Privacy Policy

Last Updated: December 2, 2025

MagicPaw ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").

1. Device and Identifiers

1.1 Advertising Identifiers

We may collect and use the following identifiers for advertising and analytics purposes:

• IDFA (Identifier for Advertisers): Used for attribution and advertising measurement. Collection requires your explicit consent via iOS App Tracking Transparency (ATT) framework.
• Install ID: An anonymous identifier generated on first launch, used for session tracking and analytics.

You can control IDFA collection through iOS Settings → Privacy → Tracking. If you deny tracking permission, we will not collect or use IDFA.

2. Runtime Permissions

The App requests the following permissions for core functionality:

• Photo Library (Read): Required to select pet photos and videos for AI processing.
• Photo Library (Write): Required to save processed content to your device.
• App Tracking Transparency: Optional. Used for advertising attribution and analytics. You can deny this permission without affecting core app functionality.

Note: We do not request camera, microphone, location, clipboard, or nearby device permissions. All media selection is done through the iOS photo picker.

3. Data Categories and Purposes

3.1 Data We Collect

• Device Information: Device model, iOS version, app version, language settings.
• Usage Data: Feature interactions, subscription status, credit balance, task completion status.
• Media Content: Photos and videos you select for processing. These are processed locally on your device before upload.
• Diagnostic Data: Crash logs, performance metrics, error reports (anonymized).
• Advertising Interaction: Attribution data (if ATT consent granted), subscription events.

3.2 How We Use Your Data

• Core Functionality: Process your selected media through AI models to generate pet content.
• Attribution and Analytics: Measure app performance, subscription conversions, and feature usage (anonymized).
• Service Improvement: Identify bugs, optimize performance, and enhance user experience.
• Subscription Management: Process payments, manage subscription status, and allocate credits.

4. Data Processing Location and Association

4.1 Local Processing

Most data processing occurs locally on your device:

• Image/video selection and preview generation
• EXIF metadata reading and orientation correction
• Image resizing and compression (preview generation)
• Video transcoding and thumbnail extraction

4.2 Data Upload

Selected media files are uploaded to our backend servers for AI processing. Uploaded data includes:

• Processed image/video files (resized/compressed)
• File metadata (dimensions, format, hash)
• Task parameters (selected style, processing options)

Uploaded media is associated with your anonymous Install ID or user account (if you create one). We do not use uploaded media for training AI models or sharing with third parties beyond what is necessary for service delivery.

4.3 Cross-App Tracking

We do not use collected data for cross-app tracking or advertising profiling beyond attribution measurement (if ATT consent granted).

5. Third-Party SDKs

We integrate the following third-party SDKs:

5.1 Attribution and Analytics

• Adjust SDK (Adjust GmbH)
• Purpose: Attribution tracking, conversion measurement, SKAdNetwork support
• Data Collected: Install ID, device identifiers (if ATT consent), subscription events, app usage events
• Privacy Policy: https://www.adjust.com/terms/privacy-policy/

5.2 Payment Processing

• StoreKit 2 (Apple Inc.)
• Purpose: In-app subscription management and payment processing
• Data Collected: Transaction receipts, subscription status (processed by Apple)
• Privacy Policy: https://www.apple.com/privacy/

All third-party SDKs are bound by their respective privacy policies. We do not share personal information with third parties except as necessary for service delivery or as required by law.

6. Consent and User Control

6.1 iOS App Tracking Transparency (ATT)

We request your consent before collecting IDFA for attribution. You can:

• Grant or deny tracking permission when prompted
• Change your preference at any time in iOS Settings → Privacy → Tracking

6.2 Personalized vs. Non-Personalized

If you deny ATT permission, we will:

• Not collect or use IDFA
• Use anonymous Install ID for analytics only
• Continue to provide full app functionality

6.3 Data Withdrawal and Reset

You can:

• Delete the app to remove all locally stored data
• Contact us to request deletion of server-side data associated with your account
• Reset your Install ID by uninstalling and reinstalling the app

7. Data Sharing, Retention, and Security

7.1 Data Sharing

We share data only with:

• Service Providers: Backend infrastructure providers for AI processing and storage
• Analytics Providers: Adjust (for attribution, if ATT consent granted)
• Payment Processors: Apple (for subscription transactions)
• Legal Requirements: When required by law or to protect our rights

7.2 Data Retention

• Media Files: Retained on servers until task completion, then deleted within 30 days unless you save them to your device
• Account Data: Retained while your account is active, deleted within 90 days of account deletion
• Analytics Data: Aggregated and anonymized data retained for up to 2 years
• Transaction Records: Retained as required by law (typically 7 years for tax purposes)

7.3 Security Measures

• Encryption: All data in transit uses TLS 1.2+ encryption
• Sandboxing: App runs in iOS sandbox with minimal required permissions
• Access Control: Server-side access restricted to authorized personnel only
• Data Minimization: We collect only data necessary for service delivery

8. Regional Compliance and User Rights

8.1 GDPR (European Economic Area)

If you are located in the EEA, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing

8.2 CCPA/CPRA (California)

If you are a California resident, you have the right to:

• Know what personal information is collected
• Delete personal information
• Opt-out of sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your rights

To exercise these rights, please contact us using the information provided in Section 9.

9. Contact Information

Email: [email protected]

For privacy-related inquiries, data deletion requests, or to exercise your rights under GDPR/CCPA, please contact us at the email above. We will respond within 30 days.

10. Core Statement

Local Processing Default: The App prioritizes local processing for media selection, preview generation, and basic transformations. Media files are uploaded to our servers only when you explicitly request AI processing (e.g., generating pet transformations, emotion dialogue).

Cloud Features: AI-powered features (pet transformations, style transfers, emotion recognition) require server-side processing. By using these features, you consent to uploading your selected media to our servers for processing. Processed results are returned to your device and can be saved locally.

No Backend Required for Core UI: The app interface, navigation, and subscription management function independently. Server connectivity is required only for AI processing tasks and subscription verification.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy in the App and updating the "Last Updated" date. Your continued use of the App after such changes constitutes acceptance of the updated policy.