Privacy Policy



1. Introduction and General Provisions


This Privacy Policy describes how Sergey Ponomarev (the “Operator”, “we”, “us”, or “our”) collects, uses, discloses, stores, and protects personal data of visitors and users (collectively, “you” or “your”) of the website https://mylo.family/ (the “Website”). By accessing or using the Website, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.


We are committed to respecting your rights and freedoms, including the right to privacy, personal and family life, and to processing your personal data in a lawful, fair, and transparent manner. This Policy is designed to comply with applicable international data protection laws, including but not limited to the General Data Protection Regulation (GDPR) in the European Union, the UK GDPR, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Brazilian General Data Protection Law (LGPD), the Personal Information Protection Law (PIPL) in China, and other relevant global standards.


If you are a resident of a jurisdiction with specific data protection laws (e.g., California under CCPA/CPRA, Brazil under LGPD, or China under PIPL), additional rights and requirements may apply as outlined in this Policy. We aim to apply the most stringent standards where applicable to ensure global compliance.


This Policy does not apply to information collected by third-party websites, services, or applications that may link to or be accessible from our Website, unless otherwise stated.


2. Key Terms


  • Website: All graphics and information materials, software, databases, and services are available at https://mylo.family/.
  • Personal Data (or Personal Information under CCPA/CPRA): Any information relating to an identified or identifiable natural person, including identifiers such as name, email, or online identifiers.
  • Processing: Any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.
  • User: Any visitor, registered user, or individual interacting with the Website.
  • Data Controller/Operator: Sergey Ponomarev, who determines the purposes and means of processing personal data.
  • Sensitive Personal Data/Information: Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life or sexual orientation, or (under CCPA/CPRA) precise geolocation, social security numbers, financial account information, etc. We do not intentionally collect or process sensitive personal data unless explicitly disclosed and consented to for a specific purpose.
  • Automated Decision-Making: Decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you.

3. Data Controller and Contact Information


Data Controller: Sergey Ponomarev

Email: team@mylo.family


If you have any questions, requests, or complaints about this Policy, your personal data, or our processing practices, please contact us at the above email. For data protection inquiries, you may also reach our designated Data Protection Officer (if appointed) at the same address.

Under CCPA/CPRA, we are considered a "business" if we meet the applicable thresholds. We do not "sell" or "share" personal information as defined under CCPA/CPRA in the context of targeted advertising, but we disclose details of any such activities below.


4. What Data We Collect


We collect and process the following categories of personal data when you interact with the Website:

  • Identifiers: First name, email address, or similar identifiers.
  • Contact and Communication Data: Any information you voluntarily provide when contacting us, submitting forms, providing feedback, or using features like registration, course purchases, or support requests (e.g., messages, inquiries).
  • Technical and Usage Data: Automatically collected data such as IP address, browser type, operating system, device information, referral URLs, pages viewed, time spent on pages, and interaction data (e.g., clicks, scrolls).
  • Payment Data: If you make purchases (e.g., courses), we collect billing details through third-party payment processors; we do not store full payment card information.
  • Other Data: Any additional information you provide, such as preferences or survey responses.

Sources of Data: We collect data directly from you (e.g., forms), automatically via technologies (e.g., cookies), or from third parties (e.g., analytics providers).

We do not intentionally collect sensitive personal data or special categories of data. If such data is provided voluntarily, we will process it only with your explicit consent and for the specified purpose.

Under CCPA/CPRA, the categories of personal information we have collected in the past 12 months include identifiers, customer records, internet/network activity, and inferences drawn from other data.


5. Cookies and Similar Technologies


We use cookies, web beacons, pixels, and similar tracking technologies to enhance your experience, analyze usage, and provide personalized content. These may include:

  • Essential Cookies: Necessary for Website functionality (e.g., session management).
  • Performance/Analytics Cookies: To measure traffic and improve performance (e.g., Google Analytics).
  • Functional Cookies: To remember preferences (e.g., language).
  • Targeting/Advertising Cookies: To deliver relevant ads (if applicable).

We obtain your consent for non-essential cookies via a cookie banner or consent management tool, in compliance with laws like the ePrivacy Directive, GDPR, and CCPA/CPRA opt-out requirements. You can manage preferences at any time through the banner or browser settings. For more details, see our separate Cookie Policy at https://mylo.family/cookies (if available) or contact us.

We honor Global Privacy Control (GPC) signals and other opt-out preferences as required by law.


6. Purposes and Legal Bases of Processing


We process personal data for the following specific, explicit, and legitimate purposes:

  • To provide and maintain access to the Website, its services, content, and features (e.g., registration, course delivery).
  • To process transactions, such as purchases or subscriptions.
  • To communicate with you, including responding to inquiries, providing support, and sending administrative emails.
  • To send marketing or informational communications (e.g., newsletters, updates) only with your consent or where permitted by law.
  • To analyze and improve the Website, detect fraud, prevent abuse, and ensure security.
  • To comply with legal obligations, resolve disputes, and enforce agreements.
  • For internal operations, such as auditing and data analysis.

Legal Bases:

  • Performance of a Contract: To fulfill our obligations to you (e.g., providing services; Art. 6(1)(b) GDPR).
  • Consent: For marketing, non-essential cookies, or sensitive data (Art. 6(1)(a) GDPR; explicit under PIPL/LGPD).
  • Legitimate Interests: For Website improvement, security, and fraud prevention, provided your rights are not overridden (Art. 6(1)(f) GDPR; not available under PIPL).
  • Legal Obligation: To comply with laws (Art. 6(1)(c) GDPR).
  • Other: As required by specific laws (e.g., opt-out for sharing under CCPA/CPRA).

We do not engage in automated decision-making or profiling that produces legal or significant effects on you without your consent or a lawful basis.


7. Principles of Processing


We adhere to core data protection principles across jurisdictions:

  • Lawfulness, Fairness, and Transparency: Processing is legal, fair, and clear.
  • Purpose Limitation: Data is used only for specified purposes.
  • Data Minimization: We collect only what is necessary.
  • Accuracy: We ensure data is accurate and update it as needed.
  • Storage Limitation: Data is retained only as long as necessary (see Section 8).
  • Integrity and Confidentiality: We implement robust security measures.
  • Accountability: We maintain records of processing and demonstrate compliance.

8. Data Retention


We retain personal data only for as long as necessary to fulfill the purposes outlined, or as required by law, contract, or for dispute resolution. Specific periods include:

  • Account data: Until account deletion or inactivity for 2 years.
  • Communication data: Up to 1 year after resolution.
  • Technical data: Up to 6 months for analytics.
  • Payment data: As required by tax laws (e.g., 7 years).

After retention periods, data is securely deleted or anonymized. You may request deletion earlier, subject to legal requirements.


9. Data Sharing, Disclosure, and International Transfers


We do not sell your personal data. We may disclose data to:

  • Service Providers: Payment processors (e.g., Stripe), hosting (e.g., AWS), email services (e.g., Mailchimp), analytics (e.g., Google), acting as processors under strict agreements.
  • Affiliates and Partners: For service delivery, under similar protections.
  • Authorities: If required by law, subpoena, or to protect rights.
  • Business Transfers: In mergers/acquisitions, with notice.

Under CCPA/CPRA, categories of third parties include service providers and contractors. We have not sold or shared personal information in the past 12 months.

For international transfers (e.g., to US-based providers), we use safeguards like EU Standard Contractual Clauses (SCCs), UK International Data Transfer Agreements, adequacy decisions, or binding corporate rules, in compliance with GDPR, UK GDPR, LGPD, and PIPL. We conduct transfer impact assessments where required.


10. Data Security and Breach Notification


We implement appropriate technical, organizational, and administrative measures to protect data, including encryption, access controls, firewalls, and regular audits. However, no system is 100% secure, and we cannot guarantee absolute security.

In the event of a data breach likely to risk your rights, we will notify you and relevant authorities without undue delay (e.g., within 72 hours under GDPR; 48 hours under some laws) via email or Website notice, including details of the breach, affected data, and mitigation steps.


11. Your Rights


Depending on your jurisdiction, you have the following rights (e.g., under GDPR, CCPA/CPRA, LGPD, PIPL):

  • Access/Know: Request details of your data and processing.
  • Rectification/Correction: Update inaccurate data.
  • Erasure/Deletion ("Right to be Forgotten"): Delete data in certain cases.
  • Restriction/Limitation: Limit processing.
  • Portability: Receive data in a structured format.
  • Objection/Opt-Out: Object to processing based on legitimate interests, marketing, or automated decisions; opt-out of sale/sharing/targeted ads/profiling (CCPA/CPRA link: Do Not Sell/Share My Personal Information – contact team@mylo.family).
  • Withdraw Consent: At any time, without affecting prior processing.
  • Non-Discrimination: No retaliation for exercising rights (CCPA/CPRA).
  • Limit Sensitive Data Use: Opt-out of sensitive data processing (CCPA/CPRA).
  • Complaint: Lodge with a supervisory authority (e.g., EU Data Protection Authorities, California Privacy Protection Agency).

To exercise rights, email team@mylo.family with details (e.g., "CCPA Access Request"). We respond within required timelines (e.g., 30 days under GDPR; 45 days under CCPA/CPRA), free of charge unless manifestly unfounded. We may require identity verification.

For California residents: We do not use personal information for automated decision-making with legal effects. To opt-out of sharing: Use the link above or GPC signals.


12. How to Update Data or Withdraw Consent


Contact us at team@mylo.family with subject "Update Personal Data" or "Withdraw Consent." For marketing, use unsubscribe links in emails. Withdrawal does not affect lawful processing prior.


13. Third-Party Services


The Website may integrate third-party services (e.g., payment gateways, social plugins). These process data under their own policies; we are not responsible for their practices. Review their policies before use.


14. Children’s Data


Our Website is not intended for children under 16 (GDPR/LGPD), 13 (COPPA if applicable), or the age of valid consent in your jurisdiction. We do not knowingly collect data from children. If we discover such data, we will delete it promptly. Parents/guardians: Contact us if you believe we have child data.

For PIPL, guardian consent is required for under-14s.


15. Changes to This Policy


We may update this Policy to reflect changes in practices or laws. Updates will be posted at https://mylo.family/privacy with the "Last Updated" date. Continued use constitutes acceptance. For material changes, we may notify you via email or Website notice.


16. Contact


For questions: Email: team@mylo.family

Thank You for Trust!
It's an honor to work with you.