Privacy Policy

Dziri (“we”, “us”, “our”) operates the Dziri mobile and web application (the “Service”), which aggregates content from multiple social platforms into a single personalised feed and lets users complete engagement missions in exchange for rewards. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the choices you have.

We collect information in three ways:

• Information you provide directly — account details (name, email, profile photo), onboarding answers (country, language, interests), and content you post, comment, like, or save inside Dziri.
• Information from connected platforms — when you link a third-party account (YouTube, Instagram, TikTok, Facebook, X/Twitter, Reddit), we receive profile data, followers/subscriptions, saved content, and recent activity that is necessary to personalise your feed and to publish on your behalf when you request it.
• Information collected automatically — device identifiers, IP address, approximate geolocation, app version, interaction signals (views, likes, skips, watch time) used to rank your feed, and crash/telemetry data used to improve reliability.

• To create and maintain your Dziri account.
• To build your personalised feed — ranking videos, missions, and news by your stated interests and your interaction history.
• To perform the actions you explicitly request on your connected platforms — for example, following a YouTube channel, posting a comment, or sharing content.
• To process missions, rewards, and payouts.
• To detect fraud, abuse, spam, and platform-policy violations.
• To communicate with you about service changes, security notices, and — where you have opted in — product updates.

Dziri uses YouTube API Services. By using the YouTube-powered features of the Service you agree to the YouTube Terms of Service, and you acknowledge that this Privacy Policy is supplemented by Google’s Privacy Policy available at https://policies.google.com/privacy.

When you connect your YouTube account, we request the following scopes:

• youtube.readonly — to read your subscriptions and liked videos so we can personalise your feed.
• youtube.force-ssl — to subscribe to or unsubscribe from channels you tap Follow on, and to post comments you explicitly submit from a Dziri video card.
• youtube.upload — required only when you explicitly use the Dziri publishing feature to upload a video to your own channel.
• yt-analytics.readonly — used by creators to display their own channel analytics inside Dziri.
• userinfo.profile and userinfo.email — to identify your Google account and link it to your Dziri user.

Dziri never sells data obtained from YouTube API Services and never uses it for advertising targeting or any purpose you haven’t authorised. Data retrieved from YouTube is stored only for as long as necessary to provide the feature you requested.

You can revoke Dziri’s access to your Google / YouTube data at any time via the Google security page: https://security.google.com/settings/security/permissions. Revoking access will immediately stop all YouTube-dependent features in Dziri.

Dziri uses Meta’s Facebook Login and Instagram Graph API to let you connect your Facebook and Instagram accounts to your Dziri feed. Your use of these features is also subject to Meta’s Platform Terms and the Meta Privacy Policy.

When you connect your Facebook account, we request the following permissions:

• public_profile and email — to identify your Facebook account and link it to your Dziri user.
• user_posts — to display your own Facebook posts inside your personalised Dziri feed alongside content from other platforms you connected. Only you see your own posts in your feed.
• user_videos — to display your own uploaded Facebook videos in your feed.
• user_photos — to display your own Facebook photos in your feed as image cards.

When you connect your Instagram account (via Facebook Login for Business), we request the following permissions:

• instagram_basic — to read your own Instagram profile and media so they appear in your feed.
• pages_show_list — required by Meta’s Graph API because Instagram Business accounts are linked to a Facebook Page. We use this only to identify which Page owns your Instagram account; we do not read or modify the Page itself.
• pages_read_engagement — to show accurate like and comment counts on Instagram posts surfaced in your feed.

Dziri never posts to your Facebook or Instagram account on your behalf without an explicit action you initiate from inside the app. We never sell data obtained through Meta platforms, never use it for advertising targeting, and never share it with other Dziri users. Content you see from Meta platforms in your feed is visible only to you.

To revoke Dziri’s access to your Facebook or Instagram data, visit your Facebook account’s Business Integrations settings and remove Dziri, or use our data deletion page to request deletion of all data we hold for you. Revoking access stops all Meta-dependent features in Dziri.

We do not sell your personal information. We share data only in the following cases:

• Connected platforms — we send to YouTube, Instagram, TikTok, X, and Facebook only the specific actions you ask us to perform (a Follow, a comment, an upload).
• Service providers — Convex (backend database), Vercel (hosting), cloud storage, analytics, and email delivery. These providers process data under contract and only for the purposes we specify.
• Legal — when required to comply with a lawful court order, subpoena, or to protect the rights, property, or safety of Dziri or its users.

Account and activity data is retained for as long as your account is active. Interaction signals used for feed ranking are trimmed to a rolling 90-day window. Data obtained from YouTube API Services is refreshed on each request and cached for no longer than 30 days, except subscription state which is kept in sync with YouTube while you remain connected. If you delete your account, we remove your personal data within 30 days, subject to limited legal retention obligations.

We encrypt data in transit (TLS 1.2+) and at rest (AES-256). Access tokens for third-party platforms are encrypted with an additional AES-GCM layer using rotating keys. Access to production data is limited to authorised engineering staff and audited.

Depending on where you live, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Export your data in a portable format.
• Object to or restrict certain processing.
• Withdraw consent at any time (this won’t affect the lawfulness of processing before withdrawal).

To exercise any of these rights, email us at privacy@dziri.app. We respond within 30 days.

Dziri is not directed to children under 13 (or the equivalent minimum age in your country). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

Your data may be processed in countries other than your own, including the United States. We rely on Standard Contractual Clauses and equivalent safeguards where cross-border transfers apply.

We may update this policy from time to time. Material changes will be communicated via the app or email at least 14 days before they take effect. The “Effective date” at the top reflects the last update.

Questions about this Privacy Policy? Email us at privacy@dziri.app.