Last Updated: May 08, 2025
Version: v1.0
LitNow ("we," "our," or "us") is committed to safeguarding your privacy while delivering a secure, anonymous social video platform. LitNow is not designed for, marketed to, or intentionally used by minors. This Privacy Policy governs all data practices across our mobile application ("App"), including data collection, processing, storage, and sharing. By accessing or using LitNow, you acknowledge and consent to the practices described herein. Continued use of the App constitutes acceptance of future revisions to this policy.
This policy takes effect on May 08, 2025.
We may update this policy to reflect technological advancements, legal requirements, or operational changes. Material revisions will be communicated via:
In-app Notifications: Send message reminders to users through the official account within the app.
Public Archives: Version-controlled updates at here, with prior versions retained for 5 years
Device-Generated Accounts
Upon first use on the device, the application will create a permanent account using the following method:
Device Identifier: UUID or IMEI hashed via SHA-256 with per-device salt
Randomized Profile: System-generated username and default avatar
Modifications: Users may reset their username/avatar infinitely without historical tracking
| Data Type | Collection Purpose | Retention Period |
|---|---|---|
| Device Information | Account binding, fraud prevention (e.g., UUID, OS version, model) | 90 days post-account deletion |
| Usage Logs | Performance optimization (e.g., crash reports, latency metrics) | 30 days |
| User-Generated Content | Service delivery (uploaded videos, picture) | Deleted 30 days post-removal |
| Network Metadata | Connectivity diagnostics (IP address, SSID) | 7 days |
We DO NOT collect:
Biometric data (e.g., facial recognition, voiceprints)
Precise geolocation (GPS, Wi-Fi triangulation)
Sensitive identifiers (phone numbers, government IDs, email addresses)
| Permission | Functionality | User Control |
|---|---|---|
| Camera | Video recording/chat | Revocable via device settings |
| Microphone | Send voice message/Video chat | Revocable via device settings |
| Network Access | Content delivery/real-time interactions | Mandatory for core functionality |
| Permission | Use Case | Opt-In Mechanism |
|---|---|---|
| Storage Access | Saving/uploading media files | Runtime prompt with granular folder selection |
Data Transmission: TLS 1.3 with P-384 elliptic curve encryption
At-Rest Encryption: AES-256-GCM for stored device IDs and user content
Media Handling: Stripped of EXIF metadata (images) and encrypted audio streams (Opus codec, 128-bit key)
Incident Response: 72-hour breach notification commitment per GDPR Article 33
Data Access & Portability While LitNow minimizes data collection by design, you may request a summary of information associated with your device account by contacting our support team at MgodinTeam@outlook.com. Requests will be fulfilled within 30 days and include:
Basic Account Report: Device ID hash, registration date, last login timestamp
Content Archive: Active videos/comments not yet auto-deleted (if applicable)
Note: User-generated content (e.g., uploaded images) is ephemeral by design and cannot be retrieved after deletion.
Deletion: Permanently erase all content and device identifiers (Settings > Delete Account)
Correction: Edit or reset profile details (username/avatar) without justification
Email MgodinTeam@outlook.com with subject line "CCPA/GDPR Access Request"
Include User ID (found in Settings > ID) for verification
Fulfillment Timeline:
Access: Completed within 30 days
Complaints/Deletion: Investigated by human moderators within 72 hours
To enable real-time interactions, we integrate the following third-party SDKs after rigorous vendor assessments:
| Provider | Service Type | Data Processed | Jurisdiction | Compliance Measures |
|---|---|---|---|---|
| Agora | Real-Time Video/Audio | - Device model, OS version - Network metrics (latency, packet loss) Ephemeral audio/video stream data | Global (Primary: Singapore) | - ISO 27001 certified - GDPR-compliant data transfer (SCCs + supplementary measures) - CCPA-aligned data processing |
| RongCloud | Instant Messaging | - Anonymous user ID (hashed device identifier) - Message metadata (send/receive timestamps) - Encrypted message content | Global (Primary: Germany) | - GDPR Article 28 Processor Terms - Data routed via EU/UK servers - Annual penetration testing by TÜV SÜD |
Key Disclosures:
Agora Media Processing:
Temporary stream data cached on edge nodes ≤72 hours
End-to-end encryption via AES-128-GCM with DTLS 1.2 key exchange
Data processing ceases immediately upon camera/microphone permission revocation
RongCloud Messaging:
All messages use TLS 1.3 encryption in transit
Message retention: Message content is stored exclusively during transmission and the configured retention period, with complete cryptographic erasure from all server nodes upon expiration. Auto-deleted after 14 days by default (configurable to 1-30 days)
Regional Compliance Assurance:
All data processing adheres to jurisdictional requirements through:
EU/UK Users: Storage and transit within EEA-based infrastructure
Global Default: Encrypted transfer via ISO 27001-certified networks
Data Flow Restrictions:
Service traffic automatically routes to geographically appropriate nodes based on:
User IP address (non-persistent geolocation lookup)
Legal entity registration country
Agora Streams: Terminated immediately upon camera/mic permission revocation
RongCloud Messages:
End-to-encrypted content never persists beyond configurable retention window (1-30 days)
Metadata anonymized using differential privacy techniques
Submit via MgodinTeam@outlook.com with subject line "PRIVACY REQUEST":
Permanent Agora stream deletion (processed within 7days)
RongCloud message purge (full thread history removal)
Third-Party Audits:
Agora: Annual SOC2 Type II reports (link)
RongCloud: Independent GDPR audit reports available upon request
Contractual Obligations:
Both providers contractually prohibited from: ▶️ Secondary data use (profiling, advertising, AI training) ▶️ Data transfers to high-risk jurisdictions ▶️ Retention beyond service delivery requirements
LitNow is not designed for, marketed to, or intentionally used by minors.
Content Moderation:
AI Filtering: Custom ML model trained to detect underage users
Human Review: Escalated reports reviewed within 2 hours by trained moderators
We do not knowingly collect, store, or process data from minors. When potential child-related content is identified:
Data Handling Protocol:
Content Erasure: All associated media files purged within 24 hours
Identifier Sanitization: Device ID hashed with SHA-3 (irreversible) and decoupled from usage history
Blacklisting: Banned device identifiers added to global shared anti-abuse database
Parental Coordination: Legal guardians may request data audits via MgodinTeam@outlook.com with:
Notarized proof of parental authority
Suspected minor’s device ID (from device settings)
Our enhanced child protection framework is detailed in: LitNow Child Safety Protocol
We operate globally and may process data in locations outside your jurisdiction:
EU Data Transfers:
Rely on GDPR Article 46 safeguards (Standard Contractual Clauses) for transfers to non-EEA countries like Singapore.
Technical Safeguards:
All cross-border transfers enforce AES-256 encryption during transmission and at rest.
Vendor Management:
Third-party processors (e.g., Agora) are contractually bound to equivalent data protection standards.
Primary Contact Methods:
Data Protection Officer(DPO): Dr. Laura Mitchell
Email: MgodinTeam@outlook.com
Postal Correspondence: MGODIN LLC Attn: Privacy Office 157 Comanche AveLake George CO 80827, USA
Disputes resolved via binding arbitration under AAA(American Arbitration Association) rules, except for small claims (<$10,000).
Archive of Previous Versions:
Initial Privacy Policy (v1.0) in effect May 08, 2025. Archived versions available at here upon updates.