This Privacy Policy explains what data Skerly ("we", "us", "the app") collects when you use the Skerly iOS app, how we use it, and what rights you have. By using Skerly you agree to this policy.
1. Data we collect
Account information
Apple ID email (or relay email) and full name when you sign in with Apple. Used only to identify your account.
Email and hashed password if you choose to sign up with email/password. Handled by Firebase Authentication; we never see your plaintext password.
User-generated content
Prompts you submit for video and image generation.
Reference images you upload from your photo library or camera roll, only when you explicitly attach them to a generation.
Generated outputs (videos and images) are stored in your private Firebase Storage area so you can re-open them later.
Usage and technical data
Job records: which model you used, when, the credit cost, whether the job succeeded or failed.
App diagnostics: crash logs and basic performance metrics via Firebase Crashlytics (no personally identifiable information).
Push notification token (FCM registration token) so we can notify you when a generation completes.
Anonymized device identifiers used by Firebase App Check to prevent abuse of our API.
Purchase data
When you buy credits or a subscription via Apple In-App Purchase, we receive a signed transaction receipt from Apple. We validate the receipt server-side and store a hash of it plus the product ID and transaction ID. We never see your payment card or Apple ID password.
2. Third parties we send your data to
To make AI generations work, we send your prompts and (when provided) your reference images to the following AI providers. Each has its own privacy policy.
Runway — for Gen-4 Turbo / Gen-4.5 video generation.
OpenAI — for gpt-image-1 image generation and for free Moderation API checks on every prompt before it's sent to any provider.
fal.ai — routes prompts to Sora 2, Hailuo, Luma, Pika, Veo, Kling, Wan, Seedance, FLUX, Ideogram, Recraft and similar models on your behalf.
Replicate (optional) — alternate routing for some open models.
Google Firebase — hosts our database, file storage, and Cloud Functions.
Apple App Store Server API — validates In-App Purchase receipts.
We do not sell your data, share it with advertisers, or use it for ad tracking. We do not include any ad SDKs in the app. We do not use the IDFA.
3. AI content moderation
Every prompt is automatically checked by OpenAI's Moderation API before we forward it to any provider. Prompts that are flagged for violence, sexual content involving minors, self-harm, hate, or similar policy violations are rejected and not sent to any provider. The blocked prompt is stored only for abuse-prevention auditing for 30 days, then deleted.
4. AI-generated content disclosure
All videos and images generated through this app are produced by artificial intelligence. They are synthetic and do not represent real events, real people, or real places, even when they appear realistic. Some providers (such as OpenAI Sora 2 and Google Veo) require their AI-generated outputs to retain a visible or invisible watermark — we do not remove these.
5. Data retention
Your account and content stay until you delete them.
You can delete your account at any time from Settings → Sign Out → Delete Account, or email info@kousarglobal.com.
Deletion permanently removes your generated content, prompts, and account record within 30 days. Aggregate, anonymized usage statistics may be retained.
Moderation logs and tax-relevant purchase records are kept for up to 7 years per applicable law.
6. Your rights
Subject to your local law (including GDPR for EU users and CCPA for California users), you have the right to:
Access a copy of your stored data.
Correct inaccurate data.
Delete your account and content.
Object to processing or withdraw consent.
Portability — receive your generated content in a machine-readable format.
Data is transmitted over HTTPS/TLS. Database access is restricted by Firebase Security Rules — users can only read their own data, and all writes go through audited Cloud Functions. Provider API keys are stored in Google Cloud Secret Manager and never shipped in the app.
8. Children
Skerly is not directed at children under 13 and we do not knowingly collect data from anyone under that age. If you believe a child has provided us data, contact info@kousarglobal.com and we will delete it.
9. Changes to this policy
Material changes will be posted here with a new "last updated" date. If the change is significant we will also notify you in-app at next launch.