Privacy Policy
Effective Date: 2026-04-25
Last Updated: 2026-04-25
TODO before publishing: Replace every
[TODO: ...]placeholder, have a lawyer review, and update the effective date.
1. Who We Are
[TODO: Your Name] ("we", "us", "our") operates the Flicky mobile app and website at https://flicky.link ("Service"). We are the data controller of the personal data described in this policy.
Contact: [TODO: contact@flicky.link]
2. Data We Collect
2.1 Data you provide
| Data | How collected |
|---|---|
| Email address | When you create an account (Google Sign-In) |
| Saved link URLs | When you save a video link |
| Open Graph metadata (title, description, thumbnail URL) | Fetched automatically from the saved URL |
2.2 Data collected automatically
| Data | Source | Purpose |
|---|---|---|
| Firebase Installation ID | Firebase SDK | Service identification (not linked to advertising) |
| App usage events (screens viewed, features used) | Firebase Analytics | Service improvement and analytics |
| Crash logs, device model, OS version | Firebase Crashlytics | Bug diagnosis and stability |
2.3 Data we do NOT collect
- Advertising identifiers (IDFA / GAID)
- Precise location
- Contacts, photos, or microphone/camera data
- Payment card details (handled entirely by Apple App Store / Google Play)
3. Why We Collect It (Legal Bases)
| Purpose | Legal basis (GDPR) |
|---|---|
| Providing and operating the Service (account, saved links) | Contract performance |
| Diagnosing crashes and improving stability | Legitimate interest |
| Analysing aggregate usage to improve features | Legitimate interest |
| Complying with legal obligations | Legal obligation |
4. How Long We Keep It
| Data | Retention |
|---|---|
| Account data (email, user ID) | Until you delete your account, then purged within 30 days |
| Saved links and metadata | Until you delete them or your account |
| Firebase Analytics events | 90 days (Firebase default) |
| Crashlytics logs | 90 days (Firebase default) |
| Firebase Installation ID | Deleted when you uninstall the app |
5. Third-Party Data Processors
We share data only with trusted processors under written agreements that require them to protect your data:
| Processor | Purpose | Location | Privacy info |
|---|---|---|---|
| Neon | Database hosting (email, user ID, saved links) | United States | https://neon.tech/privacy-policy |
| Google Firebase | Analytics, Crashlytics, Authentication | United States | https://firebase.google.com/support/privacy |
We do not sell your personal data to any third party.
6. International Data Transfers
Our processors (Neon, Firebase) are based in the United States. If you are located in the EU/EEA, Switzerland, or the UK, data transfers are made under:
- Standard Contractual Clauses (SCCs) adopted by the European Commission, or
- Other transfer mechanisms approved under GDPR Chapter V.
If you are located in the Republic of Korea, data transferred abroad is protected in accordance with the Personal Information Protection Act (PIPA) and the Act on Promotion of Information and Communications Network Utilisation and Information Protection.
7. Your Rights
Depending on where you live, you may have the following rights:
EU/EEA (GDPR):
- Access, rectification, and erasure of your data
- Data portability
- Restriction of processing
- Object to processing based on legitimate interest
- Lodge a complaint with your local supervisory authority
California (CCPA):
- Know what personal information is collected
- Delete personal information
- Opt out of "sale or sharing" of personal information (we do not sell or share data for cross-context behavioural advertising)
- Non-discrimination for exercising your rights
Republic of Korea (PIPA / Information and Communications Network Act):
- Access, correction, deletion, and suspension of processing
- Withdraw consent at any time
To exercise any of these rights, email us at [TODO: contact@flicky.link]. We will respond within 30 days (GDPR) or 45 days (CCPA).
8. Children's Privacy
The Service is not directed at children under 14 years old (or 13 in the United States under COPPA). We do not knowingly collect personal data from children below this age. If we discover that we have collected such data, we will delete it promptly. If you believe we have collected a child's data, please contact us immediately.
9. Security
We implement reasonable technical and organisational measures to protect your data, including encrypted transmission (TLS) and access controls. However, no method of transmission over the internet is 100% secure.
10. Links to Third-Party Content
The Service allows you to save links to videos on third-party platforms. This policy does not apply to those platforms. We encourage you to review the privacy policies of YouTube, Instagram, TikTok, and other platforms whose content you access.
11. Changes to This Policy
If we make material changes, we will notify you via in-app notice or email at least 30 days before the changes take effect. The "Last Updated" date at the top of this page will always reflect the latest revision.
12. Contact and Data Protection Officer
For any privacy-related questions or to exercise your rights, contact:
Data Controller:
[TODO: Your Name]
Email: [TODO: contact@flicky.link]
Website: https://flicky.link
EU residents may also contact the supervisory authority in your country of residence.