PRIVACY POLICY

Last modified: 2026-03-03

Welcome to Vibra!

This Privacy Policy describes how WINKLY LIMITED ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our AI video generation service. We take your privacy seriously and are committed to protecting your personal data.

Contact Information:

Company: WINKLY LIMITED

Email: [email protected]

Compliance Inquiries: [email protected]

I. HOW WE COLLECT YOUR PERSONAL DATA

We do not share your personal information with any AI providers. We only share the specific task content required for AI generation.

Data We Collect

To provide our AI video generation service, we collect and process the following types of personal information:

Data Type	Collected Data	Purpose of Use
Account Data	Email Address	To deliver personalized services and support authentication processes.
Payment Data	Subscription status, payment methods, subscribed packages, subscription time, and transaction ID	To manage subscriptions, provide VIP services, and facilitate troubleshooting support.
User Queries	Messages, email content, images, or other materials submitted via email	To optimize Services, respond to inquiries, and for analytical purposes.

Data Collected Automatically

Data Type	Collected Data	Purpose of Use
Usage Data	User interaction data with the Services	To gain insights on usage patterns, improve Services, and enhance user experience.
Analytics Data	Crash logs, diagnostics, and error reports	To ensure performance stability, address issues efficiently, and enhance usability.
Device Information	Device model, operating system version, application version, time zone, and random ID	To provide essential features and compatibility support for the Services.
Security Data	IP addresses (collected through websites only)	To prevent network misuse, such as severing connections during potential attacks.

AI Service Providers

We use the following AI service providers to process your content for video generation. Your content is sent to these providers only when you initiate an AI generation task:

Provider	Data	Service Description	Privacy Policy
OpenAI	Photos/text data required for user-specified AI generation tasks	Provides advanced natural language processing and generation AI models	Link
Solar-Engine	Photos/text data required for user-specified AI generation tasks	Third-party attribution analysis for ad placements	Link
Kling AI	Photos/text data required for user-specified AI generation tasks	Provides advanced video generation AI models	Link
Google	Photos/text data required for user-specified AI generation tasks	1. Google Sign-In: Authentication and authorization services 2. Provides multiple advanced video generation AI models, including Veo	Link
Hunyuan (Tencent)	Photos/text data required for user-specified AI generation tasks	Provides advanced image and video generation AI models	Link
ByteDance (Doubao)	Photos/text data required for user-specified AI generation tasks	Provides advanced image and video generation AI models	Link
Sora (OpenAI)	Photos/text data required for user-specified AI generation tasks	Provides advanced image and video generation AI models	Link
Vidu (Shengshu)	Photos/text data required for user-specified AI generation tasks	Provides advanced image and video generation AI models	Link
MiniMax	Photos/text data required for user-specified AI generation tasks	Provides advanced image and video generation AI models	Link
PixVerse	Photos/text data required for user-specified AI generation tasks	Provides advanced image and video generation AI models	Link
Wan AI	Photos/text data required for user-specified AI generation tasks	Provides the Wan 2.5 models for advanced video generation	Link

Face Data

Collection and Transmission of Face Data

When you upload images or videos containing faces to our App for AI video generation, these images are transmitted to third-party AI service providers for processing. While WINKLY LIMITED does not directly collect, store, or extract biometric face data on its own servers, images containing faces are sent to our AI processing partners as part of the video generation workflow.

The AI technology processes uploaded images as complete visual inputs to generate creative video content. WINKLY LIMITED does not perform facial detection, facial recognition, or biometric data extraction. However, the third-party AI processors may process face data as part of their content generation pipelines according to their own privacy policies.

AI Processors That May Receive Face Data

The following AI service providers may receive and process images containing face data when you use our video generation features:

OpenAI (Sora, GPT Image)
Google (Veo, Gemini)
Runway
MiniMax
ByteDance (Doubao)
Kling (Kuaishou)
Wan AI (Alibaba)
Hailuo (NANONOBLE)
PixVerse
Vidu (Shengshu)
Hunyuan (Tencent)

See the AI Service Providers table above for complete details on each provider's data handling practices and privacy policies.

Use of Face Data

Images containing faces are used exclusively for AI video generation purposes. WINKLY LIMITED does not use face data for:

Facial recognition or identification
Biometric profiling or analysis
Building facial feature databases
Surveillance or tracking purposes

Data Retention

Original uploaded images are deleted from our transmission servers immediately after being sent to the AI processing provider. Third-party AI providers may retain data for up to 30 days for abuse monitoring and service integrity purposes only, after which it is automatically deleted. Your uploaded content is not used by these providers for AI model training (see the AI Service Providers table above for provider-specific retention policies).

Advertising and Analytics Providers

We use the following advertising and analytics services to support app functionality, ad delivery, and performance monitoring:

Provider	Data Shared	Purpose	Retention	Equal Protection	Privacy Policy
Google (Ads/AdMob)	Advertising ID, device info, usage data, approximate location	Ad personalization, frequency capping, attribution	9–18 months	Yes	Link
Google (Firebase)	Device info, crash logs, usage analytics	App performance, crash reporting	2–14 months	Yes	Link
Facebook (Meta)	Advertising ID, device info, app events, approximate location	Ad targeting, conversion tracking, lookalike audiences	Per policy	Yes	Link
Facebook (App Events)	Feature usage, purchase events	Analytics, ad optimization	Per policy	Yes	Link
Solar-Engine	Advertising ID, device info, app events	Third-party attribution analysis for ad placements	Up to 2 years	Yes	Link

Personal Identifiers - Your name, email address, username, and account credentials.

Camera and Media Data - When you use our AI video generation features, we may collect:

Photos and images you upload for video creation
Video content you create or upload
Camera permissions data (when using camera-related features)
Media files stored in your cloud storage (with your permission)

Device Information - Information about your device including:

Device identifiers (including advertising identifiers such as IDFA and GAID) and activation time
Hardware model and operating system version
List of installed applications (for compatibility purposes)
Mobile network information (PLMN provider ID)
IP address and geographical location data

Advertising Identifiers

We collect advertising identifiers to support ad personalization and attribution:

Identifier	Platform	Purpose	Shared With
IDFA (Identifier for Advertisers)	iOS	Ad personalization, attribution	Google, Facebook
GAID (Google Advertising ID)	Android	Ad personalization, attribution	Google, Facebook

You can reset or disable your advertising ID:

iOS: Settings → Privacy & Security → Tracking → Vibra
Android: Settings → Privacy → Ads → Delete advertising ID

Usage Data and Analytics - Information about how you use our service:

App usage patterns and feature interactions
Log information (access time, access count, events, errors)
Video generation history and preferences
Search queries and content interactions

Payment and Subscription Data - Information related to your purchases and subscriptions:

Subscription status and plan type
Payment methods (we do not store full payment card numbers)
Transaction timestamps and transaction IDs
Purchase history and billing records

Diagnostics and Performance Data - Technical data used to maintain and improve our service:

Crash logs and error reports
Performance metrics and response times
App version and build information

Security Data - Information used to protect our service and users:

IP addresses for security monitoring and abuse prevention
Login attempt records and authentication logs
Device fingerprints for fraud detection

Location Information - We may collect location data through:

GPS signals (with your permission)
WLAN access points
Service provider network ID

Third-Party Social Media Information - If you choose to sign in using third-party services (Google, Apple, Facebook, Discord, etc.), we collect information they share with us, such as your profile information and email address.

II. HOW WE USE YOUR PERSONAL DATA

Legal Basis for Data Processing

We process your personal data based on the following legal grounds:

Your Consent: When you provide explicit consent for specific processing activities
Contract Performance: To provide and deliver the services you request
Legitimate Interests: For our legitimate business interests or those of third parties
Legal Obligations: To comply with applicable laws and regulations

How We Use Your Personal Data

We use your personal information for the following purposes:

1. Account Registration and Service Activation

To create and manage your account, verify your identity, and activate our AI video generation services.

2. AI Video Generation and Service Delivery

To process your images, videos, and prompts to generate AI-powered video content, including:

Text-to-video generation
Image-to-video conversion
Video enhancement and editing features
Character animation and motion capture

3. Personalization and User Experience

To provide a customized experience, including personalized recommendations, content suggestions, and interface preferences based on your usage patterns.

4. System Updates and Notifications

To notify you about operating system updates, new features, service improvements, and important announcements.

5. Marketing Communications

With your consent, to send promotional materials, newsletters, and marketing information about our services and special offers.

6. Analytics and Research

To conduct internal audits, data analysis, and research to improve our AI models, service quality, and user experience.

7. Technical Support and Troubleshooting

To diagnose and resolve technical issues, provide customer support, and ensure smooth service operation.

8. Cloud Storage and Synchronization

To synchronize and store your user-uploaded data across devices, allowing you to access your content from multiple platforms.

9. Security and Fraud Prevention

To implement loss prevention programs, detect and prevent fraudulent activities, and protect against security threats.

10. Legal Compliance

To comply with applicable laws, regulations, legal processes, and government requests.

Data Security Commitment

We Do Not Sell Your Personal Data

We do not sell your personal information to third parties for monetary compensation. For purposes of this policy, "selling" means exchanging or transferring personal data to third parties for money or other valuable consideration.

We use modern encryption technologies (including HTTPS) to protect your data during transmission and storage. For Android devices, we implement runtime permissions to ensure that permission-controlled data is accessed only with your explicit consent.

III. HOW WE ENTRUST, SHARE, TRANSFER, AND DISCLOSE PERSONAL DATA

Circumstances for Sharing Personal Data

1. With Your Consent

We may share your personal information with designated third parties when you provide explicit consent for specific purposes.

2. Legal Requirements

We may disclose your information when required by:

Applicable laws and regulations
Legal processes, court orders, or subpoenas
Government authorities or regulatory agencies
Law enforcement investigations

3. Corporate Affiliates

We may share your personal data with our affiliated companies, subsidiaries, and parent companies for specific, definite, and legitimate purposes, such as:

Unified account management
Cross-platform service integration
Consolidated analytics and research
Centralized customer support

4. Business Partners and Service Providers

We work with trusted third-party partners to provide and improve our services, including:

Cloud storage and hosting providers
Payment processors and financial service providers
AI model training and inference partners (see "AI Service Providers" in Section I for details)
Analytics and data processing services
Customer support platforms
Marketing and advertising partners

Data Protection Measures for Third Parties

When we share your personal data with third parties, we ensure adequate protection through:

Strict Agreements: Comprehensive data processing agreements or entrustment contracts
Non-Disclosure Requirements: Mandatory confidentiality and non-disclosure agreements
Security Assessments: Regular evaluation of third-party security practices
Data Protection Terms: Contractual obligations aligned with this Privacy Policy
Purpose Limitation: Restrictions preventing third parties from using data beyond specified purposes

Public Disclosure of Personal Data

We may publicly disclose your personal information in the following circumstances:

After obtaining your explicit consent for public disclosure
When required by laws, legal procedures, litigation, or government authorities

Mergers, Acquisitions, and Corporate Transactions

In the event of a merger, acquisition, reorganization, or sale of substantially all our assets:

We will provide prior notification to affected users
We will disclose the receiver's name and contact information
The receiving party must continue to abide by this Privacy Policy
If the receiving party changes the processing purposes, they must obtain your consent again
You will have the right to delete your personal data or close your account

IV. HOW WE USE COOKIES AND SIMILAR TECHNOLOGIES

Types of Cookies We Use

1. Necessary Cookies

Essential cookies required for the service to function properly, including:

Login and authentication cookies
Account verification tokens
User preference storage
Session management

2. Analysis Cookies

These cookies help us understand how users interact with our service by collecting statistical information about:

Website and app usage patterns
Feature popularity and engagement
Performance metrics and load times
Error tracking and diagnostics

3. Advertisement Cookies

Used to deliver relevant advertisements based on your interests and previous interactions with our service. These cookies may track:

Pages visited and content viewed
Ad clicks and conversions
Cross-device tracking (with consent)

Specific Cookies We Use

Cookie Name	Purpose	Duration	Provider
Cookie Consent Tracker	Stores your cookie consent preferences	360 days	Vibra
User ID	Identifies your account for service delivery	360 days	Vibra
Authentication Token	Maintains your logged-in session	360 days	Vibra
Information Collection Popup	Tracks whether informational popups have been shown	360 days	Vibra

Other Tracking Technologies

Web Beacons and Pixel Tags

Small electronic files embedded in our service and emails that allow us to count users who have visited pages or opened emails, and collect related statistics.

Flash Cookies (Local Shared Objects)

Used to store user preferences and settings across sessions.

HTML5 Local Storage

Browser-based storage for improved performance and offline functionality.

Managing Cookies and Tracking

You have control over cookies and similar technologies:

Browser Settings

You can manage, delete, or block cookies through your browser settings. Most browsers allow you to:

View and delete existing cookies
Block all cookies or only third-party cookies
Clear cookies when closing the browser
Create exceptions for specific websites

Do Not Track

We currently do not have an obligation to honor "Do Not Track" (DNT) signals from browsers. However, we provide you with choices regarding the collection and use of your information.

Impact of Disabling Cookies

Please note that disabling cookies may affect the functionality of our service. Some features may not work properly or at all if cookies are disabled.

V. HOW WE PROTECT YOUR PERSONAL DATA

Security Measures We Implement

Data Minimization

We apply the principle of data minimization, collecting only the personal information necessary to provide our AI video generation services.

Limited Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Encryption Technologies

We use industry-standard cryptographic technologies to protect your data:

HTTPS/TLS encryption for data transmission
Encryption at rest for stored data
End-to-end encryption for sensitive communications

Server Protection

Our servers employ trusted protection mechanisms including:

Firewalls and intrusion detection systems
Regular security patches and updates
Network segmentation and isolation
DDoS protection and traffic monitoring

Access Controls

We implement strict access control mechanisms:

Hierarchical permission management systems
Multi-factor authentication for administrative access
Role-based access controls (RBAC)
Regular access logging and audit trails
Periodic review of access privileges

Partner and Vendor Selection

We carefully select our business partners and service providers, conducting due diligence to ensure they maintain appropriate security standards and comply with data protection requirements.

Employee Training

We provide regular security and privacy training to our employees, including:

Data protection best practices
Security awareness and threat recognition
Privacy policy compliance
Incident response procedures

Data Breach Notification

In the event of a personal data breach that may result in risk to your rights and freedoms, we will:

Notify Affected Users

We will notify you in accordance with local legal requirements, providing:

Basic information about the security incident
Potential impact and risks to your personal data
Measures we have taken or will take to address the breach
Suggestions for actions you can take to protect yourself
Remedial measures and support we are offering

Notification Methods

We may notify you through one or more of the following channels:

Email to your registered email address
SMS text message
Push notification through our app
Public Security Notice on our website

Regulatory Reporting

We will report data breaches to relevant supervisory authorities as required by applicable laws and regulations.

VI. HOW YOU CAN MANAGE YOUR PERSONAL DATA

Your Rights

You have the following rights regarding your personal information:

Right to Access

You have the right to request access to the personal data we hold about you, including:

Categories of personal data we collect
Purposes for which we use your data
Categories of third parties with whom we share data
Specific pieces of personal information we have collected

Right to Correction

You have the right to request correction of inaccurate or incomplete personal data we maintain about you.

Right to Deletion

You have the right to request deletion of your personal data, subject to certain exceptions required by law.

Right to Withdraw Consent

Where we process your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing before withdrawal.

How to Exercise Your Rights

Submitting Requests

To exercise your rights, please:

Submit your request in writing through our dedicated channels (website contact form or email: [email protected])
Provide sufficient information to verify your identity
Specify the exact nature of your request
Ensure your request is specific and feasible

Response Timeline

We will respond to your request within a necessary and reasonable timeframe as required by applicable law, typically within 30 days of receipt.

Verification Process

To protect your privacy and security, we must verify your identity before processing requests to access, correct, or delete your personal data.

When We May Decline Requests

We may decline your request in the following circumstances:

Local laws do not grant you the requested right
We cannot verify your identity
The request cannot be verified or is outside the scope of applicable rights
The request is related to ongoing compensation disputes or litigation
Data is retained for statistical or research purposes in anonymized form
Processing the request would require disproportionate effort or resources
Disclosure would undermine counter-terrorism or law enforcement efforts
The request involves confidential opinions or would disclose information about other individuals without their consent
Other situations stipulated by applicable law

Special Considerations

Guardian Access

Only legal guardians or authorized representatives can request access to another person's personal data. Proper authorization documentation must be provided.

Repeated Requests

We are not obligated to provide data in response to repeated requests if the information has not changed since the previous request.

Account Closure

To close your account permanently, please email us at [email protected]. Note that you may be required to close your account to fully withdraw consent where your consent is necessary to perform essential aspects of our service.

California Consumer Privacy Act (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information.

WINKLY LIMITED does not sell your personal information to non-affiliated third parties for monetary or other valuable consideration. We also do not share your personal information for cross-context behavioral advertising purposes.

As a California resident, you have the right to:

Know what personal information we collect, use, disclose, and sell
Request deletion of your personal information
Opt out of the sale or sharing of your personal information
Non-discrimination for exercising your CCPA rights

To exercise your CCPA rights, please contact us at [email protected]. We will verify your identity before processing your request and respond within 45 days as required by law.

VII. HOW WE PROCESS PERSONAL DATA OF MINORS

Age Requirements

Our service is intended for users who are at least 14 years of age (or the minimum age specified by law in your jurisdiction).

Parental Consent

Children under the applicable minimum age cannot create accounts or use our service without consent from a parent or legal guardian.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at [email protected].

Special Protections for Minors

We provide additional protections for minors' personal data:

Restricted Processing: We apply stricter limitations on collecting, using, and sharing minors' personal information
Limited Third-Party Sharing: We restrict entrusted processing, sharing, transfer, and public disclosure of minors' data
Enhanced Security: We implement additional security measures to protect minors' information
Parental Rights: Parents and guardians can request access to, correction of, or deletion of their child's personal data

Automatic Deletion

If we discover that we have collected personal information from a minor without prior parental consent (where required), we will automatically delete such information as soon as possible.

VIII. LINKS TO THIRD-PARTY WEBSITES, PRODUCTS, AND SERVICES

Third-Party Services

Our service may contain links to third-party websites, applications, products, or services that are not owned or operated by us. This Privacy Policy applies only to our service.

No Control Over Third Parties

We do not control and are not responsible for:

The privacy practices of third-party websites, products, or services
The content available on third-party platforms
The security measures employed by third parties
How third parties collect, use, or share your personal information

User Choice and Responsibility

You can freely choose whether to access third-party links from our service. We do not endorse or make any representations about third-party websites, products, or services.

Review Third-Party Policies

Before sharing any personal information with third parties, we strongly encourage you to:

Review their privacy policies and terms of service
Understand their data collection and usage practices
Evaluate their security measures
Make informed decisions about sharing your information

IX. INTERNATIONAL DATA TRANSFER

Global Operations

Our company is headquartered in 30 N Gould St Ste R Sheridan, WY, 82801-6317 United States, and we provide services globally. As part of our operations, your personal information may be transferred to, stored in, and processed in countries other than your country of residence.

Cross-Border Data Transfer

Your personal information may be transferred to and processed in:

Countries where our servers and data centers are located
Countries where our service providers and business partners operate
Countries where our corporate affiliates are based

Privacy Law Differences

Important Notice:

Please be aware that countries outside your location may have privacy and data protection laws that are not as comprehensive or protective as those in your jurisdiction. When we transfer your personal data internationally, we take appropriate measures to ensure your data receives adequate protection.

Data Transfer Safeguards

When transferring your personal data internationally, we implement safeguards such as:

Standard contractual clauses approved by relevant authorities
Data processing agreements with international partners
Adherence to recognized data protection frameworks
Technical and organizational security measures

Your Consent

By using our service, you acknowledge and consent to the transfer of your personal information to other countries and jurisdictions, and you understand that your personal information will be subject to the laws of those countries.

X. UPDATES TO THIS PRIVACY POLICY

Right to Update

We reserve the right to update, modify, or replace this Privacy Policy at any time to reflect changes in:

Our data practices and processing activities
Applicable laws and regulations
Our service features and functionality
Technology and security standards
Our corporate structure or business operations

Notification of Changes

When we make material changes to this Privacy Policy, we will notify you through:

A prominent notice on our website
Email notification to your registered email address
Push notification through our mobile application
In-app notifications when you next access our service

Review of Updates

We encourage you to:

Periodically review this Privacy Policy
Visit our official website for the latest version
Check the "Last modified" date at the top of this policy
Contact us if you have questions about changes

Continued Use

Your continued use of our service after we publish or notify you of changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the changes, please discontinue use of our service and contact us to close your account.

CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Inquiries: [email protected]

Privacy and Compliance: [email protected]

Data Rights Requests: [email protected]

This Privacy Policy was last updated on 2026-03-03

Effective Date: 2026-03-03