Privacy Policy. EyeCandy.

1. Introduction

Welcome to EyeCandy ("EyeCandy," "we," "us," or "our"). EyeCandy is a personal media-tracking application that helps you discover, organize, rate, and schedule movies, TV shows, anime, manga, comics, books, video games, and sports. This Privacy Policy explains what information we collect when you use EyeCandy, why we collect it, how it is stored and protected, and the rights you have over your data.

We designed EyeCandy to be privacy-respecting by default. We do not sell your personal information, we do not share it with advertisers, and we do not embed third-party advertising SDKs in the app.

By using EyeCandy, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the app.

This policy is published by the developer (an independent developer), contactable at eyecandyiossupport@gmail.com.

2. Information We Collect

We only collect the information that is necessary to provide the features you use. The categories below describe everything that may be collected and stored while you use EyeCandy.

2.1 Account Information

Your EyeCandy account uses an email address and password managed by Firebase Authentication. We do not use Apple Sign-in, Google Sign-in, or other social identity providers for account creation or login.

When you create an EyeCandy account, we collect:

Email address. Used to sign you in, recover your account, and send important account notices.
Password. Handled and stored by Firebase Authentication as a secure, salted hash. We never receive, log, or have access to your plaintext password.
Display name. Shown in the app to personalize your experience.
Unique user identifier (UID). A random identifier assigned by Firebase Authentication that links your data to your account. The UID is not derived from any personal information.

2.2 Your Library and Activity Data

EyeCandy stores the content you choose to save so it can be synced across your devices:

Watchlists, reading lists, and play lists. The titles you add, their status (e.g., "watching," "completed," "plan to watch"), and any personal notes you attach.
Ratings and reviews. Numeric ratings and written reviews you create.
Schedule and calendar entries. Items you have scheduled or pinned to your personal calendar.
Tracked items and progress. Episodes watched, chapters read, pages completed, hours played, teams or leagues followed, and similar progress indicators.
Preferences and settings. App configuration such as theme, default list view, notification preferences, and enabled features.

2.3 Integrations and User-Supplied Credentials

Some features require connecting to third-party services. These integrations are optional linked accounts for data sync. They are not identity providers for your EyeCandy account. When you enable these integrations, we store only what is needed for the integration to function:

OAuth tokens issued by services you link (e.g., MyAnimeList, RAWG, TMDB, Open Library, Apple Music, Spotify). Tokens are stored securely in your account and used solely to read or write the data you have authorized.
User-supplied API keys. If you supply your own API key for a service (for example, a personal DeepSeek API key or Google TTS key), the key is encrypted at rest in your account and used only for requests you initiate.

You can revoke any integration at any time from within the app, which deletes the associated tokens and keys from our systems.

2.4 Notifications

Push notification token issued by Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM). We store this token so we can deliver notifications you have opted into (for example, release reminders and schedule alerts). Notifications are disabled by default until you grant permission.

2.5 Candy AI Assistant Usage

EyeCandy includes an optional AI assistant called Candy AI. When you use Candy AI, we collect:

Chat prompts and responses. The text you send and the replies generated. These are stored only long enough to display the conversation in the app and to enforce fair-use rate limits.
Usage counters and timestamps. The number of requests you have made within a given period, used exclusively to prevent abuse and apply rate limits.
User-supplied DeepSeek API key (optional). If you choose to supply your own DeepSeek API key, your Candy AI requests are sent directly to DeepSeek and are subject to DeepSeek's own privacy policy. In this mode, requests do not pass through our Firebase proxy. Your key is stored encrypted at rest in your account and is used only for requests you initiate.
In-chat AI reports. If you report a problematic AI response from within the chat, we store your UID and a truncated snippet of the assistant message (up to 2,000 characters). These reports are reviewed by the developer to improve safety and response quality.
We do not use your chat history to train AI models.

2.6 Device and Diagnostic Information

To keep the app stable and compatible, we collect a minimal amount of device metadata:

Operating system and version (e.g., "iOS 18.3").
Device model class (e.g., "iPhone").
App version and build number.
Crash logs and non-fatal error reports, if you have Apple's diagnostic sharing enabled or if we use a crash-reporting service.

We do not collect your precise location, your contact list, your photo library, your microphone, your advertising identifier (IDFA), or any biometric data.

2.7 Information We Do Not Collect

For clarity:

We do not track you across apps or websites.
We do not use advertising SDKs.
We do not create marketing profiles about you.
We do not sell any data.

3. How We Use Your Information

We use the information described above only for the purposes listed here:

To provide the core app experience. Storing your lists, ratings, schedule, tracked progress, and preferences so they appear correctly on every device where you sign in.
To authenticate you. Verifying your identity when you sign in with your email address and password via Firebase Authentication.
To sync your data. Replicating your library across your devices in near real time.
To send notifications you have opted into. Release reminders, schedule alerts, and other alerts tied to items you track.
To enable optional integrations. For example, importing your MyAnimeList library when you have authorized those services.
To power Candy AI. Forwarding your prompt to the AI provider and returning the response.
To enforce fair use and prevent abuse. Counting requests to Candy AI, detecting automated abuse, and preventing credential misuse.
To diagnose problems and improve reliability. Using crash reports and aggregate usage signals to fix bugs and compatibility issues.
To communicate with you about your account. Security notices, service changes, or responses to support requests.

We do not use your information for advertising, marketing profiling, or resale.

4. Third-Party Services and Data Sources

EyeCandy relies on carefully chosen third parties to deliver its features. Each has its own privacy practices, which govern the data they receive.

4.1 Infrastructure Processors

Firebase Authentication (Google LLC). Handles sign-in, session tokens, and account recovery.
Cloud Firestore (Google LLC). Stores your account data, lists, ratings, schedule, preferences, and integration tokens.
Firebase Cloud Functions (Google LLC). Runs server-side logic, such as proxying AI requests and enforcing rate limits.
Firebase Cloud Messaging / Apple Push Notification service. Delivers push notifications you have opted into.
DeepSeek. Provides the large language model that powers the Candy AI assistant.
Google Cloud Text-to-Speech. Converts selected text into spoken audio when you use the text-to-speech feature.

These providers act as data processors. They are contractually obligated to use your data only to deliver their service to us and to maintain appropriate security controls.

4.2 Content Data Sources

EyeCandy queries public content catalogs to show you metadata such as titles, cover art, release dates, cast, and descriptions. When the app fetches this metadata, only a generic HTTP request is sent. Your account identity and personal data are not disclosed to these providers.

The Movie Database (TMDB). Movies, TV shows, and people.
AniList. Anime and manga metadata and optional list syncing if you connect your account.
Jikan (MyAnimeList). Anime and manga metadata.
RAWG and IGDB. Video game metadata.
Comic Vine. Comics metadata.
Open Library. Book metadata and reading-list sync.
ESPN. Sports schedules, scores, and team data.

If you explicitly authorize an integration, the relevant provider will receive the data you share through that integration under their own privacy policy.

4.3 No Advertising Partners

We do not integrate any advertising networks, analytics SDKs that profile users, or data brokers.

5. Data Storage and Security

We take reasonable and industry-standard measures to protect your data.

Encrypted in transit. All communication between the app, our Firebase backend, and third-party APIs uses HTTPS/TLS.
Encrypted at rest. Firebase Authentication and Cloud Firestore encrypt stored data at rest.
Access controls. Firestore security rules restrict each user's records to that user's authenticated UID. A user cannot read or write another user's data.
Secret handling. API keys we own are stored in secure server-side configuration and are never embedded in the app binary. User-supplied API keys are stored encrypted and scoped to the user's account.
Server-side proxying. Requests to third-party APIs that require credentials or rate limiting are proxied through Firebase Cloud Functions.
Principle of least privilege. Only authorized maintainers have administrative access to the backend, and administrative access is audited.
No advertising trackers.

No online service can guarantee absolute security, but we work continuously to identify and mitigate risks. If we become aware of a security incident affecting your data, we will notify you as required by applicable law.

6. Your Rights and Choices

6.1 Access and Review

You can view all of the content you have added to EyeCandy (lists, ratings, schedule, tracked progress, and preferences) directly within the app at any time.

6.2 Correction

You can edit or update any entry you have created, change your display name, and update your preferences from within the app.

6.3 Deletion

Delete individual items. Remove any list entry, rating, review, or scheduled item at any time.
Disconnect integrations. Revoke OAuth tokens and delete user-supplied API keys from the app's Settings screen.
Delete your entire account. You can delete your account from within the app at Settings → Account → Delete Account. Account deletion removes your Firebase Authentication record and all Firestore documents associated with your UID. Some residual backup copies may persist for up to 30 days before being overwritten on routine backup rotation.

6.4 Export

You can export your library to CSV or MAL XML from within the app (Settings → Data → Export). The export includes your lists, ratings, and tracked items in a portable format that you own and can take to another service.

6.5 Notification Controls

You can disable push notifications at any time, either within EyeCandy's Settings or in your device's system Settings app.

6.6 Regional Rights

Depending on where you live, you may have additional rights under laws such as the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and similar statutes. These may include the right to:

Request a copy of the personal information we hold about you.
Request correction or deletion of that information.
Object to or restrict certain processing.
Lodge a complaint with your local data protection authority.

To exercise these rights, contact us at eyecandyiossupport@gmail.com. We will respond within the timeframe required by applicable law. We will never discriminate against you for exercising a privacy right.

7. Children's Privacy

EyeCandy is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction, such as 16 in parts of the EU). We do not knowingly collect personal information from children. If you believe a child has provided us personal information without appropriate consent, please contact eyecandyiossupport@gmail.com and we will promptly delete the information and terminate the account.

8. Data Retention

Active accounts. Your data is retained for as long as you continue to use EyeCandy.
Deleted accounts. When you delete your account, we remove your Firebase Authentication record and your Firestore documents. Residual copies in encrypted backups are overwritten within 30 days on normal rotation.
Candy AI history. Chat history is retained until you clear it or delete your account. Rate-limit counters reset on a rolling basis.
Diagnostic data. Crash logs and aggregate diagnostics are retained for up to 90 days for debugging and reliability purposes.

9. International Users

EyeCandy uses Google's Firebase platform, which operates globally. Your data may be stored and processed in data centers outside your country of residence, including in the United States. We rely on Google Cloud's Standard Contractual Clauses (SCCs) for international data transfers. Our Firebase project is hosted in Google Cloud's multi-region (us-central1). For EU/UK users who require in-region data localization, please contact eyecandyiossupport@gmail.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, new features, or legal requirements. When we make a material change, we will:

Update the "Last Updated" date at the top of this page.
Post the revised policy at this URL.
Notify you in the app or via email if the change materially affects your rights or how we handle your data.

Continuing to use EyeCandy after an update means you accept the revised policy. If you do not agree, you can export your data and delete your account at any time.

11. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or your data, please get in touch:

Email: eyecandyiossupport@gmail.com

We do our best to respond to every privacy inquiry within 30 days.