Privacy Policy

Effective Date: 6/1/2026

Introduction

1. Orvia application is operated by DENOVA PTE. LTD. (“we”, “us”, or “our”), a company incorporated in Singapore with its registered address at 60 Paya Lebar Road, #11-53, Paya Lebar Square, Singapore 409051.
2. This Privacy Policy describes how we collect, use, and share your personal information when you use Orvia. Please read this Privacy Policy carefully to understand our views and practices regarding your personal information and how we will treat it. By using Orvia, you agree to the terms of this Privacy Policy.
3. This Privacy Policy applies to the processing of your personal information through the Orvia application, our websites, and other services (collectively, “Orvia”) that link to this Privacy Policy.
4. Users located in jurisdictions with specific data protection requirements, including the European Union (EU), the United Kingdom (UK), California in the United States (US), and Japan, may be subject to additional Supplementary Terms. Please review the Supplementary Terms applicable to your jurisdiction below. Such Supplementary Terms form an integral part of this Privacy Policy.

Please read this Privacy Policy carefully.

What Information We Collect

We collect your personal information from different sources and for various purposes in connection with your use of our services. The information may be provided directly by you, collected automatically when you use our services, or obtained from other sources. Details are set out below.

1. Information You Provide

Account Information.
When you create or use an Orvia account, we may collect information such as email address, profile picture, username, date of birth, gender, language preference, and country or region settings.

Communication Information.
When you connect with an advisor, we may collect information related to your communications and interactions, including messages (such as images, text, and audio), recordings of calls, and other interactions with advisors. We also collect related usage information, such as the advisor you communicated with, the time of the interaction, call duration, billable duration, credits consumed, comments or feedback you submit (including the content and timestamps).

Payment Information.
When you top up your account, we may collect your payment-related information, such as payment method, amount, credits redeemed, and payment results. We do not directly collect or store your full payment card number or security authentication information.

Consumer Support Information.
When you contact us for support (e.g., via in-app chat or email), you may provide us with information that helps us understand and respond to your request.

Other Information.
In certain circumstances, you may voluntarily provide additional information through relevant pages or functions within Orvia.

We do not require you to provide sensitive personal information (e.g., health, racial or ethnic origin, political opinions, religious beliefs, sex life, sexual orientation, genetic or biometric data) in order to use our services, and we strongly recommend that you do not share such information through Orvia with advisors or other users. If you nevertheless choose to provide sensitive personal information, we will process it in accordance with applicable law and, where required, based on your consent or another valid legal basis.

You should also avoid providing personal information about other individuals, especially sensitive personal information or personal information relating to minors. By providing any content (such as audio, images, or text) that contains another person's personal information, you confirm that you have obtained all necessary consents or permissions to provide such information.

2. Automatically Collected Information

Device Information.
When you use Orvia, we may automatically collect device information, such as device brand, device model, screen resolution, operating system version, operating system language, network type, IP address, device MAC address, device serial number, and unique device identification code (such as IMSI, IMEI, Android_ID for Android, IDFA for iOS). Certain device information (such as IDFA on iOS devices) may require your permission before we can access it.

Log Information.
We automatically collect log information when you use our services. This information may include account and login data (such as registration time), performance data (such as system errors, crashes, and bug reports), and activity data (such as last activity time).

Cookies and Similar Technologies.
We and our partners may use cookies and similar technologies to operate, analyze, personalize, and improve our services. Please refer to the “Cookies and Similar Technologies” section for more details.

3. Information from Other Sources

We work with trusted partners and may receive information from them to help provide, support, and improve our services. These third parties may include:

Login Partners.
When you choose to sign up for or log in to Orvia through sign-in services provided by third parties (e.g., Google, Apple), we receive your information from them, including email address, profile picture, and username.

Payment Partners.
When you top up through the payment methods made available through Orvia, we may receive limited transaction-related information from the relevant payment partners, such as transaction results. We do not directly collect or store your full payment card number or security authentication information.

Other Sources.
We may obtain information about you from other sources. For example, we may receive information about you from another user where your information is included in communications between users and advisors.

How We Use Your Information

We use your personal information only where we have a valid purpose and, where required by applicable law, a valid legal basis. Depending on how you use Orvia, we may use your personal information for the following purposes:

1. To create, manage and secure your account.
We use your account information, device information, log information, or information obtained from other sources (such as login partners) to create your account, verify your identity, enable login, maintain your account status, identify suspicious account activity, protect account security and prevent unauthorized access.
2. To provide Orvia’s services and features.
We use your account information, communication information, or other information you provide to enable you to use Orvia’s services and features, such as communicating with advisors, submitting questions and receiving responses.
3. To process payments and payment-related matters.
We use payment information, device information, log information, and information from other sources (such as transaction results) to process payments and payment-related matters, such as credit delivery, balance updates, refunds, payment disputes, and related customer support requests.
4. To provide customer service and support.
We use your account information, consumer support information, and other related information (e.g., payment information related to the request) to respond to your requests relating to the services, help you exercise your privacy rights, and contact you with information about app updates, updates to our terms, security notices, and newly available features.
5. To maintain safety, security and service integrity.
We may use account information, payment information, device information, log information, and other security-related information to prevent unauthorized access, troubleshoot and resolve product failures, detect system vulnerabilities, respond to security incidents, prevent and detect fraud, fraudulent chargebacks, malware, spam accounts, violations of our terms, and other activities that may harm Orvia, users, advisors, or third parties, including through the automated or manual review of communications or interactions where necessary.
6. To improve, analyze and develop our products and services.
We may use account information, device information, log information, and other information to analyze service performance, conduct internal audits, data statistics, data analyses, and improve, maintain and develop our products and services.
7. To comply with legal, regulatory and contractual obligations.
We may use your personal information where necessary to comply with applicable laws, regulations, court orders, regulatory requests, tax, accounting, consumer protection, payment, anti-fraud, record-keeping or dispute resolution obligations, or to enforce our agreements and protect our rights, users, advisors and third parties.
8. To send marketing communications where permitted by applicable law.
We may use your account information (such as email address) to send you promotional or marketing communications where permitted by applicable law. We may also contact you to provide information on promotional offers, discounts, or related marketing information via system messages within the app.
We will not use your personal information for purposes that are materially different from those described in this Privacy Policy unless we provide additional notice or obtain your consent where required by applicable law.

How We Share Your Information

We do not sell your personal information. We may share your personal information only where necessary for the purposes described in this Privacy Policy, where required or permitted by applicable law, or where you have directed us to do so. Depending on how you use Orvia, we may share your personal information with the following categories of recipients:

1. Advisors.
When you communicate with advisors through Orvia (such as via calls or messages), the information you choose to share will be made available to those advisors in order to provide the services. You control which advisors you choose to communicate with and what information you choose to share. Advisors are required to use such information in accordance with applicable laws, contractual obligations, and our policies.
2. Our group companies.
We work with our group companies to develop and improve our websites, apps and services, and we may share information with them. Such sharing will be limited to what is reasonably necessary for the purposes described in this Privacy Policy.
3. Service providers.
We work with service providers to help us develop, manage, improve, update, and provide our websites, apps and services and may share necessary information with them. These service providers are required to protect your information and use the information only for the purposes described in this Privacy Policy. They provide services such as cloud storage, technical support, content safety, communication technology, analytics, and related services.
4. Recipients related to legal reasons.
We may share information with courts, regulators, law enforcement authorities, dispute resolution bodies or other authorized third parties where necessary to comply with applicable law, respond to lawful requests or legal processes, fulfill legal obligations, protect the rights, safety, and security of Orvia, users, advisors, or others, prevent fraud or security incidents, or enforce our agreements and policies.
Some recipients may be located outside your country or region of residence, including Singapore and other countries or regions where our group companies, service providers, advisors or partners are located. For users in the European Economic Area or the United Kingdom, this may involve transfers of personal data outside the EEA or the UK. Where applicable, such transfers will be handled in accordance with the “International Data Transfers” section of this Policy.

Legal Basis for Processing

We process your personal information only where we have a valid legal basis under applicable law. The legal basis we rely on depends on the purposes for which the information is collected and used, the nature of the services you use, and your location or jurisdiction.

Depending on the circumstances, the legal bases we rely on may include:

• Performance of a contract
such as providing Orvia’s services and features, processing transactions, and responding to your requests;
• Compliance with legal obligations
such as complying with applicable laws, lawful requests, regulatory requirements, accounting, or dispute resolution obligations;
• Legitimate interests
such as maintaining the security and stability of Orvia, preventing fraud or abuse, improving our products and services;
• Consent
where required by applicable law, such as for certain device permissions, cookies, or marketing communications.

SAdditional information for users located in the European Economic Area (EEA) and the United Kingdom (UK) is provided in the applicable Supplementary Terms.

Data Retention and Security

1. How long we retain your information

We retain your personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide our services, maintain safety, security, and service integrity, resolve disputes, enforce our agreements, and comply with legal, regulatory, and contractual obligations. The retention period may vary depending on the type of information, how it is used, and applicable legal or regulatory requirements.

If you delete your account or clear consultation records, we will delete, anonymize, or otherwise process the relevant information in accordance with this Privacy Policy and the applicable product features, unless retention is required or permitted by applicable law, including for security, fraud prevention, payment, tax, accounting, dispute resolution, compliance or legal claim purposes.

2. How we keep your information secure

We implement reasonable technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, misuse, accidental loss, destruction, or damage. The measures we use may include:

i. using encryption and other security technologies to protect your personal information during transmission and storage;

ii. implementing access controls to ensure that only authorized persons can access, alter, or delete personal information;

iii. providing information security and privacy training to relevant personnel.

However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Your Rights

1. What are your rights

Subject to applicable law and the region in which you are located, you may have certain rights in relation to your personal information, including the right to access, correct, delete, or request a copy of your personal information, and to object to or restrict certain processing activities.

Where we rely on your consent to process your personal information, you may withdraw your consent at any time. Withdrawal of consent will not affect processing already carried out before the withdrawal.

These rights may be subject to limitations or exceptions under applicable law. For example, we may retain certain information where necessary for legal compliance, security, fraud prevention, accounting, tax, dispute resolution, customer support, or technical reasons.

2. How can you exercise your rights

You may exercise certain rights directly through settings or controls within the app, where available. For example, you can access and edit your account information, delete your account, or manage privacy settings such as following or blocking an advisor.

You may also contact us through the in-app chat or through the contact details in the “Contact Us” section of this Privacy Policy.

Before we respond to your request, you may be required to verify your identity or provide additional information necessary to verify and process your request.

iIn certain circumstances, we may not be able to fulfill your request where permitted or required by applicable law, including where we are unable to verify your identity, where fulfilling the request would adversely affect the rights of others, or where retention of certain information is necessary to comply with legal obligations or for security, fraud prevention, or dispute resolution purposes.

International Data Transfers

We store your personal information on servers located in Singapore.

Where necessary, we may transfer your personal information to third parties as described in the “How We Share Your Information” section of this Privacy Policy. These third parties may be located outside Singapore and outside your country or region of residence. Such transfers may occur as part of providing, operating, maintaining, and improving our services.

We will take reasonable steps to ensure that your personal information receives an appropriate level of protection in accordance with applicable law.

If you are located in a jurisdiction with specific requirements for international data transfers, please also refer to the applicable Supplementary Terms below.

Children's Privacy

Orvia is not intended for individuals who have not reached the age of majority or otherwise do not have the legal capacity to enter into a binding agreement under applicable law. If you are under the applicable age of majority, you must not use Orvia.

We do not knowingly collect personal information from minors where prohibited by applicable law. If we become aware that we have collected such information in violation of applicable law, we will take reasonable steps to delete it.a copy of your personal information, and to object to or restrict certain processing activities.

If you believe that a minor has provided us with personal information in violation of this Privacy Policy or applicable law, please contact us through the contact details provided in the “Contact Us” section of this Privacy Policy.

Cookies and Similar Technologies

Cookies are small text files that a website stores on your computer or mobile device when you use our websites or services. Similar technologies may include tags, web beacons, pixels, SDKs, APIs, mobile identifiers, local storage, log files, or other similar technologies. In this Privacy Policy, we refer to these technologies collectively as “cookies”.

Where required by applicable law, we will obtain your consent before using non-essential cookies or similar technologies. You may manage certain permissions, identifiers, or tracking preferences through your device settings, in-app settings or other tools made available to you.

Please read our “Cookies Policy” for more details.

About this Policy

1. When this Privacy Policy applies

This Privacy Policy applies to the processing of your personal information in the Orvia app, websites, and other services that clearly link to this Privacy Policy.

This Privacy Policy does not apply to:

i. services that have separate privacy policies and state that this Privacy Policy does not apply; or

ii. products or services provided by third parties.

2. Changes to this Privacy Policy

We may update this Privacy Policy from time to time as our services evolve or as required by applicable law. You should review this page periodically for any such changes.

Contact Us

If you have any questions or suggestions about this Privacy Policy, would like to submit a data protection or privacy rights request, or have a complaint, please contact us using the contact details below. We may need to verify your identity before responding to your request.

1. Contact us through the in-app customer service window.
2. Email us at denova@71live.com.
3. Write to us at the address: DENOVA PTE. LTD., 60 Paya Lebar Road, #11-53, Paya Lebar Square, Singapore 409051.

SUPPLEMENTARY TERMS

These Supplementary Terms provide additional information for users located in certain jurisdictions, including the European Union (EU), the United Kingdom (UK), the United States (US), and Japan.

If you are located in one of these jurisdictions, please read the applicable Supplementary Terms together with the Privacy Policy above.

In the event of any inconsistency between the applicable Supplementary Terms and the main Privacy Policy, the applicable Supplementary Terms shall prevail.

A. SUPPLEMENTARY TERMS FOR USERS IN THE EUROPEAN UNION (EU/EEA) AND THE UNITED KINGDOM (UK)

This Supplement applies to users located in the European Union (“EU”) , the European Economic Area (“EEA”) , and the United Kingdom (“UK”).

1. Data Controller

DENOVA PTE. LTD. is the data controller of your personal data. Our registered address is 60 Paya Lebar Road, #11-53, Paya Lebar Square, Singapore 409051.

2. Legal Basis for Processing

If you are located in the EU/EEA or the UK, we process your personal information only where we have a valid legal basis under applicable data protection law, including the GDPR or UK GDPR. Depending on the relevant processing activity, we may rely on one or more of the following legal bases:

2.1 Performance of a contract, where the processing is necessary to provide Orvia’s services to you, including account registration, login, consultation-related services, advisors communications and interactions, purchases, top-ups, credit delivery, order management, customer support and account deletion;
2.2 Legal obligations, where the processing is necessary for us to comply with applicable laws, regulations, court orders, regulatory requests, tax, accounting, consumer protection, payment, anti-fraud, record-keeping, dispute resolution, or other legal obligations.
2.3 Legitimate interests, where the processing is necessary for our legitimate interests, including maintaining the security, integrity and stability of Orvia, preventing fraud, spam, abuse, or payment disputes, protecting user accounts, improving our products and services, providing customer support, enforcing our agreements, and protecting our legal rights and interests, provided that such interests are not overridden by your rights and freedoms. This may include the automated or manual review of communications or interactions where reasonably necessary to maintain safety, prevent fraud or abuse, investigate disputes, or enforce our policies and agreements;
2.4 Consent, where we ask for your consent for specific processing activities, such as certain device permissions, non-essential cookies or similar technologies, marketing communications, or the processing of certain sensitive information that you voluntarily provide;
Where we rely on consent, you may withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.
Where we rely on legitimate interests, we will consider and balance our interests against your rights and freedoms as required by applicable law.

3. International Data Transfers

When we transfer your information outside the EU/EEA or the UK, we take steps to ensure that such transfers are protected in accordance with applicable data protection laws.

Depending on the circumstances, we may rely on one or more of the following transfer mechanisms:

3.1 Adequacy Decisions

We may transfer personal information to countries or territories that have been recognized by the European Commission or relevant UK authorities as providing an adequate level of data protection. In such cases, the transfer may take place without requiring any specific authorization in reliance on adequacy decisions.

For more information about adequacy decisions, please refer to:

For EU/EEA:
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

For UK:
https://www.gov.uk/government/publications/uk-approach-to-international-data-transfers/international-data-transfers-building-trust-delivering-growth-and-firing-up-innovation

3.2 Standard Contractual Clauses

Where an adequacy decision is not available, we may rely on appropriate safeguards for international data transfers, such as the European Commission’s Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) or Addendum, where applicable.

For more information about these safeguards, please refer to:

European Commission SCCs:
https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en

UK IDTA and Addendum:
https://ico.org.uk/media2/migrated/4019538/international-data-transfer-agreement.pdf

3.3 Other Permitted Transfer Mechanisms

In limited circumstances, we may also rely on other transfer mechanisms or derogations permitted under applicable data protection laws, including where the transfer is necessary for the performance of a contract between you and us.

4 Your rights

If you are located in the EU/EEA or the UK, you may exercise the rights under the GDPR and the UK GDPR, as applicable. These rights include the right to access, the right to rectification, the right to erasure, the right to restriction of processing, the right to data portability, and the right to object to the processing of your personal data.

Where processing is based on consent, you also have the right to withdraw your consent at any time.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe that we have processed your personal data in violation of applicable data protection laws.

B. SUPPLEMENTARY TERMS FOR CALIFORNIA RESIDENTS

This Supplement applies to consumers who are residents of California, United States.

1. Categories of Personal Information Collected

We collect the categories of personal information described in the “What Information We Collect” section of the Privacy Policy, including:

• Account information (e.g., email address, username, profile details)
• Communication information (e.g., messages, call recordings, other interactions with advisors, and related usage information)
• Payment information (e.g., payment method, amount, credits redeemed, payment results)
• Customer support information (e.g., inquiries and communications with support)
• Device information (e.g., IP address, operating system, device identifiers)
• Log information (e.g., performance data, activity data)
• We do not require you to provide sensitive personal information, although you may voluntarily provide such information when you are interacting with advisors. You should not provide personal information about others unless you have obtained all necessary consents or permissions.

2. Sources from Which We Collect Personal Information

We collect personal information from the following sources:

• Directly from you, such as when you create an account, use the Service, communicate with advisors, or contact customer support;
• Automatically, through your use of the Service, including cookies, log information, and device information;
• From third parties, such as login providers, payment partners, and other service providers.

3. Purposes for Processing Personal Information

We use your personal information for the following business or commercial purposes:

• To create, manage, and secure your account;
• To provide Orvia's services and features, including enabling communication with advisors;
• To process payments and payment-related matters;
• To provide customer service and support;
• To maintain safety, security, and service integrity (including fraud prevention);
• To improve, analyze, and develop our products and services;
• To comply with legal, regulatory, and contractual obligations;
• To send marketing communications where permitted by applicable law.

For more details, please refer to the section “How We Use Your Information” in the Privacy Policy.

4. Sale or Sharing of Personal Information

We do not sell personal information for monetary consideration. However, we may share your personal information in a manner that may be considered a “sale” or “sharing” under California law, such as for cross-context behavioral advertising or similar advertising-related purposes.

You have the right to opt out of such activities. You may exercise this right by contacting us using the methods described in the “How to Exercise Your Rights” section below or, where applicable, by enabling a legally recognized opt-out preference signal.

5. Your Rights

Subject to applicable limitations under California law, California residents may have the following rights:

• Right to Know
• Right to Access
• Right to Delete
• Right to Opt Out of Sale or Sharing
• Right to Non-Discrimination
• Right to Limit Use of Sensitive Personal Information

6. How to Exercise Your Rights

You may exercise certain rights directly through settings or controls within the app, where available, or submit a request using the contact details below. We may need to verify your identity before processing your request.

• Contact us through the in-app customer service window.
• Email us at denova@71live.com.
• Write to us at the address: DENOVA PTE. LTD., 60 Paya Lebar Road, #11-53, Paya Lebar Square, Singapore 409051.

C. SUPPLEMENTARY TERMS FOR USERS IN JAPAN

This Supplement applies to users located in Japan.

1. Provision of Personal Information to Third Parties

Where necessary, we may provide personal information described in the “What Information We Collect” section to third parties described in the “How We Share Your Information” section for the purposes described in this Privacy Policy.

2. International Data Transfers

Due to the global nature of our business, we may transfer your personal information outside Japan, as described in the “How We Share Your Information” section of this Privacy Policy.

We will take appropriate measures to ensure that personal information transferred outside Japan is protected in accordance with applicable Japanese data protection laws.

In principle, we will transfer personal information outside Japan only where:

• the recipient is located in a country recognized by Japanese authorities as providing an adequate level of data protection;
• the recipient has implemented measures equivalent to those required under Japanese law;
• we have obtained your prior consent where required by applicable law.

3. Your Rights

If you are a user located in Japan, you may have the following rights in accordance with applicable Japanese law:

• the right to request information regarding the purposes for which your personal information is used;
• the right to request access to your personal information;
• the right to request correction, addition, or deletion of your personal information;
• the right to request suspension of the use of your personal information, including suspension of the provision of your personal information to third parties, where such information is handled beyond the scope necessary to achieve the purposes of use, used improperly, or obtained by improper means.