privacy
Privacy
Auvre reads your own TikTok data export and tells you who you are, in literary prose. That only works if we are deliberate about what we collect, what we delete, and what we never share. This is the receipt.
1. Who we are
Auvre is operated by Stelios Papapetrou (sole proprietor), referred to below as "we", "us", or "Auvre". Contact: support@shortake.com.
2. What we collect
- Account identifier. The opaque Apple identifier returned by Sign in with Apple, and the relay email Apple shares if you choose to share one. We never see your real Apple email unless you opt to share it.
- Push token. Your FCM (Firebase Cloud Messaging) device token, stored on your user document so we can notify you when your read is ready.
- Subscription state. The product id, transaction id, environment, and expiry timestamp Apple returns when you buy a subscription or the One Read consumable. We never see your card.
- Your TikTok export. The ZIP you upload — held only long enough to read it. See § 4.
- Your Auvre. The derived behavioural patterns and generated prose our system produces from the export. This is what stays in our database. The raw ZIP does not.
- Crash + product analytics. Anonymous screen-views and tap events via Firebase Analytics and Mixpanel, plus stack traces via Firebase Crashlytics. None of these contain your TikTok data or your reveal prose.
3. What we do not collect
- Your real name (unless you typed it into Apple's prompt).
- Your real email (Apple's relay only, if you shared one).
- Photos, contacts, microphone, camera, calendar, or location.
- Your TikTok password or login credentials. We never touch TikTok's API or your TikTok account directly — only the export file you download from TikTok and hand to us.
- Web browsing history outside the app. The marketing site at auvre.app uses cookieless first-party analytics.
- IDFA. We do not request the App Tracking Transparency permission. We do not link your activity to other apps.
4. How we treat your TikTok export
When you upload your TikTok data archive, our pipeline reads it once to extract behavioural patterns — what you searched, what you watched, who you followed, what you commented on, what you came back to. The raw ZIP itself is deleted from our storage within sixty seconds of the read completing. We never retain the full per-event lists from the export. We retain only the derived patterns and the prose we generate from them, together known as your Auvre.
A small selection of public TikTok video captions (drawn from the user's own export URLs via TikTok's public oEmbed endpoint) is cached in our database to ground the prose generation. These captions are public information from the videos you have already watched.
5. AI processing
Auvre uses generative AI models hosted on Google Cloud's Vertex AI platform — specifically Gemini 2.5 Pro and Gemini 2.5 Flash — to produce the metric evidence prose, the seven reveal sections, and the daily Practice items. These calls are made server-side from our Cloud Functions; your data is not used to train the underlying models.
We disclose this here so you can make an informed choice about uploading your data. If you would prefer your data not be processed by an AI model, do not use Auvre.
6. Who we share with (sub-processors)
- Google. Firebase Authentication, Cloud Firestore, Cloud Storage, Cloud Functions, Cloud Messaging (FCM), Crashlytics, Analytics, and Vertex AI (Gemini models). All processing runs inside US-region Google Cloud resources.
- Apple. Sign in with Apple, StoreKit (subscription + consumable billing), Apple Push Notification service.
- Mixpanel. Product analytics. We send the same screen-view and action events that go to Firebase Analytics, attached to your Auvre user id. Mixpanel processes events on US-region servers under their data-processing terms. We do not send Mixpanel your TikTok data, your reveal prose, or anything you typed in the app.
All three sub-processors are bound by their published data-processing terms. We do not engage advertising or attribution vendors. We do not place your data into any ad network. We do not sell your data.
7. How long we keep things
- Raw TikTok ZIP: ≤ 60 seconds.
- Your Auvre (derived patterns + generated prose + metric scores): until you delete your account.
- Subscription receipts: as long as Apple retains them.
- Video-caption cache: 90 days, keyed by the public TikTok video id — shared across users, not tied to your account.
- Crash + analytics: rolling windows defined by Firebase defaults (typically up to 14 months).
8. Deleting your account
You can delete your account from inside the app at any time — Settings → Delete Account. We hold the deletion request for fourteen days as a cooling-off window; if you sign back in inside that window, the deletion is undone. After fourteen days the deletion is permanent and we remove your authentication record, your push token, your subscription records, your Auvre, and every scan in your history.
If you cannot access the app, email support@shortake.com from the address Apple shares with us and we will process the deletion manually.
9. Your rights — GDPR (EU / UK)
If you are in the EU, the UK, or a country with comparable rights, you can ask us to:
- Confirm what we hold about you and give you a copy.
- Correct anything that is wrong.
- Delete your account and the data tied to it.
- Export the data you provided in a portable format.
- Object to or restrict our processing.
- Lodge a complaint with your supervisory authority.
Email support@shortake.com and we will respond within thirty days.
10. Your rights — CCPA / CPRA (California)
If you are a California resident, you can ask us to disclose what categories of information we collect, request a copy, request deletion, and request correction. We do not sell or share personal information for cross-context behavioural advertising. We will not discriminate against you for exercising any of these rights.
11. Children
Auvre is rated 17+ on the App Store. You must be at least seventeen years old to use it. We do not knowingly collect information from anyone under seventeen. If you believe we have, email support@shortake.com and we will delete it.
12. Cookies and similar technologies
The auvre.app marketing site uses Mixpanel and Firebase Analytics, both of which store a first-party identifier (a random string) to count page views. Neither tracks you across other sites. The iOS app itself does not use cookies and does not request the App Tracking Transparency permission.
13. Changes to this policy
If we change this policy in a way that meaningfully affects your rights, we will say so on this page and, where appropriate, notify you in the app. The "Last updated" date at the top of this page will always reflect the current version.
14. Contact
Questions, requests, or complaints: support@shortake.com.