Privacy Policy

Last Updated: July 2026  |  Version: 2.0  |  App: Vegg  |  Developer: Vegg Studios

This Privacy Policy explains how Vegg Studios ("we," "our," or "us") collects, uses, discloses, and safeguards your information when you use our mobile application and related services (collectively, the "App"). This policy is designed to comply with global privacy standards, including the Indian Digital Personal Data Protection (DPDP) Act, 2023, the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), the Australian Privacy Principles (APPs), Brazil's Lei Geral de Proteção de Dados (LGPD), South Korea's Personal Information Protection Act (PIPA), Middle Eastern data protection laws (such as the UAE's PDPL and Saudi Arabia's PDPL), and other applicable regional data protection laws.

This Privacy Policy, together with any in-app disclosures, comprehensively discloses how our App accesses, collects, uses, and shares user data. It is consistent with the disclosures made in the Google Play Data Safety section for this App.

By using the App, you consent to the data practices described in this Privacy Policy. If you do not agree, please do not use the App.


1. Developer Information & Contact

Developer: Vegg Studios
Privacy Contact Email: [email protected]
Grievance Officer / Data Protection Officer Email: [email protected]
Mailing Address: [Insert Physical Address Here]

If you have questions, concerns, or wish to exercise your privacy rights, please contact us using the details above. We will respond to all legitimate requests within the timeframes mandated by applicable local laws (e.g., 30 days for GDPR, 45 days for CCPA).


2. Information We Collect

We collect information you provide directly to us, information we collect automatically when you use our App, and information from third parties.

A. Information You Provide to Us

  • Account Registration: When you sign up, we collect your Username, Email Address, and Password. Your password is securely hashed and salted before storage — we never store passwords in plaintext.
  • Age Verification: Our services are strictly for users aged 18 and older. We collect your Self-Declared Age and use Google Play Age Signals to verify your age status. This data is used solely for age-appropriate experience compliance and is never used for advertising, marketing, personalization, analytics, user profiling, or business intelligence.
  • Profile Information: You may choose to provide a Profile Photo, Profile Media (photos and videos), Description/Bio, Language Preference, Gender, and Age. Profile photos and media are uploaded to our servers and displayed to other users as part of your public profile.
  • Creator Registration: If you apply for a creator/promoted account, we collect your Real Name, Age, Phone Number, Email Address, and optional social media handles (e.g., Instagram, Reddit).
  • Text Messages: The content of text messages you send within the App is transmitted to our servers and delivered to the intended recipient.
  • Voice Messages: When you record a voice message, the audio recording is transmitted to our servers and delivered to the recipient. The duration of the audio is also stored for display purposes.
  • Referral Codes: If you sign up using a referral code (received via a deep link), we collect and store the referral code to attribute your registration to the referrer and track referral rewards.
  • Customer Support Inquiries: Any information you voluntarily provide when contacting our support team.

B. Information We Collect Automatically

  • Device Identifier: We generate and store an app-specific Device ID on your device for session management and authentication. This is a randomly generated identifier created by the App — it is not a hardware serial number, IMEI, Android ID, or any other persistent device hardware identifier.
  • FCM Token: We collect your Firebase Cloud Messaging (FCM) Token to deliver push notifications for incoming calls, messages, and other alerts.
  • IP-Based Region Detection: We automatically detect your Region (City/State) and Country based on your IP address at the time of signup and login. Your IP address is not permanently stored for location tracking purposes — only the derived region and country are persisted to your account.
  • Usage & Interaction Data: We collect data on how you use the App, including:
    • Discover Interactions: We track which user profiles you view (impressions) and click on in the Discover section to improve content recommendations.
    • Block & Report Data: Accounts you block or report, and the reasons you provide.
    • Live Streaming Activity: Join/leave times, viewer counts, and interactions during live streams.
    • Like Activity: Profiles you like and like counts.
  • Analytics Data: We use Firebase Analytics to collect usage data, including:
    • Screen Views: Which screens you navigate to within the App.
    • Screen Time: How long you spend on each screen.
    • User Properties: Your user type ID and region (as reported by the App).
    • User ID: Your user ID is associated with analytics data for session management.
    • Custom Events: App-specific events related to feature usage.
  • Financial & Transactional Data: We track your Gems Balance, Gem purchases via Google Play Billing, Gems charged/earned during live streams and calls, and gift transactions (purchases, sends, and receipts).
  • Security & Audit Logs: We temporarily collect IP Addresses and User-Agent strings during critical actions (signup, login, and registration) for fraud prevention and security auditing. These logs are retained temporarily and automatically purged.

C. Information from Third Parties

  • Google Play Age Signals: We receive age verification status from Google Play's Age Signals API to enforce our 18+ policy. This data is used strictly for legal compliance and age-appropriate experience — never for advertising, analytics, or tracking.
  • Google Play Billing: We receive purchase tokens and order information from Google Play Billing to verify and process your Gem purchases.
  • Google Play Integrity: We use Google Play Integrity API to verify the authenticity and integrity of the App on your device.

3. How We Use Your Information

We process your personal data for the following purposes and under the following legal bases (where applicable under GDPR and similar laws):

  • To Provide the Service (Contractual Necessity): To create and manage your account, facilitate video calls and live streams, process Gem transactions, deliver messages (text and voice), and display user profiles in the Discover section.
  • For Age Verification & Legal Compliance (Legal Obligation): To ensure compliance with applicable age restrictions by verifying you are 18 or older using Google Play Age Signals and self-declaration.
  • For Security & Fraud Prevention (Legitimate Interest): To protect against unauthorized access, spam, and abuse through monitoring, automated abuse prevention, and integrity verification.
  • To Personalize Your Experience (Consent/Legitimate Interest): To auto-detect your region to provide localized content and language settings. To track Discover interactions (impressions and clicks) to improve content recommendations.
  • For Push Notifications (Consent): To send you alerts and updates using your FCM Token, including incoming call notifications, message notifications, and other App updates. You can opt out via your device notification settings or within the App's settings.
  • For Analytics & Product Improvement (Consent/Legitimate Interest): To collect screen views, screen time, user properties, and custom events via Firebase Analytics to understand how users interact with the App and improve features.
  • For Referral Tracking (Contractual Necessity): To attribute new user signups to referrers and track referral rewards.

We do not use your personal data for advertising purposes. We do not sell personal or sensitive user data.


4. How We Share Your Information

We do not sell your personal data. "Sale" means the exchange or transfer of personal and sensitive user data to a third party for monetary consideration. We only share information in the following circumstances:

A. With Other Users

Your public profile (username, profile photo, profile media, bio, region, country, gender, age, and like count) is visible to other users within the App. If you broadcast a live stream, your presence and interactions are public within the App. Text and voice messages you send are delivered to the intended recipient.

B. With Service Providers

We use third-party services to operate our App. These providers process data strictly on our behalf and under our instructions:

  • Firebase (Google):
    • Firebase Analytics: Processes screen views, screen time, user ID, user properties (user type ID, region), and custom events for product analytics.
    • Firebase Cloud Messaging (FCM): Processes FCM tokens to deliver push notifications.
    • Data is processed under Google's data processing terms and is not used by these providers for their own purposes.
  • Google Play Services:
    • Age Signals API: Provides age verification status for 18+ enforcement.
    • Play Integrity API: Verifies app authenticity and device integrity.
    • Play Billing: Processes and verifies in-app purchases for Gems.

C. For Legal Reasons

If required by law, subpoena, or government request, or to protect the safety, rights, and property of Vegg Studios, our users, or others, we may disclose your information. We will only disclose the minimum information necessary to comply with the legal request.


5. Third-Party SDKs & Data Processing

The following third-party SDKs are integrated into our App:

SDKPurposeData Processed
Firebase AnalyticsProduct analyticsScreen names, screen duration, user ID, user properties (user type, region), custom events
Firebase Cloud MessagingPush notificationsFCM token, notification payload
LiveKit (WebRTC)Real-time video/audioMedia streams (video, audio) during calls and live streams; not stored
Google Play Age SignalsAge verificationAge verification status; used solely for compliance
Google Play IntegrityApp integrity verificationIntegrity token; device and app recognition status
Google Play BillingIn-app purchasesPurchase tokens, product IDs, order information

We ensure that all third-party SDKs comply with Google Play Developer Program policies. None of our SDK providers sell personal or sensitive user data from our App.


6. Permissions We Request

Our App requests the following Android permissions, each necessary for core functionality:

PermissionPurposeWhen Requested
CameraCapture video for video calls and live streamingAt runtime, before entering a video call or starting a live stream
Record AudioCapture audio for voice messages, video calls, and live streamingAt runtime, before recording a voice message or entering a call
Modify Audio SettingsConfigure audio routing during callsUsed during active calls
Post NotificationsDeliver push notifications for calls, messages, and updatesAt runtime, on first launch (Android 13+)
VibrateHaptic feedback for notifications and in-app interactionsUsed during notifications and interactions
Wake LockKeep device awake during active video calls and live streamsUsed during active calls and streams
Use Full Screen IntentDisplay full-screen incoming call notificationsUsed for incoming video call notifications
InternetNetwork communication for all App featuresAlways required
Access Network StateDetect network connectivity for connection managementAlways required

We do not request location permissions, contacts permissions, SMS permissions, call log permissions, storage permissions, or any other sensitive permissions.


7. Prominent Disclosures

In accordance with Google Play's User Data policy, we provide the following prominent disclosures about our data access and use:

  • Camera and Microphone Access: The App accesses your camera and microphone to enable video calls, live streaming, and voice messages. Video and audio are transmitted in real-time to other participants and are not stored on our servers beyond the duration of the call or stream, except for voice messages which are stored for delivery to the recipient.
  • Analytics Tracking: The App collects screen views, screen time, user ID, and user properties via Firebase Analytics to understand usage patterns and improve the App. You can opt out of analytics tracking in the App's settings.
  • IP-Based Region Detection: The App detects your region and country from your IP address at signup and login to provide localized content. Your IP address is not permanently stored for this purpose.

These disclosures are presented in-app, and consent is obtained before data collection begins where required.


8. Data Security & Encryption

We implement industry-standard security measures to protect your personal data:

  • Encryption in Transit: All communication between the App and our servers is encrypted using industry-standard protocols.
  • Password Security: Passwords are securely hashed and salted. We never store passwords in plaintext.
  • Authentication: User sessions are managed using secure, time-limited tokens with automatic expiration and refresh mechanisms.
  • App Integrity: We use Google Play Integrity API to verify that the App is genuine, unmodified, and running on a legitimate Android device.
  • Screen Capture Protection: The App employs technical measures to prevent unauthorized screenshots and screen recording of sensitive content.
  • Abuse Prevention: We implement automated measures to prevent abuse, unauthorized access attempts, and brute-force attacks.
  • Access Control: Access to user data is restricted to authenticated users and authorized personnel only.

Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining and improving our security practices.


9. International Data Transfers

Our servers may be located in regions outside your home country. If you are located in the European Economic Area (EEA), the UK, Switzerland, Australia, or Japan, your data may be transferred to countries that do not have identical data protection laws.

When we transfer data internationally, we ensure adequate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions for countries recognized as providing an adequate level of data protection.
  • EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework: Where we process personal information originating from the EEA, UK, or Switzerland, we comply with the Data Privacy Framework Principles and the Google Controller-Controller Data Protection Terms. If we cannot meet these conditions, we will immediately notify the relevant authorities and either stop processing such data or take appropriate steps to restore an adequate level of protection.

10. Data Retention & Deletion

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy or as required by law.

A. Retention Periods

Data TypeRetention Period
Account Data (username, email, profile)Until account deletion is requested
Text MessagesStored temporarily while pending delivery; routinely purged based on expiration protocols
Voice MessagesStored for delivery to recipient; purged after delivery and expiration period
Profile Photos & MediaRetained until account deletion or media deletion by the user
Gem Transaction RecordsRetained for the lifetime of the account for financial record-keeping
Security Logs (IP addresses, User-Agent)Temporarily retained and automatically purged on a rolling basis
Analytics Data (Firebase)Retained according to Firebase's default retention period
Referral DataRetained for the lifetime of the account for attribution purposes
Age Verification DataRetained for the lifetime of the account for compliance purposes

B. Account Deletion

You have the right to delete your account at any time. You can initiate account deletion in two ways:

  1. In-App: Navigate to Settings > Delete Account within the App and follow the prompts to permanently delete your account.
  2. Via Web: Visit [Insert Account Deletion URL Here] and submit an account deletion request.

When you delete your account, we will permanently delete your personal data associated with your account, including your profile, messages, profile media, and gem balance. Certain data may be retained for a limited period for legitimate reasons such as security, fraud prevention, or regulatory compliance, as permitted by applicable law. We will clearly inform you about any such retention.

Temporary account deactivation, disabling, or "freezing" does not qualify as account deletion. If you only log out or stop using the App, your data will remain on our servers until you explicitly request deletion.

C. Data Destruction

When data is no longer needed, it is permanently and securely destroyed from our active databases and subsequently overwritten in our backups, in compliance with applicable data protection laws including Korea's PIPA.


11. Your Global Privacy Rights

Depending on your jurisdiction, you have specific rights regarding your data:

A. India (DPDP Act, 2023)

  • Right to Access & Correction: You may request a summary of your personal data and correct any inaccuracies.
  • Right to Erasure: You may request the deletion of your personal data when it is no longer required for the purpose it was collected.
  • Right to Grievance Redressal: You may file a grievance with our Grievance Officer.
  • Right to Nominate: You may nominate another individual to exercise your rights in the event of death or incapacity.

B. European Union & UK (GDPR)

  • Right to Access, Rectification, & Erasure (Right to be Forgotten).
  • Right to Restrict or Object to Processing.
  • Right to Data Portability: To receive your data in a structured, machine-readable format.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
  • Right to Lodge a Complaint: With your local supervisory authority.

C. United States (CCPA/CPRA)

  • Right to Know & Delete: You have the right to know what categories of personal information we have collected and to request their deletion.
  • Do Not Sell or Share My Personal Information: We do not sell personal data. We do not share personal data for targeted advertising purposes.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

D. Australia (Privacy Act 1988)

  • You have the right to access and correct your personal information. Where practical, you have the right to interact with us pseudonymously (using your chosen username).

E. South America (e.g., Brazil's LGPD)

  • Right to Access, Correction, & Anonymization: You have the right to confirm the existence of processing, access your data, correct incomplete or out-of-date data, and anonymize, block, or delete unnecessary or excessive data.
  • Right to Portability & Information: You can request the portability of your data and request information about the public and private entities with which we have shared your data.

F. Middle East (e.g., UAE PDPL, Saudi Arabia PDPL)

  • Right to Know & Access: You have the right to be informed of the legal basis and purpose for processing your personal data, and to obtain a copy of it.
  • Right to Request Destruction: You may request the destruction or erasure of your personal data when it is no longer necessary for the purpose it was collected, or if you withdraw your consent.

G. South Korea (PIPA)

  • Right to Access & Correction: You may request access to and correction of your personal data.
  • Right to Request Deletion: You may request the deletion of your personal data when it is no longer needed.
  • Right to Data Destruction: When data is no longer needed, it is permanently and securely destroyed from our active databases and subsequently overwritten in our backups.

12. Children's Privacy (Strictly 18+)

Our App is strictly for individuals aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18. We actively use Google Play Age Signals and self-declaration to enforce this restriction.

If we become aware that we have inadvertently collected data from a minor, we will immediately delete the account and all associated data. If you believe a minor has registered an account, please contact us immediately at [email protected].


13. Your Choices & Opt-Outs

You have control over how your data is used:

  • Notifications: You can enable or disable call notifications, text notifications, and vibration in the App's Settings. You can also manage notification permissions via your device settings.
  • Analytics: You can opt out of Firebase Analytics tracking in the App's Settings. When opted out, the App will not send analytics events to Firebase.
  • Push Notifications: You can disable push notifications via your device settings or within the App.
  • Profile Information: You can edit or remove your profile photo, bio, and profile media at any time within the App.
  • Account Deletion: You can delete your account at any time via the App's Settings or via our web portal (see Section 10.B).
  • Region Detection: Region is auto-detected from your IP address and cannot be manually set. It updates when you log in from a different location.
  • Marketing Communications: We do not send marketing communications. You will only receive service-related notifications (calls, messages, and account alerts).

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or App features. When we make changes:

  • We will update the "Last Updated" date and version number at the top of this policy.
  • If the changes are material, we will notify you within the App or via other reasonable means before the changes take effect.
  • We encourage you to review this Privacy Policy periodically.
  • Continued use of the App after changes take effect constitutes your acceptance of the updated policy.

15. Contact & Grievance Redressal

If you have questions, concerns, or wish to exercise your privacy rights, please contact our Data Protection / Grievance Officer:

Grievance Officer / Data Protection Officer
Email: [email protected]
Mailing Address:

We will respond to all legitimate requests within the timeframes mandated by applicable local laws:

  • GDPR (EU/UK): Within 30 days
  • CCPA (California): Within 45 days
  • DPDP (India): Within the timeframe prescribed by the Data Protection Board
  • LGPD (Brazil): Within 15 days
  • PIPA (South Korea): Within 10 business days

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.