Privacy Policy

1. Who we are

DanceGecko ("DanceGecko," "we," "us," or "our") operates the DanceGecko mobile application available on the Apple App Store ("the App") and the website located at dancegecko.com ("the Site").

For questions about this Privacy Policy, contact us at: privacy@dancegecko.com or hello@dancegecko.com.

2. Information we collect

2.1 Information you provide directly

• Photos: When you use the App to generate a dance video, you select and upload one or two photos (selfies, full-body photos, or pet photos) from your device's photo library. These photos are transmitted to our servers for AI-based motion transfer processing.
• Email address: If you contact our support team, we collect the email address you use to reach us.

2.2 Subscription and purchase information

• All payments are processed by Apple through the App Store. We do not receive your credit card number or full payment details. We receive a subscription status notification and a pseudonymous subscriber token from Apple and our subscription management provider (RevenueCat) to determine your access tier.
• We store: subscription tier (free / weekly / yearly), subscription status (active / expired / cancelled), and the date of your most recent purchase event.

2.3 Device and usage information

• Device identifiers: A pseudonymous device ID (IDFV — Identifier for Vendor, not IDFA) used to associate your generations with your subscription. We do not use your IDFA (Advertising Identifier) without your explicit App Tracking Transparency consent.
• App usage events: Events such as screens viewed, dances selected, generation started/completed, paywall shown, and subscription events. These are sent to PostHog (our analytics provider) and are associated with a pseudonymous user ID, not your name or email.
• Crash reports: If the App crashes, an anonymized crash report is automatically generated and sent to help us fix bugs. Crash reports contain device model, iOS version, and a stack trace. They do not contain your photos or personal identifiers.

2.4 Information we do NOT collect

• We do not collect your name, unless you voluntarily provide it in a support email.
• We do not collect your location.
• We do not collect your contacts.
• We do not collect information from your camera roll beyond the specific photo(s) you choose to upload.
• We do not collect your IDFA without your explicit ATT consent, and we do not use ATT for advertising targeting.

3. How we use your information

• To generate your dance video: Your uploaded photo(s) are processed by our AI motion-transfer service (powered by fal.ai — see Section 5) to create your output video. Photos are used solely for this purpose.
• To manage your subscription: Subscription status data is used to enforce daily generation limits and unlock Pro features.
• To improve the App: Anonymized usage analytics help us understand which templates are most popular, where users drop off, and how to improve performance.
• To provide customer support: If you email us, we use your email address solely to respond to your inquiry.
• To fix bugs: Crash reports are used exclusively to identify and fix software issues.

4. Data retention and deletion

• Uploaded photos: Your original uploaded photo(s) are automatically deleted from our servers within 24 hours of video generation completion, or sooner if the generation fails.
• Generated videos: Output MP4 videos are stored in Cloudflare R2 and automatically purged after 90 days. You can delete your videos at any time from Settings → Manage Library within the App.
• Usage analytics: Pseudonymous analytics events are retained for up to 24 months, after which they are aggregated or deleted.
• Subscription records: Purchase history is retained for up to 7 years for accounting and tax purposes, as required by applicable law.
• Support emails: Retained for 2 years, then deleted unless an open dispute requires longer retention.

To request deletion of all data associated with your account, email privacy@dancegecko.com with the subject line "Data Deletion Request." We will process your request within 30 days.

5. Third-party services and data sharing

We share your data with the following third-party service providers only to the extent necessary to operate the App:

5.1 fal.ai (AI video generation)

Your uploaded photo(s) are transmitted to fal.ai's API for AI motion-transfer processing. fal.ai acts as a data processor on our behalf. Photos are processed under fal.ai's data processing terms and are not used to train fal.ai's models. fal.ai is GDPR-compliant. For more information, see fal.ai/privacy.

5.2 RevenueCat (subscription management)

RevenueCat processes subscription events on our behalf. RevenueCat receives a pseudonymous subscriber token (not your name or email) from Apple and provides us with a unified subscription status. For more information, see revenuecat.com/privacy.

5.3 Supabase (database and backend)

We use Supabase as our backend database to store generation metadata (which dance template you selected, generation status, timestamp) linked to your pseudonymous device ID. Supabase is hosted on AWS (US East). For more information, see supabase.com/privacy.

5.4 Cloudflare R2 (video storage)

Generated MP4 videos are stored in Cloudflare R2 (object storage). Files are accessible only via a time-limited signed URL specific to your session. Cloudflare does not access the content of your stored files. For more information, see cloudflare.com/privacypolicy.

5.5 AppsFlyer (mobile attribution)

We use AppsFlyer to measure the effectiveness of our advertising campaigns. AppsFlyer receives a pseudonymous device ID (IDFV) and, if you grant App Tracking Transparency consent, your IDFA. AppsFlyer data is used solely for install attribution and return-on-ad-spend measurement — never for building advertising profiles or selling to third parties. AppsFlyer is GDPR-compliant. For more information, see appsflyer.com/legal/privacy-policy.

5.7 PostHog (analytics)

We use PostHog to collect anonymized usage analytics. Analytics events are associated with a pseudonymous user ID, not your name or email. PostHog is hosted on EU servers. For more information, see posthog.com/privacy.

5.8 Apple (App Store, StoreKit)

Apple processes all payments and provides subscription management infrastructure. Apple's App Store privacy policy applies to all App Store transactions. See apple.com/legal/privacy.

We do not sell, rent, or trade your personal data to any third party for advertising or marketing purposes.

6. Apple App Tracking Transparency (ATT)

DanceGecko uses AppsFlyer for mobile attribution. To measure whether advertising campaigns lead to app installs, the App will display Apple's App Tracking Transparency (ATT) prompt on first launch. If you grant permission, your IDFA (Apple's Advertising Identifier) is shared with AppsFlyer solely for install attribution. If you deny permission, SKAdNetwork is used for privacy-preserving attribution and your IDFA is never accessed.

Our Privacy Manifest (PrivacyInfo.xcprivacy) filed with Apple reflects this: NSPrivacyTracking = true, with declared tracking domains (appsflyer.com, appsflyersdk.com). You can change your ATT preference at any time in iPhone Settings → Privacy & Security → Tracking → DanceGecko.

7. Children's privacy

DanceGecko is rated 12+ on the Apple App Store. The App is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has submitted personal information to us, please contact us at privacy@dancegecko.com and we will delete such information promptly.

For users in the United States, our practices comply with the Children's Online Privacy Protection Act (COPPA). For users in the EU/EEA, our practices comply with GDPR Article 8 (consent of the child).

8. Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• TLS encryption for all data in transit between the App and our servers.
• Encryption at rest for stored files in Cloudflare R2.
• Access controls limiting which employees and systems can access user data.
• Automatic deletion schedules so data is not retained longer than necessary.

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we take our obligations seriously and will notify you in accordance with applicable law if a data breach affects your personal data.

9. Your rights (GDPR / CCPA)

Depending on your location, you may have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate personal data.
• Right to erasure ("right to be forgotten"): Request deletion of your personal data.
• Right to data portability: Request your data in a machine-readable format.
• Right to object: Object to processing of your personal data for certain purposes.
• Right to restrict processing: Request that we limit how we use your data.
• CCPA (California): California residents have the right to know what personal information is collected, the right to delete, and the right to opt-out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, email privacy@dancegecko.com. We will respond within 30 days.

10. International data transfers

DanceGecko is operated from the United States. If you are located outside the US, your data (including uploaded photos during processing) may be transferred to and processed in the United States and other countries. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection law.

11. C2PA content labels

All videos generated by DanceGecko carry a C2PA (Coalition for Content Provenance and Authenticity) AI-content label embedded in the file metadata. This label indicates that the video was AI-generated and identifies DanceGecko as the tool used. This is done in compliance with emerging platform requirements for AI-generated content disclosure.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where required by law, provide notice through the App or via email. Your continued use of the App after the effective date of any changes constitutes acceptance of the updated policy.

13. Contact us

For any privacy-related questions, data requests, or concerns:

• Email: privacy@dancegecko.com
• General support: hello@dancegecko.com
• Support page: dancegecko.com/support