Privacy Policy

1. Introduction

Welcome to Bevy, an AI-powered truth or dare mobile application operated by Anant Jain (“us,” “we,” or “our”). This Privacy Policy governs your use of Bevy (the “Service”), including any related in-person meetups we host, and explains how we collect, safeguard, and disclose information resulting from your use of our Service.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used herein have the same meanings as in our Terms of Service.

Our Terms of Service (“Terms”) govern all use of our Service and, together with this Privacy Policy and our Legal Disclaimer, constitute your agreement with us (“Agreement”).

2. Data Controller

For the purposes of the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and other applicable data protection laws, the data controller is:

Anant Jain
Email: bevytheapp@gmail.com
Location: London, United Kingdom

3. Definitions

SERVICE: The Bevy mobile application operated by Anant Jain.

PERSONAL DATA: Any information relating to an identified or identifiable natural person.

USAGE DATA: Data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.

AI DATA: Data processed by or generated through our artificial intelligence systems, including prompt identifiers and interaction patterns.

DATA CONTROLLER: The natural or legal person who determines the purposes and means of processing personal data. For this Privacy Policy, Anant Jain is the Data Controller.

DATA PROCESSORS (OR SERVICE PROVIDERS): Any natural or legal person who processes data on behalf of the Data Controller.

DATA SUBJECT: Any living individual who is the subject of Personal Data.

USER: The individual using our Service. The User corresponds to the Data Subject.

4. Legal Basis for Processing (UK GDPR / EU GDPR)

We process your Personal Data on one or more of the following legal bases:

• Consent: You have given consent to the processing of your Personal Data for one or more specific purposes.
• Performance of a Contract: Processing is necessary for the performance of a contract to which you are a party.
• Legitimate Interests: Processing is necessary for our legitimate interests, such as improving the Service and understanding usage patterns, except where such interests are overridden by your interests or fundamental rights and freedoms.
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.

5. No User Accounts

Bevy does not require or support user accounts. There is no registration, login, or sign-up process. We do not collect your name, email address, phone number, or any other account-related personal information. While we do not maintain user accounts, our analytics and subscription management services generate anonymous identifiers to provide the Service. These identifiers cannot be used to identify you personally.

App preferences, user-created content (custom cards and packs), private card notes, achievement progress, and similar app state are stored on your device and, where you are signed into iCloud, also synced to your Apple iCloud account so they follow you across your Apple devices. We do not have a server-side copy of this data; the iCloud copy lives in your private iCloud database under your Apple ID and is governed by Apple’s privacy practices. See §6 (“Types of Data Collected”) for the specifics of what is synced.

6. Types of Data Collected

Usage Data (via Analytics)

We use Mixpanel, a third-party analytics service, to collect anonymous usage data. This includes: device type and model, operating system version, the features of the Service you use, interaction patterns and frequency of use, session duration, app version, and anonymous device identifiers generated by Mixpanel. We do not collect your IP address directly, though Mixpanel may process IP addresses for geolocation purposes on their servers. Mixpanel’s automatic event tracking is disabled; we only track specific, defined events.

Onboarding Preferences

During onboarding, the app collects your gameplay preferences (such as play mode, mood, comfort level, and challenge style). These are sent to our analytics provider in anonymous, aggregated form to help us improve the Service. Your onboarding preferences are also stored locally on your device to personalise your experience.

AI Interaction Data

When you use our AI-powered features, we send only a numeric prompt identifier to our AI backend. We do not send your personal data, the text of cards, your search queries, or any user-generated content to our servers. Interaction patterns (such as frequency of AI feature usage) are tracked anonymously via analytics.

Subscription and Purchase Data

Subscription and in-app purchase transactions are processed entirely by Apple through the App Store. We use RevenueCat, a third-party subscription management service, to verify purchase status and manage entitlements. RevenueCat generates an anonymous user identifier that is cross-referenced with our analytics to understand subscription behaviour in aggregate. This anonymous identifier is included as a property on analytics events to enable aggregate analysis of subscription behaviour. We do not have access to your payment details, credit card information, or Apple ID.

Sponsor Circle Data

If you make one or more Sponsor Circle contributions, we store the following data on your device in the iOS Keychain: the cumulative number of contributions you have made, the cumulative total contribution amount in your local currency at the time of purchase (in minor units, i.e. cents/pence), and the date of your first contribution. These three values, taken together, are what we use locally to determine your sponsor tier (Gunmetal / Cobalt / Palladium / Iridium) and to keep your “Premium Edition for Life” entitlement active even if your Apple subscription entitlement is not visible at the time of an offline check. Sponsor data uses iCloud Keychain rather than the iCloud database described under “iCloud Data Sync” — these are two separate Apple sync infrastructures that we use for different categories of data.

Sponsor data is stored in the “syncable” iOS Keychain namespace, which means it may be synced via iCloud Keychain across other Apple devices signed into the same Apple ID, subject to your iCloud Keychain settings. This is so your sponsor status and Premium-for-life grant follow you between your devices. If iCloud Keychain is disabled, the data remains on the device on which it was created. We do not have access to your sponsor data on our servers; it lives only on your device(s) and within Apple’s iCloud Keychain infrastructure.

Photo Library Access

With your permission, Bevy may save card images to your device’s photo library. We do not read from or access your existing photos.

Photography and Recording at In-Person Meetups

If you attend a Bevy in-person meetup, we may, with your prior consent obtained at the door (a verbal or written opt-in), take photographs or video footage that includes you for use in our marketing materials, social media, and the Bevy website. Photo/video consent is opt-in and separate from your sponsor status; declining does not affect your perks or your access to the meetup. You may withdraw your consent for future use at any time by emailing bevytheapp@gmail.com. Where reasonably practicable, we will remove or anonymise existing imagery on request.

Local Notifications

With your permission, Bevy may send local notifications to remind you to play. These notifications are generated and scheduled entirely on your device and are not sent from any server. They may include promotional messages about the app.

Widget Data

If you use the Bevy home screen widget, card prompts and related display data are shared between the app and the widget extension via a local shared container on your device. No data leaves your device for this purpose.

Local Game Data

Game progress, achievements, and gameplay statistics are stored on your device. Where iCloud sync is available (see below), they may also be mirrored to your private iCloud account so they follow you between devices signed into the same Apple ID.

iCloud Data Sync

Bevy uses Apple’s iCloud (CloudKit private database and NSUbiquitousKeyValueStore) to keep your local data in sync across the Apple devices you sign into with the same Apple ID. The synced categories are: (a) your built-in card state (which cards you have saved or excluded from play, and any private notes you have written on the back of a card); (b) your user-created custom cards and packs (including any private notes on them); (c) your app preferences (NSFW toggle, selected app icon, current bundle, notification preferences, and game-setup options); and (d) your achievement progress (the master progress map and supporting counters). The iCloud copy lives in your own private iCloud database and your iCloud key-value store — we do not have access to it on our servers. If you are not signed into iCloud, or if iCloud sync is unavailable, this data simply remains on the device on which it was created. You can stop syncing at any time by signing out of iCloud or by disabling iCloud for Bevy in your device settings.

Private Card Notes

Bevy lets you write a free-text private note on the back of any card. These notes are entirely private to you. They are stored in the same iCloud location as the rest of your card data described above; they are never sent to our servers, our analytics provider, or our AI infrastructure. Where a note exists on a card, viewing it from the back of the card is gated behind your device’s biometric authentication or device passcode (see “Biometric Authentication” below).

Biometric Authentication

Bevy uses Apple’s LocalAuthentication framework to gate certain on-device actions behind your device’s Face ID, Touch ID, or device passcode. The gates are: (i) enabling adult-content (“NSFW”) display from the safe-for-work default state; (ii) opening the back of a card that has a private note on it; and (iii) the optional “unlock notes for this session” toggle. Your biometric data (face geometry or fingerprint) never leaves the device, and we never receive or store it. Apple’s system simply tells our app whether the local authentication challenge succeeded or failed; we receive a boolean result and nothing more.

Data We Do NOT Collect

We do not collect: your name, email address, or any personally identifiable contact information (except where you provide them to us voluntarily, e.g. by emailing us about a support issue or attending an in-person meetup); special category data (racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data, or data concerning sex life or sexual orientation); biometric template data of any kind (Face ID and Touch ID never leave your device); financial or payment information (all payments are processed by Apple); precise geolocation data; contacts, microphone, or any other device sensor data; the text content of cards you view, create, or interact with; or the text content of private notes you write on the back of cards.

7. Use of Data

We use the collected anonymous data for the following purposes: to provide and maintain our Service; to understand how the Service is used and identify areas for improvement; to detect, prevent, and address technical issues; to monitor aggregate usage patterns; and to improve the quality and relevance of AI-generated content using aggregated, anonymous data.

We do not use, read, or analyse the content stored in your iCloud-synced app data (cards, packs, private notes, preferences, achievement progress). That data is held in your private iCloud database and on your device(s); we do not have a copy of it on our servers and we do not derive analytics insights from it.

8. Retention of Data

Anonymous analytics data is retained for up to 24 months. AI interaction data (prompt identifiers) is not stored on our servers beyond the duration of the request. Locally stored data (preferences, custom cards, packs, private notes, achievement progress) remains on your device until you delete the app or clear its data. Where iCloud sync is enabled, the same data is also stored in your private iCloud database and may persist there even after you delete the app from a particular device, until you sign out of iCloud or remove Bevy’s data from your iCloud settings. Certain security-sensitive data (such as subscription status, token balances, and Sponsor Circle ledger fields) is stored in the iOS Keychain, which may persist across app reinstalls until manually cleared by the operating system. Sponsor Circle data specifically is stored in the syncable Keychain namespace and may persist across other Apple devices you sign into with the same Apple ID for as long as iCloud Keychain is enabled, even if you delete the app on every device. Photographs and video taken at in-person meetups, where you have consented, are retained for as long as we use them in our marketing materials; you may request removal at any time by emailing bevytheapp@gmail.com. We will retain data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

9. Transfer of Data

Your anonymous usage data may be processed by our service providers in countries outside the United Kingdom or the EEA. Where we transfer data outside of the UK or the EEA, we ensure that adequate safeguards are in place, including transfers to countries with an adequacy decision, the use of Standard Contractual Clauses (SCCs), and other lawful transfer mechanisms.

Your iCloud-synced data (cards, packs, private notes, preferences, achievement progress, and Sponsor Circle ledger fields) is hosted by Apple in the regions Apple chooses based on your Apple ID and iCloud account location. Apple’s data residency, encryption, and transfer practices are governed by Apple’s privacy policy and end-user agreements, not by us. We do not control where Apple stores or processes this data because we do not hold it.

10. Disclosure of Data

We may disclose anonymous usage data: for law enforcement purposes if required by law; in connection with a business transaction such as a merger or acquisition; to our service providers bound by data processing agreements; and if we believe disclosure is necessary to protect the rights, property, or safety of the Company, our users, or others.

11. Security of Data

We implement appropriate technical and organisational measures to protect your data, including: encryption of data in transit using TLS/SSL; HMAC-signed API requests for AI service communication; secure storage of sensitive local data (subscription status, token balances) in the iOS Keychain; regular security assessments; and secure development practices. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the relevant supervisory authority within 72 hours, notify affected data subjects without undue delay where the breach is likely to result in a high risk, and document all personal data breaches.

13. Your Data Protection Rights Under UK GDPR and EU GDPR

If you are a resident of the United Kingdom, the EU, or the EEA, you have the following rights: the right of access; the right to rectification; the right to erasure; the right to restrict processing; the right to object to processing; the right to data portability; the right to withdraw consent; and rights related to automated decision-making. As we do not maintain user accounts, exercising these rights will primarily relate to your anonymous analytics data and to any meetup imagery in which you appear. Contact us at bevytheapp@gmail.com and we will assist you in identifying and processing your request.

Sponsor Circle data, iCloud-synced content, and locally stored data: because this data lives on your device(s), in your private iCloud database, and inside iCloud Keychain (as applicable), you control it directly. You can delete it by: deleting the Bevy app from each device; signing out of iCloud or clearing iCloud Keychain; or removing Bevy’s iCloud data from your device’s Settings (Settings › [Your Name] › iCloud › Manage Account Storage › Bevy). We do not hold copies on our servers and therefore cannot delete this data on your behalf. Note that erasing local sponsor data will revoke the corresponding sponsor app icons and the “Premium Edition for Life” entitlement on the device or account from which it was erased.

You have the right to complain to the UK Information Commissioner’s Office (ICO) at https://ico.org.uk, or your local EU/EEA data protection authority.

14. Your Rights Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

If you are a California resident, you have the following rights: the right to know what Personal Data we collect; the right to delete; the right to correct; the right to opt-out of sale or sharing (we do not sell your data); the right to non-discrimination; and the right to limit use of sensitive personal information (we do not collect sensitive personal information as defined by the CCPA/CPRA). To exercise any of these rights, contact us at bevytheapp@gmail.com. We will respond within 45 days.

15. Service Providers

We employ the following third-party service providers:

• Mixpanel — Analytics. Collects anonymous usage data to help us understand how the Service is used. To opt out, visit Mixpanel Opt-out. For more information, visit Mixpanel Terms.
• RevenueCat — Subscription and purchase management. Verifies subscription status and manages in-app purchase entitlements.
• Modal — AI infrastructure hosting. Hosts the backend that processes AI-powered features. Only numeric prompt identifiers are sent to this service; no personal data is transmitted.
• Apple iCloud — Cross-device sync infrastructure. We use Apple’s CloudKit private database, NSUbiquitousKeyValueStore, and iCloud Keychain to keep your app data (cards, packs, private notes, preferences, achievement progress, sponsor ledger) in sync across the Apple devices you sign into with the same Apple ID. The data lives in your private iCloud account, not on our servers. Apple’s handling of this data is governed by Apple’s own privacy policy.

Mixpanel, RevenueCat, and Modal are bound by data processing agreements and are contractually obligated to keep data confidential and process it only as instructed. Apple iCloud is governed by your existing iCloud terms with Apple; we are not a party to that relationship.

16. No Advertising or Remarketing

We do not use any advertising SDKs, remarketing services, or behavioural advertising technologies. We do not serve ads within the app, and we do not share your data with advertising networks.

17. Links to Other Sites

Our Service may contain links to other sites not operated by us. We strongly advise you to review the Privacy Policy of every site you visit. We assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

18. Children’s Privacy

Our Service is not intended for use by children under the age of 18. We do not knowingly collect personally identifiable information from children under 18. If you become aware that a child has provided us with Personal Data, please contact us immediately at bevytheapp@gmail.com.

19. AI-Specific Privacy Disclosures

Our AI systems generate truth or dare prompts. Only a numeric prompt identifier is sent to our AI backend; no personal data, card text, or user-generated content is transmitted. Data shared with our AI infrastructure provider is governed by a data processing agreement. The Service uses AI to automatically generate content, but this does not produce legal effects concerning you.

20. International Data Transfers

For transfers outside the UK/EEA, we rely on UK adequacy regulations, the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses (SCCs), and other appropriate safeguards. You may request a copy of the safeguards by contacting us.

21. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Effective date” at the top. For material changes, we will make reasonable efforts to notify you via a prominent notice on our Service.

22. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have a complaint, please contact us:

By email: bevytheapp@gmail.com
Operator: Anant Jain
Location: London, United Kingdom

For UK residents, you may lodge a complaint with the ICO: https://ico.org.uk/make-a-complaint/.