Privacy Policy

1. Introduction

TakeFive ("we", "our", or "us"), operated by Tech Trans Lab, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use the TakeFive mobile application and website (collectively, the "Service").

By using TakeFive, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

We collect the following categories of personal data:

Account information: Email address, username, display name, and password (stored as a secure hash).
Profile information: Biography, avatar/profile image, preferred language, and subscription tier.
Content you create: Video clips, vlogs, captions, and day notes you record and upload.
Social connections: Squad memberships and invitation history.
Authentication credentials: OAuth tokens (Apple ID, Google) and WebAuthn/Passkey public keys.
Device & usage data: Device type, operating system, IP address, push notification tokens, and session metadata.
AI configuration (stored locally only): If you configure a third-party AI API key, it is stored exclusively on your device and never transmitted to our servers.

3. How We Use Your Information

We use collected information to:

Provide, operate, and maintain the TakeFive Service.
Authenticate your identity and secure your account.
Process and store your video content in the cloud (if you choose cloud storage).
Send push notifications for squad activity and daily challenge reminders.
Personalize your experience (language preferences, AI-generated edits).
Monitor and improve the performance, security, and reliability of the Service.
Comply with legal obligations.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Cloud Storage & Media

Video clips and vlogs may be stored on Google Cloud Storage (GCS) or Amazon S3, depending on your subscription tier and settings. Your media is associated with your account and is deleted when you permanently delete your account.

On-device content processed by local AI models is never transmitted to our servers.

5. Third-Party Services

We work with the following third-party providers who may process your data:

Google (Firebase, Google Cloud, Google Sign-In): Authentication, push notifications, and cloud media storage.
Apple (Apple Sign-In, APNs): Authentication and push notifications on iOS.
Amazon Web Services (S3): Cloud media storage.

Each provider operates under their own privacy policy. We encourage you to review them.

6. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, all personally identifiable information — including your profile, authentication credentials, sessions, squad memberships, and submissions — is permanently and irreversibly erased from our databases within 30 days. Cloud media files are scheduled for deletion within the same period.

Anonymized, aggregated analytics data that cannot identify you may be retained indefinitely for product improvement purposes.

7. Your Rights (GDPR & Privacy Laws)

Depending on your location, you may have the following rights:

Right to access: Request a copy of the personal data we hold about you.
Right to rectification: Correct inaccurate or incomplete data via the Settings screen.
Right to erasure ("right to be forgotten"): Permanently delete your account and all associated data via Settings → Delete Account.
Right to data portability: Request an export of your personal data. Contact us to initiate a data export.
Right to restrict processing: Request that we limit how we use your data.
Right to object: Object to processing of your data for specific purposes.

To exercise any of these rights (except deletion, which is available in-app), contact us at the address below.

8. Children's Privacy

TakeFive is not intended for users under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If we discover that a child under the applicable age has provided personal data, we will delete it promptly.

9. Security

We implement industry-standard security measures, including:

Passwords stored as bcrypt hashes (never in plaintext).
JWT-based authentication with short-lived access tokens and rotating refresh tokens.
TLS encryption for all data in transit.
Rate limiting and idempotency controls on sensitive endpoints.

No method of transmission over the Internet or electronic storage is 100% secure. We strive to use commercially acceptable means to protect your data but cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. For significant changes, we will notify you via the app or by email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.