Privacy Policy

Effective Date: December 6, 2025

Last Updated: December 21, 2025

1. Introduction

Welcome to Loovie ("we," "us," "our," or the "Company"). We are committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application Loovie (the "App") and our website located at https://loovie.app (collectively, the "Service").

This Privacy Policy complies with:

  • The Australian Privacy Act 1988 and the Australian Privacy Principles (APPs)
  • The EU General Data Protection Regulation (GDPR) for European users
  • The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents
  • Other applicable data protection laws

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide Directly

When you use our Service, you may provide us with:

  • Account Information: Email address
  • Authentication Information: Login credentials for third-party services (Google Sign-In, Apple ID)
  • Content Data: Text prompts, uploaded images, video projects, characters, backgrounds, music, and lyrics you create
  • Payment Information: Processed through Apple App Store, Google Play Store, or RevenueCat (we do not store credit card details)
  • Communications: Support requests, feedback, and other communications with us
  • Preferences: App settings, notification preferences, and feature preferences

Important Note About Face Data

The app does not collect, detect, analyze, identify, or extract biometric or facial recognition data. Users may upload images or videos that may incidentally contain human faces, but the app does not perform facial recognition, biometric identification, or any facial feature analysis. No facial data is extracted, processed separately, or indexed. Images and videos are processed solely for the purpose of AI video generation as requested by the user.

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

  • Device Information: Device type, operating system (iOS/Android), device ID, screen resolution
  • Usage Data: Features used, screens viewed, actions taken, generation history, export formats used
  • Performance Data: App crashes, errors, load times, processing speeds
  • Analytics Data: Session duration, engagement metrics, feature adoption through PostHog (fully anonymized by default - we only store an app User ID, not personal identifiers)
  • Log Data: IP address, timestamps, app version, error logs through Sentry

2.3 Information from Third Parties

We may receive information from:

  • Authentication Providers: Basic profile information from Google or Apple when you sign in
  • Payment Processors: Transaction confirmations and subscription status from RevenueCat
  • AI Service Providers: Processing status and metadata from MiniMax (video and music, directly or via Kie) and Google (images, via OpenRouter)

2.4 Permissions We Request

Our App may request the following device permissions:

  • Camera: To capture photos for image-to-video generation (optional)
  • Photo Library: To access images for video generation and save exported videos
  • Notifications: To send you updates about video processing status (optional)

3. How We Use Your Information

3.1 Service Provision

  • Process your video generation requests using AI models
  • Store and manage your projects, characters, and backgrounds
  • Enable video editing and timeline management features
  • Process exports and deliver your finished videos
  • Manage your subscription and credit balance

3.2 Service Improvement

  • Analyze usage patterns to improve features and user experience
  • Monitor app performance and fix technical issues
  • Develop new features based on user behavior and feedback
  • Optimize AI model selection and processing speeds

3.3 Communication

  • Send service-related notifications (video ready, export complete)
  • Respond to support requests and inquiries
  • Send important updates about your account or the Service
  • Marketing communications (only with your consent)

3.4 Legal and Safety

  • Comply with legal obligations and regulatory requirements
  • Detect and prevent fraud, abuse, or violations of our Terms
  • Protect the rights, property, and safety of our users and the public
  • Enforce our Terms and Conditions

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your personal data based on the following legal grounds:

Purpose Legal Basis
Providing the Service Contract performance
Account creation and management Contract performance
Payment processing Contract performance
Service improvements and analytics Legitimate interests
Marketing communications Consent
Legal compliance Legal obligation
Fraud prevention Legitimate interests

Where we rely on legitimate interests, we have assessed that our interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our Service:

  • Supabase: Authentication and database services (data stored in Australia/US regions)
  • RevenueCat: Subscription and payment processing
  • PostHog: Analytics and user behavior tracking (anonymized data)
  • Cloudflare: Cloud infrastructure and content delivery
  • MiniMax: AI video and music generation (directly or via Kie)
  • Google: AI image generation (via OpenRouter)
  • OneSignal: Push notification delivery
  • Sentry: Error tracking and performance monitoring
  • Apple/Google: App distribution and in-app purchases

5.2 Legal Requirements

We may disclose information if required to:

  • Comply with a legal obligation, court order, or government request
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the personal safety of users or the public
  • Protect against legal liability

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

5.4 Aggregated Data

We may share aggregated, anonymized data that cannot identify you personally for business purposes, research, or public reporting.

6. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:

Data Type Retention Period
Account Information Until account deletion + 30 days
User Content (videos, projects) Until manually deleted by user or account closure
Transaction Records 7 years (legal requirement)
Analytics Data 2 years (anonymized by default, stored with app User ID only)
Error Logs 90 days
Marketing Preferences Until withdrawn or account deletion

After the retention period expires, we will securely delete or anonymize your personal information. Some information may be retained longer if required by law or for legitimate business purposes.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest
  • Access Controls: Role-based access controls and authentication requirements
  • Security Monitoring: Regular security audits and vulnerability assessments
  • Incident Response: Established procedures for handling security incidents
  • Employee Training: Regular privacy and security training for our team
  • Third-Party Security: We require our service providers to maintain adequate security measures

Data Breach Notification: In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify you within 72 hours in compliance with GDPR and Australian data breach notification requirements.

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country of residence, including the United States, where data protection laws may differ from your jurisdiction.

8.1 Transfer Safeguards

We ensure appropriate safeguards for international transfers:

  • For EU/EEA Users: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission
  • For Australian Users: We ensure recipients provide substantially similar protections as required by the APPs
  • Adequacy Decisions: Where available, we rely on adequacy decisions by relevant authorities

8.2 Third-Party Processors Locations

  • Supabase: United States, Australia
  • RevenueCat: United States
  • PostHog: United States, European Union
  • AI Services: Various locations including US, China (MiniMax)

By using our Service, you consent to the transfer of your information to these countries. If you do not consent to such transfers, please do not use our Service.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

9.1 Universal Rights

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal information (subject to legal obligations)
  • Opt-out: Opt-out of marketing communications at any time

9.2 How to Exercise Your Rights

To exercise any of these rights:

  • In-App: Access account settings for basic data management
  • Email: Send requests to privacy@loovie.app
  • Response Time: We will respond within 30 days (or as required by law)
  • Verification: We may request information to verify your identity

9.3 Data Portability

You can export your data in a structured, commonly used format:

  • Export your videos and projects directly from the app
  • Request a full data export by contacting privacy@loovie.app

9.4 Automated Decision-Making

We do not use your personal information for automated decision-making that produces legal or similarly significant effects. AI processing is used solely for content generation based on your explicit inputs.

10. Cookies and Tracking Technologies

10.1 Mobile App

Our mobile app does not use cookies but may use similar technologies:

  • Device Identifiers: To maintain your session and provide personalized experiences
  • Analytics SDKs: PostHog for usage analytics (can be disabled in settings)
  • Crash Reporting: Sentry for error tracking and app stability

10.2 Website

Our website uses minimal cookies:

  • Essential Cookies: Required for website functionality
  • Analytics Cookies: To understand website usage (only with consent)

10.3 Do Not Track

We respect Do Not Track signals. When detected, we disable non-essential analytics tracking.

11. Third-Party Services

Our Service integrates with various third-party services. Each has their own privacy policy:

Authentication & Database

Supabase: Privacy Policy

Handles user authentication and stores your account data

Payment Processing

RevenueCat: Privacy Policy

Manages subscriptions and in-app purchases

Analytics

PostHog: Privacy Policy

Tracks app usage and feature adoption (anonymized)

AI Services

MiniMax: Processes video and music generation requests (directly or via Kie)

Kie: Privacy Policy (MiniMax API gateway)

OpenRouter: Privacy Policy (Google API gateway)

Google: Privacy Policy

Generate AI images, videos, and music

Notifications

OneSignal: Privacy Policy

Delivers push notifications (optional)

Error Tracking

Sentry: Privacy Policy

Monitors app performance and errors

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

12. Children's Privacy

Our Service is not directed to children under 13 years of age. Users between 13 and 18 must have parental consent to use the Service.

12.1 Age Requirements

  • Minimum age: 13 years globally
  • EU/EEA: 16 years without parental consent (per GDPR)
  • Australia: Parental consent required for users under 15

12.2 Parental Rights

Parents or guardians may:

  • Request access to their child's information
  • Request deletion of their child's account
  • Refuse further collection of their child's information

If we learn we have collected information from a child under 13 without parental consent, we will delete that information immediately. Please contact us at privacy@loovie.app if you believe we have collected information from a child under 13.

13. Marketing Communications

13.1 Consent

We will only send you marketing communications with your explicit consent, in compliance with:

  • Australian Spam Act 2003
  • GDPR requirements for EU users
  • CAN-SPAM Act for US users

13.2 Types of Communications

  • Service Updates: New features, improvements (always sent)
  • Promotional Offers: Special deals, discounts (opt-in required)
  • Tips & Tutorials: How to use features better (opt-in required)
  • Surveys: Feedback requests (opt-in required)

13.3 Unsubscribe

You can unsubscribe from marketing communications at any time by:

  • Clicking "unsubscribe" in any marketing email
  • Adjusting notification settings in the app
  • Contacting us at support@loovie.app

14. AI-Generated Content and Privacy

14.1 Content Processing

When you use our AI features:

  • Your prompts and images are sent to AI service providers (MiniMax directly or via Kie for video, Google via OpenRouter for images)
  • Music generation prompts (genre, mood, tempo, lyrics) are sent to MiniMax (directly or via Kie)
  • AI providers process your content according to their privacy policies
  • Generated content (videos, images, music) is returned to your device and stored in your account
  • We do not use your content to train AI models

14.2 Content Ownership

You retain ownership of:

  • All prompts and inputs you provide
  • Images and content you upload
  • AI-generated videos, images, and music you create
  • Custom lyrics you provide for music generation

14.3 Content Moderation

We may use automated systems to detect and prevent generation of prohibited content (violence, adult content, etc.) as outlined in our Terms of Service. This processing is done to ensure safety and legal compliance.

14.4 Face Data and Biometric Information

Loovie does not perform facial recognition or biometric identification.

  • No Face Data Collection: The app does not collect, detect, analyze, identify, or extract biometric or facial recognition data from any images or videos.
  • Incidental Faces: Images or videos uploaded by users may incidentally contain human faces, but no facial data is extracted, analyzed, indexed, or retained separately.
  • No Third-Party Sharing: Since we do not collect face data, no face data is shared with any third parties.
  • Processing Only: Uploaded content is processed solely for AI video generation as requested by the user, without any facial feature analysis or recognition.
  • Storage and Retention: User-uploaded images and generated media are stored temporarily for processing and user access, then deleted according to our standard data retention policy (see Section 6). No face data is stored separately or indexed.

15. Region-Specific Privacy Rights

15.1 Australian Residents

Under the Privacy Act 1988 and Australian Privacy Principles:

  • Access: Request access to your personal information (APP 12)
  • Correction: Request correction of inaccurate information (APP 13)
  • Complaints: Lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC)
  • Anonymity: Where practicable, option to deal with us anonymously
  • Cross-border disclosure: We will notify you before disclosing information overseas (APP 8)

OAIC Contact: www.oaic.gov.au | Phone: 1300 363 992

15.2 European Union Residents (GDPR)

Under the General Data Protection Regulation:

  • Access: Obtain confirmation and copies of your data (Article 15)
  • Rectification: Correct inaccurate data (Article 16)
  • Erasure: Request deletion ("right to be forgotten") (Article 17)
  • Restriction: Limit processing of your data (Article 18)
  • Portability: Receive data in machine-readable format (Article 20)
  • Object: Object to processing based on legitimate interests (Article 21)
  • Automated decisions: Not be subject to automated decision-making (Article 22)
  • Withdraw consent: Withdraw consent at any time
  • Lodge complaint: File a complaint with your supervisory authority

15.3 California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to Know: Request disclosure of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of sale/sharing (we do not sell your data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices
  • Right to Correct: Request correction of inaccurate information
  • Right to Limit: Limit use of sensitive personal information

Notice of Financial Incentive: We do not provide financial incentives for personal information.

15.4 UK Residents

UK residents have similar rights to EU residents under the UK GDPR. You may contact the Information Commissioner's Office (ICO) at ico.org.uk.

15.5 Canadian Residents

Under PIPEDA, you have the right to access and correct your personal information. Contact the Privacy Commissioner of Canada at priv.gc.ca.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

16.1 Notification of Changes

We will notify you of material changes by:

  • Posting the updated Privacy Policy on our website and app
  • Updating the "Last Updated" date at the top
  • Sending an email notification for significant changes
  • Displaying an in-app notice for material changes

16.2 Your Choices

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy. If you disagree with the changes, you should stop using the Service and may request deletion of your account.

17. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Controller

Company: Loovie Pty Ltd

Email: privacy@loovie.app

General Support: support@loovie.app

Website: https://loovie.app

Data Protection Officer

For GDPR-related inquiries:

Email: dpo@loovie.app

Response time: Within 30 days

Regulatory Authorities

You have the right to lodge a complaint with your local data protection authority:

  • Australia: Office of the Australian Information Commissioner (OAIC)
  • EU: Your national data protection authority
  • UK: Information Commissioner's Office (ICO)
  • California: California Privacy Protection Agency

Your Privacy Matters

At Loovie, we are committed to protecting your privacy and giving you control over your personal information. We believe in transparency, user choice, and data minimization.

Thank you for trusting us with your information. If you have any questions or concerns about our privacy practices, please don't hesitate to contact us at privacy@loovie.app.