DancifyAI Privacy Policy

Last updated: 2025-05-21

DancifyAI ("the App," "we," or "us") is developed and operated by the individual developer opaic. We provide AI dance video generation, photo/video upload, personalized works library, subscription memberships, and related features. This Policy explains how we collect, use, store, share, and protect your personal information, and the rights you have when using the App. Please read this Policy carefully before using the App.

If you do not agree with any part of this Policy, stop using the App immediately. By accessing or continuing to use the App, you acknowledge that you have read, understood, and accepted this Policy.

1. Scope and Core Features

AI dance video generation: Upload a photo or short video of yourself, select a reference dance style, and receive an AI-generated dance video processed by our cloud AI services (e.g., fal.ai models).
Works management and history: Sync generated records, downloaded assets, and favorites locally and to the cloud for multi-device viewing and recovery.
Subscriptions and memberships: In-app subscriptions via App Store / Google Play to unlock premium generation quotas, higher video quality, and other premium features.
Notifications and settings: Push notifications for generation completion, privacy and general settings.
Support and help: Access support channels or submit feedback in "Settings" or "About."

This Policy applies to the above features and any future privacy-related capabilities added to the App. If new features require additional data, we will obtain your explicit consent before launch.

2. Information We Collect

We only collect information necessary for legitimate, lawful business purposes.

2.1 Information You Provide

Account and authentication: Anonymized user ID, auth token, refresh token, token expiry—stored in the device's secure storage, used only to maintain login state.
Membership/subscription data: Order ID, product ID, receipt (with platform signature), subscription validity, refund status, etc., received via platform APIs to verify with our backend.
User content: Photos or short videos uploaded or captured on the home page to be used as the subject of AI dance generation. Unless saved to your works history, original media is only used for the generation flow.
Support/feedback: Contact details (e.g., email) and issue descriptions when you submit requests in Help Center.

2.2 Automatically Collected Information

Device and logs: Device model, OS version, device identifier (provided by the OS), app version, language, network type, crash logs, and API debug info (debug builds only visible locally).
Usage data: Feature clicks, generation counts, history access statistics, used for anonymous analytics. If you disable "Crash Reporting" in Settings > Privacy, we stop sending crash-related analytics.

2.3 Local Storage Data

Local database: Works history records, local asset paths, timestamps—stored only in the app's private local database.
Cache files: Generated or downloaded video/image files cached in the app sandbox for offline viewing; you can delete them in the history screen or via system app data clearing.

2.4 Third-Party Sources

App Store / Google Play: Subscription receipts, order status.
AI generation providers: Task IDs, generation status, generated asset IDs/URLs.
Crash collection provider (Firebase Crashlytics): Crash logs, device model, OS version, app version, basic device identifiers required for stability analysis; does not include your photos, videos, or other business data.

We do not actively collect personal sensitive data unrelated to the App's functions (e.g., contacts, SMS, precise location).

2.5 Photo and Video Handling

We do not collect, extract, or store biometric identifiers, facial recognition data, facial landmarks, or face embeddings. User photos and videos that may contain faces are treated as general user-generated content for the dance generation feature only.
Photos and videos are not used to build or train face recognition models, perform identity verification, profiling, advertising, tracking, analytics, or any unrelated purposes.
We apply data minimization and process only what is necessary to fulfill the dance generation request initiated by the user.

3. How We Use Information

Provide core features: Authentication, dance generation, works history management, asset sync, subscription entitlement checks.
Improve product experience: Enhance UI, generation quality, and performance using anonymized usage data.
Security and risk control: Detect abnormal logins, interface abuse, repeated refunds, etc., and mitigate risks using device info.
Customer support: Communicate progress on your requests and assist with subscription, data, or permissions issues.
Legal compliance: Retain/disclose required logs per regulatory or judicial requests and assist with complaints.

3.1 Media Processing

Photos and videos are transmitted over HTTPS/TLS to our backend and to our AI processor (e.g., fal.ai) only to generate the dance video you requested. They are not reused for analytics, advertising, tracking, unrelated AI tasks, or model training.
Processing is user-initiated and task-bound; once the generation task completes, no further processing of the uploaded media occurs.

We do not use your personal information for purposes not stated in this Policy. If purposes change, we will seek your explicit consent again.

4. Sharing, Transfer, and Disclosure

We do not transfer or disclose your personal information to third parties except in these cases:

With your explicit consent.
As required by laws, courts, or regulators.
Necessary sharing/commissioned processing to deliver core services, mainly:
- AI generation providers (e.g., fal.ai): Receive photos, videos, and generation parameters to create dance videos; suppliers commit to clearing temp files after tasks complete.
- Cloud asset/auth services (Supabase): Store generated results, anonymized user IDs, download status for multi-device sync and recovery.
- Payment/subscription channels (Apple/Google): Verify transactions, process refunds, and support audits; we only obtain necessary fields and do not store your bank account details.
- Push notification channels (APNs/FCM): Process device push tokens when you enable notifications.
- Crash collection provider (Firebase Crashlytics): Collect/analyze crash logs and related device info to improve stability; does not access your photos, videos, or works content.
As otherwise required by law (e.g., public safety).

4.1 Use of Third-Party Service Providers

Fal.ai (AI video processing) acts as our data processor solely to fulfill dance generation requests. Photos and videos are used only to render the requested dance video and are not retained for advertising, analytics, tracking, or model training. Temporary processing files are cleared by the provider after the task completes, typically within 24 hours or sooner.
No additional third parties receive user photos or videos beyond what is necessary to deliver the requested dance generation.

If information must be transferred due to merger or reorganization, the new holder will remain bound by this Policy or we will seek your authorization again.

5. Permissions and Sensitive Capabilities

Permission/Capability	Use Case	Impact If Denied
Camera	Capture photos or videos in the app	Cannot capture instantly; can still pick from gallery
Photos/Media Library	Read selected photos/videos; save generated videos locally	Cannot upload/save media; AI generation unavailable
Local Storage (file read/write)	Cache generated videos; store works history DB	No offline viewing; history unavailable
Network Access	Upload media, sync assets, verify subscriptions, download results	Core services unavailable
Notifications	Send generation completion and subscription reminders	No push received; features unaffected
Crash Reporting Toggle	Optionally send anonymized crash stacks	None

We never enable permissions in the background without your consent. You can manage permissions in system settings at any time.

6. Data Storage and Security

Local security: Auth token, refresh token, receipts, and other sensitive fields are stored in secure storage provided by the OS; works history is stored in the app's private database, sandboxed from the system.
Transmission security: All external calls (including official APIs and AI generation gateways) use HTTPS/TLS with signatures and idempotency to prevent tampering or replay.
Access control: Server-side access is validated by tokens and device fingerprints; internal access is limited and logged.
Data minimization: Non-essential fields are not collected by default; debug logs are used only in dev builds or when you actively upload them.
Data hosting location: Servers and data hosting are primarily in the United States. If processing in other regions is needed, we will update this Policy or use in-app notices and seek your consent where legally required.

7. Data Retention and Deletion

Data Category	Retention Period	Deletion Method
Auth token/refresh token	Cleared upon logout, uninstall, or 30 days of inactivity	Logout in settings or request deletion
Uploaded original photos/videos	Used only for generation; cleared by server within 24h after task completion; if saved to history, retained locally until you delete	Delete works history or clear app data
Generated videos and metadata	Kept for history and redownload; no more than 30 days after account deletion	Delete in history or request backend deletion
Subscription receipts/orders	Retained 5 years or longer if legally required for audits	Delinked/obfuscated after expiry, or deleted per regulation
Crash logs and analytics	Kept by default for 90 days	Disable "Crash Reporting" or contact support

Uninstalling the App removes local data but does not automatically delete server-side records tied to subscriptions. For full deletion, follow "Contact Us."

8. Your Rights and How to Exercise Them

Access/Copy: View/export data in Works History/Account; request a copy of your personal data via support.
Correct/Update: Modify notification preferences or account info; for server-side corrections, provide details to support.
Delete: Delete works history and cache in-app; request deletion of server-side data or account termination in Settings.
Withdraw consent: Disable permissions or "Crash Reporting" in Settings, which is treated as withdrawing that consent.
Account deletion: Request via Settings; we process after identity verification and data is deleted immediately.
Response time: We respond within 15 business days; if we cannot meet a request, we will explain and offer alternatives.

9. Children's Privacy

The App is intended for adults. Users under 18 should use it only with guardian consent and guidance and must obtain explicit consent before submitting personal information. If we discover unauthorized collection of minors' data, we will delete or de-identify it promptly.

10. Cross-Border Transfers

To deliver AI dance generation and cloud asset storage, your photos, videos, generated results, and related metadata are primarily processed on servers located in the United States. If processing in other regions is needed, we will ensure equivalent protections and, where required, execute cross-border transfer agreements or conduct security assessments, and notify you.

11. Updates to This Policy

We may update this Policy due to business, legal, or regulatory needs. Material changes (e.g., data types, purposes, sharing parties) will be communicated via in-app pop-ups or notices, and explicit consent will be obtained when required. Non-material changes take effect upon publication; continued use means you accept the updated content.

12. Contact Us

The App is maintained by an individual developer. For questions about this Policy, data processing, or your personal information rights, email admin@opaic.me. We will respond within 15 business days. Phone or in-person support is not available.