Privacy
Privacy
Global Privacy Policy
Last updated: 10.10.2025
Lilu (“we”, “our”, “us”) is committed to protecting your privacy and handling your personal data responsibly and transparently.
This Global Privacy Policy explains how we collect, use, store, and share personal data when you interact with our website, chat assistants, and related services.
It is designed to meet the requirements of major privacy frameworks, including:
We may collect and process the following types of personal data:
2. How We Use Your Data
We use your personal data for the following purposes:
3. Legal Basis for Processing
Depending on your location, we process your personal data under one or more of the following legal bases:
4. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined above, unless a longer retention period is required by law.
When no longer needed, the data will be securely deleted or anonymized.
5. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to:
6. Data Security
We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, misuse, alteration, or disclosure.
These include encryption, access controls, and regular audits of our systems and vendors.
7. Cross-Border Data Transfers
Your personal data may be stored or processed outside your country of residence.
When data is transferred internationally, we ensure that appropriate safeguards are in place, such as:
8. Your Privacy Rights
Depending on your jurisdiction, you may have the following rights:
9. Contact Information
Data Protection Officer (DPO)
Lilu Privacy Office
Email: privacy@lilu.ai
Address: [Insert registered office address]
10. Regional Addenda
A. European Union (GDPR)
If you are located in the European Economic Area (EEA), Lilu acts as a data controller under the GDPR.
You have the right to lodge a complaint with your local data protection authority.
We rely on the following legal bases for processing: consent, contractual necessity, and legitimate interests (for analytics and security).
Cross-border data transfers outside the EEA are protected through appropriate safeguards such as Standard Contractual Clauses (SCCs).
B. Indonesia (PDP Law No. 27/2022)
For users in Indonesia:
For users in Vietnam:
We may update this Policy periodically to reflect legal or operational changes.
The latest version will always be available on this page with the “Last updated” date.
Last updated: 10.10.2025
Lilu (“we”, “our”, “us”) is committed to protecting your privacy and handling your personal data responsibly and transparently.
This Global Privacy Policy explains how we collect, use, store, and share personal data when you interact with our website, chat assistants, and related services.
It is designed to meet the requirements of major privacy frameworks, including:
- EU General Data Protection Regulation (GDPR)
- Indonesia Personal Data Protection Law (Law No. 27 of 2022)
- Vietnam Personal Data Protection Law (Law No. 91/2025/QH15)
We may collect and process the following types of personal data:
- Information you provide directly: name, email address, phone number, company name, and any message or file you submit through our forms or chats.
- Usage and technical data: IP address, browser type, device identifiers, pages visited, time spent, and actions performed on the website.
- Cookies and similar technologies: used to improve performance, security, and analytics (see section 5).
- Communication records: emails, chat logs, or messages exchanged with our support team.
2. How We Use Your Data
We use your personal data for the following purposes:
- To respond to your requests, messages, or inquiries.
- To operate, maintain, and improve our website and services.
- To personalize your experience and provide relevant information.
- To communicate updates, offers, or technical notices (only if you have given explicit consent).
- To comply with applicable legal and regulatory obligations.
3. Legal Basis for Processing
Depending on your location, we process your personal data under one or more of the following legal bases:
- Consent — where you have given clear permission (e.g., ticking a checkbox).
- Contractual necessity — to perform a contract or pre-contractual request.
- Legitimate interest — to operate our services in a way that does not override your rights.
- Legal obligation — to comply with local laws or respond to lawful requests from authorities.
4. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined above, unless a longer retention period is required by law.
When no longer needed, the data will be securely deleted or anonymized.
5. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to:
- enable essential site functionality,
- analyze traffic and improve user experience,
- measure performance and effectiveness.
6. Data Security
We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, misuse, alteration, or disclosure.
These include encryption, access controls, and regular audits of our systems and vendors.
7. Cross-Border Data Transfers
Your personal data may be stored or processed outside your country of residence.
When data is transferred internationally, we ensure that appropriate safeguards are in place, such as:
- data protection agreements with service providers, or
- your explicit consent where required by local law.
8. Your Privacy Rights
Depending on your jurisdiction, you may have the following rights:
- Access – obtain a copy of your personal data.
- Rectification – correct inaccurate or incomplete data.
- Deletion (“Right to be Forgotten”) – request erasure of your data.
- Restriction – limit how your data is processed.
- Data portability – receive your data in a structured, machine-readable format.
- Withdraw consent – revoke previously given consent at any time.
9. Contact Information
Data Protection Officer (DPO)
Lilu Privacy Office
Email: privacy@lilu.ai
Address: [Insert registered office address]
10. Regional Addenda
A. European Union (GDPR)
If you are located in the European Economic Area (EEA), Lilu acts as a data controller under the GDPR.
You have the right to lodge a complaint with your local data protection authority.
We rely on the following legal bases for processing: consent, contractual necessity, and legitimate interests (for analytics and security).
Cross-border data transfers outside the EEA are protected through appropriate safeguards such as Standard Contractual Clauses (SCCs).
B. Indonesia (PDP Law No. 27/2022)
For users in Indonesia:
- We process personal data only with your explicit consent, unless another lawful ground applies.
- You may withdraw consent at any time by contacting us.
- We maintain records of processing activities as required by the PDP Law.
- Any international transfer of data complies with Article 56 of the PDP Law (adequacy or consent).
- You may request deletion, correction, or access to your personal data through our contact above.
For users in Vietnam:
- We collect and use your personal data only after obtaining your informed and specific consent.
- You have the right to request access, correction, restriction, or deletion of your personal data, and to withdraw consent.
- In accordance with the PDPL, we conduct a Data Transfer Impact Assessment (DTIA) for any cross-border data transfer.
- Our appointed Data Protection Officer ensures compliance with PDPL requirements and can be reached at privacy@lilu.ai.
We may update this Policy periodically to reflect legal or operational changes.
The latest version will always be available on this page with the “Last updated” date.