1. Information we process
Account and profile
We process your email address, username, password hash, verification state, display name, biography, profile image, preferences, and account status. We never store your plaintext password.
Content and activity
We process reviews, ratings, replies, custom lists, watchlist entries, follows, likes, reports, notification state, and other actions you choose to make in Tizani. Public profile and community content is visible to other signed-in users as described in the app.
Subscriptions
Apple processes payment. Tizani receives signed transaction evidence, product and expiration status, an account-linking token, and Apple transaction identifiers. We do not receive or store your payment-card details. A pseudonymous Apple subscription-chain binding is retained after account deletion to prevent purchase transfer, replay, or fraud.
Device, advertising, and technical data
We process limited device and app information needed for authentication, fraud prevention, rate limiting, diagnostics, and service security. Free-tier users may be shown Google Mobile Ads only after the required consent flow. Depending on your choices and region, Google may process device or advertising identifiers under its own policies. Paid users do not initialize the advertising SDK.
Network addresses used for abuse prevention are converted to keyed, non-reversible rate-limit identifiers. Restricted administrator security records may include source address and user-agent data for incident investigation.
2. How we use information
- Provide accounts, profiles, community features, recommendations, notifications, and support.
- Verify Apple subscriptions and enforce Plus and Pro features through their verified paid-through date.
- Prevent account takeover, spam, forged purchases, abusive uploads, ranking manipulation, and other misuse.
- Moderate reported content, maintain an auditable administrator history, debug failures, and improve reliability.
- Comply with applicable law and enforce our Terms of Use.
3. Service providers and disclosures
We use service providers only to operate Tizani. These may include Apple for subscriptions and app distribution; Railway and PostgreSQL/Redis infrastructure for hosting; Cloudflare R2 for media storage; an email-delivery provider; Google AdMob and User Messaging Platform for consented free-tier advertising; and TVDB or AniList for catalog information. Providers may process information only for the services they supply and must protect it consistently with their agreements and applicable law.
We may disclose information when legally required, to protect people or the service from harm, or as part of a business transaction subject to appropriate confidentiality and user notice. We do not sell personal information for money.
4. Retention
| Information | Retention approach |
|---|---|
| Account, profile, and user-generated content | While your account is active; erased when you complete in-app account deletion, except records described below. |
| Authentication challenges | Expire within the displayed verification window and are removed within 24 hours after expiry. |
| Expired or revoked session metadata | Up to 30 days after expiration or revocation; raw refresh credentials are never stored. |
| Rate-limit and API idempotency records | Until their short security or retry window expires, then removed by scheduled cleanup. |
| Signed feed exposure and interaction telemetry | Up to 90 days for abuse detection, replay prevention, and product reliability; these client events never determine authoritative ranking counters. |
| Processed delivery/outbox records | 30 days; unresolved dead letters are retained until investigated. |
| Signed App Store notification payloads | Up to 365 days, after which the payload is scrubbed while its notification UUID replay tombstone remains. |
| Subscription-chain binding | A pseudonymous original-transaction binding is retained for the life of the service so a deleted account’s purchase cannot be claimed by another account. |
| Security and moderation audit records | Retained only as needed for security, dispute handling, and legal obligations, with access restricted to authorized administrators. |
| Provider backups and operational logs | Kept on a limited rolling schedule and removed through the provider’s normal rotation; deleted account data may remain inaccessible in encrypted backups until rotation completes. |
5. Your choices and rights
You can update profile information in the app, manage advertising privacy choices from Settings when available, and manage Apple billing from Apple’s subscription settings. Depending on where you live, you may have rights to access, correct, export, object to, restrict, or delete personal information.
Account deletion: Settings includes permanent account deletion. It deletes the account and associated user-generated content, revokes sessions, and removes stored media. Deletion does not cancel an Apple subscription; the app shows Apple’s subscription-management link before confirmation. The pseudonymous no-transfer subscription tombstone described above remains.
6. Security and international processing
We use transport encryption, restricted credentials, hashed authentication material, access controls, upload quarantine, database constraints, monitoring, and backups designed to protect information. No system can guarantee absolute security. Service providers may process information in countries other than your own under their applicable transfer safeguards.
7. Children
Tizani is not directed to children under 13, and we do not knowingly collect personal information from a child below the minimum age permitted in their location. Contact us if you believe a child provided information so we can investigate and delete it.
8. Changes and contact
We may update this policy as Tizani changes. We will update the effective date and provide additional notice in the app when a change materially affects your choices.