Privacy Policy — DRAFT

NOT LEGAL ADVICE. This is a working draft. Have a lawyer review before publishing in the EU or US. Last updated: TBD.

1. Who we are

[APP_NAME] is operated by [ENTITY] ("we"), reachable at support@[DOMAIN]. The data controller for users in the EU/UK is [ENTITY].

2. Data we collect

Created automatically when you use the app

• Anonymous device ID — generated locally and stored in Keychain / Keystore. Used to keep you signed in and to migrate guest data on signup. Never sold.
• Usage events — video starts, video completions (≥50% watched), playlist creates, account events. Linked to your user ID once you sign in. Used to improve curation.
• Crash diagnostics — stack traces and device model. Sent to Firebase Crashlytics. We never log auth tokens or playlist contents.

Provided by you on signup

• Email address
• Password (hashed by Supabase before it reaches our database)

Generated by you in the app

• Playlist names, emoji icons, and the list of video URLs you save. Stored on Supabase for signed-in users; locally on your device for guests.

We do not collect:

• Precise location
• Contacts or device address book
• Photos, microphone, or camera input

3. Third parties we share data with

| Vendor | Purpose | Data shared | |--------|---------|-------------| | Supabase | Database, authentication | Email, hashed password, user ID, playlist data | | Firebase (Google) | Crash reporting, push, analytics | Anonymous device token, crash data, usage events | | Google AdMob | Showing ads to free users | Anonymous advertising ID (with your consent on iOS) | | YouTube / TikTok / Vimeo / Bilibili | Video playback | Each platform receives a request when you press Play |

We do not sell or rent personal data to anyone.

4. Your rights (GDPR / UK GDPR)

You can:

• Export all your data (Profile → Settings → Export).
• Delete your account; we cascade-delete within 30 days (Profile → Settings → Delete account).
• Object to analytics; toggle in Settings.
• Lodge a complaint with your local data-protection authority.

To exercise rights not available in-app, email privacy@[DOMAIN]. We respond within 30 days.

5. Retention

• Playlists & account: while your account exists, plus 30 days after deletion (then purged).
• Crash logs: 90 days, then purged automatically by Firebase.
• Analytics events: 14 months, then aggregated.

6. Children

Our service is intended for users 13+ (Play) / 12+ (App Store). We do not knowingly collect data from children under 13. EU users must confirm they are 16+ at signup.

7. Security

All traffic is encrypted in transit (HTTPS). Auth tokens live in Keychain (iOS) / EncryptedSharedPreferences (Android). The Hive box holding your local playlists is AES-encrypted with a per-device key.

8. Changes

We will email you and post a notice in-app at least 14 days before any material change.

9. Contact

privacy@[DOMAIN] · [POSTAL_ADDRESS]