Privacy Policy

1. Introduction

Incrediapp Ltd ("Incrediapp", "we", "us", or "our") operates mobile and web applications including, but not limited to, applications published under the Incrediapp Ltd developer account. This Privacy Policy describes how we collect, use, store, and share information about you when you use any of our applications (collectively, the "Apps").

By downloading, installing, or using any of our Apps, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our Apps immediately.

2. Who We Are

Incrediapp Ltd is the data controller responsible for your personal data in connection with our Apps. We are incorporated and operate in accordance with applicable law.

3. Information We Collect

We collect the following categories of information when you use our Apps:

3.1 Information You Provide Directly

• Account registration details such as your name, email address, or third-party authentication tokens.
• Profile configurations, avatars, settings, and custom persona properties you choose to establish.
• Conversational & Creative Inputs: For our interactive chat, companion, and roleplay applications, we collect the text prompts, chat messages, and custom scripts you submit inside the Apps to generate responses.
• Communications you send to us, such as customer support requests.

3.2 Information Collected Automatically

• Device identifiers (e.g., advertising ID, device model, operating system version, unique hardware tokens like IDFV).
• App usage data (features used, interaction timelines, session duration, crash reports).
• IP address and approximate location metrics derived from it.
• System log data including access times, localized language selections, and specific pages viewed.

3.3 Information from Third-Party SDKs & Cloud API Frameworks

Our Apps integrate third-party software development kits (SDKs) and secure API data tunnels that may independently process or collect performance data to execute underlying app functions. These include analytics providers (such as Firebase / Google Analytics), crash reporting tools, advertising networks, and advanced generative linguistic or speech synthesis pipelines. Each third party operates under its own privacy policy.

3.4 Scope of Sensitive Data Processing

While our applications do not intentionally request, harvest, or store rigid regulatory sensitive data categories (such as government-issued IDs, financial records, or precise biometric maps), we recognize that users may voluntarily choose to disclose personal, emotional, medical, or lifestyle contexts during unstructured, open-ended conversations with our AI personas. By entering these creative or interactive spaces, you acknowledge that this information is processed to dynamically serve the conversational output.

4. How We Use Your Information

Incrediapp Ltd uses the information we collect to:

• Provide, operate, optimize, and improve our Apps across our ecosystem.
• Create and manage your user account, preserving state and preferences securely across platforms.
• Programmatically render real-time AI companion responses, creative text roleplay, dynamic translations, and high-fidelity personalized audio summaries.
• Respond to your support requests, trouble tickets, and communications.
• Send you operational service-related notices, configuration changes, and system alerts.
• Analyze technical usage trends to enhance UI layout efficiency and server performance.
• Detect, prevent, and mitigate fraud, spam, malicious activity, or systemic abuse.
• Comply with prevailing international legal obligations.

We do not sell your personal data to third parties. We process your data as a data controller, and you retain rights over your data as outlined below.

5. Data Sharing & Third-Party Processing Pipelines

We route your parameters in the following strictly controlled and contractually bounded circumstances:

5.1 Service Providers & Advanced AI Sub-Processors

We share data with trusted third-party vendors who assist us in operating our infrastructure, including cloud hosting clusters, analytics architectures, and support desks.

5.2 Financial Vaulting, In-App Purchases & Subscription Billings

We do not maintain local data operations or storage systems for transactional wealth or payment processing, completely shielding our system architecture from billing liabilities. All monetization, digital token tracking, and premium subscriptions are processed exclusively through native sandboxed environments operated by the Apple App Store (In-App Purchases) or the Google Play Store (Google Play Billing). Incrediapp Ltd never stores, reviews, captures, or processes credit card numbers or financial authentication data.

5.3 Third-Party SDKs

As noted in Section 3.3, integrated SDKs may collect and process data according to their own terms. Key third parties currently integrated include Google (Firebase, Analytics), and may include advertising networks and structural crash reporting modules.

5.4 Ecosystem & Storefront Compliance

We align our web-facing policies with the dynamic "App Privacy Labels" and "Data Safety Declarations" designated inside mobile distribution stores. Device-level security selections (such as Apple's App Tracking Transparency framework or Android system permissions) are completely respected at the OS level and honored natively by our source code.

5.5 Legal Requirements & Business Transfers

We may disclose your data if legally required to do so by a court order or governmental authority, or if we believe in good faith that disclosure is necessary to defend our legal rights or user safety. In the event of a merger, acquisition, or sale of assets, your data states may be securely transferred as an operational asset under strict continuity rules.

6. Data Retention, Trust & Safety Logs

We retain your core account metadata and configuration profiles for as long as your account remains active. For our interactive AI companion and conversational applications, chat history nodes and conversation arrays are securely stored and maintained on our cloud databases.

Retention Basis: This persistent storage is explicitly required to maintain continuity for your personalized conversational experience across sessions, and serves as an immutable log for system safety audits, abuse prevention, and legal dispute resolution (e.g., confirming the safety bounds of AI-generated advice). Account profiles and historical visibility states can be deleted upon explicit user request to support@incrediapp.com within 30 days, subject to data preservation legally required to resolve active disputes or comply with local statutory mandates.

7. Your Rights

Depending on your global location, you may possess specific rights regarding your personal data:

7.1 All Users

• The right to view and access the personal data states we maintain.
• The right to rectify inaccurate, corrupted, or incomplete configuration data.
• The right to request the deletion of account records.
• The right to withdraw processing consent at any time without structural penalties.

7.2 EU / UK Users (GDPR / UK GDPR Framework)

• The right to data portability.
• The right to object to processing paths justified via legitimate business interests.
• The right to restrict processing actions under specific conditions.
• The right to lodge a formal grievance with an approved local supervisory data protection authority.

Our lawful bases for data operations include: performance of a contract (delivering the operational app functions), legitimate interests (improving interface security and auditing stability), and explicit consent.

7.3 California Users (CCPA / CPRA)

• The right to know the precise categories of personal information collected, processed, and shared.
• The right to opt-out of the sharing of personal information (Incrediapp Ltd does not monetize data via third-party broker selling).
• The right to completely non-discriminatory service experiences when exercising statutory privacy rights.

8. Children's Privacy

Our Apps are not directed at children under the age of 13 (or 16 in the EEA/UK). We do not knowingly harvest personal records from minors. If a parent or guardian discovers that a child has bypassed onboarding blocks and submitted data, contact us immediately at support@incrediapp.com so we can programmatically purge the records.

9. Data Security

We deploy industry-standard technical controls to defend data instances against unauthorized exposure, loss, or manipulation. These frameworks include Transport Layer Security (TLS/SSL) encryption for all inbound and outbound API paths, isolated server access lists, and regular database performance reviews. However, no data transmission pipeline over the web can be guaranteed 100% immune; we cannot claim absolute security over persistent states.

10. International Data Transfers

Our cloud cluster configuration may distribute, store, or process information instances across international server networks located outside your home jurisdiction to balance AI rendering speeds. Where mandated, we invoke standard compliance mechanisms, including European Commission-approved Standard Contractual Clauses (SCCs), to govern international transfer data pathways securely.

11. Third-Party Links and Services

Our Apps may feature links or frame views to external third-party digital web portals. This Privacy Policy does not