Privacy Policy

2. Information We Collect

Phovio is designed to be privacy-friendly and anonymous-first. We do not require you to create an account with your name or email address, and we do not collect your real name, email address, contacts, or precise location.

We collect the following categories of information:

a) Account and Device Identifiers

• An anonymous account ID generated by Firebase Authentication (a Firebase UID). This is created automatically on first launch — no email or password is required.
• A device identifier (on iOS, the identifierForVendor; on Android, the Android ID) used to keep your subscription and credits associated with your device, including across app reinstalls.
• A RevenueCat user ID used to manage purchases and subscriptions.
• Your platform (iOS or Android) and app version.

b) Content You Provide

• Photos, images, audio, and video files you upload or capture to use as inputs for AI generation.
• Text prompts and generation settings you enter (e.g., descriptions, styles, aspect ratios, duration).
• AI-generated content produced from your inputs (photos, videos, audio).
• If you use the Prompt Hub community feature: prompts you choose to publish, an example image, and an optional nickname (or you may post anonymously).

c) Purchase and Subscription Data

• Records of your credit purchases and subscriptions (such as the product purchased, subscription status, renewal/expiration dates, and credit balances), processed through RevenueCat and the Apple App Store or Google Play.
• We do not collect or store your credit card number, billing address, or other payment details — those are handled directly by Apple, Google, and RevenueCat.

d) Push Notification Token

• A Firebase Cloud Messaging (FCM) token so we can notify you when your content has finished generating. You can disable notifications at any time in your device settings.

e) Usage and Diagnostic Data

• Basic usage counters (such as the number of generations attempted, succeeded, or failed) and your last active time, used to operate the Service, enforce fair-use limits, and improve reliability.
• Server logs for security and troubleshooting (e.g., request paths and error logs).

What We Do Not Do

• We do not collect your name, email address, or phone number.
• We do not use advertising or third-party tracking SDKs (no ad networks, no analytics SDKs such as AppsFlyer, Adjust, Facebook SDK, or app-level Firebase Analytics).
• We do not track you across other companies' apps or websites, and we do not sell your personal information.

3. How We Use Your Information

We use the information we collect to:

• Provide the core Service — process your inputs and deliver AI-generated photos, videos, and audio;
• Manage your credits, purchases, and subscriptions, including granting credits and processing refunds to your balance;
• Send push notifications about your generation jobs;
• Operate the Prompt Hub community, including moderation and handling reports;
• Enforce rate limits, prevent abuse and fraud, and maintain the security and integrity of the Service;
• Diagnose problems, fix bugs, and improve the App's performance and features;
• Comply with legal obligations and enforce our Terms of Use.

4. AI Processing & Third-Party Providers

To generate content, Phovio sends your inputs (such as uploaded images, audio, and text prompts) to third-party AI and infrastructure providers ("subprocessors"). Your content leaves the App and is processed on these providers' systems. Each provider processes your data under its own privacy policy and terms.

Notes:

• Uploaded videos used as inputs may be sent to Replicate's temporary file storage and are generally deleted by that provider within approximately 24 hours.
• We may add or change subprocessors as the Service evolves (for example, additional AI video providers). We will update this Policy accordingly.

We encourage you to review the privacy policies of these providers to understand how they handle data.

5. Storage, Location & Retention

• Your uploaded source files and AI-generated content are stored in Cloudflare R2 object storage under a path tied to your anonymous user ID.
• Your account record, generation history, and credit ledger are stored in our database (MongoDB Atlas).
• We retain your content and account data for as long as your account remains active or as needed to provide the Service.
• You can delete generated results from within the App, which removes the associated files from storage.
• For accuracy and fraud prevention, credit ledger entries (records of credits granted, spent, and refunded) are kept as an immutable transaction history.
• You may request deletion of your account and associated data by contacting us (see Section 12).

6. How We Share Information

We do not sell your personal information. We share information only:

• With the subprocessors listed in Section 4, to operate the Service;
• To comply with the law, respond to lawful requests, or protect the rights, safety, and property of Phovio, our users, or the public;
• In connection with a business transfer (such as a merger or acquisition), in which case we will notify you of any change in how your data is handled.

7. Your Rights & Choices

Depending on where you live, you may have rights under laws such as the EU/UK GDPR or the California Consumer Privacy Act (CCPA/CPRA), including the right to access, correct, delete, or restrict processing of your personal data, and the right not to be discriminated against for exercising these rights. We do not sell personal information.

You can also:

• Revoke device permissions (photos, microphone, notifications) at any time in your device's settings;
• Turn off push notifications in your device settings;
• Delete generated content within the App;
• Request access to or deletion of your data by contacting us at the email in Section 12.

To make a request, contact us using the details in Section 12. We may need to verify your request using your device or account identifiers.

8. Children's Privacy

Phovio is not intended for children under the age of 13 (or the minimum age required in your country). We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with information, please contact us and we will delete it.

9. Security

We take reasonable measures to protect your information, including:

• Storing authentication tokens in the device's secure storage;
• Transmitting data over encrypted connections (HTTPS/TLS);
• Verifying purchase webhooks with a shared secret to prevent tampering.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. International Data Transfers

Phovio is available globally and our providers may process and store data in countries other than your own, including the United States. Where required, we rely on appropriate safeguards for such transfers. By using the App, you understand that your information may be transferred to and processed in these locations.

11. Community Content (Prompt Hub)

If you publish prompts to the Prompt Hub:

• Your submitted prompt, title, and example image become publicly visible to other users.
• You may publish under a nickname or anonymously.
• Do not include personal or sensitive information in prompts or example images, as published content is visible to others.
• Published content is moderated and may be removed if it violates our Terms of Use, and users may report content they find objectionable.

12. Changes to This Policy & Contact

We may update this Privacy Policy from time to time. We will revise the "Last updated" date above and, where appropriate, provide additional notice in the App. Your continued use of the App after changes take effect constitutes acceptance of the updated Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or your data, contact us at: