Privacy Policy

Last Updated: August 9, 2025

AmaliLabs Management - FZCO (“Leyamo,” “we,” “us,” or “our”), based in Dubai, United Arab Emirates, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the Leyamo mobile application (“App”) and related services. It also outlines your rights under applicable privacy laws, including GDPR (EU), CCPA (USA), UAE Federal Law No. 45 of 2021, and Australian Privacy Principles.

1. Data We Collect

We collect the following data:

  • Account Information: When you sign up or log in via Google or email/password (using Firebase Authentication), we collect your email address and, if using Google, your Google account details (e.g., name, profile picture).
  • Profile Information: You must provide a name and at least one profile photo (up to four). Optional details include “About Me” text, city, gender (male, female, or “don’t want to say”), “looking for” preferences (0-3 options), activities (0-5 options), and interests (0-5 options).
  • Run Club and Run Information:
    • Run Clubs: Title photo, name, description, and details of run club captains (admins and key members). We also collect data on club members (users who join a run club, linked to their profiles).
    • Runs: Title photo, name, description, location/geo-pin (set via Google Maps), and details of run leaders (admins and key members). We collect data on run participants (users who sign up or check in, linked to their profiles and check-in status).
  • Chat Messages: Text and photo messages in run club broadcast chats or 1:1 chats.
  • Geolocation Data: When you use the check-in feature, we collect your device’s geolocation to verify you’re within 200 meters of a run’s starting point (set via Google Maps) during the check-in window (15 minutes before to 15 minutes after the run start). A check-in button appears during this window; clicking it verifies location access and checks you in if within range, or prompts you to enable location services if not. This data is used only for check-in and not stored beyond this purpose.
  • Analytics Data: We use Google Analytics to collect anonymized data about user actions (e.g., onboarding steps, app usage) and device information (e.g., device type, anonymized IP address). We may use other analytics providers in the future.
  • Technical Data: Device information (e.g., operating system, app version) and usage logs (e.g., crash reports) stored in Firebase Database or collected by FlutterFlow (our development platform) to ensure app functionality.
  • Push Notifications: We use Firebase Cloud Messaging to send you push notifications related to run events, messages, and app updates. You can manage or disable notifications via your device settings.

2. How We Use Your Data

We use your data to:

  • Provide and operate the App (e.g., authenticate logins, display profiles, enable chats, manage run clubs/runs, verify check-ins).
  • Improve the App through Google Analytics or future analytics tools (e.g., analyzing onboarding completion rates).
  • Comply with legal obligations (e.g., responding to data requests).
  • Communicate with you (e.g., respond to inquiries).
  • We do not use your personal data for automated decision-making or profiling without your consent.

3. Legal Basis for Processing

We process data based on:

  • Consent: For geolocation data (check-in feature), optional profile data, run club/run participation, and push notifications.
  • Contract: To provide App services (e.g., account setup, chats, run club/run management).
  • Legitimate Interests: For analytics to improve the App, provided it doesn’t override your rights.
  • Legal Obligations: To comply with laws like GDPR, CCPA, and UAE data protection regulations.

4. Data Sharing

We share data with:

  • Third-Party Services:
    • Firebase: For authentication, data storage, and database management.
    • Google Maps: For setting and verifying run starting locations.
    • Mapbox: For displaying run locations within the App.
    • Google Analytics: For tracking anonymized app usage.
    • FlutterFlow: For app development, which may collect technical data (e.g., crash logs).
    • RevenueCat (future): For processing subscription payments, including transaction data, if implemented, under its own retention policies.
  • Legal Authorities: If required by law or to protect our rights.

We do not share your personal data with other third parties or sell your data. All third-party service providers are required to process your personal data in compliance with applicable laws under binding contractual agreements.

5. Data Retention

  • We delete your personal data (e.g., profile, chats, run club/run data) upon your account deletion request, subject to legal requirements.
  • We may retain anonymized data for analytics purposes, which cannot be linked to you.
  • Geolocation data is not stored beyond the check-in process.
  • Technical data (e.g., Firebase logs, FlutterFlow crash reports) and future payment data (e.g., via RevenueCat) follow third-party retention policies, typically 90 days for technical logs and up to 7 years for payment data to comply with tax laws, unless otherwise required.

6. Your Rights

You have the right to:

  • Access: Request a copy of your personal data.
  • Correct: Update inaccurate data.
  • Delete: Request deletion of your data, including from backups and analytics systems, to the extent required by law.
  • Restrict: Limit how we use your data.
  • Object: Opt out of analytics or other processing based on legitimate interests.
  • Data Portability: Receive your data in a structured format (where applicable).
  • Opt-Out of Data Sales (CCPA, USA): We do not sell data, but you can opt out if this changes.

7. Account Deletion

You can delete your account at any time directly in the Leyamo app:

  • Open the app and go to Profile.
  • Tap the 3-dot menu (top right corner).
  • Select Delete account.
  • Confirm deletion.

This will permanently remove your personal data (profile, chats, run data) subject to legal requirements described above. For support, contact chris@joinleyamo.com.

8. Data Security

We use industry-standard measures, including Firebase encryption, FlutterFlow secure APIs, and HTTPS, to protect your data. However, no system is completely secure, and you share data at your own risk.

9. International Data Transfers

As a Dubai-based company, we may transfer data to servers outside your jurisdiction (e.g., Firebase servers in the USA). We ensure compliance with GDPR, UAE, and other laws through appropriate safeguards, such as standard contractual clauses executed with our service providers, and where necessary, supplementary technical and organizational measures.

10. Children’s Privacy

Leyamo is not intended for users under 13 (or 16 in the EU if required). We do not knowingly collect data from children without verifiable parental consent, as stated in our Terms of Service. If you believe we have such data, contact us at chris@joinleyamo.com.

11. Changes

We may update this Privacy Policy and will notify you via in-app notifications or email. Continued use of the App after the effective date constitutes acceptance.

12. Contact

For questions or to exercise your rights, contact us at chris@joinleyamo.com. You may also contact our data protection officer at chris@joinleyamo.com or write to us at our registered business address in Dubai, UAE: AmaliLabs Management - FZCO, Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates. If you have concerns, you can lodge a complaint with a supervisory authority (e.g., UAE Data Protection Office, EU data protection authorities).