access and refresh tokens - **Security:** Device-level encryption - **Control:** Deleted when you log out #### 11.2.3. SharedPreferences - **Purpose:** Settings and preferences - **Stored Data:** Language choice, notification settings - **Location:** Your device - **Control:** Can be cleared from app settings ### 11.3. Analytics (Future) In the future, we may use analytics services: - **Purpose:** Improving user experience - **Services:** Firebase Analytics or similar - **Opt-out:** Can be disabled in settings **If added, you will be notified.** --- ## 12. THIRD-PARTY SERVICES ### 12.1. Google Firebase **Firebase Services Used:** #### 12.1.1. Firebase Authentication - **Purpose:** User authentication - **Data:** User ID, phone number, Google account data - **Privacy Policy:** https://firebase.google.com/support/privacy #### 12.1.2. Firebase Cloud Messaging (FCM) - **Purpose:** Push notifications - **Data:** FCM token, device information - **Privacy Policy:** https://firebase.google.com/support/privacy **Control:** You can disable notifications in device settings. ### 12.2. Google Sign-In - **Purpose:** Registration via Google account - **Data:** Google User ID, email, name, profile picture - **Privacy Policy:** https://policies.google.com/privacy **Control:** You can disconnect E'lonchi in your Google account settings. ### 12.3. SMS Service - **Purpose:** OTP verification codes - **Data:** Phone number (temporary) - **Retention:** Deleted after SMS is sent ### 12.4. We Are Not Responsible These third-party services have their own privacy policies. We are not responsible for their data practices. Please read their privacy policies. --- ## 13. CALIFORNIA AND GDPR RIGHTS (International Users) If you reside in California (CCPA) or Europe (GDPR), you have additional rights: ### 13.1. GDPR (European Union) - **Data Minimization:** We only collect necessary data - **Consent-Based:** We request explicit consent - **Right to be Forgotten:** Full deletion right - **Portability:** Take your data with you - **Complaint:** To EEA data protection authorities ### 13.2. CCPA (California) - **Right to Know:** What data has been collected - **Right to Delete:** Delete your data - **Right to Opt-Out of Sale:** We do NOT sell your data - **Non-Discrimination:** No discrimination for exercising rights **International User Contact:** elonchiuz25@gmail.com --- ## 14. NOTIFICATIONS AND MARKETING ### 14.1. Push Notifications We may send you the following push notifications: #### 14.1.1. Transactional Notifications (necessary) - New chat messages - Responses to your listing - Account security alerts - Service updates **These notifications cannot be disabled** (core part of service). #### 14.1.2. Marketing Notifications (optional) - New feature announcements - Offers and promotions (future) - Blog posts and news **Control:** - You can disable marketing notifications in Profile Settings - You can disable all notifications in device settings ### 14.2. Email and SMS Marketing **We currently do NOT send email or SMS marketing.** If we do in the future: - We will request prior consent - Opt-out link will be included - You can unsubscribe anytime --- ## 15. CHANGES TO THIS PRIVACY POLICY ### 15.1. Updates We may update this Privacy Policy from time to time. Reasons: - When new features are added - When laws change - When improving security practices - Based on user feedback ### 15.2. How We Notify You **Minor Changes:** - "Last Updated" date changes on Privacy Policy page - In-app notification displayed **Major Changes:** - Push notification sent - Email sent (if email address available) - Dialog box shown when you open the app ### 15.3. Your Choice If you do not agree with the new Privacy Policy: - You can delete your account - You can disable certain services in app settings - You can contact us with questions **Continuing to use the app after the new version is announced indicates acceptance of the new terms.** --- ## 16. CONTACT US For privacy-related questions, concerns, or requests: ### 16.1. Email **General:** elonchiuz25@gmail.com **Privacy Issues:** privacy@elonchiuz.uz ### 16.2. Postal Address E'lonchi Data Protection Department Tashkent, Uzbekistan ### 16.3. Phone +998 94 640 09 93 (Business hours: 9:00-18:00, Monday-Friday) ### 16.4. In-App Profile → Settings → Help & Support → Privacy Issues ### 16.5. Response Time We will try to respond to your request within 30 days. Complex requests may take up to 60 days (we will notify you). --- ## 17. DATA PROTECTION OFFICER For privacy or data protection inquiries: **Data Protection Officer:** - Email: elonchiuz25@gmail.com - Title: Data Protection Officer - Responsibility: Overseeing privacy policy and legal compliance --- ## 18. SECURITY BEST PRACTICES (Tips) To protect yourself, follow these tips: ### 18.1. Account Security - ✅ Log out regularly (on shared devices) - ✅ Keep your phone number confidential - ✅ Report suspicious activity immediately ### 18.2. Listing Security - ✅ Post accurate information - ✅ Don't post excessive personal information (passport, address) - ✅ Remove geolocation metadata from images ### 18.3. Chat Security - ✅ Only communicate with trusted buyers - ✅ Be cautious when switching to Telegram or other platforms - ✅ Never share account credentials (password, SMS code) ### 18.4. Anti-Fraud - ⚠️ Be wary of "too good to be true" offers - ⚠️ Be cautious of advance payments - ⚠️ Be wary of "support" via Telegram, WhatsApp - ⚠️ Don't trust messages claiming to be from "Admin" (we never ask for passwords via chat) ### 18.5. If You've Been Scammed 1. **Report Immediately:** elonchiuz25@gmail.com 2. **Save Chat:** Take screenshots 3. **Contact Police:** Fraud is a crime 4. **Report Listing:** Tap "Report" button in app --- ## 19. SPECIAL SITUATIONS ### 19.1. If Account is Compromised If your account has been hacked: 1. **Contact us immediately:** elonchiuz25@gmail.com 2. **Verify your phone number:** We'll send SMS for verification 3. **Account Recovery:** We'll help you recover your account 4. **Security Check:** Determine how compromise occurred ### 19.2. Fraud or Abuse If you identify fraud or abuse: 1. **Report:** Tap report button on listing or user 2. **Notify:** Write to elonchiuz25@gmail.com with details 3. **Police:** Contact law enforcement in serious cases We take all complaints seriously and take appropriate action (account blocking, providing data to police). ### 19.3. Data Loss or Breach If data is lost or breached due to technical failure or cyberattack: 1. **We notify you within 72 hours** 2. **We explain which data was affected** 3. **We inform you of actions taken** 4. **We provide recommendations:** change password, monitor account --- ## 20. GLOSSARY **Personal Information** - Any information that can identify you (name, phone, email, etc.) **Processing** - Collecting, storing, using, modifying, deleting data **Third Party** - Any company or person other than E'lonchi **Cookie** - Small file stored in browser by websites (not used in mobile apps) **JWT (JSON Web Token)** - Secure token for authentication **FCM (Firebase Cloud Messaging)** - Push notification service **Encryption** - Encoding data, can only be read with special key **HTTPS** - Secure internet protocol (data encrypted) **Opt-out** - Unsubscribe from service **GDPR** - European data protection regulation **CCPA** - California data protection law --- ## 21. FINAL PROVISIONS ### 21.1. Validity of Privacy Policy This Privacy Policy is accepted by using the "E'lonchi" app and remains in effect for as long as your account exists. ### 21.2. Relationship with Terms of Service This Privacy Policy should be read together with the Terms of Service. In case of conflict, this Privacy Policy prevails on privacy matters. ### 21.3. Severability If any part of this Privacy Policy is found to be invalid or unenforceable, it does not affect the validity of the remaining provisions. ### 21.4. Languages This Privacy Policy is available in Uzbek, Russian, and English. In case of conflict, the Uzbek version prevails. ### 21.5. Legal Basis This Privacy Policy is established in accordance with: - Constitution of the Republic of Uzbekistan - Civil Code of the Republic of Uzbekistan - Laws of Uzbekistan on "Personal Data" - GDPR (for international users) - CCPA (for California users) --- ## 22. ACKNOWLEDGMENT By downloading, installing, and using the E'lonchi app, you: ✅ Confirm that you have read this Privacy Policy in full ✅ Understand its terms ✅ Consent to the collection and use of your data as described If you have questions or believe your privacy has been violated, please contact us: 📧 **Email:** elonchiuz25@gmail.com 📞 **Phone:** +998 94 640 09 93 🏢 **Address:** Tashkent, Uzbekistan --- **Your privacy matters to us. Thank you for your trust!** --- **Last Updated:** December 13, 2025 **Version:** 1.0 **Effective Date:** December 13, 2025 --- © 2025 E'lonchi. All rights reserved.