Privacy Policy for Havira
1. Introduction
Welcome to Havira ("we," "our," or "us"). This Privacy Policy explains how Engin Deniz Usta collects, uses, discloses, and protects your personal information when you use the Havira mobile application and related services (collectively, the "Service").
We are committed to protecting your privacy and ensuring transparency about our data practices. This policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.
Contact Information:
- Service Provider: Engin Deniz Usta
- Email: support@edusta.dev
- Address: Brennerei 2, 82024, Taufkirchen, Germany
2. Information We Collect
2.1 Information You Provide
- Account Information: User ID and authentication credentials (provided through Firebase Authentication)
- Video Generation Data: Images you upload and text prompts you provide for video generation
- Payment Information: Transaction data processed through RevenueCat (we do not store credit card details)
2.2 Automatically Collected Information
- Usage Data: Information about how you use our Service, including videos generated and features accessed
- Device Information: Device type, operating system, unique device identifiers, and mobile network information
- Log Data: IP address, access times, and app crash reports
2.3 Information from Third Parties
- Authentication Data: We use Firebase Authentication to manage user accounts
- Payment Data: RevenueCat provides us with transaction information for in-app purchases
3. How We Use Your Information
We use your personal information for the following purposes:
3.1 Essential Services (Legal Basis: Contractual Necessity)
- Providing and maintaining the Service
- Processing your video generation requests
- Managing your token balance and transactions
- Authenticating your identity and managing your account
- Processing payments and preventing fraud
3.2 Service Improvement (Legal Basis: Legitimate Interest)
- Analyzing usage patterns to improve our Service
- Developing new features and functionality
- Debugging and fixing technical issues
3.3 Communications (Legal Basis: Legitimate Interest / Consent)
- Sending push notifications about video generation status (with your consent)
- Responding to your requests and inquiries
- Sending important service updates
3.4 Analytics (Legal Basis: Consent)
- With your explicit consent, we use Google Analytics to understand how users interact with our Service
- You can withdraw this consent at any time through the app settings
3.5 Legal Compliance (Legal Basis: Legal Obligation)
- Complying with applicable laws and regulations
- Responding to legal requests and preventing misuse
- Maintaining transaction records as required by law
4. Third-Party Services
We use the following third-party services to provide and improve our Service:
4.1 OpenAI (Sora)
- Purpose: Video generation from images and text prompts
- Data Shared: User-provided images and text prompts
- Privacy Policy: https://openai.com/policies/privacy-policy
4.2 Google Firebase
- Purpose: User authentication and push notifications (FCM)
- Data Shared: User authentication data, device tokens
- Privacy Policy: https://firebase.google.com/support/privacy
4.3 Google Analytics
- Purpose: Usage analytics (optional, requires consent)
- Data Shared: App usage data, anonymized user behavior
- Privacy Policy: https://policies.google.com/privacy
- Control: You can enable or disable analytics in app settings
4.4 RevenueCat
- Purpose: In-app purchase management and subscription processing
- Data Shared: Transaction data, user ID
- Privacy Policy: https://www.revenuecat.com/privacy
4.5 Google Cloud Platform
- Purpose: Storage of generated videos
- Data Shared: Generated video files
- Privacy Policy: https://cloud.google.com/terms/cloud-privacy-notice
4.6 Google AdMob (Future Implementation)
- Purpose: If implemented, for displaying advertisements
- Data Shared: Device identifiers, usage data (with your consent)
- Privacy Policy: https://support.google.com/admob/answer/6128543
- Note: Not currently active; you will be notified and asked for consent before implementation
5. Your Privacy Choices and Rights
5.1 Consent Management
You can control the following consent preferences in the app:
- Required: Essential functionality (cannot be disabled)
- Functional: Enhanced features and user experience
- Analytics: Google Analytics tracking
- Marketing: Marketing communications and future advertising
To manage your preferences:
- Open the Havira app
- Go to Settings → Privacy & Consents
- Toggle your preferences
5.2 Your Rights Under GDPR (EU Users)
If you are located in the European Economic Area (EEA), you have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing: Request limitation of processing
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
5.3 Your Rights Under CCPA (California Users)
If you are a California resident, you have the following rights:
- Right to Know: What personal information we collect, use, and disclose
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
- Right to Non-Discrimination: Equal service regardless of exercising your rights
5.4 Exercising Your Rights
To exercise any of these rights:
Data Export:
- Open the Havira app
- Go to Settings → Privacy
- Tap "Export My Data"
- You will receive a JSON file containing all your data
Account Deletion:
- Open the Havira app
- Go to Settings → Account
- Tap "Delete Account"
- Confirm the deletion
Alternatively, email us at support@edusta.dev with your request.
We will respond to your request within:
- GDPR: 30 days (extendable by 60 days for complex requests)
- CCPA: 45 days (extendable by 45 days)
6. Data Retention
6.1 Active Accounts
We retain your personal information for as long as your account is active or as needed to provide you with our Service.
6.2 Account Deletion
When you delete your account, we immediately delete:
- Your authentication data
- Your consent preferences
- Your device tokens
- Your video requests and generated content
- Your token balance records
6.3 Legal Requirements
We may retain certain transaction records for legal and accounting purposes, including:
- Payment transaction data (as required by tax and financial regulations)
- Records necessary for fraud prevention and legal compliance
The retention period for such records typically does not exceed 7 years or as required by applicable law.
7. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- Encryption: Data is encrypted in transit (TLS/SSL) and at rest
- Access Controls: Restricted access to personal data on a need-to-know basis
- Secure Infrastructure: Use of Google Cloud Platform with industry-standard security
- Regular Updates: Security patches and updates are applied promptly
- Authentication: Secure user authentication through Firebase
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.
8. Children's Privacy
Our Service is not intended for users under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@edusta.dev, and we will delete such information promptly.
9. International Data Transfers
We are based in Germany and process data within the European Economic Area (EEA). However, some of our third-party service providers may process data outside the EEA, including:
- OpenAI (United States): For video generation
- Google Cloud Platform: Data may be processed in various regions
- RevenueCat (United States): For payment processing
When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions by the European Commission
- Privacy Shield frameworks or equivalent protections
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:
- Updating the "Last Updated" date at the top of this policy
- Sending you a notification through the app or via email
- For material changes, requesting renewed consent where required
We encourage you to review this Privacy Policy periodically.
11. Do Not Track Signals
Some web browsers have a "Do Not Track" (DNT) feature. Currently, there is no industry standard for how to respond to DNT signals. Our Service does not currently respond to DNT signals, but you can control analytics tracking through our in-app consent settings.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
For EU Users (GDPR)
As a Germany-based service provider, we serve as the data controller for your personal information. You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, place of work, or place of alleged infringement.
German Data Protection Authority:
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Website: https://www.bfdi.bund.de
13. Legal Basis Summary
For quick reference, here's how we process your data:
| Purpose | Legal Basis | Can Opt-Out? |
|---|---|---|
| Account management | Contractual necessity | No (service won't work) |
| Video generation | Contractual necessity | No (core feature) |
| Payment processing | Contractual necessity | No (required for purchases) |
| Service improvement | Legitimate interest | Limited |
| Analytics | Consent | Yes (in app settings) |
| Push notifications | Consent | Yes (in device settings) |
| Marketing (future) | Consent | Yes (in app settings) |
| Legal compliance | Legal obligation | No (required by law) |
Thank you for trusting Havira with your personal information. We are committed to protecting your privacy and providing you with transparency and control over your data.