PitchMaster Privacy Policy

Effective Date: February 3, 2026

Welcome to the PitchMaster application (hereinafter referred to as the "Application"). This Application is developed and operated by EVOLVEVIL LLC (hereinafter referred to as "we", "us", or "our"), with a registered address at 340 E 1st High St, Central City CO 80427, US, and an official contact email at sherylortiz1971@gmail.com.

This Privacy Policy (hereinafter referred to as the "Policy") aims to clearly and transparently inform you (the user of this Application, and you confirm that you are a natural person over 18 years of age) how we collect, use, store, share, transfer, and disclose your personal data, as well as the various data rights you enjoy and the ways to exercise those rights. It also specifies the legal basis for data processing, data controller, Data Protection Officer (DPO), and other core information.

This Application is only available to users over 18 years of age. By checking this Policy and the Terms of Service, you confirm that you are over 18 years of age and agree to our processing of your personal data in accordance with the provisions of this Policy. If you are under 18 years of age, please stop using this Application immediately; we will not collect any personal data of minors.

This Policy strictly complies with the privacy policy review standards of Google Play and adheres to personal data protection laws and regulations in various regions around the world, including but not limited to the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), Brazil's Lei Geral de Proteção de Dados (LGPD), and the United Arab Emirates' Federal Data Protection Act (FADP), to ensure that your personal data is fully protected.

Please carefully read and understand all the terms of this Policy, especially those closely related to your rights and interests (including but not limited to the scope of data collection, purpose of use, restrictions on sharing and selling, and your rights). If you do not agree to any term of this Policy, please do not check the Policy or use this Application. By checking the Policy and using this Application, you are deemed to have fully understood and agreed to all the provisions of this Policy.

I. Core Definitions

1.1 Personal Data

Refers to any information relating to an identified or identifiable natural person, including but not limited to your device information, application usage behavior, recorded/imported videos, audio, personal profile information (nickname, avatar, etc.), and feedback content. It does not include information that has been anonymized and cannot identify a specific natural person (anonymized information is not personal data and may be used freely by us).

1.2 Data Controller

Refers to a natural person, legal person, or other organization that determines the purposes and means of processing personal data. The data controller of this Application is EVOLVEVIL LLC, with a registered address at 340 E 1st High St, Central City CO 80427, US, and a contact email at sherylortiz1971@gmail.com. We are responsible for leading all processing activities of your personal data in this Application, including collection, use, and storage, and assume the main responsibility for data protection.

1.3 Data Protection Officer (DPO)

To ensure that the personal data processing activities of this Application comply with relevant laws and regulations, we have specially appointed a Data Protection Officer (DPO) who is responsible for supervising the compliance of data processing, providing data protection consulting, and receiving user requests related to data. The contact information of the DPO is as follows:

• Contact Email: sherylortiz1971@gmail.com (marked "DPO Consultation/Request")

• Contact Address: 340 E 1st High St, Central City CO 80427, US

• Scope of Responsibilities: Supervise whether the personal data processing activities of this Application comply with relevant regulations such as GDPR, CCPA, and VCDPA; answer user questions about personal data processing; receive and handle user requests for data inquiry, correction, deletion, and withdrawal from data sharing/sale; cooperate with the supervision and inspection work of regulatory authorities in various regions to ensure full compliance of data processing.

1.4 Data Processing

Refers to any operation related to personal data, including but not limited to collection, recording, storage, use, modification, sharing, transfer, disclosure, deletion, and anonymization.

1.5 Data Sale/Sharing

For the purposes of this Policy, "data sale" refers to the act of us transferring your personal data to a third party for consideration; "data sharing" refers to the act of us providing your personal data to a third party free of charge for specific purposes. We promise not to actively sell your personal data and will only share your personal data to a limited extent in accordance with the provisions of this Policy and relevant laws and regulations. You may send a "request to withdraw from data sale/sharing" to sherylortiz1971@gmail.com.

II. Scope and Purpose of Personal Data Collection

We adhere to the principles of "minimum necessity, legality and propriety, and transparent notification", and only collect personal data necessary for your use of this Application. We do not collect any information unrelated to the functions of this Application. All data collection activities have clear and legitimate purposes, which are as follows:

2.1 Personal Data Collected Based on Application Permissions and Its Purposes

This Application will collect corresponding personal data according to the permissions you check and authorize. All permissions are necessary to realize the core functions of this Application. You can turn off the corresponding permissions in the device settings at any time (after turning off the permissions, the corresponding functions may not work normally, but it will not affect other unrelated functions). The specific permissions and the corresponding purposes of data collection and use are as follows:

2.1.1 Camera Permission

Collected Data: Football training and game-related videos, personal profile photos taken by you through the camera, and images captured for feedback submission;

Purpose of Collection: To realize the video recording function of the "My Vault" module of this Application, helping you capture wonderful moments in training and games; to complete the avatar setting in the personal center and improve your personal profile; to allow you to clearly describe problems through images when submitting feedback, improving the efficiency of feedback processing;

Supplementary Note: Relevant captured content will only be collected after you actively click the camera shooting button and authorize the camera permission. We will not automatically start the camera or collect shooting data in the background, and strictly comply with Google's application permission usage specifications.

2.1.2 Photo Gallery (Images/Videos) Permission

Collected Data: Football-related videos and images imported by you from the device's photo gallery (including training videos, game clips, personal photos, etc.);

Purpose of Collection: To realize the video import function of the "My Vault" module, helping you systematically file your existing football videos and images into the personal vault; to facilitate you to select existing photos from the gallery as your avatar for the personal center avatar setting; to allow you to select images/videos from the gallery as feedback attachments when submitting feedback in the personal center to assist in explaining feedback issues;

Supplementary Note: Only the gallery content you actively choose to import and upload will be collected. We will not batch scan or collect all content in your device's photo gallery, and strictly protect your photo gallery privacy.

2.1.3 Microphone Permission

Collected Data: Audio content captured by the microphone when you record football training and game videos; voice messages you record for feedback submission;

Purpose of Collection: To improve the video recording function, so that the training and game videos you shoot include synchronized audio to restore the real scene of the stadium; to allow you to quickly and clearly describe problems through voice when submitting feedback, improving the efficiency of feedback communication;

Supplementary Note: The microphone will only be activated and audio data will be collected when you actively record videos or voice feedback. We will not automatically start the microphone, monitor, or collect any audio information in the background.

2.1.4 External Storage Permission

Collected Data: Basic information such as the storage path, file size, and modification time of football-related videos and images stored in your device's external storage;

Purpose of Collection: To realize the video/image import and storage functions of the "My Vault" module, helping you import football videos and images from external storage into the Application for filing; to count your storage space usage and display the storage occupancy status in the form of a stadium floor plan within the Application;

Supplementary Note: Only video and image files related to this Application will be read and written. We will not read, modify, or delete other unrelated files in your external storage (such as documents, other application data, etc.).

2.1.5 Application Information Reading Permission

Collected Data: The version number, running status, and crash logs of this Application; the operating system version, device model, and unique device id of your device (only used to distinguish devices and not associated with your personal identity information);

Purpose of Collection: To troubleshoot application operation failures, fix vulnerabilities, optimize application performance, and ensure that this Application runs stably on your device; to count application usage (such as device adaptation rate, function usage rate, etc.) and optimize function design in a targeted manner (such as the sliding interaction of "Pitch Stream" and video playback experience); to identify abnormal usage behaviors, prevent malicious operations, and protect the security of your personal data and application usage.

2.1.6 Advertising IDs

Collected Data: The Advertising ID of your device, which is not associated with your personal identity information, unique device id, or other sensitive data;

Purpose of Collection: To implement the non-intrusive in-app advertising display function (if any), push compliant football-related advertisements according to your interests and preferences to improve the relevance of advertising display and avoid interference from irrelevant advertisements; to count basic data such as advertising impressions and clicks, optimize advertising delivery effects, and ensure the compliance of advertising services;

Supplementary Note: We will not use the Advertising ID for any other purposes, nor share your Advertising ID with third parties for data sales or illegal data processing. You can reset the Advertising ID or turn off ad tracking in the device settings at any time. After turning it off, we will stop collecting the Advertising ID, and it will not affect the normal use of the core functions of this Application. We strictly comply with Google Play's Advertising ID usage specifications and relevant laws and regulations such as GDPR and CCPA.

2.2 Personal Data Collected Based on Application Function Usage and Its Purposes

When you use various functions of this Application, we will automatically collect your relevant usage behavior data to realize functions, optimize experience, and ensure security, as follows:

2.2.1 Pitch Stream Function Related

Collected Data: The video content you browse, browsing duration, like records, comment content, tag filtering records, and records of you reporting or blocking other users; the original football videos and video tags (such as Penalty, Save, Dribble, Goal, etc.) you post;

Purpose of Collection: To display personalized video stream content for you and push football videos you may be interested in according to your browsing and filtering habits; to realize interactive functions such as likes, comments, reports, and blocks, record your operation behaviors and feedback corresponding results; to optimize the tag filtering function of the "Pitch Stream" module and improve video search efficiency; to regulate the community environment, handle your report requests, and control illegal videos and users.

2.2.2 My Vault Function Related

Collected Data: The folder names and folder classification methods you custom create; the storage location, modification records, and public/private status of the videos/images you import and shoot; the number of your videos and storage space usage;

Purpose of Collection: To provide you with systematic video filing and management functions to help you build a traceable football growth resume; to display the capacity statistics of your vault, allowing you to understand the storage usage and clean up redundant content in a timely manner; to realize the public/private switching function of videos and protect the privacy of your content.

2.2.3 Alerts (Notification Center) Function Related

Collected Data: Your notification records related to likes, comments, and follows; system message reception records; your notification viewing status and deletion records;

Purpose of Collection: To push relevant notifications to you, allowing you to timely understand the interaction status (likes, comments) of the videos you post, the dynamics of followed users, and system updates, security prompts, and other information; to record your notification operation behaviors and realize functions such as pull-down refresh, left-swipe deletion, and one-click mark as read.

2.2.4 Coach AI (AI Football Assistant) Function Related

Collected Data: The questions you submit to the Coach AI (such as rule explanations, terminology inquiries, training suggestions, equipment consultations, etc.); the reply content of the Coach AI; your consultation records;

Purpose of Collection: To realize the AI interaction function and provide professional and accurate replies based on your questions; to optimize the reply quality of the Coach AI and improve the accuracy and pertinence of answering questions according to your consultation habits and question types; to store your consultation records for you to review historical conversations and view relevant suggestions later.

2.2.5 Profile (Personal Center) and User Interaction Related

Collected Data: Your personal profile information such as nickname, position on the field, and avatar; your number of likes, followers, and followings; your public/private video list; your report list and block list; your chat records and follow/unfollow records with other users;

Purpose of Collection: To improve your personal profile and display your football-related information and application usage data; to realize user interaction functions (chat, follow, unfollow, etc.) to facilitate communication and interaction between you and other users; to manage your content and interaction records and protect your usage security (for example, after blocking an illegal user, you can avoid receiving messages from them or viewing their content again).

2.2.6 Feedback Function Related

Collected Data: The feedback content you submit (text, images, voice, videos, etc.); your feedback time and feedback type;

Purpose of Collection: To handle your feedback requests (such as function suggestions, complaints, etc.) and solve problems you encounter when using this Application; to optimize the functions and service quality of this Application and make targeted improvements to the application experience according to your feedback and suggestions.

2.3 Collection Methods

• Permission-Authorized Collection: We will only collect personal data corresponding to permissions such as camera, photo gallery, microphone, and external storage after you clearly check, agree, and authorize the corresponding permissions. Before obtaining your authorization, we will not activate any permissions or collect relevant data;

• Active Submission Collection: When you use this Application, we will only collect the specific content you actively submit and upload (such as nickname, avatar, videos, comments, feedback, etc.), and will not obtain any other unrelated information;

• Automatic Collection: When you authorize permissions and use application functions, we will automatically collect your device information and usage behavior information (only used to realize core functions, optimize experience, and ensure security), and will not collect data beyond the scope agreed in this Policy.

III. Restrictions on the Use of Personal Data

The use of your personal data by us is strictly limited to the scope of the collection purposes agreed in this Policy, adhering to the principles of "legality, propriety, and necessity", and will not be used for any purposes not clearly informed to you. The specific restrictions are as follows:

• No Use Beyond the Purpose Scope: It is only used to realize the core functions of this Application (such as video recording, filing, AI Q&A, user interaction, etc.), optimize application experience, troubleshoot faults, and ensure security, and will not be used for other purposes unrelated to the functions of this Application;

• No Illegal Use: We will never use your personal data to engage in any activities that violate relevant laws and regulations or damage your legitimate rights and interests, nor use your videos, comments, and other content to engage in illegal or irregular activities;

• Notification of Purpose Change: If it is necessary to change the purpose of using your personal data due to application upgrades, function optimization, etc., we will notify you in advance through pop-ups in this Application, official emails, etc., and will only change the purpose of use after obtaining your explicit consent. If you do not agree to the purpose change, we will stop the relevant data processing activities and delete or anonymize the relevant data in accordance with the agreement;

• Anonymized Use: We may anonymize your personal data (after processing, it cannot identify a specific user). The anonymized information can be used for application optimization, industry research, data statistics, and other purposes without obtaining your consent separately.

IV. Sharing, Transfer, and Disclosure of Personal Data

4.1 Data Sharing

We strictly restrict the sharing of your personal data and will never share your personal data with any irrelevant third parties. We will only share your personal data under the following special circumstances, after taking security protection measures, and within the agreed scope. At the same time, you have the right to withdraw from data sharing at any time:

• Entrusted Processing Sharing: To realize the core functions of this Application, we may entrust third-party service providers (such as server providers, cloud storage service providers, AI technology service providers, etc.) to process your personal data (such as video storage, AI Q&A technical support, etc.). We will sign strict data processing agreements with third parties, clarify the rights and obligations of third parties, require third parties to process your personal data in strict accordance with the provisions of this Policy and relevant laws and regulations, prohibit third parties from using your personal data for other purposes or sharing it with other third parties, and conduct full supervision and auditing of the processing activities of third parties;

• Legal Requirement Sharing: In accordance with the mandatory requirements of laws and regulations, subpoenas from judicial or administrative authorities, investigation notices, etc., we will legally provide necessary personal data to relevant authorities. We will minimize the scope of data provision within the scope permitted by law to protect your privacy and security;

• Security Protection Sharing: To prevent malicious attacks, maintain the security of application operation, and protect the legitimate rights and interests of you and other users, in case of emergency, necessary personal data (such as abnormal usage behavior data) may be shared within a reasonable scope, and only for security protection purposes;

• User-Agreed Sharing: After obtaining your explicit written consent (such as when you actively choose to share videos to third-party platforms, authorize third-party login, etc.), share relevant personal data with the third party you specify, and the scope of sharing is strictly limited to the scope you agree to.

4.2 Data Transfer

We will never transfer your personal data unless in special circumstances such as corporate merger, division, acquisition, or asset transfer, in which case your personal data will be transferred as part of the corporate assets to the subject after the change. The subject after the change will continue to perform the privacy protection obligations agreed in this Policy. If the purpose and method of data processing are changed, we will notify you in advance through pop-ups in this Application, official emails, etc., and will only change them after obtaining your explicit consent.

4.3 Data Disclosure

We will never publicly disclose your personal data unless under the following circumstances:

• You explicitly agree to public disclosure, and the scope and method of disclosure comply with your requirements (for example, if you set a video to public status and other users can view it in "Pitch Stream", it is deemed that you agree to disclose the video);

• If laws and regulations otherwise stipulate that public disclosure is required, we will minimize the scope of disclosure within the scope permitted by law to protect your privacy;

• After anonymizing your personal data, publicly disclose the anonymized information (which cannot identify a specific user) for non-commercial purposes such as application optimization, industry research, and data statistics.

4.4 Prohibition of Data Sale and User's Right to Withdraw

We solemnly promise: We will never actively sell any of your personal data, nor enter into data sales agreements with any third parties, and strictly prohibit the use of your personal data for paid transfer, sale, and other commercial activities.

If due to changes in laws and regulations, regulatory requirements, or special circumstances, we need to sell your personal data (such circumstances will be clearly notified to you in advance), you have the right to choose not to allow your personal data to be sold at any time and to withdraw from the sale of your data at any time. The specific withdrawal methods are as follows:

• Method 1: Send an email to our official contact email (sherylortiz1971@gmail.com) or the DPO's contact email (marked "Withdraw from Data Sale"), clearly stating your request (withdraw from data sale). We will process it within 7 working days after receiving your email and feedback the processing result to you;

• Method 2: Submit a request to "withdraw from data sale" through the "Feedback" function in the "Profile" of this Application. We will process it and feedback within 7 working days after receiving the feedback.

Supplementary Note: After you withdraw from data sale, it will not affect your use of any core functions of this Application, nor will you be treated discriminatorily (such as restricting function use, reducing service quality, etc.), which strictly complies with the protection requirements of laws and regulations such as CCPA and CPRA for users' data rights.

4.5 Methods to Withdraw from Data Sharing

If you have agreed to our sharing of your personal data (such as entrusted processing sharing, third-party platform sharing, etc.), you have the right to withdraw from data sharing at any time. The specific withdrawal methods are as follows:

• For Entrusted Processing Sharing: Send an email to the DPO's contact email (sherylortiz1971@gmail.com) marked "Withdraw from Entrusted Processing Sharing", clearly stating your request. We will immediately notify the relevant third parties to stop processing your personal data, require third parties to delete your personal data they have obtained (except as required by laws and regulations), and feedback the processing result to you;

• For Other Sharing Scenarios: Submit a withdrawal request through the official email or feedback function. We will provide you with an exclusive withdrawal method according to the specific sharing scenario and process it within 7 working days.

V. Storage and Security of Personal Data

5.1 Storage Location

We store your personal data on compliant servers that meet the requirements of relevant privacy laws and regulations. The main storage location is the United States. At the same time, in accordance with the requirements of laws and regulations in the region where you are located (such as the requirements of GDPR on data storage), we will back up data on compliant servers in the corresponding region to ensure that data storage complies with local regulatory requirements.

If it is necessary to transfer your personal data to other countries or regions, we will strictly comply with relevant laws and regulations, take necessary measures such as encrypted transmission, signing data processing agreements, and conducting Data Protection Impact Assessments (DPIA) to ensure the security of data transmission and the legality and compliance of the transmission behavior. We will notify you in advance (if necessary) and conduct the transmission only after obtaining your consent.

5.2 Storage Period

We adhere to the principle of "minimum necessary storage" and only store your personal data for the shortest period necessary to achieve the collection purpose. After the expiration, it will be automatically deleted or anonymized. The specific storage periods are as follows, which also comply with the requirements of laws and regulations such as CCPA and GDPR on data retention:

• Device information and application usage behavior information (such as browsing records, like records, etc.): Stored for no more than 1 year, and automatically anonymized after expiration (cannot identify a specific user);

• Videos and images you shoot and import, personal profile information you set, and folders you create in the vault: Stored until you actively delete them, or automatically deleted if you stop using this Application for more than 180 days without reusing it. If you close or delete the Application but do not actively delete the relevant data, we will retain it for 30 days (for you to restore data after reinstalling the Application), and automatically delete it after 30 days;

• AI consultation records, user chat records, and comment records: Stored until you actively delete them, or automatically deleted if you stop using this Application for more than 180 days without reusing it;

• Feedback content and report/block records: Stored for 30 days after the feedback request is processed and the report/block matter is concluded (for subsequent verification), and automatically deleted after expiration;

• Statutory Retention: If it is necessary to extend the storage period due to special circumstances such as legal requirements, litigation disputes, and security protection, we will extend it within the scope permitted by law and promptly notify you through official emails, application pop-ups, etc.

5.3 Security Protection Measures

We attach great importance to the security of your personal data and take dual security measures of technology and management to prevent risks such as data leakage, tampering, loss, and abuse, ensuring the security of your personal data and complying with the privacy and security requirements of Google Play and the data security protection requirements of laws and regulations in various regions:

• Technical Protection: Adopt encryption technology to fully encrypt the storage and transmission of your personal data; set strict access permission control, so that only authorized staff can access your personal data, and all access behaviors will be fully recorded and audited; regularly conduct security inspections and vulnerability repairs on servers to prevent risks such as network attacks and virus intrusions; adopt data backup technology to regularly back up your personal data to prevent data loss;

• Management Protection: Establish a special personal data security management system, clarify the job responsibilities of staff, and conduct privacy protection training and background checks on staff who have access to your personal data; sign confidentiality agreements with staff, clarify their confidentiality obligations, and strictly prohibit the disclosure, abuse, and private collection of your personal data; regularly conduct data security audits and Data Protection Impact Assessments (DPIA) to promptly identify and rectify security hazards; the DPO supervises the data security management work throughout the process to ensure that various security measures are implemented in place;

• Emergency Response: Establish an emergency response mechanism for personal data security. If a data security incident such as data leakage, tampering, or loss occurs, we will immediately activate the emergency plan, take remedial measures (such as stopping data processing, deleting leaked data, and investigating security vulnerabilities) to reduce security risks, and promptly notify you and relevant regulatory authorities within the time limit stipulated by laws and regulations, and cooperate with the investigation and handling of regulatory authorities;

• User Protection: Provide you with privacy setting functions, allowing you to freely switch the public/private status of videos and control the visible scope of personal data; remind you to properly keep your device, avoid unauthorized access to your personal data and this Application by others due to device loss or theft.

Special Note: Although we have taken the above security protection measures, due to the openness of the network environment and the limitations of technological development, we cannot fully guarantee the absolute security of your personal data. If your personal data is leaked or lost due to force majeure, network attacks, device failures, improper operation by you (such as device loss, password leakage), etc., we will bear corresponding responsibilities within the scope stipulated by law, but will not bear compensation responsibilities beyond a reasonable scope.

VI. Core Rights of Users (Including Additional Rights in Specific Regions)

In accordance with relevant laws and regulations and the agreement of this Policy, you enjoy the following core rights regarding personal data. We will provide convenient ways to assist you in exercising relevant rights without charging any unreasonable fees. At the same time, for users in specific regions (such as the European Union, California in the United States, Virginia, Brazil, the United Arab Emirates, etc.), you also enjoy additional personal data rights, which are as follows and strictly comply with the requirements of laws and regulations such as GDPR, CCPA, CPRA, VCDPA, LGPD, and FADP:

6.1 Universal Rights for Global Users

• Right to Know: You have the right to know the purposes, methods, scope, storage period, sharing objects, and other information of our collection, storage, use, sharing, transfer, and disclosure of your personal data at any time. We will fully inform you through this Policy, application pop-ups, official emails, etc.;

• Right to Access: You have the right to inquire about the specific content and processing status of your personal data collected and stored by us at any time. We will provide you with clear and complete inquiry results within 7 working days after receiving your inquiry request;

• Right to Rectification: If you find that your personal data is incorrect or incomplete (such as incorrect personal profile, incorrect video tags, etc.), you have the right to request us to rectify it. We will process it within 7 working days after receiving your rectification request and notify you promptly after the rectification is completed;

• Right to Erasure: You have the right to request us to delete all or part of your personal data (such as videos, images, comments, consultation records, etc.). We will delete it within 7 working days after receiving your deletion request and notify you promptly after the deletion is completed (except as required by laws and regulations);

• Right to Withdraw Consent: You have the right to withdraw your consent to our collection, use, and sharing of your personal data at any time (such as withdrawing authorization for permissions such as camera and photo gallery, and withdrawing consent to data sharing). After withdrawing consent, we will immediately stop the relevant data processing activities and delete or anonymize the relevant data in accordance with the agreement, without affecting the legality of the personal data we have legally processed before you withdraw consent;

• Right to Complain: If you believe that our personal data processing activities violate the provisions of this Policy or relevant laws and regulations, or damage your legitimate rights and interests, you have the right to complain to us or the local personal data protection regulatory authority;

• Right to Data Portability: You have the right to request us to provide your personal data in a structured, machine-readable format to you or transmit it to another data controller designated by you (such as other video management applications). We will process it within 15 working days after receiving the request.

6.2 Additional Rights for Users in Specific Regions

6.2.1 Additional Rights for Users in the European Union (GDPR Applicable Scope)

• Right to Restriction of Processing: You have the right to request us to restrict the processing of your personal data (for example, if you believe that your personal data is incorrect, you can request us to suspend processing the data until the error is corrected);

• Right to Object: You have the right to object to our processing of your personal data based on legitimate interests or public interests. If you raise an objection, we will stop the relevant processing activities unless we can prove that there are legitimate reasons that override your interests;

• Right Not to Be Subject to Automated Individual Decision-Making: You have the right to object to decisions that produce legal effects on you or significantly affect you based solely on automated decision-making (including profiling). If such decisions exist, we will provide you with an opportunity for human intervention;

• Right to Complain to Regulatory Authorities: You have the right to complain about our personal data processing activities to the data protection authority of an EU Member State (such as the Data Protection Commission of Ireland), which will conduct an investigation and handling in accordance with the law.

6.2.2 Additional Rights for Users in California, USA (CCPA, CPRA Applicable Scope)

• Enhanced Right to Know: You have the right to be informed of whether your personal information has been disclosed to third parties.You have the right to request us to disclose the specific categories, sources, purposes of collecting, using, sharing, and selling your personal data in the past 12 months, as well as the names and categories of third parties with whom it was shared or sold;

• Enhanced Right to Erasure: You have the right to request us to delete all your personal data (except as required by laws and regulations), and we must notify third parties that have obtained your personal data to delete the relevant data as well;

• Right Against Discrimination: When you exercise any right stipulated by CCPA and CPRA, we will not treat you discriminatorily (such as restricting function use, increasing service fees, or refusing to provide services);

• Privacy Choice Right: You have the right to choose not to allow us to use your personal data for targeted advertising, profiling, and other purposes, which can be operated through the privacy settings in the Application.

6.2.3 Additional Rights for Users in Virginia, USA (VCDPA Applicable Scope)

• Right to Object to Processing: You have the right to object to our use of your personal data for targeted marketing, sales, profiling, and other purposes. After objection, we will immediately stop the relevant processing activities;

• Right to Data Accuracy: You have the right to request us to ensure the accuracy of your personal data. If you find any data error, we must correct it in a timely manner and notify third parties that have obtained the data to update the relevant data;

• Right to Complain: You have the right to complain about our personal data processing activities to the Virginia Office of Consumer Protection, which will handle it in accordance with the law.

6.2.4 Additional Rights for Users in Brazil (LGPD Applicable Scope)

• Enhanced Right to Data Portability: You have the right to request us to provide your personal data to you in an easy-to-understand, machine-readable format or transmit it to another data controller designated by you, and we shall not charge any unreasonable fees;

• Right to Compensation for Damages: If our personal data processing activities violate the provisions of LGPD and cause you losses, you have the right to request us to bear liability for compensation;

• Right to Complain: You have the right to complain about our personal data processing activities to Brazil's National Data Protection Authority (ANPD).

6.2.5 Additional Rights for Users in the United Arab Emirates (FADP Applicable Scope)

• Right to Data Security: You have the right to request us to take necessary security measures to protect your personal data. If a data leakage occurs, we must promptly notify you and the UAE data protection regulatory authority;

• Right to Prohibit Illegal Disclosure: You have the right to prohibit us from disclosing your personal data to any third party without your explicit consent (except as required by law);

• Right to Complain: You have the right to complain about our personal data processing activities to the UAE Federal Data Protection Authority.

6.3 Methods of Exercising Rights

You can exercise all the above rights through the following methods. After receiving your request, we will promptly verify your identity (the verification method will not excessively collect your personal data and will only be used to confirm your user identity), assist you in exercising relevant rights, and ensure that the exercise of rights is convenient and efficient:

• Email Application: Send an email to our official contact email (sherylortiz1971@gmail.com) or the DPO's contact email, clearly stating the rights you want to exercise, your user-related information (to facilitate identity verification), and specific requests. We will respond within 7 working days after receiving the email, and handle and feedback the results of complex requests (such as data portability and large-scale data deletion) within 15 working days;

• Feedback Function: Open this Application → Enter "Profile" → Click "Feedback" to submit your request for exercising rights. We will respond and process it within 7 working days after receiving the feedback;

• Written Application: You can send your request for exercising rights and identity verification materials to our registered address by mail (340 E 1st High St, Central City CO 80427, US, ATTN: Data Protection Officer). We will process and feedback within 15 working days after receiving the written application.

VII. Complaint Channels (Instructions for Users to Complain to Regulatory Authorities)

If you believe that our personal data processing activities violate the provisions of this Policy or relevant laws and regulations, or damage your legitimate rights and interests, you have the right to first complain to us (through the email, feedback function, and other methods agreed in this Policy). We will process and feedback the results within 15 working days after receiving the complaint. If you are not satisfied with our processing results, or we fail to process your complaint within the agreed time limit, you have the right to complain to the personal data protection regulatory authority in your region, and we will actively cooperate with the investigation and handling of the regulatory authority.

Reference to complaint channels of major regional regulatory authorities (for your convenience to complain quickly):

• European Union: Data Protection Authorities of EU Member States (such as the Data Protection Commission of Ireland, official website: https://www.dataprotection.ie/);

• California, USA: California Privacy Protection Agency (CPPA, official website: https://cppa.ca.gov/);

• Virginia, USA: Virginia Office of Consumer Protection (official website: https://www.consumer.virginia.gov/);

• Brazil: Brazil's National Data Protection Authority (ANPD, official website: https://www.anpd.gov.br/);

• United Arab Emirates: UAE Federal Data Protection Authority (official website: https://www.federalauthority.ae/);

• Other Regions: The corresponding personal data protection regulatory authority in your country/region.

VIII. Legal Basis for Data Processing

Our processing of your personal data strictly complies with the provisions of relevant laws and regulations and has a legitimate legal basis, which are as follows:

• Based on Your Consent: Your act of checking this Policy, authorizing application permissions, and actively submitting personal data is deemed that you agree to our processing of your personal data in accordance with the provisions of this Policy, which is the main legal basis for us to process your personal data (corresponding to Article 6(1)(a) of GDPR, Section 1798.100 of CCPA, Article 7 of LGPD, etc.);

• Based on Contract Performance: To perform the service contract between us and you (you use this Application, and we provide you with services), we need to collect and use your relevant personal data (such as videos, device information, etc.) to realize the core functions of this Application and ensure the normal provision of services (corresponding to Article 6(1)(b) of GDPR, Article 8 of LGPD, etc.);

• Based on Legitimate Interests: To maintain the normal operation of this Application, optimize application experience, prevent security risks, handle user feedback, and other legitimate interests, we may process your relevant personal data (such as device information, usage behavior information, etc.) within a reasonable scope without damaging your legitimate rights and interests (corresponding to Article 6(1)(f) of GDPR, Section 5 of VCDPA, etc.);

• Based on Legal Obligations: In accordance with the mandatory requirements of laws and regulations, we need to process your personal data (such as cooperating with judicial investigations, performing data protection compliance obligations, etc.) (corresponding to Article 6(1)(c) of GDPR, Section 1798.105 of CCPA, Article 10 of FADP, etc.);

• Based on Public Interests: To maintain public interests (such as preventing malicious network attacks, protecting the legitimate rights and interests of other users, etc.), we may process your relevant personal data within a reasonable scope (corresponding to Article 6(1)(e) of GDPR, Article 9 of LGPD, etc.).

IX. Third-Party Service Instructions

This Application may integrate some third-party services (such as third-party SDKs, cloud storage services, AI technology service providers, server providers, etc.) to realize core functions (such as video storage, AI Q&A, crash log statistics, etc.). These third-party services may access and process necessary personal data within the scope of your authorization (only used to realize their service functions).

We will sign strict data processing agreements and confidentiality agreements with third-party service providers, clarify their personal data protection obligations, require them to process your personal data in strict accordance with the provisions of this Policy and relevant laws and regulations, take necessary security protection measures, strictly prohibit third parties from disclosing, abusing, sharing, or selling your personal data, prohibit them from using it for other purposes unrelated to the service, and conduct full supervision and auditing of the processing activities of third parties.

The privacy policies of third-party service providers are independent of this Policy. You can view the privacy policies of third parties to understand their relevant provisions on personal data processing. If you do not agree to third parties processing your personal data, you can stop using the functions of this Application involving the third-party services or uninstall this Application.

X. Application Usage Instructions

1. This Application only provides services to users over 18 years of age. By checking this Agreement, you confirm that you are over 18 years of age. If you are under 18 years of age, please stop using this Application immediately; we will not collect any personal data of natural persons under 18 years of age.

2. This Application has no registration or login function. You can use it after checking this Agreement and the Terms of Service. We will not collect your account, password, or other information related to registration and login.

3. You can turn off relevant permissions such as camera, photo gallery, and microphone in the device settings at any time. After turning off the permissions, the corresponding functions may not work normally, but it will not affect the use of other unrelated functions.

4. You shall properly keep your device and set security protection measures such as device passwords and application locks to prevent others from accessing your personal data and this Application without authorization. If your device is lost or stolen, you shall notify us in a timely manner, and we will assist you in taking remedial measures such as deleting personal data and restricting use.

5. When using this Application, you shall comply with relevant laws and regulations and the Terms of Service of this Application. You shall not upload or post non-compliant, illegal, or vulgar videos, comments, or other content, nor disclose the personal privacy of others. If you violate the relevant agreements, we have the right to stop providing services for you, delete the relevant content and your personal data, and pursue your corresponding responsibilities.

XI. Updates and Notifications of the Agreement

11.1 Agreement Updates

Due to updates to relevant laws and regulations, adjustments to the privacy policy of Google Play, optimization of this Application's functions, and other reasons, we may revise this Agreement. The revised Agreement will be more conducive to protecting the security of your personal data, will not reduce our personal data protection obligations, and will comply with relevant laws and regulations and Google's review requirements.

The revised Agreement will be notified to you through pop-ups in this Application, official emails, and other methods. The revised Agreement will take effect from the effective date specified in the notification. If you do not agree to the revised Agreement, you may stop using this Application, and we will delete or anonymize your personal data in accordance with the agreement; if you continue to use this Application, it shall be deemed that you have fully understood and agreed to the revised Agreement.

11.2 Notification Methods

We will send you notifications related to personal data processing and this Agreement (including but not limited to agreement updates, data security incidents, results of right exercise, results of complaint handling, etc.) through the following methods:

• Pop-ups and announcements within this Application;

• Official contact email: sherylortiz1971@gmail.com;

• Other reasonable notification methods (such as in-app messages).

You shall promptly check the relevant notifications. Any losses caused by your failure to check the notifications in a timely manner shall be borne by you.

XII. Disclaimer

Under the following circumstances, we shall not be liable for any matters related to personal data processing, provided that we have fulfilled corresponding obligations, there is no intent or gross negligence, and it complies with the exemption requirements of relevant laws and regulations:

• Any loss such as leakage, loss, or tampering of your personal data caused by your own improper operations (such as device loss, theft, password leakage, active disclosure of personal data, etc.) shall be borne by you;

• Leakage, tampering, or loss of personal data caused by force majeure (such as earthquakes, floods, fires, network interruptions, network attacks, virus intrusions, etc.), provided that we have taken reasonable preventive measures and promptly activated the emergency plan;

• If a third-party service provider violates the data processing agreement and arbitrarily leaks, abuses, or tampers with your personal data, and we have fulfilled supervision obligations and promptly taken remedial measures such as terminating cooperation, requiring rectification, and deleting data after discovery, the relevant liability shall be borne by the third party;

• Any problems and losses related to personal data processing caused by your intentional provision of false information or forged identity shall be borne by you;

• We shall not be liable for reasonable losses arising from your exercise of personal data rights that result in the inability to use some functions normally or the deletion of relevant data (such as being unable to view deleted videos);

• We shall not be liable for any impact caused by our legal processing of your personal data in accordance with the mandatory requirements of laws and regulations (such as providing data to regulatory authorities);

• We shall not be liable for any impact caused by the use or sharing of anonymized information (anonymized information is not personal data);

• Other exemption circumstances stipulated by laws and regulations.

The exemption grounds agreed in this Article shall not exempt us from liability for compensation for the leakage of your personal data or damage to your legitimate rights and interests caused by our intent or gross negligence, nor shall they exempt us from our statutory obligations.

XIII. Dispute Resolution

Any dispute or controversy arising from or in connection with this Agreement shall first be resolved through friendly negotiation between both parties; if negotiation fails, either party has the right to file a lawsuit with the competent court where the data controller is located (Colorado, USA).

During the dispute resolution process, both parties shall continue to perform other clauses of this Agreement except for the disputed clauses and shall not arbitrarily terminate or suspend relevant obligations.

XIV. Contact Us

If you have any questions, suggestions, or complaints about personal data processing, or wish to exercise relevant personal data rights (inquiry, correction, deletion, withdrawal from data sale/sharing, etc.), you may contact us through the following methods:

• Operating Entity: EVOLVEVIL LLC

• Registered Address: 340 E 1st High St, Central City CO 80427, US

• Official Contact Email: sherylortiz1971@gmail.com

• DPO Contact Email: sherylortiz1971@gmail.com (marked "DPO Consultation/Request")

• Response Time: We will respond within 7 working days after receiving your request. Complex requests (such as data portability, large-scale data deletion, complaint handling) will be processed and the results will be fed back within 15 working days.

The final interpretation right of this Agreement shall belong to EVOLVEVIL LLC.

EVOLVEVIL LLC reserves all rights in accordance with relevant laws and regulations.