Privacy Policy

Last updated: October 15, 2025

Welcome to Troveloop Plus! Protecting your privacy stands as our fundamental commitment. We urge you to thoroughly review this Privacy Policy before engaging with the Troveloop Plus application (hereinafter "the Platform" or "our Service").

This document outlines our practices regarding the collection, utilization, storage, and safeguarding of your personal data, alongside your rights pertaining to such information.

1. Scope and Application

This Privacy Policy applies to all users of Troveloop Plus services, including but not limited to mobile applications, websites, and any associated platforms. By accessing our Service, you consent to the data practices described herein.

2. Information Collection Categories

To deliver optimal and protected services, we gather the following data categories:

A. User-Provided Information:

  • Registration Data: Mobile phone number utilized for account creation and authentication. This enables identity confirmation and critical notification delivery.
  • Financial Data: Banking credentials collected during withdrawal requests or transaction completion to facilitate fund transfers.
  • Verification Credentials: Legal name and identification numbers required for regulatory compliance and transaction protection.
  • Gift Card Information: Card numbers, PINs, balances, and retail brand details necessary for valuation and exchange processing.
  • Communication Records: Customer support correspondence, feedback submissions, and inquiries to enhance service quality.

B. Automatically Collected Data:

  • Device Specifications: Equipment model, operating system version, and unique identifiers (IMEI, IDFA, Android ID) ensuring platform stability and compatibility.
  • Usage Analytics: Access timestamps, navigation patterns, IP addresses, and interaction data supporting service optimization and security monitoring.
  • Geolocation Data: Approximate location collected exclusively with explicit user authorization for fraud prevention and regional service customization.
  • Cookie and Tracking Technologies: Session identifiers and preference data enhancing user experience and platform functionality.

C. Third-Party Analytics Integration:

We employ Adjust SDK for attribution analysis and behavioral insights. Adjust collects device identifiers (IDFA/GAID), installation metrics, launch events, and conversion data (registrations, transactions). Processing adheres to Adjust's privacy framework: https://www.adjust.com/terms/privacy-policy/

3. Data Utilization Purposes

Your information serves the following essential functions:

  • Service Delivery: Account establishment, gift card valuation, transaction processing, and withdrawal fulfillment.
  • Security Operations: Identity authentication, fraud detection, unauthorized access prevention, and regulatory compliance maintenance.
  • Platform Enhancement: Feature refinement, bug resolution, performance optimization, and user interface improvements.
  • Customer Relations: Inquiry response, dispute resolution, technical assistance, and satisfaction surveys.
  • Marketing Intelligence: Attribution tracking, advertising effectiveness measurement, and campaign optimization via analytics partners.
  • Legal Obligations: Regulatory reporting, law enforcement cooperation, and contractual requirement fulfillment.
  • Communication: Transaction notifications, promotional updates (with consent), security alerts, and policy modifications.

4. Legal Basis for Processing

We process your data based on:

  • Contractual Necessity: Required to deliver services you've requested.
  • Legitimate Interests: Fraud prevention, security enhancement, and business operations.
  • Legal Compliance: Regulatory obligations and law enforcement requirements.
  • User Consent: Explicit authorization for specific processing activities.

5. Information Sharing and Disclosure

Your personal data will never be sold or rented. Disclosure occurs exclusively under these circumstances:

  • User Authorization: Explicit consent granted for specific sharing purposes.
  • Legal Mandates: Court orders, subpoenas, regulatory demands, or statutory obligations.
  • Service Providers: Payment processors, identity verification services, cloud infrastructure providers, and customer support platforms bound by strict confidentiality agreements.
  • Corporate Affiliates: Group entities requiring access for unified service delivery and operational consistency.
  • Business Transitions: Mergers, acquisitions, asset sales, or reorganizations with advance notification and policy compliance assurance.
  • Fraud Prevention Networks: Security consortiums and anti-fraud databases for risk mitigation purposes.
  • Aggregated Analytics: De-identified, anonymized data shared for research and statistical analysis without personal attribution.

6. Data Retention Periods

Information retention follows these guidelines:

  • Active Accounts: Data retained throughout account lifecycle and service provision.
  • Closed Accounts: Information maintained for 7 years post-closure for legal and regulatory compliance.
  • Transaction Records: Financial data preserved for 10 years as required by law.
  • Marketing Data: Promotional preferences retained until consent withdrawal.
  • Disputed Transactions: Records held until resolution plus applicable limitation periods.

7. User Rights and Controls

Exercise your privacy rights through "Settings → Privacy Management" or by contacting support:

  • Access Rights: Request copies of personal data we maintain, including transaction histories and account details.
  • Rectification Rights: Correct inaccurate or incomplete information through account settings or support requests.
  • Deletion Rights: Request data erasure (subject to legal retention requirements and active contractual obligations).
  • Portability Rights: Receive your data in structured, machine-readable format for transfer to alternative services.
  • Objection Rights: Oppose specific processing activities, particularly for marketing purposes or legitimate interest grounds.
  • Restriction Rights: Limit processing scope during accuracy verification or legal claim periods.
  • Consent Withdrawal: Revoke authorization for optional data collection, potentially affecting feature availability.
  • Account Termination: Request permanent account closure with subsequent data deletion or anonymization per legal mandates.

Note: Exercising certain rights may impact service functionality. We respond to requests within 30 days and may require identity verification.

8. Security Measures and Safeguards

We implement comprehensive protection mechanisms:

  • Encryption Standards: AES-256 encryption for data at rest, TLS 1.3 for data in transit, and end-to-end encryption for sensitive communications.
  • Access Controls: Role-based permissions, multi-factor authentication, biometric verification, and regular access audits.
  • Infrastructure Security: Firewalls, intrusion detection systems, DDoS protection, and regular vulnerability assessments.
  • Data Segregation: Isolated environments for production, testing, and development with strict transfer protocols.
  • Employee Training: Mandatory security awareness programs, confidentiality agreements, and background verification for personnel.
  • Incident Response: 24/7 monitoring, automated threat detection, breach notification procedures (within 72 hours), and remediation protocols.
  • Third-Party Audits: Annual security assessments, penetration testing, and compliance certifications.

Storage Jurisdiction: Data primarily stored in secure facilities within the People's Republic of China, with cloud backups in certified data centers meeting international security standards.

9. International Data Transfers

When data crosses borders, we ensure adequate protection through:

  • Standard Contractual Clauses approved by relevant authorities
  • Adequacy decisions recognizing equivalent protection levels
  • User consent for specific transfer scenarios
  • Contractual obligations requiring recipient compliance with this policy

10. Minor Protection Protocols

Our Service targets individuals aged 18 and above exclusively. We do not knowingly collect data from persons under 18 years. Upon discovering underage data collection, immediate deletion occurs. Parents or guardians suspecting minor data submission should contact us immediately for removal.

11. Cookies and Tracking Technologies

We utilize various tracking mechanisms:

  • Essential Cookies: Required for platform functionality, authentication, and security features.
  • Performance Cookies: Analytics tools measuring usage patterns and feature engagement.
  • Preference Cookies: Settings storage for personalized user experiences.

Manage cookie preferences through browser settings or in-app controls. Disabling certain cookies may limit functionality.

12. Do Not Track Signals

Currently, our Platform does not respond to Do Not Track (DNT) browser signals due to lack of industry standardization. We honor user privacy preferences expressed through our settings.

13. Policy Modifications

This Privacy Policy may undergo revisions for operational, legal, or regulatory reasons. Material changes trigger notification via:

  • In-app alerts and notification banners
  • Email communications to registered addresses
  • Prominent website announcements

Continued service usage post-notification constitutes acceptance. Review this policy periodically for updates. Last modification date appears at page top.

14. Contact Information

For privacy inquiries, rights exercise, or concern reporting, reach our Data Protection Officer:

  • Email: [email protected]
  • Support Portal: Settings → Help Center → Privacy Concerns
  • Response Time: Within 30 business days

We are committed to addressing your privacy concerns promptly and transparently.