Privacy Policy

This Privacy Policy is for TraveeZo Technologies Private Limited, a Private Limited Company incorporated under the Companies Act, 2013 and having its registered office at Sr.No.22/3, F.No.8, Paradigam Opal, Iris SOC. Baner Gaon, Pune, Pune City, Maharashtra, India, 411045 (hereinafter referred to as "Lirel", "Traveezo", "Us", or "We"), and describes how and why we might collect, store, use, and share ("Process") your information when you use the services operated under the Lirel brand ("Services"), such as when you: • Visit our website at https://lirel.ai/, or any website of ours that links to this Privacy Policy; or • Download and use our mobile application, Lirel, on the Apple App Store or any other authorised distribution channel. By using our Services you agree to our use of your personal information (including your Personal Data as envisaged under the data privacy laws of India, including the Information Technology Act, 2000; the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011; and the Digital Personal Data Protection Act, 2023) as per the terms of this Privacy Policy, as may be amended from time to time by us at our discretion. You hereby confirm and agree to our collection, storing, Processing, transferring, and sharing of your personal information (including Personal Data) with third parties or service providers for the purposes set out in this Privacy Policy. Should you require a copy of this Privacy Policy in any other language identified in the Eighth Schedule to the Constitution of India, we request you to kindly request the same from us at support@lirel.ai and we will share the same with you at the earliest. Personal information subject to this Privacy Policy will be collected and retained by Lirel. Should you have any concerns or queries regarding the use of your information, this Privacy Policy will assist you in understanding your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at support@lirel.ai. INDEX 1. WHAT INFORMATION OF YOURS DOES LIREL COLLECT? 2. HOW DO WE PROCESS YOUR INFORMATION? 3. ON WHAT LEGAL GROUNDS DO WE RELY TO HANDLE YOUR INFORMATION? 4. WHEN DO WE SHARE YOUR PERSONAL INFORMATION AND WITH WHOM? 5. ACCESS BY CHILDREN 6. WHAT IS OUR POSITION REGARDING THIRD-PARTY WEBSITES AND SERVICES? 7. DO WE UTILIZE COOKIES AND ALTERNATIVE TRACKING TECHNOLOGIES? 8. HOW DO WE MANAGE SOCIAL / LINKEDIN LOGINS? 9. INTERNATIONAL DATA TRANSFERS 10. DATA RETENTION 11. SECURITY MEASURES 12. CAN WE MODIFY THIS NOTICE? 13. HOW CAN YOU CONTACT US REGARDING THIS NOTICE? 14. HOW CAN YOU REVIEW, UPDATE, OR DELETE YOUR COLLECTED DATA?

Lirel only collects the personal information that you share with us when you register on our website or mobile application, when you use the Services, when you contact us, or when automatically generated through your use of the Platform. 1.1 Personal Information Provided by You The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following: (a) Account registration information — your first name, last name, mobile phone number, and (optionally) email address. Phone-based OTP verification is mandatory to create a Lirel Account. (b) Profile information — headline, bio, profile photo, "context" text (the short note describing what you are looking for or want to discuss), your photo-visibility preference, and your LinkedIn-visibility preference. (c) LinkedIn profile data — if you choose to verify your Account using LinkedIn, we use LinkedIn's OAuth 2.0 flow to import, with your consent, your LinkedIn display name, headline, email address, and profile photo URL. We do not import your LinkedIn connections, messages, or posts. (d) Verification data — your company email address (if you choose to verify your employer), company email verification status, and any verification badges you earn (such as "LinkedIn verified" or "Phone verified"). (e) Mobile Device Access — in order to provide accurate results and assistance, we may request you to allow access to your mobile device's location services, camera (for scanning QR codes and taking profile photos), photo library (for selecting a profile photo), and notification permissions. If you wish to change our access or permissions, you may do so in your iOS Settings. (f) Geolocation — we request access or permission to track location-based information from your mobile device, both in the foreground (while you are using the app) and in the background via iOS "significant location change" APIs, to provide nearby discovery, Zones, and QR alert features. If you wish to change our access or permissions, you may do so in your iOS device settings. Your latest coordinates are stored on your Firestore profile and indexed by geohash for efficient proximity queries; other Users only ever see approximate distance (e.g., "~500m", "~2 km"), never precise coordinates. (g) IP Address — captured at authentication and server-call time for security and abuse prevention. (h) Referral codes and referral relationships — the referral code you used to sign up (if any), the referral code you generate, and the count of Users who have signed up using your code. (i) Personal description and photograph — information you voluntarily share on your Profile page. (j) Past connections, alerts, and chat history — a list of your mutual connections, a record of proximity alerts you have sent or received (including timestamps and event coordinates, retained for a limited period for safety and abuse-prevention purposes), and ephemeral chat messages that are automatically deleted approximately twenty-four (24) hours after they are sent. (k) Cookies and web beacons (on the lirel.ai website only). (l) Lirel Zone and venue check-in history — a record of Zones in which you have been active, to power the "Recently Here" and "Usually Here" features. (m) Premium membership details — your subscription status, expiry date, plan, and App Store transaction identifiers (not your full payment credentials). (n) Internal segmentation data — a single, one-time answer you provide during onboarding (after LinkedIn verification) describing whether you are an investor, founder, or professional. This answer is stored on your Account and is used only for matching, analytics, and product improvement. This internal segmentation field is never displayed in the Lirel app, never shown to other Users, and never used to publicly label your profile. You may request its deletion at any time by contacting support@lirel.ai. You may opt not to provide certain personal information to us; however, doing so may affect your overall experience in benefitting from our Services. For example, without location permission, nearby discovery, Zones, and Alerts cannot function; without LinkedIn verification, you cannot obtain the LinkedIn verified badge; and without a phone number, you cannot create an Account. The aforementioned personal information may be collected when you engage in any of the following activities: • granting permission to access location, camera, photo library, or notifications; • configuring your settings and data access permissions; • participating in any discussion, feedback, or community feature; • sending or receiving in-app chats, alerts, or connection requests; • scanning or generating QR codes within the Lirel app; • checking in to a Zone or venue surfaced by the Platform. 1.2 Sensitive Information We Process sensitive information only when necessary, with your consent, or as otherwise permitted by Applicable Law. We do not directly Process credit card or debit card information — all payments for Premium are handled by the Apple App Store, and we only receive a transaction identifier, a subscription product identifier, and subscription status/expiry from Apple. A limited number of our personnel have access to this payment-related metadata, purely for the purpose of entitling your Account to Premium features and for customer support. Location data is handled with particular care: coordinates are stored only as the latest known position and as a derived geohash. Lirel does not share precise coordinates with other Users. You may refuse or revoke location consent at any time via iOS Settings (see Section 3 on legal grounds). 1.3 Social Media / LinkedIn Login Data We provide you with the option to verify your Account using your existing LinkedIn account. If you choose to verify in this way, we will collect the information described in Section 8 ("How do we manage Social / LinkedIn logins?"). We may also, where technically supported and available, offer Google Sign-In for account creation; in such case, we receive the corresponding identity token and basic profile information (name, email) that the respective provider releases to us. 1.4 Automatically Collected Information If you use our application, we may also collect the following information if you choose to provide us with access or permission: • the internet protocol (IP) address utilized for your device's internet connection; • login events, authentication events, and session identifiers; • device location (foreground and, where permitted, via significant-change updates); • device metrics encompassing usage times, application usage, connectivity specifics, and any encountered errors or event failures; • service metrics, involving technical errors, interactions with service features or Content, preferences, backup data, device location during app usage, and image or file information (e.g., filenames, timestamps, and locations) for profile photos you upload; • app version details and time zone settings; • Premium purchase and entitlement history (as received from the Apple App Store); • on the lirel.ai website: the complete URL clickstream to, through, and from our site, including timestamps; pages viewed or searched; page responsiveness; download issues (e.g., scrolling, clicks, mouse-overs); • phone numbers utilized for contacting customer service. Push Notifications. We request permission to send you push notifications regarding your Account, proximity alerts, nearby Users, connection requests, and chat messages. If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings or within the in-app Notification Settings. This information is primarily needed to maintain the security and operation of our application, for troubleshooting, for our internal analytics and reporting, and to power core discovery features. All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information. Like many businesses, we also collect information through cookies and similar technologies on the lirel.ai website. You can find out more about this in our Cookie Policy. 1.5 Information Received from Third-Party Sources We may receive information about you from other third-party sources, such as public databases, LinkedIn (when you verify via OAuth), OpenStreetMap-derived venue data, and other data providers or third parties; this information may include your name, email address, LinkedIn headline, profile photo URL, public venue metadata, and similar publicly available information. If you interact with us using your LinkedIn account for OAuth verification, we receive personal information about you including your name, email address, headline, and profile photo URL. Any personal information that we collect from your LinkedIn account depends on the scopes granted at the time of OAuth consent (currently r_liteprofile and r_emailaddress) and on your LinkedIn privacy settings.

Lirel's legal basis for collecting and using personal information is described in this Privacy Policy and depends on the specific context in which we collect the information, namely: • Lirel needs to provide the Services to you; • You have given Lirel permission to do so; • Processing your personal information is within Lirel's legitimate interests; or • Lirel needs to comply with the law. We Process your information after receiving your consent for the purpose of enhancing your experience while accessing our Services. 2.1 Legitimate Interests We may Process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may Process your personal information for some of the purposes described below in order to: (a) provide nearby discovery: match your approximate location against other Users who are physically nearby and eligible to be shown; (b) power the QR-code Alert system: trigger a proximity alert to relevant Users within a configurable radius when you scan or generate an alert code, subject to per-user cooldowns and daily caps; (c) surface Lirel Zones and venues based on aggregate user activity and public venue data; (d) rank and recommend relevant Users and Zones to you using your context text, LinkedIn headline, and internal segmentation field; (e) send you information about Premium offers, feature updates, referral rewards, and other Lirel announcements; (f) develop and display personalised and relevant Content for our Users; (g) analyse how our Services are used so we can improve them to engage and retain Users; (h) support our marketing activities; (i) diagnose problems and prevent fraudulent, abusive, or unsafe behaviour; (j) understand how our Users use our products and services so we can improve the user experience; (k) enable you to make payments for our Services — we use Apple's App Store as the sole payment channel; Apple is not permitted to use your payment information other than for the purpose of processing the payment and entitling your Account; (l) seek your feedback about our Services; (m) process your requests, enquiries, and complaints, provide customer services, and carry out other related activities; (n) develop and display personalised content catering to your interests, location, and professional context; (o) identify usage trends and preferences to further improve your experience; (p) enforce our Terms, our Privacy Policy, and our community standards, including by maintaining a flag count and suspension state on your Account. 2.2 Legal Obligations We may Process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved. 2.3 Vital Interests We may Process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person — for example, responses to lawful requests from law enforcement in connection with an alleged incident arising from or in connection with an in-person meeting facilitated through the Platform. 2.4 Contractual Obligations We may handle your personal information when we deem it necessary to meet our contractual responsibilities towards you. This includes providing our Services, or doing so at your request before finalising a contract with you (for example, during Account creation and onboarding). Lirel will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce policies.

In India, the law on data protection (including the Digital Personal Data Protection Act, 2023) is in the process of being executed; however, on the basis of existing practice and guidelines available, we handle your information as follows. Also, if you are a resident of the European Economic Area (EEA) or the United Kingdom (UK), you may have certain additional data protection rights. If you wish to be informed what personal information we hold about you and if you want it to be removed from our systems, please contact us at support@lirel.ai. There are certain rights available to you as the Data Principal, in relation to the use of your data: (a) Right to Information — you possess the right to receive information regarding the collection and utilisation of your personal data, as outlined in this Policy. (b) Access Rights — you hold the right to access the personal data you have provided by requesting us to furnish the same. (c) Right to Update / Modify / Rectify — you retain the right to request us to correct or update your inaccurate or incomplete personal data. Most profile fields can be edited directly in the app. (d) Right to Erasure — you maintain the right to request the deletion of your personal data from our records. You can delete your Account from in-app settings, or by writing to support@lirel.ai. (e) Right to Limit Processing — you have the right to request us to temporarily or permanently cease Processing all or some of your personal data, including by turning off location, disabling alerts, or hiding your profile from nearby discovery. (f) Right to Object — you have the right to object to the Processing of your personal data under certain circumstances. Additionally, you possess an absolute right to object to the Processing of your personal data for direct marketing purposes. (g) Data Portability — you possess the right to request a copy of your personal data in electronic format and have the option to transmit this data for use with another third party's product or service. In case you want to exercise the rights set out above, you can contact our support team whose details are set out in Section 13 below. Your data, provided as a User of our Services, will be Processed by us to deliver Services to you or to take preliminary steps before providing such Services, as per your request. If we do not use this data explicitly to provide Services, we will seek your consent explicitly. You have the option to withdraw this consent anytime by contacting us at support@lirel.ai. Please note that withdrawing consent for core data (such as phone number or location) may render the Services non-functional.

4.1 Lirel and External Service Providers We may share your information with third-party vendors, service providers, contractors, or agents ("third parties") who perform services on our behalf and need access to your information for those purposes. We have contractual or platform-level agreements with these third parties that are designed to protect your personal information. They are only permitted to handle your personal information as per our instructions, refrain from sharing it with any other organisation, and commit to safeguarding and retaining the data for the duration specified by us. The categories of third parties with whom we may share personal information include: • Cloud computing and database services — Google Firebase (Firestore, Cloud Functions, Cloud Storage, Cloud Messaging, Authentication), which hosts the core Lirel backend. • Push notification providers — Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM) for delivering alerts, connection notifications, and chat messages. • Mapping and geospatial services — Google Maps Platform APIs for place lookups, map tiles, and reverse-geocoding; OpenStreetMap-derived venue data hosted by Lirel on its own infrastructure. • Identity verification — LinkedIn OAuth 2.0 for optional profile verification. • Sign-in providers — Apple and, where supported, Google, for alternate sign-in methods. • Payment processors — Apple App Store, which handles all Premium subscription billing. Lirel does not receive or store your full payment credentials. • Data analytics and performance monitoring tools — used in aggregate and pseudonymized form to diagnose bugs and understand feature usage. • Communication and collaboration tools — internal tooling used by Lirel employees to respond to support queries and grievances. • Testing and quality assurance tools. • Website hosting services for the lirel.ai website. • Government entities and law enforcement authorities, where required by law. 4.2 Additional Sharing Scenarios (a) Business Transfers — In situations involving mergers, sale of company assets, financing, or acquisition of our business, we may share or transfer your information, subject to the same protections described in this Policy. (b) Google Maps Platform APIs Usage — Certain Google Maps Platform APIs may access and use your location information for location-specific requests. We store location data on-device (as a cache) and on your Firestore profile (as your latest coordinate and geohash) for the limited purposes described in this Policy. You can revoke location consent at any time via iOS Settings. (c) Affiliates — We may share your information with our affiliates (including TraveeZo Technologies Private Limited group entities), requiring them to adhere to this Privacy Policy. (d) Business Partners — Your information may be shared with our business partners to provide specific features, services, or promotions. We will obtain your consent for any such sharing that goes beyond what is described in this Policy. (e) Other Users — When you participate in public areas of the Platform, or when you become discoverable to other Users in nearby discovery, Zones, or the feed, certain information is shown to other Users. Specifically, other Users may see your first name and last initial, headline, bio, approximate distance, verification badges, profile photo (subject to your photoVisibility setting), LinkedIn badge (subject to your linkedInVisibility setting), and latest context. Other Users never see your full last name, phone number, email, precise coordinates, or internal segmentation field.

Lirel does not offer Services to children. Lirel is intended solely for adult professionals aged eighteen (18) years and above. If you are below eighteen (18) years of age, you may not use Lirel's Services under any circumstances. If we become aware that we have collected personal information from a person under the age of eighteen (18), we will delete such information as soon as reasonably practicable.

The Services may connect to, link to, or embed third-party websites, online services, or mobile applications (such as LinkedIn profile pages linked from a User's profile). These links may direct you to other websites, services, or applications. Consequently, we do not assure the reliability of such third parties, and we are not accountable for any losses or damages resulting from the use of these third-party websites, services, or applications. The presence of links to third-party websites, services, or applications does not signify our endorsement. We cannot ensure the safety and confidentiality of information provided to third parties. Any data collected by third parties is beyond the scope of this Privacy Policy. We do not assume responsibility for the content, privacy practices, or policies of any third parties, including LinkedIn, Apple, Google, Firebase, OpenStreetMap contributors, or other websites, services, or applications linked to or from the Services. It is advisable to review the policies of these third parties and directly contact them to address any inquiries.

We may employ cookies and similar tracking technologies (such as web beacons and pixels) on the lirel.ai website to obtain or retain information. Detailed information on our use of these technologies and how you can decline specific cookies is outlined in our Cookie Policy. The Lirel mobile application does not use HTTP cookies. Instead, it uses standard mobile operating system storage (UserDefaults, keychain, and on-device caches) to maintain sessions, user preferences, and cached feed data.

Our Services offer you the option to verify and partially populate your profile using your LinkedIn account. If you choose this method, we will receive certain profile details from LinkedIn via the OAuth 2.0 flow. The profile data we receive typically includes your name, email address, LinkedIn headline, and profile photo URL. For Lirel specifically, we request only the r_liteprofile and r_emailaddress scopes, which give us access to your basic profile and the email address associated with your LinkedIn account. We do not request access to your LinkedIn connections, messages, posts, or company pages. If Google Sign-In is enabled in the app, similar principles apply: we receive only the minimum profile information released by the provider (typically name and email). We will utilise the information received solely for the purposes described in this Privacy Policy or as explicitly communicated to you within the applicable Services. Please note that we do not govern nor take responsibility for other uses of your personal information by LinkedIn or Google. We suggest reviewing their privacy notices to understand how they gather, use, and share your personal information, as well as how to set your privacy preferences on their platforms.

We may transfer, store, and process your information in countries outside India; however, this will vary based on the Central Government of India's regulations and permissions, from time to time. Our backend is hosted on Google Firebase, which may process and store data in Google Cloud data centres located outside India. If you access our Services from a location outside India, be aware that we may transfer, store, and process your information in our facilities and by third parties with whom we share your personal information (refer to Section 4 above, "When do we share your personal information and with whom?"). We have implemented protective measures for personal information transfers with third-party providers. These measures require all recipients to protect personal information Processed from India in compliance with the existing laws in India.

We retain your personal information only for as long as necessary according to this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, regulatory, or legal requirements). No purpose in this Policy warrants holding your personal information longer than the specific period tied to Account status or termination or other stipulations. Specifically: • Chat messages are automatically deleted approximately twenty-four (24) hours after they are sent. • Location data is kept only as the latest known coordinate and geohash on your profile; prior coordinates are not retained as a separate history. Your last known location is deleted or anonymised upon Account deletion. • Alert events (records of proximity alerts you have sent or received) are retained for a limited period to enforce cooldowns, prevent abuse, and support safety investigations, after which they are deleted or anonymised. • Profile data and connection lists are retained as long as your Account is active. • Upon Account deletion, active-system data (profile, chats, alerts, connections, location) is deleted within a reasonable period; anonymised aggregates may be retained for analytics and abuse-prevention. When there is no legitimate business need to Process your personal information, we will either delete or anonymise it. If this is not feasible (for example, because your information is stored in encrypted archival backups), we will securely store your information while restricting any further Processing until deletion is possible.

We have implemented reasonable technical and organisational security measures to protect Processed personal information. These include TLS encryption in transit; encryption at rest (provided by Firebase); Firestore security rules restricting data access to authenticated Users; restricted API keys; Cloud Function access controls; iOS-restricted distribution of sensitive API keys; per-User daily caps and cooldowns on abuse-sensitive operations; flag-and-suspension workflows to remove bad actors; and regular review of access logs. However, no online transmission or data storage is one-hundred-percent secure, and we cannot guarantee absolute security of your data. You are responsible for keeping your device and authentication factors (phone, Apple ID, Google account, LinkedIn account) secure. If you suspect unauthorised access to your Account, please contact support@lirel.ai immediately.

Periodically, we may revise this Privacy Policy. Any updated version will display a revised "Last updated" date and will become operational once accessible. If substantial alterations are made to this notice, we may notify you either by prominently displaying the changes in-app or by directly sending you a notification or email. We encourage you to frequently review this Privacy Policy to stay informed about how we protect your information.

For inquiries, remarks, or grievances about this Privacy Policy, you may reach out to our support team at support@lirel.ai. In accordance with the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the contact details of our Grievance Officer are: Name: Grievance Officer, Lirel (TraveeZo Technologies Private Limited) Email: support@lirel.ai Acknowledgement: within twenty-four (24) hours of receipt Resolution: within fifteen (15) days of receipt Holding Company Details: Legal Entity: TraveeZo Technologies Private Limited CIN: U62099PN2023PTC224379 Registered Address: Sr.No.22/3, F.No.8, Paradigam Opal, Iris SOC. Baner Gaon, Pune, Pune City, Maharashtra, India, 411045

As per the laws applicable in India, you may have the right to request access to your personal information collected by us, amend that data, or have it erased. To initiate a request to review, update, or delete your personal information, please write to us at support@lirel.ai. You can also: • Edit most profile fields directly in the Lirel app (Profile > Edit). • Control who sees your profile photo and your LinkedIn profile (Profile > Privacy Settings). • Toggle alert and push notifications (Profile > Settings, and iOS Settings > Notifications > Lirel). • Revoke foreground or background location permission in iOS Settings > Privacy > Location Services > Lirel. • Delete your Account directly from Profile > Settings > Delete Account. Deletion is irreversible.