Privacy policy

Effective Date: January 1, 2025

Last Updated: April 25, 2025

Version: 1.1

DLIA ("we", "us", "our") operates the DLIA mobile application (the "App") and the website at dlia.app (collectively, the "Platform"). DLIA is a peer-to-peer marketplace that enables users to list and purchase unused, non-refundable bookings including flight tickets, hotel reservations, event tickets, and car rentals.

We are committed to protecting and respecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, who we share it with, how long we keep it, your rights over your data, and how to contact us.

By creating an account or continuing to use our services, you confirm that you have read and understood this policy.

Data Controller:
DLIA INC
131 Continental Dr, Suite 305, Newark, DE 19713, US
EIN: 39-4757596
Email: info@dlia.app

1. Information We Collect

We collect information in the following categories:

1.1 Account Registration Data

When you create an account, we collect:

First name and last name
Email address
Phone number
Password stored as a one-way cryptographic hash
Terms acceptance timestamp
Email verification status and timestamp

1.2 Google Sign-In Data

If you choose to register or log in using Google, we collect via the Google Sign-In SDK:

Google Account ID
Name as it appears on your Google account
Email address from your Google account
Profile photo or avatar URL
Google ID Token used to verify your identity with our backend
Server Auth Code used for backend token refresh

We store your authentication method locally on your device to manage your session correctly.

1.3 KYC Identity Verification Data

To become a seller on DLIA, identity verification is required. As part of this process, we collect:

Government-issued photo ID, such as a passport, national identity card, or driver's licence
Verification status, including pending, approved, or rejected

This information is processed and reviewed by the DLIA team. Your photo ID is treated as sensitive personal data and is subject to strict access controls.

1.4 Listing and Transaction Data

When you list a booking or make a purchase, we collect:

Booking details, including type, category, subcategory, price, quantity, and description
Listing images you upload
Bid amounts you submit
Transaction history, including purchases, sales, and confirmation status

1.5 Location Data

With your permission, we collect your approximate or precise location to show you nearby listings and provide location-based features. Location access is requested only when the App is in use. We do not track your location in the background.

1.6 Device and Technical Data

We automatically collect:

Device type, model, and operating system
App version
IP address
Crash logs and diagnostic information
Session identifiers and authentication tokens

1.7 Push Notification Data

We use OneSignal to deliver push notifications to your device. When you grant notification permission, OneSignal assigns a unique push notification token to your device. This token is stored on OneSignal's servers, used to deliver transactional and promotional notifications from DLIA, and associated with your DLIA account.

You can revoke notification permissions at any time in your device settings or via Settings and notification preferences in the App.

1.8 Camera and Media Data

We request access to your device's camera and media library to allow you to:

Upload listing images
Upload your photo ID for KYC verification

We do not access your camera or media in the background and do not store raw camera data beyond what you explicitly upload.

1.9 Payment Data

Payments are processed through Stripe. When you make or receive a payment, Stripe collects and processes card details, billing information, transaction amount, and related metadata. We receive only tokenized payment references and transaction outcomes from Stripe.

Stripe's privacy policy governs their handling of payment data: https://stripe.com/gb/privacy

1.10 Messaging Data

When you communicate with other users via the in-app messaging feature, we store the content of those messages on our servers. This is necessary to facilitate the conversation and may be reviewed in the event of a dispute or complaint.

1.11 Cookies and Tracking

Our website uses cookies and similar technologies, including:

Essential cookies required for the site to function
Analytics cookies used to understand how users interact with the site
Preference cookies used to remember your settings

You can manage cookie preferences via the cookie banner on our website. Our App uses local device storage rather than browser cookies for session management.

2. Legal Basis for Processing

If you are located in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases:

Data Category	Legal Basis
Account registration data	Performance of a contract
KYC and identity verification	Legal obligation and legitimate interests
Transaction and listing data	Performance of a contract
Location data	Consent
Push notifications	Consent
Marketing communications	Consent
Analytics and crash reporting	Legitimate interests
Legal compliance	Legal obligation

3. How We Use Your Information

We use the data we collect to:

Create and manage your account and authenticate you securely
Facilitate listings and transactions between buyers and sellers
Verify your identity when you apply to become a seller
Process payments and route payouts to sellers
Deliver push notifications about your listings, purchases, bids, and account activity
Provide in-app messaging between transaction parties
Show you nearby listings using location data with your consent
Detect and prevent fraud, abuse, and prohibited activities
Comply with legal obligations, including identity verification and record-keeping
Improve our services through analytics and error reporting
Send transactional emails such as OTP verification and purchase confirmations
Send promotional communications only with your consent

4. Sharing Your Information

We do not sell your personal data. We share information only in the following circumstances:

4.1 With Other Users

When you list a booking or complete a transaction, certain information, such as your display name, listing details, and messages, is visible to the other party in the transaction.

4.2 With Service Providers

We use third-party service providers who process data on our behalf:

Provider	Purpose	Privacy Policy
Stripe	Payment processing	stripe.com/gb/privacy
OneSignal	Push notifications	onesignal.com/privacy_policy
Google	Authentication and analytics	policies.google.com/privacy
Cloudzy	Cloud hosting and backend infrastructure	cloudzy.com/privacy-policy

All service providers are bound by data processing agreements and are only permitted to use your data to provide services to us.

4.3 With Authorities

We may disclose your data to law enforcement, regulators, or courts where required by applicable law, court order, or to protect the rights, property, or safety of DLIA, our users, or the public.

4.4 Business Transfers

If DLIA is acquired, merged with, or transfers its assets to another company, your data may be transferred as part of that transaction. You will be notified of any such change.

5. International Data Transfers

Our service providers operate globally, which means your personal data may be transferred to and stored in countries outside your home country, including countries that may have different data protection laws.

Where we transfer personal data from the EEA or UK to third countries, we ensure appropriate safeguards are in place, including Standard Contractual Clauses, transfers to countries with an adequacy decision, and other recognised frameworks.

You may request details of the specific safeguards in place by contacting info@dlia.app.

6. Data Retention

We retain your personal data for as long as necessary to:

Maintain your active account and provide our services
Comply with legal and regulatory obligations
Resolve disputes and enforce our agreements

Specific retention periods:

Data Type	Retention Period
Account data	Duration of account plus 2 years after deletion
Transaction records	7 years
KYC documents	5 years from last transaction
Messages	2 years from last activity
Location data	Not persistently stored beyond the active session
Push notification tokens	Until you delete your account or revoke permission
Analytics and crash data	90 days rolling

When your data is no longer needed, we securely delete or anonymise it.

7. Data Security

We implement appropriate technical and organisational security measures, including:

HTTPS and TLS encryption for data in transit
Encrypted secure storage on-device for authentication tokens
Hashed passwords
Bearer token authentication with server-side validation
Access controls limiting who within DLIA can access personal data
Regular security reviews of our infrastructure

However, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, where required by law.

8. Your Rights

Depending on your location, you may have the following rights:

Right	Description
Access	Request a copy of the personal data we hold about you
Rectification	Ask us to correct inaccurate or incomplete data
Erasure	Request deletion of your data, subject to legal retention obligations
Data Portability	Receive your data in a structured, machine-readable format
Restriction	Ask us to restrict processing of your data in certain circumstances
Objection	Object to processing based on legitimate interests or for direct marketing
Withdraw Consent	Withdraw any consent you have given at any time
Complaint	Lodge a complaint with your local data protection authority

How to Exercise Your Rights

In-app account deletion: go to Settings and Delete Account in the App
By email: contact info@dlia.app with the subject line "Privacy Request"

We aim to respond within 30 days.

Relevant supervisory authorities include the UK Information Commissioner's Office, EU national data protection authorities, and the California Privacy Protection Agency.

9. California Privacy Rights

If you are a California resident, you may have additional rights under the CCPA and CPRA, including the rights to know, delete, correct, opt out of sale or sharing, and limit use of sensitive personal information. We do not sell your personal data.

To exercise these rights, contact info@dlia.app or use the in-app deletion feature. We will not discriminate against you for exercising your privacy rights.

10. Children's Privacy

The DLIA Platform is intended for users who are at least 18 years of age. We do not knowingly collect personal data from children under 13, or under 16 in the EEA or UK.

If you believe we have inadvertently collected data from a minor, please contact us immediately at info@dlia.app and we will promptly delete it.

11. Third-Party Links and Services

The App or website may contain links to third-party websites or services, such as airline websites, hotel booking platforms, or event organisers. We are not responsible for the privacy practices of those third parties, and this Privacy Policy does not apply to them.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer.

We will update the Last Updated date at the top of this policy
We may notify you via push notification or email
In some cases, we may ask for your renewed consent

Continued use of the Platform after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

For any privacy-related questions, requests, or concerns, please contact:

DLIA Privacy Team
Email: info@dlia.app
Address: 131 Continental Dr, Suite 305, Newark, DE 19713, US
URL: https://dlia.app/privacy-policy