Download on the App Store

Privacy Policy

Privacy Policy

Effective Date: March 11, 2026
Last Updated: March 11, 2026

1. Introduction

Welcome to Vidzy (“we,” “us,” or “our”). Vidzy is an AI-powered video and image generation app for iOS that lets you create creative content using artificial intelligence. This Privacy Policy explains how we collect, use, share, and protect information when you use the Vidzy mobile application (the “App”) and any related services.

Vidzy is developed and operated by Vidzy. If you have questions or concerns about this Privacy Policy or our data practices, you can contact us at [email protected].

By downloading, installing, or using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use the App.

2. Information We Collect

Vidzy is designed with privacy in mind. We use anonymous authentication, which means we do not collect your name, email address, phone number, or any other personally identifiable information (PII) during account creation or normal use of the App. Instead, we assign you a randomly generated anonymous identifier.

Below is a detailed breakdown of the types of information we collect:

2.1 Anonymous Identifiers

When you first open the App, we create an anonymous user account using Firebase Authentication’s anonymous sign-in feature. This generates a unique, randomly assigned user identifier (UID) that is not linked to any personal information such as your name, email, or phone number. This Anonymous identifier is used to associate your generated content, subscription status, credit balance, and app preferences with your session.

2.2 Device Information

We collect certain device-level information to provide and improve our services, including:

  • Device ID (Identifier for Advertisers / IDFA): We collect your Device ID for the purpose of third-party advertising, as declared in our App Privacy Manifest (PrivacyInfo.xcprivacy). This collection occurs only with your consent through Apple’s App Tracking Transparency (ATT) framework. If you decline tracking, your Device ID is not shared with advertising partners.
  • Device model, operating system version, and screen dimensions: Used for analytics, crash reporting, and ensuring the App renders correctly on your device.
  • App version and build number: Used for diagnostics and to determine which features are available to you.
  • Language and locale settings: Used to present content in the appropriate format.

2.3 Usage and Analytics Data

We collect anonymous usage data to understand how users interact with the App and to improve the user experience. This includes:

  • Screen views and navigation patterns: Which screens you visit and how you navigate through the App.
  • Feature engagement: Which features you use, such as template selection, AI generation, and reward video viewing.
  • Session data: Session duration, frequency of use, and app launch counts.
  • Event data: Specific actions such as starting a generation, viewing an ad, completing a purchase, or sharing content.

This analytics data is collected through Firebase Analytics (provided by Google) and Mixpanel. Both services receive anonymous event data tied to your anonymous user identifier — not to any personal information.

2.4 AI Generation Inputs

When you use Vidzy’s AI generation features, we process the following data:

  • Text prompts: The text descriptions you provide to guide AI content generation (limited to 500 characters per prompt).
  • Uploaded images: Photographs or images you provide as input for AI-powered templates (e.g., face-swap effects, style transfers, or creative transformations).

These inputs are transmitted to third-party AI service providers to generate your requested content. See Section 5 for details on which providers receive this data and how it is handled.

2.5 Advertising Data

If you interact with advertisements within the App:

  • Ad interaction data: Whether you viewed, clicked, or completed a rewarded video advertisement.
  • Ad performance data: Information about ad impressions and engagement, collected by our advertising partner Google AdMob.

2.6 Crash and Performance Data

We collect crash reports and performance diagnostics to identify and fix technical issues:

  • Crash logs: Stack traces, device state at the time of a crash, and error messages.
  • Performance metrics: App launch time, screen rendering performance, and network request latency.

This data is collected through Firebase Crashlytics (provided by Google) and is tied to your anonymous user identifier, not to any personal information.

2.7 Push Notification Tokens

If you allow push notifications, we collect your device’s push notification token through Firebase Cloud Messaging (FCM). This token is a unique identifier assigned to your device by Apple’s Push Notification service (APNs) and is used solely to deliver notifications about your completed AI generations, daily rewards, and App updates. The push notification token is not linked to your personal identity.

2.8 Subscription and Purchase Data

When you subscribe to Vidzy or make in-app purchases:

  • Transaction records: Subscription tier (weekly, monthly, or yearly), purchase date, and renewal status. These are managed by RevenueCat, our subscription management platform, and Apple’s App Store payment infrastructure.
  • Credit balance and usage: The number of generation credits associated with your anonymous account, credit purchases, and credit consumption for AI generations.

We do not have access to your payment method details (credit card number, billing address, etc.). All payment processing is handled by Apple through the App Store.

2.9 Locally Stored Data

The App stores certain data locally on your device:

  • User preferences and settings: Stored via Apple’s UserDefaults API (declared in our privacy manifest under reason CA92.1 — app-specific preferences).
  • Cached content: Template images, generated content thumbnails, and other assets are cached on your device’s local storage for faster loading.
  • File timestamps: The App accesses file modification timestamps (declared in our privacy manifest under reason C617.1) for cache management purposes.

Locally stored data remains on your device and is not transmitted to our servers unless specifically described elsewhere in this policy.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

  • To create and maintain your anonymous user account.
  • To process your AI generation requests by transmitting your text prompts and uploaded images to AI service providers.
  • To deliver generated videos and images back to you.
  • To manage your credit balance, track subscription status, and process in-app purchases.
  • To cache content locally for improved App performance and faster load times.

3.2 Analytics and Improvement

  • To understand how users interact with the App and which features are most valuable.
  • To identify usage patterns that help us improve the user interface and experience.
  • To measure the effectiveness of new features and updates.
  • To monitor App performance and identify areas for optimization.
  • Firebase Analytics and Mixpanel are used for these purposes. Both receive only anonymous, aggregated usage data.

3.3 Advertising

  • To display rewarded video advertisements that allow you to earn generation credits.
  • To serve personalized advertisements if you have granted App Tracking Transparency consent, or non-personalized advertisements if you have declined.
  • To measure ad performance and optimize the advertising experience.

3.4 AI Content Generation

  • To transmit your text prompts and uploaded images to third-party AI providers for video and image generation.
  • To receive and deliver the generated content back to your device.
  • To track generation status (pending, in progress, completed, or failed) and manage the generation pipeline.

3.5 Push Notifications

  • To notify you when your AI-generated content is ready for viewing.
  • To inform you about daily rewards, credit bonuses, and promotional offers.
  • To deliver important service updates and announcements.
  • You can disable push notifications at any time through your device’s Settings app.

3.6 Crash Reporting and Diagnostics

  • To identify and fix crashes, bugs, and performance issues.
  • To monitor the overall health and reliability of the App.
  • To prioritize bug fixes and performance improvements.
  • Firebase Crashlytics is used for this purpose. Crash data is tied to your anonymous user identifier and does not contain personal information.

3.7 Security and Fraud Prevention

  • To verify the integrity of App requests using Firebase App Check with Apple’s App Attest framework.
  • To enforce rate limits on AI generation requests (maximum 5 generations per 10 minutes) to prevent abuse.
  • To validate credit transactions and prevent unauthorized usage of the generation system.

4. Information Sharing and Third-Party Services

We share information with third-party service providers that help us operate and improve the App. We do not sell your personal information. Because we do not collect personal information, the data shared with these providers is associated only with your anonymous user identifier.

4.1 Firebase / Google

  • Firebase Authentication: Manages anonymous user accounts. Receives and stores anonymous user identifiers.
  • Firebase Firestore: Cloud database that stores your generation records, credit balance, subscription status, template data, feedback submissions, daily reward status, and reward task progress.
  • Firebase Analytics: Receives anonymous usage events and screen view data for analytics purposes.
  • Firebase Crashlytics: Receives crash reports, stack traces, and device diagnostic information.
  • Firebase Cloud Messaging (FCM): Receives and manages push notification tokens to deliver notifications to your device.
  • Firebase Remote Config: Delivers dynamic configuration values to the App (e.g., feature flags, API endpoints, credit costs).
  • Firebase App Check: Validates the authenticity of App requests using Apple’s App Attest framework.
  • Privacy Policy: [Google Privacy Policy](https://policies.google.com/privacy)

4.2 Mixpanel

Mixpanel receives anonymous usage events and behavioral analytics data. This data is tied to your anonymous user identifier and does not include personal information. Mixpanel helps us understand user engagement patterns, feature adoption, and retention metrics.

  • Data shared: Anonymous user ID, event names, event properties (e.g., template selected, generation type), device model, OS version, app version.
  • Privacy Policy: [Mixpanel Privacy Policy](https://mixpanel.com/legal/privacy-policy/)

4.3 Google AdMob

Google AdMob is our advertising partner that serves rewarded video advertisements within the App. AdMob receives:

  • Device ID (IDFA): Only if you have granted App Tracking Transparency consent. Used for personalized advertising.
  • Ad interaction data: Whether you viewed, clicked, or completed a rewarded ad.
  • Device information: Device model, OS version, and general location data (derived from IP address by Google).
  • Privacy Policy: [Google Advertising Privacy](https://policies.google.com/technologies/ads)

4.4 AI Generation Providers

When you submit a generation request, your inputs are sent to third-party AI service providers through AIProxy, a secure intermediary service that protects API credentials:

  • fal.ai: Receives text prompts and uploaded images for AI video and image generation. fal.ai processes your inputs on their servers and returns the generated content.
  • EachLabs: Receives text prompts and uploaded images for specialized AI template-based generation. EachLabs processes your inputs and returns the generated content via a webhook to our cloud functions.

Your generation inputs (text prompts and images) are transmitted to these providers for the sole purpose of producing the content you requested. We recommend reviewing the privacy policies of these providers for information about how they handle and retain data:

  • fal.ai: [https://fal.ai/privacy](https://fal.ai/privacy)
  • EachLabs: [https://eachlabs.ai/privacy](https://eachlabs.ai/privacy)

Important: If you upload personal photographs (e.g., selfies or images of identifiable individuals) for use with AI templates, those images will be transmitted to and processed by these third-party AI providers. Please ensure you have appropriate consent from any individuals depicted in the images you upload.

4.5 RevenueCat

RevenueCat manages our subscription and in-app purchase infrastructure. RevenueCat receives:

  • Anonymous user ID: Your anonymous identifier, used to track subscription status and entitlements.
  • Purchase records: Subscription tier, transaction dates, renewal status, and credit entitlements.
  • RevenueCat does not receive personal information because we use anonymous authentication.
  • Privacy Policy: [RevenueCat Privacy Policy](https://www.revenuecat.com/privacy/)

4.6 Cloudflare R2 CDN

Template assets (preview videos, images, and thumbnails) are served from Cloudflare R2, a content delivery network hosted at cdn.getvidzy.com. When you browse or download templates:

  • Your IP address: Cloudflare processes your IP address as part of standard CDN content delivery. This is a standard technical process for all web content delivery and is not used for tracking or profiling.
  • Requested content paths: The URLs of the template assets you access.
  • Privacy Policy: [Cloudflare Privacy Policy](https://www.cloudflare.com/privacypolicy/)

4.7 AIProxy

AIProxy acts as a secure intermediary between the App and AI service providers (fal.ai, EachLabs). AIProxy’s purpose is to protect API credentials so that sensitive keys are never embedded in the App binary. Your generation inputs pass through AIProxy on their way to the AI providers.

  • Data shared: Text prompts, uploaded images, and generation parameters.
  • AIProxy does not store your generation inputs — it forwards them to the destination AI provider and relays the response.

5. Advertising and Tracking

5.1 App Tracking Transparency (ATT)

Vidzy participates in Apple’s App Tracking Transparency framework. Before any tracking occurs, the App presents Apple’s standard ATT permission prompt with the following message:

> “This allows us to show you relevant ads and earn credits by watching videos.”

You have full control over this choice:

  • If you grant permission: Your Device ID (Identifier for Advertisers / IDFA) is shared with Google AdMob to serve personalized advertisements tailored to your interests. This enables more relevant ad experiences.
  • If you decline permission: Your Device ID is not shared with advertising partners. You will still see advertisements, but they will be non-personalized (not based on your browsing or activity data across other apps and websites).

You can change your tracking preference at any time in your device’s Settings > Privacy & Security > Tracking menu.

5.2 Device ID Collection

As declared in our App Privacy Manifest (PrivacyInfo.xcprivacy), we collect Device ID (NSPrivacyCollectedDataTypeDeviceID) for the purpose of third-party advertising (NSPrivacyCollectedDataTypePurposeThirdPartyAdvertising). This Device ID:

  • Is not linked to your identity (NSPrivacyCollectedDataTypeLinked = false) because we do not collect personally identifiable information.
  • Is used for tracking (NSPrivacyCollectedDataTypeTracking = true) as defined by Apple — meaning it may be used to link your activity in Vidzy with your activity in other companies’ apps or websites for advertising purposes.

5.3 Tracking Domains

Our App Privacy Manifest declares the following tracking domains associated with Google’s advertising infrastructure:

  • `googleads.g.doubleclick.net`
  • `pagead2.googlesyndication.com`

Network requests to these domains are classified as tracking under Apple’s guidelines and are subject to your App Tracking Transparency consent. If you decline ATT consent, network traffic to these domains for tracking purposes is blocked by the operating system.

5.4 Personalized vs. Non-Personalized Ads

  • Personalized ads (ATT consent granted): Google AdMob uses your Device ID and browsing signals to display advertisements relevant to your interests. This may involve sharing your Device ID with Google’s advertising network.
  • Non-personalized ads (ATT consent denied): Advertisements are served based on contextual signals (such as the content of the App and general geographic region) rather than your personal activity data. These ads may be less relevant to your specific interests but do not involve cross-app tracking.

Regardless of your ATT choice, you can earn generation credits by watching rewarded video advertisements within the App.

6. Data Storage and Retention

6.1 Cloud Storage (Firebase Firestore)

Your data is stored in Google’s Firebase Firestore cloud database. The following collections contain data associated with your anonymous user identifier:

  • Users: Anonymous user profile including subscription tier, credit balance, creation date, and app preferences.
  • Generations: Records of your AI generation requests including prompt text, generation type, status, credit cost, and timestamps.
  • Feedback: Any feedback or ratings you submit about generated content or templates.
  • Daily Rewards: Records of daily reward claims and reward task completion.

6.2 Automatic Data Cleanup

Generation records (including completed and failed generations) are automatically deleted after 90 days by a scheduled cleanup process that runs daily. This means:

  • Your generation history older than 90 days is permanently removed from our servers.
  • Generated content URLs may become inaccessible after this cleanup period.
  • Your user profile, subscription status, and credit balance are retained as long as your account exists.

6.3 Local Storage

On your device, the App stores:

  • User preferences: App settings stored in UserDefaults, which persist until you uninstall the App or clear its data.
  • Cached content: Template images, thumbnails, and generated content cached on disk for performance. Cache data is subject to iOS’s automatic storage management and may be purged by the operating system when storage is low.

6.4 Third-Party Data Retention

Each third-party service provider retains data according to their own policies:

  • Firebase/Google: Data retained according to Google’s data retention policies. Analytics data can be configured for automatic deletion.
  • Mixpanel: Event data retained according to Mixpanel’s data retention settings.
  • RevenueCat: Subscription and transaction data retained for the duration of the subscription relationship and as required by financial regulations.
  • AI Providers (fal.ai, EachLabs): Refer to each provider’s privacy policy for their data retention practices regarding generation inputs and outputs.
  • Cloudflare: CDN access logs retained according to Cloudflare’s standard log retention policy.

7. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your data. Because Vidzy uses anonymous authentication, exercising these rights requires identifying your account through your anonymous user identifier (which can be found in the App’s settings or provided by our support team through device-level verification).

7.1 Rights Under the General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the GDPR:

  • Right of Access: You have the right to request a copy of the data we hold that is associated with your anonymous user identifier.
  • Right to Rectification: You have the right to request correction of inaccurate data associated with your account.
  • Right to Erasure (Right to Be Forgotten): You have the right to request deletion of all data associated with your anonymous user identifier, including generation records, usage data, credit history, and subscription records.
  • Right to Restriction of Processing: You have the right to request that we limit how we process your data under certain circumstances.
  • Right to Data Portability: You have the right to receive your data in a structured, commonly used, machine-readable format.
  • Right to Object: You have the right to object to the processing of your data for certain purposes, including analytics and advertising.
  • Right to Withdraw Consent: Where processing is based on consent (such as ATT tracking consent), you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Legal Basis for Processing: We process your data based on the following legal bases:

  • Legitimate interest: For service delivery, analytics, crash reporting, and security.
  • Consent: For advertising tracking (via ATT) and push notifications.
  • Contract performance: For subscription management and credit system operation.

7.2 Rights Under the California Consumer Privacy Act (CCPA)

If you are a California resident, you have the following rights under the CCPA and the California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to know what data we collect about you, the categories of sources from which it is collected, the business purposes for collection, and the categories of third parties with whom it is shared.
  • Right to Delete: You have the right to request deletion of the data we have collected from you, subject to certain legal exceptions.
  • Right to Opt-Out of Sale: We do not sell your personal information. However, if the sharing of data with advertising partners for targeted advertising is deemed a “sale” under CCPA, you can opt out by declining ATT consent or adjusting your device’s tracking settings.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

7.3 Exercising Your Rights

To exercise any of the rights described above, please contact us at:

Email: [email protected]

When submitting a request, please include:

  • A description of the right you wish to exercise.
  • Your anonymous user identifier (if known — this can be found in the App’s settings).
  • Any additional information that may help us locate your data.

We will respond to verified requests within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request, which may involve confirming information associated with your device or account.

7.4 Account Deletion

Because Vidzy uses anonymous authentication, there is no traditional account deletion flow within the App. To request deletion of all data associated with your anonymous user identifier:

1. Contact us at [email protected] with a deletion request.

2. Include your anonymous user identifier (available in the App’s settings).

3. We will delete all associated data from our systems, including user profile, generation records, credit history, analytics data, and subscription records.

4. Note that uninstalling the App will remove all locally stored data (preferences, cache) from your device.

Please be aware that:

  • Generation records older than 90 days are automatically deleted regardless of deletion requests.
  • Data that has already been shared with third-party services (Firebase, Mixpanel, AdMob, AI providers) may be retained according to those providers’ own data retention policies.
  • We may retain certain data as required by law or for legitimate business purposes (e.g., financial transaction records).

8. Children’s Privacy

Vidzy is not intended for use by children under the age of 13. We do not knowingly collect data from children under 13 years of age. If you are a parent or guardian and believe that your child under 13 has used the App, please contact us at [email protected] and we will take steps to delete any data associated with that usage.

If we become aware that we have inadvertently collected data from a child under 13, we will take immediate steps to delete that data from our systems.

Users between the ages of 13 and 18 should review this Privacy Policy with a parent or guardian before using the App.

9. Data Security

We take reasonable measures to protect the information associated with your use of the App:

9.1 Transmission Security

  • All network communications between the App and our servers use HTTPS (TLS) encryption to protect data in transit.
  • API credentials for third-party services are not embedded in the App binary — they are protected through AIProxy’s intermediary architecture and Firebase Remote Config.
  • AI generation requests are routed through AIProxy, which adds an additional layer of credential protection.

9.2 Server-Side Security

  • Firebase Security Rules: Firestore access is governed by granular security rules that enforce data isolation between users. Each user can only read and write data associated with their own anonymous user identifier.
  • Field-Level Protection: Sensitive fields such as subscription tier, credit balance, and webhook secrets are protected from unauthorized client-side modification through Firestore security rules.
  • Transaction Integrity: Credit operations (deduction and refund) use atomic database transactions to prevent double-processing and race conditions.
  • Rate Limiting: AI generation requests are rate-limited (maximum 5 per 10 minutes per user) to prevent abuse.
  • Request Attestation: Firebase App Check with Apple’s App Attest verifies that requests originate from a genuine instance of the Vidzy app, protecting against automated abuse.

9.3 Local Security

  • Locally cached data on your device is protected by iOS’s built-in sandboxing and encryption mechanisms.
  • The App does not implement custom encryption for locally stored data — it relies on iOS platform-level protections (Data Protection API and file-level encryption).

9.4 Limitations

While we take reasonable steps to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of data transmitted to or stored by our services or third-party providers. We encourage you to use strong device passcodes and keep your iOS software up to date.

10. International Data Transfers

Vidzy’s services involve data processing in multiple jurisdictions. Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our service providers (Google/Firebase, Mixpanel, RevenueCat, fal.ai, EachLabs, Cloudflare) operate their infrastructure.

These transfers are necessary to provide the App’s services and are conducted in accordance with applicable data protection laws. Where required, we rely on appropriate legal mechanisms for international data transfers, such as Standard Contractual Clauses or adequacy decisions.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or App features. When we make material changes to this Privacy Policy:

  • We will update the “Last Updated” date at the top of this document.
  • For significant changes, we may notify you through an App update or in-app notification.
  • Continued use of the App after changes are posted constitutes your acceptance of the revised Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]

We will make every effort to respond to your inquiry within a reasonable timeframe.

13. Summary of Data Practices

For your convenience, here is a summary of the key data practices described in this Privacy Policy:

| Data Type | Collected | Purpose | Shared With |
|———–|———–|———|————-|
| Anonymous User ID | Yes | Account management, service delivery | Firebase, RevenueCat, Mixpanel |
| Device ID (IDFA) | With ATT consent | Third-party advertising | Google AdMob |
| Usage Analytics | Yes | App improvement, feature development | Firebase Analytics, Mixpanel |
| Text Prompts | Yes | AI content generation | fal.ai, EachLabs (via AIProxy) |
| Uploaded Images | Yes | AI content generation | fal.ai, EachLabs (via AIProxy) |
| Crash Reports | Yes | Bug fixing, stability | Firebase Crashlytics |
| Push Notification Token | With permission | Notification delivery | Firebase Cloud Messaging |
| Subscription Status | Yes | Purchase management | RevenueCat, Apple |
| Device Info | Yes | Analytics, compatibility | Firebase Analytics, Mixpanel |
| Locally Stored Preferences | Yes (on-device only) | App settings, caching | Not shared |

*This Privacy Policy is effective as of the date listed above and applies to all users of the Vidzy mobile application.*

Your Next Video Is 30 Seconds Away

Download Vidzy free, pick a template, and create your first video right now.

Download on the App Store