Privacy Policy
Effective Date: 2026-05-25
Last Updated: 2026-05-27
1. Who We Are
Flicky, represented by Jinsu Park ("we", "us", "our") operates the Flicky mobile app and website at https://flicky.link ("Service"). We are the data controller of the personal data described in this policy.
Contact: contact@flicky.link
2. Data We Collect
2.1 Data you provide
| Data | How collected |
|---|---|
| Email address | When you create an account (Google or Apple Sign-In) |
| Saved link URLs | When you save a video link |
| Open Graph metadata (title, description, thumbnail URL) | Fetched automatically from the saved URL |
| Tags and notes | When you add them to a saved link |
| Support communications | When you contact us by email or another support channel |
2.2 Data collected automatically
| Data | Source | Purpose |
|---|---|---|
| Firebase Auth user ID (anonymous or signed-in account) | Firebase Authentication | Account identification, sign-in state, saved-link sync |
| Firebase Installation ID | Firebase SDK | Service identification (not linked to advertising) |
| App usage events (screens viewed, features used, purchase flow events) | Firebase Analytics | Service improvement and analytics |
| Website usage events (pages viewed, app-store link clicks, browser/device information) | Google Analytics 4, if configured on the website | Website analytics and product improvement |
| Crash logs, device model, OS version | Firebase Crashlytics | Bug diagnosis and stability |
| Error reports, stack traces, release/environment information | Sentry, when monitoring is enabled | Error diagnosis and service reliability |
| Purchase verification data (receipt, purchase token, product ID, transaction ID, subscription status and renewal period) | Apple App Store / Google Play / Flicky API | Subscription verification and entitlement management |
2.3 Data we do NOT collect
- Advertising identifiers (IDFA / GAID)
- Precise location
- Contacts, photos, or microphone/camera data
- Payment card details (handled entirely by Apple App Store / Google Play)
- Contents of videos hosted by third-party platforms
3. Why We Collect It (Legal Bases)
| Purpose | Legal basis (GDPR) |
|---|---|
| Providing and operating the Service (account, saved links) | Contract performance |
| Processing support requests | Contract performance or legitimate interest |
| Verifying subscriptions and preventing purchase fraud | Contract performance and legitimate interest |
| Diagnosing crashes and improving stability | Legitimate interest |
| Analysing aggregate usage to improve features | Legitimate interest |
| Complying with legal obligations | Legal obligation |
4. How Long We Keep It
| Data | Retention |
|---|---|
| Account data (email, user ID) | Until you delete your account. Account email is removed and user ID is de-identified; limited de-identified operational records may be retained |
| Saved links and metadata | Until you delete them or your account. Original URLs and metadata are removed on account deletion; limited de-identified operational records may be retained |
| Support communications | As long as needed to respond and maintain service records |
| Subscription records | As long as needed to provide subscriptions, resolve disputes, and comply with platform or legal requirements |
| Firebase Analytics events | 90 days (Firebase default) |
| Crashlytics logs | 90 days (Firebase default) |
| Sentry error reports | According to the monitoring workspace retention settings |
| Firebase Installation ID | Deleted when you uninstall the app |
5. Third-Party Data Processors
We share data only with trusted processors under written agreements that require them to protect your data:
| Processor | Purpose | Location | Privacy info |
|---|---|---|---|
| Neon | Database hosting (email, user ID, saved links) | United States | https://neon.tech/privacy-policy |
| Google Firebase | Analytics, Crashlytics, Authentication | United States | https://firebase.google.com/support/privacy |
| Google Analytics | Website analytics, if configured | United States / other Google processing locations | https://policies.google.com/privacy |
| Sentry | Error monitoring, if enabled | United States | https://sentry.io/privacy/ |
| Apple App Store | In-app purchase processing and subscription management | Apple processing locations | https://www.apple.com/legal/privacy/ |
| Google Play | In-app purchase processing and subscription management | Google processing locations | https://policies.google.com/privacy |
We do not sell your personal data to any third party.
6. International Data Transfers
Our processors may process data outside your country, including in the United States. If you are located in the EU/EEA, Switzerland, or the UK, data transfers are made under:
- Standard Contractual Clauses (SCCs) adopted by the European Commission, or
- Other transfer mechanisms approved under GDPR Chapter V.
If you are located in the Republic of Korea, data transferred abroad is protected in accordance with the Personal Information Protection Act (PIPA) and the Act on Promotion of Information and Communications Network Utilisation and Information Protection.
7. Your Rights
Depending on where you live, you may have the following rights:
EU/EEA (GDPR):
- Access, rectification, and erasure of your data
- Data portability
- Restriction of processing
- Object to processing based on legitimate interest
- Lodge a complaint with your local supervisory authority
California (CCPA):
- Know what personal information is collected
- Delete personal information
- Opt out of "sale or sharing" of personal information (we do not sell or share data for cross-context behavioural advertising)
- Non-discrimination for exercising your rights
Republic of Korea (PIPA / Information and Communications Network Act):
- Access, correction, deletion, and suspension of processing
- Withdraw consent at any time
To exercise any of these rights, email us at contact@flicky.link. We will respond within 30 days (GDPR) or 45 days (CCPA).
8. Children's Privacy
The Service is not directed at children under 14 years old (or 13 in the United States under COPPA). We do not knowingly collect personal data from children below this age. If we discover that we have collected such data, we will delete it promptly. If you believe we have collected a child's data, please contact us immediately.
9. Security
We implement reasonable technical and organisational measures to protect your data, including encrypted transmission (TLS) and access controls. However, no method of transmission over the internet is 100% secure.
10. Links to Third-Party Content
The Service allows you to save links to videos on third-party platforms. This policy does not apply to those platforms. We encourage you to review the privacy policies of YouTube, Instagram, TikTok, and other platforms whose content you access.
11. Changes to This Policy
If we make material changes, we will notify you via in-app notice or email at least 30 days before the changes take effect. The "Last Updated" date at the top of this page will always reflect the latest revision.
12. Contact and Privacy Requests
For any privacy-related questions or to exercise your rights, contact:
Data Controller:
Flicky, represented by Jinsu Park
Email: contact@flicky.link
Website: https://flicky.link
EU residents may also contact the supervisory authority in your country of residence.