Privacy Policy

1. Introduction & Scope

Welcome to RVIRA LTD ("we," "us," "our," or the "Company"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our websites, use our iOS applications distributed through the Apple App Store, use our Android applications distributed through the Google Play Store, or interact with any of our digital services (collectively, the "Services").

RVIRA LTD is a company registered in England and Wales, with its registered office at Unit 3 K70 Premier House, Rolfe Street, Smethwick, West Midlands, England, B66 2AA. Our CEO is Anum Rafiq.

This policy applies to all users worldwide, including those located in the United Kingdom, European Economic Area (EEA), United States (including California), and all other jurisdictions. By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use our Services. We encourage you to read this policy in full, but you may use the section headings to navigate to areas most relevant to you.

2. Information We Collect

We may collect the following categories of information when you use our Services:

Personal Information You Provide

Identity Data: Your name, username, or similar identifiers when you create an account or contact us.
Contact Data: Your email address, phone number, and mailing address when provided voluntarily through forms, support requests, or account registration.
Profile Data: Your preferences, feedback, survey responses, and any content you create or upload within our apps.
Communication Data: Records and content of correspondence when you contact us via email, in-app support, or other channels.

Usage Data

Interaction Data: Information about how you use our apps and websites, including features accessed, screens viewed, actions taken, time spent, and navigation paths.
Transaction Data: Details about in-app purchases or subscriptions you make (processed by Apple or Google; we do not receive your payment card details).

Device Information

Device Identifiers: Device model, operating system and version, unique device identifiers, and mobile network information.
Hardware Information: Screen resolution, processor type, available storage, battery status, and device settings relevant to app functionality.

Log Data

Server Logs: IP address, browser type and version, referring/exit pages, date/time stamps, clickstream data, and error logs generated during your use of our Services.

Location Data

Approximate Location: We may infer your general geographic location from your IP address for analytics, content localisation, and compliance purposes.
Precise Location: Some apps may request access to precise GPS location data. This is only collected with your explicit consent via your device's permission system and can be revoked at any time through your device settings.

3. Information Collected Automatically

When you access our Services, certain information is collected automatically through technologies embedded in our apps and websites:

Analytics Data: We use analytics services (such as Firebase Analytics and Google Analytics) to collect aggregated usage statistics, including session duration, feature engagement, user flows, and retention metrics. This data helps us understand how our Services are used and identify areas for improvement.
Crash Reports & Diagnostics: We use crash reporting tools (such as Firebase Crashlytics) to automatically collect diagnostic data when the app experiences an error or crash. This includes stack traces, device state at the time of the crash, and operating system version. This data is used exclusively to identify and fix bugs.
Device Identifiers: We may collect device-specific identifiers such as the IDFV (Identifier for Vendor) on iOS and Android ID or similar identifiers on Android for analytics and attribution purposes.
Advertising Identifiers: With your consent (where required by law or platform policy), we may collect the IDFA (Identifier for Advertisers) on iOS and the GAID (Google Advertising ID) on Android. These identifiers are used to deliver relevant advertisements and measure ad campaign effectiveness. On iOS 14.5 and later, we request your permission through the App Tracking Transparency (ATT) framework before accessing the IDFA.
Performance Data: App launch times, network request latency, memory usage, and other performance metrics that help us optimise our applications.

4. Face Data & Biometric Information

Some of our mobile applications offer optional features that utilise face-related data, such as face detection, AR facial tracking, or visual effects. We take the protection of this sensitive information extremely seriously and follow strict policies as outlined below.

Collection of Face Data

Our apps do not collect, store, transmit, or retain any face data or biometric information. All face-processing features rely solely on Apple's on-device frameworks (such as ARKit and the Vision framework) and equivalent on-device APIs on Android. No face geometry, face mesh data, facial landmark coordinates, or expression coefficients are ever sent to our servers or any third-party servers.

On-Device Processing Only

All facial information is processed entirely and exclusively on your device using the device's built-in neural engine and processor. No face data is ever uploaded to our servers, cloud services, or shared with any external parties. The processing occurs in real-time and only while the relevant feature is actively in use.

Retention of Face Data

We do not retain any face data whatsoever. All face-related information exists only in the device's temporary memory (RAM) and is automatically and permanently discarded the moment the feature is closed, the camera session ends, or the app is exited. No face data is written to the device's persistent storage by our apps.

Purposes for Using Face Data

Face data is used solely and exclusively to enable real-time visual effects and optional entertainment features within our apps, such as:

AR face effects Real-time face tracking Visual filters & overlays Expression-based animations 3D face mesh rendering

We do not use face data for facial identification, user authentication, advertising, analytics, profiling, tracking, or any purpose other than delivering the real-time visual features described above.

Sharing of Face Data

We do not share face data with any third parties, including advertisers, analytics providers, data brokers, or any other external entities. Because face data is never collected, stored, or transmitted from the device, no third party has or could have access to it.

Third-Party Storage

No third parties store facial information on our behalf. Since face data never leaves your device, there is no third-party data processor involved in the handling of face data. Our apps do not integrate any third-party SDKs that access, process, or transmit face data.

Compliance Statement

Our handling of face data complies with Apple's App Store Review Guidelines (including Section 5.1.2 regarding data collection and storage), Google Play Developer Program Policies, the Illinois Biometric Information Privacy Act (BIPA), the EU General Data Protection Regulation (GDPR), and all other applicable biometric data protection laws. We do not require consent for face data collection because we do not collect it.

5. Camera & Photo Library Access

Some of our apps may request permission to access your device's camera or photo library. This access is governed by the following principles:

Permission-Based Access: Camera and photo library access is only activated when you explicitly grant permission through your device's native permission dialogue. You can revoke this permission at any time through your device's Settings.
On-Device Processing: Photos and videos captured or selected within our apps are processed locally on your device. We do not automatically upload images or videos to our servers.
No Server Storage: Unless a specific feature explicitly requires cloud processing (in which case you will be clearly informed and asked for consent), photos and camera data are not stored on our servers.
Purpose Limitation: Camera access is used solely for the app's core functionality, such as applying filters, capturing content, or enabling AR features. It is never used for surveillance, background capture, or any purpose beyond the app's stated features.

6. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery: To provide, operate, and maintain our websites and mobile applications, including processing your requests and delivering the features and functionality you expect.
Service Improvement: To understand how our Services are used, identify trends, diagnose technical issues, and develop new features and improvements based on user behaviour and feedback.
Customer Support: To respond to your inquiries, troubleshoot problems, provide technical assistance, and communicate with you about your account or our Services.
Analytics & Performance: To measure and analyse the performance, stability, and engagement of our apps and websites, and to generate aggregated, anonymised statistical reports.
Marketing & Communications: With your explicit consent where required, to send you promotional materials, product updates, newsletters, or other information about our Services. You can opt out of marketing communications at any time.
Safety & Security: To detect, prevent, and address fraud, abuse, security risks, and technical issues, and to protect the rights and safety of our users and the public.
Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

7. Legal Basis for Processing (GDPR)

If you are located in the United Kingdom, European Economic Area (EEA), or a jurisdiction that requires a legal basis for processing personal data, we rely on the following lawful bases under the UK GDPR and EU GDPR:

Consent (Article 6(1)(a)): Where you have given clear, affirmative consent for us to process your personal data for specific purposes, such as receiving marketing communications, enabling optional features, or allowing advertising identifiers. You may withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.
Contractual Necessity (Article 6(1)(b)): Processing is necessary to perform a contract with you, such as providing you with the apps, services, or features you have requested, managing your account, or fulfilling in-app purchases.
Legitimate Interests (Article 6(1)(f)): Processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This includes improving our Services, ensuring security, conducting analytics, preventing fraud, and maintaining our IT infrastructure.
Legal Obligation (Article 6(1)(c)): Processing is necessary to comply with legal obligations to which we are subject, such as tax reporting, responding to lawful requests from public authorities, or complying with court orders.

8. Third-Party Services & SDKs

Our apps and websites may integrate third-party software development kits (SDKs) and services that may collect information from your device. These third parties operate under their own privacy policies, and we encourage you to review them. The third-party services we may use include:

Firebase Analytics (Google): For app usage analytics, user engagement tracking, and event logging. Firebase may collect device identifiers, usage data, and IP addresses. Firebase Privacy Policy
Firebase Crashlytics (Google): For crash reporting and diagnostic data collection to identify and resolve app stability issues. Firebase Privacy Policy
Google AdMob: For serving advertisements within our apps. AdMob may collect device identifiers, advertising IDs, and usage data for ad targeting and measurement. Google Privacy Policy
Facebook SDK (Meta): For analytics, attribution, and optional social features. The Facebook SDK may collect device information, advertising identifiers, and app event data. Meta Privacy Policy
Apple Frameworks: Our iOS apps use Apple frameworks such as ARKit, Vision, StoreKit, and SKAdNetwork. These operate under Apple's privacy policies and are processed on-device or by Apple in accordance with their terms. Apple Privacy Policy
Google Play Services: Our Android apps may use Google Play Services for functionality such as in-app billing, location services, and app updates. Google Privacy Policy

We take reasonable steps to ensure that our third-party partners process data in compliance with applicable data protection laws. However, we are not responsible for the privacy practices of third-party services.

9. Advertising & Ad Networks

Some of our apps display advertisements to support free or freemium content. We work with third-party ad networks to deliver these ads.

Personalised Advertisements

Where you have given consent (or where permitted by law), ad networks may use your advertising identifier (IDFA on iOS, GAID on Android), device information, and usage data to serve personalised advertisements that are more relevant to your interests. Personalised ads are based on your activity across apps and websites over time.

Non-Personalised Advertisements

If you do not consent to personalised advertising, or if you opt out, you will still see advertisements, but they will be non-personalised (contextual) ads that are not based on your personal data or past activity.

Opting Out of Personalised Ads

iOS: Go to Settings > Privacy & Security > Tracking, and disable "Allow Apps to Request to Track." You can also enable "Limit Ad Tracking" in Settings > Privacy & Security > Apple Advertising.
Android: Go to Settings > Google > Ads, and enable "Opt out of Ads Personalisation." You can also reset your advertising ID from this menu.
Industry Opt-Outs: You may also opt out of personalised ads from participating ad networks at www.aboutads.info/choices or www.networkadvertising.org/choices.

IDFA & GAID

The IDFA (Identifier for Advertisers) and GAID (Google Advertising ID) are resettable identifiers assigned by your device's operating system. We and our ad partners may use these identifiers for ad targeting, frequency capping, conversion tracking, and campaign measurement. On iOS 14.5+, we present the App Tracking Transparency prompt before accessing the IDFA.

10. In-App Purchases & Subscriptions

Some of our apps offer in-app purchases and subscription plans. All payment transactions are processed securely by the respective platform:

Apple App Store: All iOS in-app purchases and subscriptions are processed by Apple through their App Store payment system. We do not receive, process, or store your credit card number, bank account details, or other financial payment information. Apple manages billing, receipts, and refunds according to their terms.
Google Play Store: All Android in-app purchases and subscriptions are processed by Google through their Google Play billing system. Similarly, we do not receive or store your payment card details. Google manages the payment process according to their terms.

We may receive confirmation of your purchase (such as a transaction ID, product purchased, and date) to validate your subscription status and unlock premium features. We do not have access to your full payment details. For billing inquiries, refund requests, or subscription management, please contact Apple or Google directly, or manage your subscriptions through your device settings.

11. Children's Privacy

We take the privacy of children very seriously and are committed to compliance with the Children's Online Privacy Protection Act (COPPA) in the United States, the UK Age Appropriate Design Code (Children's Code), and similar regulations worldwide.

Age Restrictions: Our Services are not directed to children under the age of 13 (or 16 in the EEA/UK, or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children under these age thresholds.
Parental Notification: If we become aware that we have collected personal data from a child under the applicable minimum age without verified parental consent, we will take immediate steps to delete that information from our servers.
Parental Rights: If you are a parent or guardian and believe your child has provided us with personal information, please contact us at apps@rviraapps.com so we can take appropriate action.
No Behavioural Advertising to Children: We do not knowingly serve personalised or behavioural advertising to children.

12. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Account Data: Retained for the duration of your account and for up to 30 days after account deletion to allow for recovery, unless a longer retention period is required by law.
Analytics Data: Aggregated analytics data is retained for up to 26 months. Individual-level analytics data is retained for up to 14 months in accordance with Firebase Analytics default settings.
Crash Reports: Crash and diagnostic data is retained for up to 180 days.
Support Communications: Records of customer support interactions are retained for up to 24 months after the issue is resolved.
Legal Requirements: Certain data may be retained longer when required by law, such as financial transaction records or data subject to litigation holds.

Deletion Procedures

When data is no longer needed, it is securely deleted or anonymised. You may request deletion of your personal data at any time by contacting us at apps@rviraapps.com. We will respond to deletion requests within 30 days and complete the deletion within a reasonable timeframe, subject to any legal obligations that may require continued retention.

13. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:

Encryption in Transit: All data transmitted between your device and our servers is encrypted using SSL/TLS (Secure Sockets Layer / Transport Layer Security) protocols, ensuring that your information is protected during transmission.
Encryption at Rest: Personal data stored on our servers is encrypted at rest using industry-standard AES-256 encryption.
Secure Infrastructure: We use reputable cloud service providers (such as Google Cloud Platform / Firebase) that maintain robust security certifications including SOC 2 and ISO 27001.
Access Controls: Access to personal data is restricted to authorised personnel only, on a need-to-know basis, and is protected by strong authentication mechanisms.
Regular Reviews: We regularly review and update our security practices to address emerging threats and vulnerabilities.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use our Services at your own risk. We encourage you to use strong, unique passwords and to keep your device software up to date.

14. International Data Transfers

RVIRA LTD is based in the United Kingdom. Your information may be transferred to, stored, and processed in countries other than the one in which you reside, including the United States and other countries where our service providers operate.

When we transfer personal data from the UK or EEA to countries that have not been deemed to provide an adequate level of data protection, we implement appropriate safeguards to ensure your data remains protected, including:

Standard Contractual Clauses (SCCs): We use EU/UK-approved Standard Contractual Clauses with our data processors and partners to ensure contractual protection for your data when it is transferred internationally.
Adequacy Decisions: Where available, we rely on adequacy decisions made by the UK Secretary of State or the European Commission that recognise certain countries as providing adequate data protection.
EU-U.S. Data Privacy Framework: Where applicable, we work with service providers that participate in recognised data privacy frameworks.

By using our Services, you acknowledge that your data may be processed in countries with different data protection laws than your country of residence. We will always ensure that appropriate safeguards are in place.

15. Sharing Your Information

We do not sell your personal information. We may share your information only in the following limited circumstances:

Service Providers: With trusted third-party service providers who assist us in operating our business, such as hosting providers, analytics services, crash reporting tools, and advertising networks. These providers are contractually obligated to process data only on our behalf and in accordance with our instructions.
Legal Requirements: When required by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
Business Transfers: In connection with, or during negotiations of, any merger, acquisition, sale of assets, financing, or transfer of all or a portion of our business to another company. In such events, your personal data may be among the transferred assets, and you will be notified of any change in ownership or use of your personal data.
With Your Consent: We may share your information with third parties when you have given explicit consent to do so.
Aggregated/Anonymised Data: We may share aggregated or de-identified data that cannot reasonably be used to identify you, for industry analysis, research, or other purposes.

We never share face data, biometric information, or camera data with any third party for any reason whatsoever.

16. Your Rights under GDPR

If you are located in the United Kingdom or European Economic Area, the UK GDPR and EU GDPR grant you the following rights with respect to your personal data:

Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you, along with information about how it is being processed. We will provide this within one month of your request.
Right to Rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure (Article 17): You have the right to request deletion of your personal data where there is no compelling reason for continued processing. This is also known as the "right to be forgotten."
Right to Restriction of Processing (Article 18): You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller without hindrance.
Right to Object (Article 21): You have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds.
Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Rights Related to Automated Decision-Making (Article 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significant effects. We do not currently engage in solely automated decision-making.

To exercise any of these rights, please contact us at apps@rviraapps.com. We will respond to your request within one month. In certain cases, we may need to verify your identity before processing your request. There is generally no fee for exercising your rights, but we may charge a reasonable fee for manifestly unfounded or excessive requests.

17. Your Rights under CCPA/CPRA

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information:

Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions (such as legal compliance or completing a transaction).
Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing: We do not sell your personal information. However, if our practices ever constitute a "sale" or "sharing" under the CCPA/CPRA, you have the right to opt out.
Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information to what is necessary for performing our services.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. You will not receive different pricing, quality of service, or level of service for exercising your rights.

To exercise your CCPA/CPRA rights, please contact us at apps@rviraapps.com or call us at +92 321 4445500. We will verify your identity before processing your request and will respond within 45 days. You may also designate an authorised agent to make requests on your behalf.

18. Cookies & Tracking Technologies

Our websites may use cookies and similar tracking technologies to enhance your browsing experience, analyse site traffic, and understand user preferences.

Types of Cookies We Use

Strictly Necessary Cookies: Essential for the website to function properly. These cookies do not require consent as they are necessary for providing the service you have requested.
Analytics Cookies: Used to collect information about how visitors use our website, such as which pages are visited most often and whether users encounter error messages. This data is aggregated and anonymised. We use services such as Google Analytics for this purpose.
Functional Cookies: Allow the website to remember choices you make (such as language preference or region) and provide enhanced, personalised features.
Advertising Cookies: May be set by our advertising partners to build a profile of your interests and show you relevant advertisements on other sites. These cookies are only set with your consent.

Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or set preferences for certain websites. Please note that disabling certain cookies may affect the functionality of our website. For more information on managing cookies, visit www.allaboutcookies.org.

Other Tracking Technologies

We may also use web beacons (pixel tags), local storage, and similar technologies in our emails and on our website to track engagement and improve our communications.

19. Push Notifications

Our mobile applications may request your permission to send push notifications to your device. Push notifications may include alerts, reminders, promotional messages, or updates related to the app's functionality.

Consent: Push notifications are only sent after you have granted permission through your device's notification settings. You are not required to enable push notifications to use our apps.
Device Tokens: When you opt in, your device provides a unique push notification token. We use this token solely to deliver notifications to your device. This token does not contain personal information and cannot be used to identify you personally.
Opting Out: You can disable push notifications at any time through your device settings. On iOS, go to Settings > Notifications > [App Name]. On Android, go to Settings > Apps > [App Name] > Notifications.

20. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Due to the lack of a common industry standard for interpreting DNT signals, our websites do not currently respond to or alter their practices when they receive DNT signals from browsers.

However, we respect your right to privacy and provide multiple ways for you to control the collection and use of your data, as described in this Privacy Policy. We also support the Global Privacy Control (GPC) signal where technically feasible and will treat it as a valid opt-out request under applicable laws such as the CCPA/CPRA.

21. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational, legal, or regulatory reasons. When we make changes:

Notification: We will post the updated Privacy Policy on this page with a revised "Last Updated" date. For significant changes, we may also notify you through our apps (via in-app notification), by email, or by other reasonable means.
Review: We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
Continued Use: Your continued use of our Services after the posting of changes constitutes your acceptance of those changes. If you do not agree with the revised policy, you should discontinue use of our Services.

22. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the details below:

Data Protection Officer

For data protection inquiries, requests to exercise your rights, or to raise a concern about how we handle your data, you may contact our Data Protection Officer:

Name: Anum Rafiq (Data Protection Officer)
Email: apps@rviraapps.com
Address: Unit 3 K70 Premier House, Rolfe Street, Smethwick, West Midlands, England, B66 2AA

We aim to respond to all legitimate inquiries within 30 days. Occasionally, it may take us longer if your request is particularly complex or you have made multiple requests, in which case we will notify you and keep you updated.

23. Complaints

If you are unhappy with how we have handled your personal data or believe that we have not complied with our obligations under data protection law, we encourage you to contact us first at apps@rviraapps.com so that we can try to resolve the issue.

However, you also have the right to lodge a complaint with a supervisory authority. The relevant authorities are:

United Kingdom

Authority: Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

European Union

If you are located in the EU, you have the right to lodge a complaint with the supervisory authority in your country of residence, your place of work, or the place where you believe an infringement of data protection law has occurred. A list of EU supervisory authorities can be found at https://edpb.europa.eu.

We take all complaints seriously and will work to resolve any issues in a timely manner. We welcome your feedback as it helps us improve our data protection practices.

Last updated: April 2026

This privacy policy is effective as of the date stated above.

Contact Us