Privacy Policy

Last Updated: February 22, 2026

1. Introduction and Scope

Welcome to Megalife (“Application,” “Service,” “we,” “us,” or “our”). This Privacy Policy explains how Megalife collects, uses, stores, discloses, and protects your personal data when you access or use the Megalife mobile application and its associated website (collectively, the “Service”).

This Policy applies to all users of the Service worldwide. Depending on your location, additional rights and obligations may apply under applicable laws, including but not limited to:

  • The General Data Protection Regulation (GDPR) (EU) 2016/679 — applicable to users in the European Economic Area (EEA), United Kingdom, and Switzerland;
  • The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) — applicable to California residents;
  • The Children’s Online Privacy Protection Act (COPPA) — applicable where the Service may be accessed by children under 13 in the United States;
  • Other applicable national or regional data protection laws.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, please discontinue use of the Service immediately.

2. Data Controller

The data controller responsible for your personal data is:

Megalife
Contact: via the in-app feedback form or the contact section of our website.

If you are located in the EEA or United Kingdom, Megalife acts as the data controller within the meaning of Article 4(7) GDPR. Where we engage third-party service providers to process data on our behalf, they act as data processors under Article 28 GDPR, bound by data processing agreements.

3. What Personal Data We Collect

We collect personal data in three ways:

3.1 Data You Provide Directly

When you register for or use the Service, you may provide:

  • Identity data: first name, last name, username or display name;
  • Contact data: email address, phone number;
  • Profile data: profile photo, preferences, settings, learning progress, and other information you add to your profile;
  • User-generated content: messages, feedback, files, or other content you transmit through the Service;
  • Payment data: billing details (processed by our third-party payment processors; we do not store raw card data);
  • Communications: correspondence with our support team.

3.2 Data Collected Automatically

When you access or use the Service, we automatically collect:

  • Device and technical data: IP address, device type and model, operating system and version, unique device identifiers, browser type and version, mobile network information;
  • Usage data: pages or screens viewed, features used, session duration, clickstream data, search queries within the app, content interactions (e.g., books opened, courses started or completed);
  • Log data: access timestamps, error logs, crash reports;
  • Cookie and tracking data: see Section 8 (Cookies and Analytics) below.

3.3 Data Received from Third Parties

If you choose to connect or log in via a third-party service (e.g., Google Sign-In, Apple Sign-In, or other social authentication providers), we may receive from such providers:

  • Your name, email address, and profile picture (as permitted by the third-party platform and your privacy settings there);
  • A unique identifier assigned by the third-party service.

We do not control what data these third-party platforms collect or process on their end. We encourage you to review their privacy policies before using such sign-in methods.

4. Legal Bases for Processing (GDPR)

Where GDPR applies, we process your personal data only where a valid legal basis exists under Article 6 GDPR:

Purpose of Processing Legal Basis
Providing access to and operating the Service Performance of a contract (Art. 6(1)(b))
Account registration and authentication Performance of a contract (Art. 6(1)(b))
Improving the Service and developing new features Legitimate interests (Art. 6(1)(f))
Sending service notifications Performance of a contract / Legitimate interests (Art. 6(1)(b)(f))
Sending marketing communications (where opted in) Consent (Art. 6(1)(a))
Analytics and usage statistics Legitimate interests (Art. 6(1)(f))
Fraud prevention and security Legitimate interests / Legal obligation (Art. 6(1)(c)(f))
Compliance with legal requirements Legal obligation (Art. 6(1)(c))

Where we rely on legitimate interests, you have the right to object to such processing (see Section 9). Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

5. Purposes of Processing

We use personal data for the following purposes:

  1. Service delivery: to create and manage your account, authenticate your identity, and provide you with full access to the Application’s features;
  2. Personalization: to tailor content recommendations and learning paths to your preferences and progress;
  3. Communication: to send service-related notifications and, where you have opted in, marketing messages;
  4. Improvement and development: to analyze usage patterns, fix bugs, and develop new features;
  5. Security and fraud prevention: to monitor for suspicious activity and enforce our Terms of Service;
  6. Legal compliance: to comply with applicable laws, regulations, court orders, or government requests;
  7. Dispute resolution: to establish, exercise, or defend legal claims.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law.

Data Category Retention Period
Account and profile data Duration of account + up to 90 days after deletion request
Usage and analytics data Up to 24 months (then anonymized or deleted)
Communication and support records Up to 3 years after last interaction
Financial / transaction records Up to 7 years (tax and accounting compliance)
Cookie and session data See Section 8
Legal hold / compliance data As required by applicable law

When data is no longer needed, it is securely deleted or anonymized. You may request deletion of your data at any time (see Section 9).

7. Sharing and Disclosure of Personal Data

We do not sell your personal data to third parties. We may share your data in the following circumstances:

7.1 Service Providers and Data Processors

We engage third-party companies to assist with operating the Service, including cloud hosting, analytics, payment processing, push notifications, email delivery, and customer support. All processors are bound by data processing agreements and may only process data on our documented instructions.

7.2 Legal Requirements

We may disclose personal data to government authorities, regulators, or law enforcement when required by applicable law, court order, or to protect the rights, property, or safety of Megalife, our users, or others.

7.3 Business Transfers

In the event of a merger, acquisition, or asset sale, personal data may be transferred to the successor entity. We will notify users before their data becomes subject to a different privacy policy.

7.4 Aggregated Data

We may share aggregated, de-identified data (which cannot be used to identify you) for analytical or research purposes.

8. Cookies and Analytics

8.1 Types of Cookies We Use

Cookie Type Purpose Retention
Strictly necessary Login sessions, security tokens Session / up to 1 year
Functional Remembering your preferences Up to 1 year
Analytics Understanding site navigation (e.g., Google Analytics) Up to 13 months
Marketing (if applicable) Delivering relevant ads if advertising is enabled Up to 13 months

8.2 Your Cookie Choices

  • You may manage or disable cookies at any time via your browser settings.
  • Disabling certain cookies may affect site or Application functionality.
  • Where required by law (e.g., under GDPR/ePrivacy Directive in the EEA), we display a cookie consent banner upon your first visit. Non-essential cookies are not set until you actively accept them.
  • You may opt out of Google Analytics via the Google Analytics Opt-out Browser Add-on.

9. Your Rights

9.1 Rights Under GDPR (EEA / UK Users)

Under Articles 15–22 GDPR, you have the right to:

  1. Access (Art. 15): request a copy of the personal data we hold about you;
  2. Rectification (Art. 16): request correction of inaccurate or incomplete data;
  3. Erasure (Art. 17): request deletion of your data, subject to legal retention obligations;
  4. Restriction of processing (Art. 18): request limitation of how we use your data;
  5. Data portability (Art. 20): receive your data in a structured, machine-readable format;
  6. Object to processing (Art. 21): object to processing based on legitimate interests or for direct marketing;
  7. Withdraw consent (Art. 7(3)): withdraw consent at any time where processing is consent-based;
  8. Lodge a complaint: with your national data protection authority (e.g., in the Netherlands: Autoriteit Persoonsgegevens).

9.2 Rights Under CCPA/CPRA (California Residents)

California residents have the right to:

  1. Know what personal information is collected, used, or shared;
  2. Delete personal information, subject to certain exceptions;
  3. Correct inaccurate personal information;
  4. Opt out of the sale or sharing of personal information (we do not sell personal data);
  5. Non-discrimination: we will not discriminate against you for exercising CCPA rights.

9.3 How to Exercise Your Rights

To exercise any of the above rights, please contact us through the in-app feedback form or via the contact details in Section 12. We will respond within 30 days (or 45 days for complex requests where permitted by law). We may need to verify your identity before processing your request.

10. International Data Transfers

Megalife operates internationally and your data may be processed on servers outside your country of residence, including outside the EEA. Where personal data is transferred from the EEA to countries without an adequacy decision from the European Commission, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) (European Commission Decision 2021/914). You may request a copy of the applicable transfer safeguards by contacting us as described in Section 12.

11. Security of Your Data

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption in transit (TLS/SSL) and at rest;
  • Role-based access controls limiting access to authorized personnel only;
  • Regular security assessments and vulnerability monitoring;
  • Incident response procedures: in the event of a personal data breach posing high risk to your rights, we will notify you and the competent supervisory authority in accordance with GDPR Articles 33–34 (within 72 hours where required).

No electronic transmission or storage method is 100% secure. While we apply commercially reasonable measures to protect your data, we cannot guarantee absolute security.

12. Children’s Privacy

The Service is not directed at children under the age of 13 (or under 16 in certain EEA jurisdictions). We do not knowingly collect personal data from children below these age thresholds without verifiable parental consent. If you believe a child has provided personal information without appropriate consent, please contact us immediately so we can delete that information promptly.

13. Third-Party Links and Services

The Application may contain links to third-party websites or services (e.g., content partners, payment gateways, social platforms). This Privacy Policy applies only to the Megalife Service. We are not responsible for the privacy practices of third-party services and recommend you review their respective privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date at the top of this page and notify you via in-app notification, email, or a prominent notice on our website. Your continued use of the Service after the effective date constitutes acknowledgment of the updated Policy. If you disagree with any changes, you should stop using the Service and may request deletion of your account.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Via the in-app feedback form in the Megalife Application;
  • Via our website contact page.

We are committed to resolving any privacy concerns promptly and transparently.