Privacy Policy for AFIA
Effective date: April 19, 2026
Last updated: April 19, 2026
AFIA ("AFIA", "we", "us", or "our"), operated by Zoku Labs LLC, provides a mobile application that helps content creators analyze short-form videos, track social media metrics, and generate scripts, captions, and ideas with the help of AI ("the App"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.
If you have questions, contact us at hello@joinafia.com.
1. Information We Collect
1.1 Information you provide
- Account information. Email address, password (stored only as a salted bcrypt hash), and optional full name and profile picture (avatar).
- Onboarding responses. Your audience description, content goals, content topics, experience level, and how you heard about us.
- User-generated content. Videos you upload for analysis, generated or saved scripts, captions, and ideas, and messages you send to the in-app AI coach.
- Support correspondence. Any messages you send us by email.
1.2 Information collected automatically
- Device and signup metadata. IP address and a device identifier captured at signup, used for fraud prevention and abuse detection.
- Usage counters. Counts of video analyses, caption generations, script generations, idea generations, and coach messages, used for subscription quota enforcement.
- Authentication tokens. Refresh tokens we issue to keep you signed in.
1.3 Information from connected social accounts
If you connect TikTok or Instagram, we receive and store information from those platforms based on the permissions you grant:
- TikTok. Scopes:
user.info.basic,user.info.profile,user.info.stats,video.list. We store your TikTok user ID, username, OAuth access and refresh tokens, follower counts, engagement metrics, and a list of your videos and their public metrics. - Instagram (Business / Creator accounts). Scopes:
instagram_business_basic,instagram_business_manage_insights. We store your Instagram user ID, username, OAuth access token, follower counts, engagement metrics, post and reel performance (views, likes, comments, shares, saves, reach, impressions, profile views, total interactions), and aggregated follower demographics provided by Instagram.
We never request your TikTok or Instagram password. You can disconnect either account at any time inside the App.
1.4 Subscription and purchase information
We use RevenueCat and the Apple App Store / Google Play Store to manage in-app subscriptions ($9.99/month or $49.99/year). We receive your subscription status, plan, renewal date, and a non-financial purchase history. We never receive or store your full payment card or bank details — those are handled by Apple, Google, and their payment processors.
1.5 Device permissions we request
- Camera. Used only when you choose to take a profile picture in the App. Photos are not captured in the background.
- Photo library / media. Used when you select a profile picture or choose a video to upload for analysis.
- Microphone (
RECORD_AUDIO). Used as part of video selection and processing on Android.
You can revoke any of these permissions at any time in your device settings.
1.6 Permissions and data we do NOT collect
For clarity, AFIA does not collect:
- Precise or approximate location, GPS, or background-location data
- Contacts, calendar, SMS, or call logs
- Health, fitness, or biometric data
- Browsing history outside the App
- Push-notification tokens (the App uses in-app notifications only)
- Third-party advertising identifiers (the App contains no ads and no advertising SDKs)
We also do not currently use third-party analytics or crash-reporting SDKs (e.g., Mixpanel, Firebase Analytics, Sentry).
2. How We Use Your Information
We use the information described above to:
- Create and secure your account and authenticate your sessions.
- Provide the core features of the App: video analysis, metrics dashboards, AI-generated scripts, captions, ideas, and the AI coach.
- Sync and refresh metrics from your connected TikTok and Instagram accounts.
- Process and verify your subscription, and enforce free-tier usage limits.
- Send transactional emails (account verification, password reset, important account notices).
- Detect, prevent, and respond to fraud, abuse, and Terms of Service violations.
- Improve the quality of the App, debug issues, and develop new features.
We do not use your data for advertising, and we do not sell your personal information.
3. AI Processing of Your Content
AFIA uses OpenAI to power its AI features:
- Videos you upload are transcribed using OpenAI's Whisper API to enable analysis and feedback.
- Scripts, captions, ideas, and AI coach responses are generated using OpenAI's GPT models. The prompts include relevant context such as your video transcript, niche, and the message you sent.
OpenAI processes this content as our subprocessor under their API data-handling commitments. As of the effective date of this policy, OpenAI states that data submitted via its API is not used to train its models. See OpenAI's API Data Usage Policy for details.
4. How We Share Your Information
We share information only with the following categories of recipients, and only as needed to operate the App:
| Recipient | Purpose | Data shared |
|---|---|---|
| OpenAI | AI transcription and generation | Video transcripts, prompt context, your generation request |
| RevenueCat | Subscription management | Your AFIA user ID, subscription events |
| Apple App Store / Google Play | Payment processing for IAP | Handled directly by the store; we receive only the resulting subscription status |
| Resend | Transactional email delivery | Your email address and the message we send |
| Google Cloud Storage | Hosting your uploaded videos, thumbnails, and avatars in a private bucket | The uploaded files |
| TikTok and Meta / Instagram | OAuth and metrics retrieval | API requests authenticated with the tokens you authorized |
| Hosting and infrastructure providers | Running the AFIA backend and database | All data described in Section 1, as needed to serve requests |
We may also disclose information when required by law, valid legal process, or to protect the rights, property, or safety of AFIA, our users, or others.
We do not sell or rent your personal information to third parties, and we do not share it with advertisers or data brokers.
5. Data Retention
- Account data is retained while your account is active.
- Uploaded videos are not stored in our server, they are discarded after analysis.
- Generated content (scripts, captions, ideas, coach messages) is retained until you delete it or your account.
- Social-platform tokens and synced metrics are retained while the connection is active. If you disconnect a platform, the corresponding tokens and metrics are removed within a reasonable period.
- Refresh tokens expire automatically and are rotated on use.
- Backups and logs may persist for a limited period after deletion for security and reliability purposes, after which they are overwritten.
When you delete your account (see Section 7), we delete or anonymize your personal information, except where retention is required by law (for example, for tax or fraud-prevention records).
6. Security
We use industry-standard safeguards to protect your information, including:
- Passwords hashed with bcrypt (we never store plaintext passwords).
- HTTPS / TLS for all network traffic between the App and our servers.
- OAuth tokens stored server-side, never exposed to the client.
- Private object storage for uploaded media, accessed only via short-lived signed requests.
- Access controls and least-privilege principles for our infrastructure.
No system is perfectly secure. If we become aware of a security incident affecting your data, we will notify you and applicable regulators where required by law.
7. Your Rights and Choices
Depending on where you live, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your account and associated personal information.
- Export a copy of your data.
- Object to or restrict certain processing.
- Withdraw consent for optional processing.
You can exercise these rights by emailing hello@joinafia.com. We will respond within the timeframe required by applicable law (typically 30 days). You can also delete your account directly inside the App, which removes your stored content as described in Section 5.
If you are in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing are: (a) performance of our contract with you (providing the App), (b) our legitimate interests in operating, securing, and improving the App, (c) your consent (for example, when you connect a social platform or grant a device permission), and (d) compliance with legal obligations.
If you are a California resident, you have additional rights under the CCPA/CPRA, including the right to know, the right to delete, the right to correct, and the right to opt out of the "sale" or "sharing" of personal information. AFIA does not sell or share personal information as those terms are defined under California law.
8. Children's Privacy
AFIA is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children under that age. If you believe a child has provided us personal information, contact us at hello@joinafia.com and we will delete it.
9. International Data Transfers
AFIA is operated from the United States and uses cloud infrastructure that may be located in the United States and other countries. By using the App, you understand that your information may be transferred to and processed in countries other than your own. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses.
10. Third-Party Services and Links
The App connects with TikTok and Instagram via their official APIs. Your use of those platforms is governed by their own privacy policies. We encourage you to review them:
- TikTok Privacy Policy: https://www.tiktok.com/legal/privacy-policy
- Meta / Instagram Privacy Policy: https://privacycenter.instagram.com/policy
- OpenAI Privacy Policy: https://openai.com/policies/privacy-policy
- RevenueCat Privacy Policy: https://www.revenuecat.com/privacy
- Apple App Store Privacy: https://www.apple.com/legal/privacy/
- Google Play Privacy: https://policies.google.com/privacy
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top and, where appropriate, notify you in the App or by email. Your continued use of the App after the changes take effect constitutes your acceptance of the updated policy.
12. Contact Us
If you have any questions, requests, or complaints about this Privacy Policy or our data practices, contact us at:
Email: hello@joinafia.com