Privacy Policy

Last updated: May 5, 2026

Mivvo is operated by Mesih Malik Kuru, an individual developer. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Mivvo mobile application. Please read this policy carefully. If you disagree with its terms, please discontinue use of the application.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will notify you of any significant changes by updating the "Last updated" date of this policy and, where appropriate, by providing an in-app notification. Your continued use of the application after any changes constitutes your acceptance of the new policy.

1. Information We Collect

We collect several types of information to provide and improve the Mivvo experience. The categories below describe what we collect, how, and why.

Account Information

When you sign in to Mivvo using Apple Sign In or Google Sign In, we receive certain profile information from those providers. This typically includes your name and email address. We use this information to create and manage your Mivvo account. You may be able to limit the information shared by using Apple's "Hide My Email" feature, in which case we receive only the anonymized relay address Apple provides.

User Content

When you send messages to AI characters within Mivvo, the content of those messages is stored on our servers. This is necessary to maintain conversation history and to power the ongoing relationship between you and the AI characters. We process message content to generate contextually appropriate AI responses. We treat your conversations with care and do not use message content for advertising purposes.

Purchase Information

When you make in-app purchases or subscribe to a Mivvo plan, payment processing is handled entirely by Apple through the App Store. We do not receive or store your payment card details or other sensitive financial information. We only receive a purchase confirmation from Apple, including the product purchased and the date of the transaction, which we use to credit your account accordingly.

Usage Data

We use Firebase Analytics, a service provided by Google, to collect anonymous statistics about how users interact with the application. This includes information such as which features are used, how frequently the app is opened, and general navigation patterns. This data is aggregated and anonymized — it does not identify you personally — and is used solely to understand which aspects of the app are working well and where we can make improvements.

Crash Data

We use Firebase Crashlytics, also provided by Google, to collect crash reports when the application experiences an unexpected error. Crash reports help us identify and fix bugs quickly, improving stability for all users. These reports may include device model, operating system version, and a stack trace describing the state of the app at the time of the crash. Crash reports do not include the content of your messages or other personal information.

Device Tokens for Push Notifications

If you choose to opt in to push notifications, we collect a device push notification token provided by Apple. This token is used solely to deliver notifications to your device, such as alerts about new stories from your AI companions. We do not share push tokens with third parties. If you opt out of notifications at any time through your device settings, we will stop using your token to send push notifications.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To create, maintain, and manage your Mivvo account and provide you with access to the application's features.
  • To deliver AI character responses within conversations, drawing on your conversation history to maintain continuity and context.
  • To process in-app purchases and subscriptions and credit your account with the appropriate tokens or subscription benefits.
  • To send you push notifications about new stories or updates from your AI companions, if you have opted in.
  • To analyze usage patterns through aggregated, anonymized analytics so we can improve the app experience over time.
  • To detect, investigate, and resolve technical issues, crashes, and bugs.
  • To respond to your support inquiries and provide customer service.
  • To comply with applicable legal obligations.

We do not use your personal information to serve you advertisements, and we do not sell your personal data to third parties.

3. Data Storage and Security

Your account information, conversation history, and other personal data are stored on Supabase, which provides a managed PostgreSQL database. Media files, including AI-generated story images, are stored on Cloudflare R2, a secure object storage service. Session caching and performance data are handled through Redis, with no personally identifiable information persisted there beyond your session.

We implement industry-standard security measures to protect your data, including Transport Layer Security (TLS) for all data in transit and encryption at rest for stored data. Access to production systems is restricted to authorized personnel only, and we follow the principle of least privilege in granting access.

Despite these measures, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

4. Third-Party Services

Mivvo relies on a number of trusted third-party services to deliver its functionality. Each of these services has its own privacy policy governing their handling of data:

  • Apple Sign In & Google Sign In — Used for authentication. We receive basic profile information (name, email, user identifier) from these services to create and manage your account. Learn more at apple.com/legal/privacy and policies.google.com/privacy.
  • Firebase Analytics & Crashlytics (Google) — Used for usage analytics and crash reporting. Google may process certain device identifiers as part of these services. Learn more at firebase.google.com/support/privacy.
  • Firebase Cloud Messaging (FCM) — Used to deliver push notifications. Your device push token is shared with Apple's APNs via FCM solely to route notifications. Learn more at firebase.google.com/support/privacy.
  • Supabase — Provides authentication and database storage for your account and conversation data. Learn more at supabase.com/privacy.
  • Cloudflare R2 — Used for storing media files such as AI-generated story images. Learn more at cloudflare.com/privacypolicy.
  • PostHog — Used for server-side product analytics to understand feature usage and improve the service. Data is processed on our behalf under a data processing agreement. Learn more at posthog.com/privacy.
  • Anthropic (Claude) — Used to generate AI character chat responses. Only the conversation prompt and minimal context required to fulfil the request are sent. Learn more at anthropic.com/legal/privacy.
  • OpenAI — Used for content moderation (filtering AI outputs). Learn more at openai.com/privacy.
  • fal.ai — Used for AI image generation (story photos, requested photos). Only the image-generation prompt and character LoRA reference are sent. Learn more at fal.ai/privacy.
  • RunPod — Used for self-hosted AI image generation workers. Learn more at runpod.io/legal/privacy-policy.
  • Apple App Store — Handles all payment processing for in-app purchases and Mivvo Premium subscriptions. Apple's payment systems are governed by Apple's own privacy policy and terms. Learn more at apple.com/legal/privacy.

When AI conversation or image-generation services are invoked, only the prompt and minimal context required to fulfil the request are sent to the provider. We do not share your account email, full identity, or unrelated message history with these AI providers.

5. Data Retention

We retain your personal information for as long as your account remains active. If you delete your Mivvo account, we will delete or anonymize your personal data, including your account information and conversation history, within 30 days of the deletion request. Certain aggregate, anonymized data derived from your usage may be retained for longer periods as it can no longer be linked back to you.

We may retain certain data for longer periods where required by applicable law or regulation, or where necessary to resolve disputes, enforce our agreements, or protect our legal interests. In such cases, access to retained data is restricted appropriately.

6. Your Rights

Depending on your location, you may have certain rights regarding your personal data. Regardless of where you are located, we honor the following requests:

  • Access: You may request a copy of the personal data we hold about you.
  • Correction: You may request that we correct inaccurate or incomplete information about you.
  • Deletion: You may request that we delete your personal data. You can initiate account deletion directly from within the Mivvo app.
  • Data Export: You may request an export of your data in a machine-readable format where technically feasible.
  • Opt Out of Analytics: You may opt out of Firebase Analytics by enabling the "Limit Ad Tracking" option on your iOS device. You may also contact us to request exclusion from server-side analytics.

To exercise any of these rights, please contact us at support@getmivvo.app. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

7. For European Users (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent local laws.

The legal basis for processing your personal data is as follows:

  • Consent: Where you have given us explicit consent, such as opting in to push notifications or analytics.
  • Contractual Necessity: Processing necessary to provide the service you have agreed to use, such as storing conversation history to power AI character responses.
  • Legitimate Interest: Processing necessary for our legitimate interests in operating, improving, and securing the application, where those interests are not overridden by your rights.

In addition to the rights described above, you have the right to restrict or object to certain processing, and the right to data portability. You also have the right to lodge a complaint with the data protection supervisory authority in your country of residence if you believe we have not handled your data in accordance with applicable law.

As we are based in Turkey, cross-border data transfers to our service providers (such as Supabase and Cloudflare) are governed by appropriate transfer mechanisms, including standard contractual clauses where applicable.

8. For California Users (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information.

Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell about you. This Privacy Policy describes our data practices in full.

Right to Delete: You have the right to request that we delete personal information we have collected about you, subject to certain exceptions. To request deletion, please contact us at support@getmivvo.app or use the account deletion feature within the app.

Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, or provide a different level of service because you exercised your privacy rights.

We do not sell personal information. We do not sell your personal data to third parties for monetary or other valuable consideration, and we have not done so in the preceding 12 months.

9. Age Restriction

Mivvo is intended exclusively for users who are at least 18 years of age. By using the application, you confirm that you are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18. If you are under 18, you are not permitted to use Mivvo and must not create an account or submit any personal information through the application.

If you are a parent or guardian and believe that someone under 18 has provided us with personal information or created an account, please contact us immediately at support@getmivvo.app. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information and terminate the associated account as quickly as possible.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make significant changes, we will notify you through an in-app notification so that you are aware of what information we collect, how we use it, and under what circumstances we disclose it.

Your continued use of Mivvo after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this policy periodically to stay informed about how we protect your information.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:

Mesih Malik Kuru
Email: support@getmivvo.app
Website: getmivvo.app

We are committed to working with you to resolve any concerns about your privacy and will respond to all inquiries in a timely manner.