Privacy Policy

Last updated: May 23, 2026

This Privacy Policy describes how MMOI Tech Co., Ltd (“we,” “us,” or “our”) collects, uses, stores, and shares your information when you use our services, including the MMSO mobile application and related websites, products, and features (collectively, the “Services”).

If you do not agree with this Privacy Policy, please do not use our Services.

Student Privacy Policy

1. Information We Collect

1.1 Information You Provide

We may collect information you provide directly, including:

• Account information (such as phone number and email)
• Profile information (such as name, profile photo, and profession/category preferences)
• Learning activity (such as purchased courses, followed instructors, quiz activity, and class participation)
• Support or communication information when you contact us

1.2 Information Collected Automatically

When you use the Services, we may collect:

• Device and technical information (such as IP address, device type, operating system, app version, and identifiers)
• Usage information (such as pages/screens viewed, features used, search terms, clicks, and timestamps)
• Notification/device token information for push notifications
• Approximate location derived from IP address

1.3 Messaging Platform Data (Telegram, if linked by you)

If you choose to link Telegram, we may collect Telegram account identifiers, including:

• Telegram ID
• Username
• First name / last name
• Profile photo URL

This is used only for Telegram-related features such as account linking and course group access.

2. How We Use Your Information

We use personal data to:

• Create and manage your account
• Authenticate login (including OTP flows)
• Deliver learning content and purchased access
• Process payments and payment confirmations
• Send notifications you enable
• Provide customer support
• Analyze usage and improve product performance
• Detect abuse, prevent fraud, and enforce platform rules
• Meet legal, accounting, and compliance requirements

3. Third-Party Services We Use

We use third-party providers to operate the Services. These may process relevant data on our behalf:

• Firebase Core / Cloud Messaging / Crashlytics / Analytics (app infrastructure, push notifications, crash reporting, analytics)
• Stripe (payment processing)
• Dinger (payment processing)
• MMQR/KBZ (payment processing)
• Telegram (optional account linking and group access features)
• Zoom (live class/meeting related features)
• Cloudflare (infrastructure, domain, and delivery services)

We only share data required for the specific service purpose.

4. Payments and Payment Data

Payments are processed through third-party payment providers (such as Stripe, Dinger, and MMQR/KBZ).

Depending on the payment method, we may process and share:

• Order ID / payment reference
• Transaction status
• Amount and currency-related data
• Limited billing or checkout details needed to complete payment

We do not store full payment card numbers in our backend.

Refunds are handled according to our Refund Policy and applicable law.

5. How We Share Information

We may share personal information in these cases:

• Service providers and vendors who support our operations
• Payment providers to complete and verify transactions
• Internal education stakeholders (center/instructor scope) for course delivery, learner support, and order operations within authorized access scope
• Legal or compliance requirements where disclosure is required by law
• Business transfers (for example, merger, acquisition, or asset transfer), subject to legal safeguards

We do not sell your personal data.

6. User Rights and Choices

Subject to applicable law, you may:

• Access your profile/account information
• Update or correct your profile information
• Delete your account from within the app (“Delete My Account” feature)

Account Deletion Notice

When you request account deletion, your account is deactivated and key identifiers are anonymized in our system. Some records may be retained where required for legal, security, accounting, or fraud-prevention purposes.

7. Data Retention

We retain personal data only as long as needed for the purposes described in this Policy, including legal, accounting, security, and operational needs.

Examples:

• Account data: retained while the account is active; deletion request triggers deactivation/anonymization flow
• Notification logs: periodically pruned according to internal retention rules
• Payment and transaction records: retained as needed for reconciliation, compliance, and dispute handling

8. Security

We implement reasonable technical and organizational safeguards, including access controls and authenticated API protections, to protect personal data.

However, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

9. Children’s Privacy

Our Services are not intended for children under 13.

We do not knowingly collect personal information from children under 13. If we become aware that such data has been provided, we will take steps to delete or deactivate it.

If you are a parent or guardian and believe a child has provided personal data, please contact us at: [email protected]

10. Third-Party Links and Services

Our Services may contain links to third-party websites or services. We do not control and are not responsible for their content, terms, or privacy practices. Please review their policies before using those services.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will provide reasonable notice (for example, in-app notice or website update) before changes take effect.

Your continued use of the Services after the effective date means you accept the updated Policy.

12. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: [email protected]

-------------------------------

Center Admin Privacy Policy

If you use MMSO as a Center Admin, this section explains how your information is handled in addition to the student privacy terms.

1. What We Collect (Center Admin)

• Account details: name, phone number, email, username
• Center/business details: center profile information you submit in admin tools
• Operational data: courses, instructors, pricing, coupons, notifications, reports, and other content you manage
• Technical/security data: login session details, device/browser metadata, IP-related logs, and activity records for security and troubleshooting

2. Why We Use It

• Create and manage your center-admin account
• Let you manage center content, staff, students, courses, and communications
• Process center-related billing/payment operations
• Generate dashboards, analytics, and financial reports
• Prevent abuse, enforce access controls, and secure the platform
• Comply with legal, tax, and accounting obligations

3. Access Scope

• Center Admin access is role-based and limited to center scope.
• Instructors and center-admin users can only access records relevant to their assigned center/courses, according to permission rules in our backend.

4. Sharing

We may share limited center-admin-related data with service providers that help us run MMSO, including:

• Infrastructure and delivery providers (for hosting/network services)
• Messaging/notification providers
• Payment processors and billing partners
• Analytics and crash monitoring providers

We do not sell personal data.

5. Retention

• We retain center-admin and center-operation records as needed for service operation, security, financial reconciliation, and legal compliance.
• Some logs are periodically pruned under internal retention jobs.
• If you close a center-admin account, some records may remain where required for legal/accounting/security reasons.

6. Your Choices

Center Admin users can:

• Update account/profile details from account settings or admin support channels
• Request account deactivation/deletion (subject to business/legal record requirements)
• Contact us for privacy-related requests

7. Contact

For center-admin privacy questions or requests, contact:

[email protected]



---------------------

Facebook/Messenger Chatbot Privacy

If you contact us through our Facebook Messenger chatbot, we may process limited interaction data to provide chatbot functionality.

What we process

• Messenger Page-scoped ID (PSID) or similar platform identifiers
• Messages you send to the chatbot (text and any attachments you choose to send)
• Message/event metadata (such as timestamp and delivery/read events)
• Basic technical logs needed for security and troubleshooting

Why we process it

• To receive and respond to chatbot messages
• To operate, maintain, and improve chatbot quality
• To detect abuse, spam, fraud, or security incidents
• To comply with legal obligations

What we do not do

• We do not sell chatbot personal data.
• We do not use chatbot messages for unrelated marketing unless you separately consent.

Sharing

We may share limited chatbot data with service providers that help us run messaging infrastructure, hosting, analytics, or security operations, only as necessary to provide the chatbot service.

Retention

We retain chatbot data only as long as necessary for support, operational, legal, and security purposes, then delete or anonymize it when no longer required.

Deletion requests

You can request deletion of your chatbot-related data by contacting us at:

[email protected]