Privacy Policy

Effective date: 29 April 2026. This policy applies unless and until replaced by a custom policy published through LifeXshop.com administration.

1. Introduction

This Privacy Policy describes how LifeXshop.com (“we”, “us”, or “our”) collects, uses, stores, and shares personal data when you use our websites, marketplace, booking tools, accounts, communications, and related services, including when you use our Android application that loads our services in a secure WebView.

The operator responsible for personal data processed through the service may be contacted using the details in Section 20. We process personal data in accordance with this Policy and applicable data protection laws.

2. Scope

This Policy applies to:

• Visitors and registered users of LifeXshop.com web properties and sub-pages;
• Customers, vendors, and administrators using account, commerce, booking, messaging, social, or content features;
• Users of the LifeXshop.com Android client where it presents the same online service.

It does not apply to third-party websites, applications, or payment providers that we link to or embed; those services have their own privacy notices.

3. Categories of personal data we collect

Depending on how you use the service, we may process the following categories of data:

• Identity and account data: name, email address, telephone number, username or display name, password (stored using strong one-way hashing), account role (for example customer, vendor, or staff), verification status, and profile fields you choose to provide.
• Business and vendor records: business name, description, identifiers, tax or registration details where required, payout or banking-related information supplied for settlements, subscription or plan identifiers, and referral or commission-related identifiers where those features are enabled.
• Transaction and booking data: orders, carts, payment status, references from payment processors, delivery or collection details, booking dates, party size, special requests, cancellation records, and related customer service correspondence.
• User-generated content: product or service listings, images, videos, documents, reviews, ratings, comments, replies, reactions, shares, and metadata (such as timestamps) associated with that content.
• Technical, usage, and approximate location context: IP address, device and browser type, operating system, referring URL, pages viewed, session or visitor identifiers, event analytics, diagnostics, and approximate region (such as country or timezone inferred from IP address, device settings, or telephone country code you supply) used to present currency, local marketplace labels, fraud prevention, and relevant content.
• Communications: messages you send through the platform, notification preferences, email or in-app notification logs where needed for delivery and support, and records of consent where required.

4. How we collect personal data

• Directly from you when you register, create or edit a profile, list products or services, place orders, make bookings, pay, correspond with us or other users, or use interactive features.
• Automatically through server logs, cookies, local storage, session storage, analytics tools, security monitoring, and similar technologies when you use the service.
• From third parties where necessary to operate the service, such as payment processors (payment status and references), fraud prevention signals, or authentication providers if we enable them.
• From your device when you use optional features such as file upload, camera or microphone capture initiated inside the application, or when you use system “share” actions to send content into our Android app for import.

5. Purposes for which we use personal data

• Providing, operating, maintaining, and improving the platform and its features;
• Creating and administering accounts, authenticating users, and enforcing role-based access;
• Processing orders, payments, bookings, payouts, subscriptions, and related notifications;
• Displaying listings, search results, recommendations, and marketplace or regional defaults;
• Operating social and engagement features, including moderation and safety;
• Detecting, investigating, and preventing fraud, abuse, security incidents, and violations of our terms;
• Analytics, product development, and aggregated reporting;
• Complying with legal, regulatory, tax, and accounting obligations, and responding to lawful requests;
• Communicating with you about the service, changes to policies, and, where permitted, relevant offers (subject to your choices and applicable law).

6. Legal bases for processing

Where data protection law requires a “legal basis”, we rely on one or more of the following, as appropriate: performance of a contract with you; our legitimate interests in operating, securing, and improving the service (balanced against your rights); your consent where we ask for it (for example for certain cookies or marketing); and compliance with legal obligations.

7. Disclosure and recipients

We may share personal data with:

• Service providers who assist us with hosting, infrastructure, email delivery, analytics, customer support tooling, security, and similar processing under appropriate contractual terms;
• Payment and financial partners to authorize, settle, reconcile, or dispute transactions;
• Other users to the extent necessary to facilitate transactions, bookings, and communications you initiate (for example displaying a vendor name on a listing);
• Professional advisers such as lawyers or accountants where required;
• Authorities or third parties when we believe disclosure is required by law, regulation, court order, or to protect rights, safety, or security.

We do not sell your personal data to third parties for money. We do not share personal data for third-party cross-context behavioral advertising as a “sale” under US state laws unless we specifically notify you and offer a control where required by law.

8. International transfers

Your personal data may be processed in countries other than the country in which you reside. Where we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to other countries, we implement appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) where required by applicable law.

9. Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, unless a longer period is required or permitted by law.

• Account data: retained while your account remains open and for a short period thereafter to allow recovery or dispute handling, unless a longer retention applies.
• Transaction, tax, and accounting records: retained for the period required by applicable tax, commercial, and regulatory rules.
• Security and audit logs: retained under rolling retention schedules appropriate to their purpose.
• Marketing data: retained until you withdraw consent or object, where applicable.
• Deletion: when you successfully delete your account, we delete or anonymize personal data associated with the account, except where we must retain certain records as described in Section 10 of this Policy and in our account deletion instructions.

10. Security

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include access controls, separation of environments where practicable, encryption of data in transit (HTTPS/TLS), and monitoring. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

11. Your rights

Subject to applicable law, you may have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate or incomplete data;
• Erase personal data in certain circumstances;
• Restrict processing in certain circumstances;
• Object to processing based on legitimate interests or for direct marketing;
• Data portability for data you provided where processing is automated and based on contract or consent;
• Withdraw consent where processing is consent-based, without affecting the lawfulness of processing before withdrawal;
• Lodge a complaint with a supervisory authority in your country of residence.

To exercise these rights, contact us using Section 20. We may need to verify your identity before responding.

12. Cookies and similar technologies

We use cookies, local storage, session storage, and similar technologies for purposes including: (i) strictly necessary operation (for example authentication, security, load balancing); (ii) preferences (for example language or currency); (iii) analytics to understand usage; and (iv) fraud prevention. Where required by law, we obtain consent before using non-essential cookies. You can control cookies through your browser settings; disabling certain cookies may limit functionality.

13. Direct marketing

Where we send promotional communications, we will do so in accordance with applicable law, including providing a way to opt out or withdraw consent. Transactional or service messages (for example order confirmations) may be sent without additional marketing consent where permitted.

14. Children

The service is not directed to children under the age of 13 (or the higher minimum age required in your jurisdiction for lawful consent to data processing). We do not knowingly collect personal data from children in that age group without verifiable parental consent where such consent is required. If you believe we have collected data from a child inappropriately, please contact us and we will take appropriate steps.

15. Automated decision-making

We may use automated tools to help detect fraud, spam, or policy violations. We do not make solely automated decisions that produce legal or similarly significant effects concerning you unless permitted by law and, where required, with appropriate safeguards or human review.

16. Android application, permissions, and Google Play

Our Android application loads LifeXshop.com in a secure WebView. Device permissions declared in the app are requested only as needed for the feature you use, including: network access; notifications (where you allow them); camera or microphone when you initiate a corresponding web feature; and media or storage access when you choose files to upload or share into the app. For distribution through Google Play, we complete Data safety declarations so they match this Policy and the app as released; we do not use the advertising ID in this client for ads personalization.

For detailed permission mapping and release checks, see our internal checklist at /play-store-data-safety.

17. Account deletion and data requests

You may request deletion of your account where in-product controls are available, and you can follow the published steps at /account-deletion. We verify identity before completing deletion. Some information may be retained where law, tax, accounting, fraud prevention, or dispute resolution requires it, as explained on the account deletion page and in Section 9 above.

18. Changes to this Policy

We may update this Policy from time to time. We will post the revised version on this page and update the effective date. Where changes are material and we are required to do so under applicable law, we will provide additional notice or seek consent as appropriate. Continued use of the service after the effective date of changes constitutes your acknowledgment of the updated Policy where permitted by law.

19. Contact

For any questions about this Privacy Policy or to exercise your privacy rights, please contact:

LifeXshop.com
Email: lifex@lifexshop.com
Telephone: +256 785 005 377
Postal address: P.O Box 420 Mbarara