TIZANI
Privacy

Privacy Policy

This policy explains what information Tizani processes, why we process it, who helps us operate the service, and how you can control or delete your information.

Effective July 10, 2026

1. Information we process

Account and profile

We process your email address, username, password hash, verification state, display name, biography, profile image, preferences, and account status. We never store your plaintext password.

Content and activity

We process reviews, ratings, replies, custom lists, watchlist entries, follows, likes, reports, notification state, and other actions you choose to make in Tizani. Public profile and community content is visible to other signed-in users as described in the app.

Subscriptions

Apple processes payment. Tizani receives signed transaction evidence, product and expiration status, an account-linking token, and Apple transaction identifiers. We do not receive or store your payment-card details. A pseudonymous Apple subscription-chain binding is retained after account deletion to prevent purchase transfer, replay, or fraud.

Device, advertising, and technical data

We process limited device and app information needed for authentication, fraud prevention, rate limiting, diagnostics, and service security. Free-tier users may be shown Google Mobile Ads only after the required consent flow. Depending on your choices and region, Google may process device or advertising identifiers under its own policies. Paid users do not initialize the advertising SDK.

Network addresses used for abuse prevention are converted to keyed, non-reversible rate-limit identifiers. Restricted administrator security records may include source address and user-agent data for incident investigation.

2. How we use information

3. Service providers and disclosures

We use service providers only to operate Tizani. These may include Apple for subscriptions and app distribution; Railway and PostgreSQL/Redis infrastructure for hosting; Cloudflare R2 for media storage; an email-delivery provider; Google AdMob and User Messaging Platform for consented free-tier advertising; and TVDB or AniList for catalog information. Providers may process information only for the services they supply and must protect it consistently with their agreements and applicable law.

We may disclose information when legally required, to protect people or the service from harm, or as part of a business transaction subject to appropriate confidentiality and user notice. We do not sell personal information for money.

4. Retention

InformationRetention approach
Account, profile, and user-generated contentWhile your account is active; erased when you complete in-app account deletion, except records described below.
Authentication challengesExpire within the displayed verification window and are removed within 24 hours after expiry.
Expired or revoked session metadataUp to 30 days after expiration or revocation; raw refresh credentials are never stored.
Rate-limit and API idempotency recordsUntil their short security or retry window expires, then removed by scheduled cleanup.
Signed feed exposure and interaction telemetryUp to 90 days for abuse detection, replay prevention, and product reliability; these client events never determine authoritative ranking counters.
Processed delivery/outbox records30 days; unresolved dead letters are retained until investigated.
Signed App Store notification payloadsUp to 365 days, after which the payload is scrubbed while its notification UUID replay tombstone remains.
Subscription-chain bindingA pseudonymous original-transaction binding is retained for the life of the service so a deleted account’s purchase cannot be claimed by another account.
Security and moderation audit recordsRetained only as needed for security, dispute handling, and legal obligations, with access restricted to authorized administrators.
Provider backups and operational logsKept on a limited rolling schedule and removed through the provider’s normal rotation; deleted account data may remain inaccessible in encrypted backups until rotation completes.

5. Your choices and rights

You can update profile information in the app, manage advertising privacy choices from Settings when available, and manage Apple billing from Apple’s subscription settings. Depending on where you live, you may have rights to access, correct, export, object to, restrict, or delete personal information.

Account deletion: Settings includes permanent account deletion. It deletes the account and associated user-generated content, revokes sessions, and removes stored media. Deletion does not cancel an Apple subscription; the app shows Apple’s subscription-management link before confirmation. The pseudonymous no-transfer subscription tombstone described above remains.

6. Security and international processing

We use transport encryption, restricted credentials, hashed authentication material, access controls, upload quarantine, database constraints, monitoring, and backups designed to protect information. No system can guarantee absolute security. Service providers may process information in countries other than your own under their applicable transfer safeguards.

7. Children

Tizani is not directed to children under 13, and we do not knowingly collect personal information from a child below the minimum age permitted in their location. Contact us if you believe a child provided information so we can investigate and delete it.

8. Changes and contact

We may update this policy as Tizani changes. We will update the effective date and provide additional notice in the app when a change materially affects your choices.

Privacy requests: privacy@tizani.app
Support: support@tizani.app