Legal
Privacy Policy
Last updated: 4 May 2026
This Privacy Policy explains how Mindzone Technologies LLC (“Mindzone,” “we,” “us”), the publisher of Takery (the “App”), collects, uses, stores, shares, and protects information when you use takery.io, our mobile applications for iOS and Android, and related services (together, the “Service”).
1. Who we are
Mindzone Technologies LLC is a company registered in Dubai, United Arab Emirates. We are the controller of personal data collected through the Service. For any privacy question or request you can contact us at privacy@takery.io.
2. The short version
- Your videos stay on your phone. Takery is a local-first recorder. Recordings save to your device Photos library. We never upload, store, or have access to the video files themselves.
- We collect what we need to make the App work — your email, the profile you give us during onboarding, the scripts we generate for you, and basic usage telemetry.
- We do not sell your personal data. Ever.
- You can export or delete your account from within the App.
3. Information we collect
3.1 Information you give us
- Account & authentication: email address and the 6-digit one-time codes used to sign in. We do not use passwords.
- Onboarding profile: your name, preferred language, industry, role description, content goal (e.g. clients vs. brand awareness), and primary pain point. This profile personalises the scripts the App generates for you.
- Project & script content: the inputs you provide (uploaded reels, voice notes, written notes, templates you choose), and the scripts we produce for you. Each script is stored as a versioned record on your account so you can edit, regenerate, and reuse it.
- Take metadata (no video bytes): when you record a take, we store only the local Photos library identifier (PHAsset ID on iOS, content URI on Android) and the duration. The video itself remains on your device.
- Notification & communication preferences: whether you have enabled push notifications and email digests, and your timezone and locale.
- Support correspondence: messages you send us by email or in-app feedback.
3.2 Information collected automatically
- Device & app data: platform (iOS or Android), OS version, device model, App version, push notification token, and last-seen timestamp.
- Session & security data: hashed refresh tokens (we store only a SHA-256 hash, never the raw token), IP address at the time of authentication events, and rate-limiting counters.
- Usage telemetry: events that describe how you move through the App (e.g. onboarding step completed, template selected, script generated, recording started, project posted). We use this to improve the product. See §5 (Analytics) for the providers involved.
- Crash & error data: stack traces, device state at the moment of an error, and the App version, captured by our error monitoring tool.
3.3 Information we receive from third parties
- RevenueCat: if you purchase a subscription via the Apple App Store or Google Play, we receive subscription status, tier, renewal date, and a RevenueCat user identifier. We never receive your full card number or Apple/Google account credentials.
- Apple App Store / Google Play: the minimum order and entitlement data forwarded by the platform via RevenueCat webhooks.
4. How we use your information
We use the information described above to:
- Create and authenticate your account and keep you signed in across sessions.
- Personalise the scripts the App generates for you, based on the profile you provide during onboarding.
- Operate core features: template browsing, script generation, the teleprompter, recording, project history, and notifications.
- Provision and meter your subscription tier (Basic vs. Pro) and monthly usage.
- Send transactional messages — sign-in codes, account security alerts, subscription receipts, and (if you opt-in) email digests.
- Send push notifications about projects you started, new formats, or posting reminders, where you have enabled them.
- Detect, prevent, and respond to abuse, fraud, and technical issues (including rate-limiting).
- Improve the product through aggregated usage analytics.
- Comply with legal obligations and enforce our Terms.
5. Service providers we share data with
We rely on a small number of trusted processors to operate the Service. We share with each only the data they need to perform the function listed below.
| Provider | Purpose | Data shared |
|---|---|---|
| OpenAI, OpCo, LLC | Generating and rewriting scripts; transcribing voice notes | The template, transcript, voice note, or notes you submit; your onboarding profile fields used as prompt context. Inputs are sent to OpenAI’s API and not used to train their public models. |
| Resend | Transactional email (sign-in codes, receipts, digests) | Email address and the message contents. |
| Unipile | Receiving Instagram reels you forward to Takery via Instagram Direct Message | Your Instagram account handle (when you connect it), the reel link or video you forward, and basic message metadata. We use this only to fetch the reel you sent so we can transcribe it into a script. |
| RevenueCat | Subscription management and entitlements | Anonymous app user ID, subscription events, store receipt metadata. |
| Apple App Store / Google Play | Processing in-app purchases | Order data handled directly by the platform. |
| Expo (push notifications) | Delivering push notifications to your device | Push token and notification payloads. |
| PostHog | Product analytics | Pseudonymous user ID and event data describing how you use the App. Configured to mask sensitive input. |
| Sentry | Crash and error monitoring | Stack traces, App version, device metadata. |
| CockroachDB Serverless | Primary application database | All persistent account, project, script, and notification data described in §3. |
| Upstash (Redis) | Short-lived state (OTP codes, rate limits, generation job status) | Hashed identifiers and short-lived data with automatic expiry. |
| Cloud hosting (e.g. Fly.io / Railway) | Running our API and background workers | The data described above, in transit and at rest. |
We do not sell, rent, or trade your personal data. We do not share it for third-party advertising. We may disclose information if required by law, lawful request, court order, or to protect our rights, users, or the public.
6. Automated script generation
Scripts in the App are generated by OpenAI’s chat completion models. When you remix a template, paste a reel link, dictate a voice note, or write a free-form note, those inputs together with relevant fields from your onboarding profile are sent to the model so it can produce a script for you. We do not use your inputs or outputs to train models, and our provider treats API inputs as confidential under their commercial terms. Generated text may occasionally be inaccurate, biased, or unsuitable — review every script before publishing.
7. Your videos and the Photos library
The recorder runs entirely on your device. We request access to your camera, microphone, and Photos library so you can film and save takes. The video files are written to your device Photos library and are never uploaded to our servers. We retain only the local asset identifier and duration of each take so the App can re-link the file in your project history.
8. Cookies and similar technologies
Our marketing site at takery.io uses a minimal set of strictly-necessary cookies and privacy-friendly analytics. The mobile App does not use advertising cookies or third-party tracking SDKs.
9. Legal bases for processing (EEA / UK users)
- Contract — to provide the Service you signed up for (account, generation, recording, history).
- Legitimate interests — to keep the Service secure, prevent abuse, measure product quality, and improve features.
- Consent — for optional push notifications, email digests, and access to camera / microphone / Photos. You can withdraw consent at any time in the App or in your device settings.
- Legal obligation — where we must process data to comply with applicable law.
10. International data transfers
We are based in the UAE and our processors operate primarily from the United States and the European Union. By using the Service you understand that your data may be transferred to, stored, and processed in those jurisdictions. Where required, we rely on Standard Contractual Clauses or equivalent safeguards in our agreements with processors.
11. Data retention
- Account data — kept until you delete your account, then removed within 30 days (audit logs may persist for up to 12 months for security and fraud prevention).
- Projects and scripts — kept while your account is active; soft-deleted when you remove a project and purged within 30 days.
- Refresh tokens — hashed; expire after 90 days or when you sign out.
- OTP codes & rate-limit counters — auto-expire in Redis within 10 minutes to 1 hour.
- Webhook events — retained for up to 12 months for billing and dispute resolution.
- Anonymous analytics & aggregated metrics — may be retained indefinitely.
12. Your rights
Depending on where you live, you may have the right to access, correct, export, delete, or restrict processing of your personal data, and to object to certain processing. You can exercise the most common rights directly:
- Access & export — request a copy of your account data from Settings → Privacy → Export my data in the App. We deliver a downloadable file within 30 days.
- Delete — delete your account from Settings → Account → Delete account. This is permanent.
- Correct — edit your profile in Settings → Profile.
- Withdraw consent — toggle push and email digest preferences in Settings → Notifications; revoke camera, microphone, or Photos access in your device settings.
For any request you cannot complete in-app, email privacy@takery.io. EU/UK users may also lodge a complaint with their local data protection authority.
13. Children
The Service is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact privacy@takery.io and we will delete it.
14. Security
We protect your data with TLS in transit, encryption at rest in our managed databases, scoped JWT access tokens with a 15-minute lifetime, hashed refresh tokens, rate limiting on sensitive endpoints, and least-privilege access controls inside Mindzone. No system is perfectly secure — if you discover a vulnerability, please report it to security@takery.io.
15. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced in the App or by email at least 14 days before they take effect. The “Last updated” date at the top reflects the latest revision.
16. Contact us
Mindzone Technologies LLC
Dubai, United Arab Emirates
Privacy: privacy@takery.io
Security: security@takery.io
General: hello@takery.io