Privacy Policy

1. Introduction

This Privacy Policy describes how Individual Entrepreneur Atambaev Nurbek Kerimovich, registered in the Kyrgyz Republic ("Animy," "we," "us," or "our"), collects, uses, and protects information in connection with the Animy website (animy.ai) and related applications and services (collectively, the "Service").

By using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service. The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are between 13 and 17 years of age, you may use the Service only with the involvement and consent of a parent or legal guardian.

2. Information We Collect

2.1 Information You Provide

When you create an account, we collect the email address you provide. Accounts are authenticated via magic link, so no password is created or stored.

When you subscribe to a paid plan, payment information is collected and processed by Paddle (see Section 5). We do not collect, store, or have access to your full payment-card details.

2.2 User-Generated Content

The Service stores content that you upload to or create within it, including:

• Drawings and photos you upload for processing;
• Text descriptions and prompts you provide;
• Stylized images generated from your inputs;
• Animated videos generated from your inputs;
• Usage history and your interactions with these items within the Service.

2.3 Information Collected Automatically

When you use the Service, certain technical information is collected automatically for operational, analytics, and anti-fraud purposes:

• IP Hash: Your IP address is processed using a one-way hash function. We do not store raw IP addresses;
• Device Information: User agent strings and platform hints, used for anti-fraud detection and device identification;
• Device Hash: An irreversible hash of device characteristics, used solely for anti-fraud purposes;
• Anonymous Identifier: A locally generated anonymous ID that rotates periodically, used to maintain session continuity;
• Usage Events: Server-side analytics events covering features used, generations created, and funnel actions (such as paywall views, plan selections, and checkout completions), used to understand how the Service is used and to improve it;
• Attribution Parameters: UTM parameters and advertising click IDs (such as fbclid, gclid, ttclid) present in your session, used to measure the effectiveness of marketing campaigns.

3. Local Storage (No Traditional Cookies)

We do not use traditional HTTP cookies. Instead, we use browser localStorage for essential service functionality. The following keys are used:

• Authentication session token (for keeping you signed in);
• Anonymous user identifier (rotates periodically);
• Device fingerprint hash (for anti-fraud detection);
• Timestamp metadata for the anonymous identifier.

We do not use third-party tracking cookies, advertising pixels, behavioral retargeting, or cross-site tracking. You can clear localStorage at any time through your browser settings; doing so will sign you out of the Service.

4. How We Use Information

We use the information we collect to:

• Operate, maintain, and provide the Service to you;
• Authenticate you and manage your account and subscription;
• Process the drawings and prompts you submit through our AI pipeline to produce stylized images and animations;
• Detect and prevent fraud, abuse, and unauthorized use;
• Send transactional communications (such as magic-link sign-in emails, payment receipts, and account or service notices);
• Measure the effectiveness of our marketing campaigns and understand how users discover the Service;
• Improve the Service, including its features, performance, and content-safety systems, in aggregate and de-identified form;
• Comply with our legal obligations and enforce our Terms of Service.

We do not sell your personal information. We do not use your personal information to serve advertisements inside the Service. We do not engage in behavioral profiling of children or minors.

5. Third-Party Service Providers

We share information with the following third parties only to the extent necessary to operate the Service:

5.1 Paddle (Payments and Tax)

Paddle.com Market Limited acts as our Merchant of Record. Paddle processes all payments and subscriptions, handles invoicing, and collects and remits VAT or sales tax in your jurisdiction. Paddle receives the payment information you provide at checkout and the email address associated with your account. Paddle is responsible for the privacy of payment data and is subject to its own privacy policy, available at https://www.paddle.com/legal/privacy.

5.2 Kling AI (Animation Generation)

Drawings and stylized images are transmitted to Kling AI for animation generation. Only the image file and an internal job identifier are sent. No personal information (email, user ID, IP address, name) is transmitted. Kling AI may retain processed content for approximately 30 days according to its own retention policy.

5.3 Google Gemini (Image Stylization)

Drawings may be transmitted to Google Gemini for stylization. Only the image file and an internal job identifier are sent. No personal information is transmitted. Use of Gemini is subject to Google's privacy policy.

5.4 Supabase (Backend Infrastructure)

Supabase provides authentication, database hosting, and event-logging infrastructure. Supabase stores your account email, authentication session data, generated content metadata, and server-side analytics events.

5.5 Email Delivery

Transactional emails (such as magic-link sign-in emails) are delivered through a third-party email service provider, which receives the recipient's email address solely for the purpose of message delivery.

5.6 Hosting

Application infrastructure is hosted with cloud and platform providers that act as data processors on our behalf.

We do not share personal information with any third party for marketing or advertising purposes other than aggregate, de-identified measurement of our own advertising campaigns. We do not sell or rent personal information.

6. AI Processing of Your Content

The core functionality of Animy involves processing your inputs through third-party AI services to produce stylized images and animations. Important points about this processing:

• Only the image file (and, where you provide one, the text prompt) plus an internal job identifier is transmitted to third-party AI providers;
• No personal information (email, user ID, IP address, or any identifying data) is ever transmitted to AI providers;
• All AI processing is performed anonymously with respect to your identity;
• Animy does not use Your Content to train its own AI models;
• We cannot guarantee that third-party AI providers do not use submitted data for model training or improvement. We encourage you to review the privacy policies and terms of these providers.

7. Data Retention

• Account data (email and session information) is retained until the account is deleted, plus a short period (typically 30 days) for technical processing;
• User-generated content (uploaded drawings, stylized images, and animations) is retained until you delete it or your account is deleted;
• Inactive accounts: accounts with no login activity for 365 or more consecutive days and no active paid subscription receive a notification. If no action is taken within 60 days, the account and associated data may be permanently deleted;
• Accounts with active paid subscriptions are not automatically deleted;
• Server-side analytics events are retained in aggregated form for as long as needed to operate, secure, and improve the Service;
• Content previously transmitted to third-party AI providers is subject to those providers' own retention policies (Kling AI: approximately 30 days).

8. Data Security

We implement reasonable administrative, technical, and physical measures to protect personal information, including:

• One-way hashing of IP addresses and device identifiers — raw IP addresses are never stored;
• Passwordless magic-link authentication, reducing the risk of credential theft;
• Encrypted data transmission over HTTPS;
• Access controls and authentication requirements for internal systems;
• AI-powered content-safety screening of uploads before processing.

Despite these measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

9. Your Rights

Subject to applicable law, you have the right to:

• Access the personal information we hold about you;
• Correct inaccurate or incomplete information;
• Delete your account and associated personal information;
• Restrict or object to certain processing;
• Receive a copy of your data in a portable format;
• Withdraw consent (where processing is based on consent);
• Lodge a complaint with a data-protection authority in your jurisdiction.

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar protections, these rights apply to you. To exercise any of these rights, please contact us at team@animy.ai. You may also delete your account and content directly through the account-settings screen in the Service. We process personal data based on the following legal bases: consent (account creation and optional features), contractual necessity (Service delivery and billing), legal obligation (tax and compliance), and legitimate interest (anti-fraud protection and Service improvement).

10. Children's Privacy

The Service is not directed to and is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child under 13 has provided us with personal information, please contact us at the address below and we will take steps to delete that information promptly.

If you are between 13 and 17, you may only use the Service with the involvement and consent of a parent or legal guardian.

11. International Data Transfers

Animy is operated from the Kyrgyz Republic. Your information may be transferred to and processed in countries other than your country of residence (including the United States, the European Economic Area, and other locations where our third-party providers operate). By using the Service, you consent to such transfers. Where required by law, we put appropriate safeguards in place for international transfers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the Effective Date and, where appropriate, by providing additional notice (for example, by email or an in-Service notification). Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

13. Contact

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

This Privacy Policy was last updated on May 17, 2026.