Privacy Policy

When you register for Cici, we collect the information you provide, including your display name, email address, date of birth (to verify you are 18 years of age or older), profile photograph, gender (optional), and any personal bio or interest tags you choose to add. If you register via a third-party provider such as Apple Sign-In or Google, we receive a limited profile dataset as authorized by you and that provider.

We automatically collect technical data including your device model, operating system version, unique device identifiers, IP address, mobile carrier, app version, crash reports, and session performance diagnostics. This data is used to maintain service quality and diagnose technical issues.

We record how you interact with the Service, including features you use, calls you initiate or receive, session durations, matching interactions (swipes, accepts, skips), content you engage with, and the frequency and timing of your sessions. This data informs product improvements and our recommendation systems.

When you participate in a live video call, your camera feed and microphone audio are transmitted in real time between you and your matched user via our encrypted RTC (Real-Time Communication) infrastructure. Cici does not record or store the content of live video calls unless: (a) a user submits a safety report during or after a call, triggering a limited review process; or (b) you explicitly use an in-app screen-capture or clip-saving feature where available. Session metadata (call start/end time, duration, connection quality) is retained as described in Section 9.

You may optionally provide matching preferences such as preferred gender, age range, and language. This preference data is used exclusively to improve the quality of your match experience and is not shared with advertisers or data brokers.

We collect any profile photos, video clips, text posts, comments, or other content you create or upload within the Service. See Section 5 for full details on UGC handling.

If you contact our support team, submit a report, or respond to in-app surveys, we retain the content of those communications and associated metadata for the purpose of resolving your inquiry and improving the Service.

All payments are processed exclusively by Apple App Store or Google Play. Cici does not store your payment card details. We receive only anonymized transaction confirmation tokens and purchase entitlement data to activate your in-app features such as virtual currency, subscriptions, or premium unlocks.

We use your information to operate and deliver the Cici experience, including authenticating your account, facilitating video calls and matching, processing in-app purchases, enforcing community standards, and delivering all core platform functions.

Your profile data, stated preferences, and behavioral signals are used to power Cici's matching system, which connects you with other users in real time. The matching system is designed to maximize connection quality and minimize unwanted interactions. See Section 4 for full details.

We process data from session metadata, behavioral patterns, and user reports to detect and prevent fraud, harassment, abusive behavior, and policy violations. Real-time safety signals are used to interrupt calls or flag accounts that exhibit prohibited conduct patterns, protecting all users on the platform.

Aggregated and de-identified usage data is analyzed to improve matching accuracy, call quality, feature design, and overall platform performance. Individual-level behavioral data is not shared externally for research purposes.

With your consent where required by applicable law, we may send promotional communications about new features, events, or offers. You may withdraw consent at any time via in-app settings or the unsubscribe link in any email.

We process personal data as necessary to comply with applicable laws, respond to valid legal process, enforce our Terms of Service, and protect the rights, safety, and property of Cici and its users.

Live video calls on Cici are powered by encrypted Real-Time Communication (RTC) technology. Video and audio streams are transmitted end-to-end between matched users via our relay infrastructure using SRTP (Secure Real-Time Transport Protocol) and DTLS encryption. This means your call content is encrypted in transit and is not accessible to Cici employees during a live session.

Cici does not routinely record, store, or analyze the content of live video calls. We do not retain video or audio recordings of calls for advertising, training, or profiling purposes. The only exceptions are: (a) where a safety report is filed during or immediately after a call, in which case a limited session fragment may be retained solely for safety review and enforcement; and (b) where you explicitly activate an opt-in clip or highlight feature within the app, which will be clearly disclosed at the point of use.

While call content is not stored, session metadata is collected and retained, including: call initiation and end timestamps; call duration; connection quality metrics; device and network type used during the call; and whether a report was submitted during or after the session. This metadata is used for technical diagnostics, safety enforcement, and aggregate analytics.

Cici requires access to your device camera and microphone to enable video call functionality. These permissions are requested at the point of first use and are governed by your device's operating system permission controls. You may revoke these permissions at any time in your device settings, though doing so will prevent you from participating in video calls. Cici does not access your camera or microphone outside of active call sessions.

Our real-time video infrastructure relies on third-party RTC service providers. These providers process connection signaling and relay encrypted media streams as technical intermediaries. They are bound by data processing agreements and do not have access to the content of decrypted call streams. Details of our RTC infrastructure providers are available upon request at service@cici.ink.

Cici's matching system connects you with other online users in real time based on your stated preferences (such as preferred gender, age range, and language), your behavioral history within the app (such as acceptance rates and session quality feedback), and platform-level availability signals. The matching algorithm is designed to maximize connection quality and minimize exposure to users who have received safety reports.

Matching preference data you provide is used exclusively to operate the matching system and improve its accuracy. It is not used for external advertising targeting, shared with data brokers, or sold to third parties. You may update or clear your matching preferences at any time in your profile settings.

Cici retains a record of your match history (user identifiers matched, session outcomes, and session timestamps) for the purpose of improving matching quality, preventing re-matching with users you have blocked or reported, and supporting safety enforcement. Match history data is not publicly visible to other users.

When you block or report another user, that action is recorded and used to prevent future matches with that individual. Reports are reviewed by our safety team and may result in enforcement action. Your identity as the reporting party is kept confidential from the reported user.

When you upload profile photos, video highlights, or other content to Cici, that content is stored on our secure cloud servers and associated with your account. You retain ownership of all original content you create. By submitting UGC, you grant Cici a non-exclusive, worldwide, royalty-free license to host, store, display, and distribute your content within the Service and in connection with promoting the Service, subject to your privacy settings.

You warrant that you own or have the necessary rights to any content you upload, including profile images and video clips, and that your content does not infringe any third-party intellectual property, privacy, or other rights. Content that infringes third-party rights may be removed without prior notice.

We use automated scanning and human review to moderate UGC for compliance with our Community Guidelines. Profile images and publicly visible content are reviewed for nudity, violence, deceptive imagery, and other prohibited material. Content in violation of our policies will be removed, and the responsible account may be subject to enforcement action.

When you delete UGC or your account, content is removed from public display within 48 hours. Complete deletion from production servers occurs within 30 days, and from backup archives within 90 days. Content flagged for safety review may be retained for the duration of the review process.

Cici may use your interaction history, stated interests, and behavioral signals to personalize in-app features such as featured content, suggested users to follow, and notifications about platform activity. Personalization is used solely to improve your in-app experience and is not used for third-party advertising targeting.

You may disable personalized recommendations at any time in Settings > Privacy > Personalization. Cici will then serve you a non-personalized, default experience. Core matching functionality is not affected by this setting.

We share personal information with trusted third-party service providers who support our operations, including cloud hosting providers, RTC infrastructure providers, payment processors, analytics platforms, customer support tools, and safety and fraud detection systems. All providers are contractually bound to process your data only on our instructions and in compliance with applicable data protection law.

We do not sell your personal information. We do not share your data with advertisers, data brokers, or third-party marketing platforms for their independent use.

In the event of a merger, acquisition, or asset sale, your personal data may transfer to the acquiring entity. We will notify you in advance via in-app notice or email before your data becomes subject to a materially different privacy policy, giving you the opportunity to request deletion before any transfer.

We may disclose your information to law enforcement or government authorities when required by applicable law, valid legal process, or where disclosure is necessary to protect user safety or prevent serious harm. We will notify affected users prior to such disclosure where legally permitted.

In cases involving an immediate threat to the life or safety of any person, we may proactively share relevant information with law enforcement without awaiting a formal legal request. Such disclosures are documented internally and subject to our legal review process.

Your display name and profile photo are visible to other Cici users as part of the matching and social experience. You may update or remove your profile photo at any time. Setting your account to a more restricted mode in Settings will limit how your profile is presented to other users.

As described in Section 3, live video functionality relies on third-party RTC infrastructure. These providers process encrypted signaling and relay data as technical intermediaries and are bound by data processing agreements prohibiting independent use of your data.

We integrate mobile analytics SDKs to measure app performance and engagement. These SDKs are configured to operate in privacy-preserving modes where available, including anonymized event collection and suppression of advertising identifiers absent user consent.

We use third-party safety and content scanning tools to detect prohibited content in profile images and other UGC. These tools process only the data necessary for safety review and are bound by strict confidentiality and data minimization obligations.

If you sign in via Apple or Google, those providers operate under their own terms and privacy policies. Our use of data received from these sign-in flows is strictly limited to account authentication and basic profile creation.

We retain your personal information for as long as your account is active or as needed to provide the Service. Accounts with no login activity for 24 consecutive months will be subject to a dormancy notification, following which inactive data may be anonymized or deleted.

Session metadata (timestamps, duration, connection quality, report status) is retained for up to 12 months for technical diagnostics and safety enforcement purposes, after which it is anonymized or deleted.

Records of user reports, content moderation actions, and enforcement decisions are retained for up to 36 months after account closure to support pattern analysis, enforcement appeals, and legal defense.

Financial transaction records are retained for a minimum of seven years to comply with applicable tax, accounting, and consumer protection obligations.

Aggregate, irreversibly anonymized analytics data may be retained indefinitely for product research and development.

We implement industry-standard security measures including TLS 1.2+ for all data in transit, SRTP/DTLS encryption for all video and audio streams, AES-256 encryption for sensitive data at rest, strict role-based access controls, and automated anomaly detection to identify unusual access patterns.

Access to user data is restricted on a need-to-know basis, requires multi-factor authentication, and is subject to comprehensive audit logging. All personnel with access to personal data undergo regular data protection training and sign confidentiality agreements.

We conduct regular security assessments and third-party penetration testing. We maintain a responsible disclosure policy; if you discover a security vulnerability, please report it to service@cici.ink.

In the event of a personal data breach posing a risk to your rights and freedoms, we will notify relevant supervisory authorities within 72 hours where required by law, and will inform affected users without undue delay, describing the nature of the breach and steps taken to mitigate harm.

The Cici app uses session tokens, local storage, and analytics SDKs rather than traditional browser cookies. These are used to maintain your authenticated session, remember app preferences, and measure feature engagement for product improvement.

On iOS, we request your consent via Apple's App Tracking Transparency (ATT) prompt before accessing your IDFA. On Android, we respect your opt-out of personalized advertising via device settings. Advertising identifiers are used solely to measure our own user acquisition campaigns and are not shared for third-party behavioral advertising.

Our website may use standard browser cookies for session management and analytics. You may manage cookie preferences through your browser settings.

Cici operates infrastructure across multiple regions to deliver low-latency video call quality globally. Your personal data may be transferred to and processed in countries other than your country of residence, which may have different data protection standards.

For transfers from the EEA, UK, or Switzerland to third countries lacking an adequacy decision, we rely on EU Standard Contractual Clauses (SCCs) and, where applicable, the UK International Data Transfer Addendum (IDTA). For other cross-border transfers, we implement equivalent contractual or technical safeguards.

Due to the real-time nature of video call delivery, RTC relay infrastructure must be geographically proximate to users. This means call signaling and relay data may be processed in the region closest to your current location at the time of a call, which may differ from your country of residence. All such processing is governed by appropriate transfer safeguards.

You may request a copy of the personal information we hold about you. Much of this is accessible directly in-app. For a full data export, email service@cici.ink with “Data Access Request” in the subject line.

You may correct or update inaccurate personal information directly in your account settings. For data that cannot be self-corrected, contact us and we will process the correction within 30 days.

You may request deletion of your account and personal data via Settings > Account > Delete Account or by emailing us. We will process your request within 30 days, subject to legal retention obligations. See Section 20 for full details.

You may object to or request restriction of processing in certain circumstances. We will pause relevant processing while assessing your objection unless we have compelling legitimate grounds that override your interests.

Where processing is based on consent or contract and carried out by automated means, you may request your personal data in a structured, machine-readable format (e.g., JSON) for transfer to another service.

Where we rely on consent as the legal basis for processing, you may withdraw it at any time through in-app settings or by contacting us, without affecting prior lawful processing.

Email service@cici.ink with “Privacy Rights Request” in the subject line and include your registered email address and a description of your request. We will verify your identity and respond within the timeframe required by applicable law.

For users in the European Economic Area and the United Kingdom, Cici acts as the data controller of your personal information under the GDPR and UK GDPR respectively.

We process your data under the following legal bases: (a) contractual necessity (to provide the Service); (b) legal obligation (regulatory compliance); (c) legitimate interests (safety, fraud prevention, service improvement), where not overridden by your rights; and (d) consent (for marketing and optional personalization features).

If you believe your data has not been handled lawfully, you have the right to lodge a complaint with your national data protection supervisory authority. We encourage you to contact us first to attempt direct resolution.

California residents have rights under the CCPA as amended by the CPRA, including the right to know, delete, correct, and opt out of the sale or sharing of personal information. Cici does not sell personal information and does not share it for cross-context behavioral advertising, so no opt-out request is required for those purposes.

Exercising your California privacy rights will not result in discriminatory treatment, including denial of service or different pricing.

California residents may designate an authorized agent to submit requests on their behalf by providing written proof of authorization. We will verify the identity of both agent and resident before processing any request.

Brazilian users have rights under the Lei Geral de Protecao de Dados (LGPD), including confirmation, access, correction, anonymization, blocking, deletion, and portability of their personal data, as well as the right to information about sharing and to withdraw consent.

We process personal data of Brazilian users based on contract performance, legal obligation, and consent where applicable. We do not rely on legitimate interests alone to process sensitive data categories belonging to Brazilian users.

Brazilian users may lodge complaints with the Autoridade Nacional de Protecao de Dados (ANPD) if they believe their data has been processed in violation of the LGPD.

Cici is designed exclusively for users who are 18 years of age or older. We do not knowingly collect personal information from individuals under 18. We implement date-of-birth verification at registration and apply additional review measures to accounts suspected of being operated by minors. If we determine that a user is under 18, we will immediately terminate the account and delete all associated data without prior notice.

If you are a parent or guardian and believe a minor has created a Cici account, contact us immediately at service@cici.ink. We will investigate and, where confirmed, permanently delete the account and all associated data without delay.

Cici enforces an absolute zero-tolerance policy toward any content, conduct, or behavior that constitutes, facilitates, promotes, or glorifies Child Sexual Abuse and Exploitation (CSAE) in any form. Given the real-time video nature of our platform, we treat this commitment with heightened urgency. Prohibited conduct includes, without limitation: child sexual abuse material (CSAM) of any kind; grooming, solicitation, or exploitation of individuals under 18; any attempt to use the video call or matching features to make inappropriate contact with minors; and any content that sexualizes, endangers, or exploits persons under 18.

We deploy automated content-scanning on UGC, AI-assisted behavioral detection on session patterns, and trained human safety reviewers to identify potential CSAE activity. Upon confirmed detection or credible report, we immediately: remove all associated content from the platform; permanently terminate the responsible account and associated identifiers; file a mandatory report with the National Center for Missing and Exploited Children (NCMEC) CyberTipline or the legally required equivalent authority in the applicable jurisdiction; and cooperate fully and proactively with all resulting law enforcement investigations, including preserving and producing records as legally required.

Given the live video context of Cici, we take particular care to ensure our matching systems do not pair adults with minors. If you encounter any content or behavior that you suspect constitutes CSAE, please report it immediately using the in-app reporting function on the relevant profile or session, or email service@cici.ink with subject line “CSAE Report.” All such reports are actioned as our highest priority.

We conduct regular reviews of our child safety infrastructure, collaborate with recognized child safety organizations, and continuously update our detection capabilities to reflect evolving threats and best practices in platform child safety.

All in-app purchases on Cici, including virtual currency, coin packages, premium features, and subscriptions, are processed exclusively through Apple App Store or Google Play. Cici does not collect, transmit, or store your payment card information.

If Cici offers virtual currency or coin systems (for features such as extended calls, gifting, or premium unlocks), your coin balance and transaction history are stored on our servers and associated with your account. Virtual currency has no cash value, is non-transferable, non-refundable except as required by applicable law, and may expire in accordance with the terms disclosed at the point of purchase.

Records of in-app purchases and virtual currency transactions are retained for a minimum of seven years for accounting and legal compliance purposes.

Cici may send push notifications for: incoming match or call requests; messages and social interactions; platform feature announcements; safety and account security alerts; and promotional offers (with your consent).

You can granularly control which notifications you receive in Settings > Notifications, or disable all push notifications via your device's operating system settings. Disabling all notifications may cause you to miss important account security alerts.

We send transactional emails (account confirmations, security alerts, purchase receipts), which are necessary for Service operation and cannot be unsubscribed from while your account is active. Marketing emails are optional and may be unsubscribed from at any time via the link in any such message.

You may permanently delete your Cici account at any time via Settings > Account > Delete Account, or by emailing service@cici.ink with “Account Deletion Request” in the subject line.

Your profile and public content are removed from view within 48 hours. Personal data is deleted from production servers within 30 days. Residual copies in encrypted backup archives are purged within 90 days of the next backup rotation cycle.

Certain data may be retained following account deletion where required by law, including financial transaction records (up to 7 years), safety and moderation records (up to 3 years), and data subject to a legal hold. All retained data is isolated and processed only for the specific legal purpose requiring its retention.

Cici operates real-time safety monitoring systems that analyze session metadata and behavioral patterns (not call content) to detect indicators of abusive or prohibited conduct during matching and video call sessions. These systems may interrupt or flag sessions exhibiting prohibited behavior patterns, such as rapid skipping combined with report signals.

We maintain an internal trust score for each account based on behavioral history, reports received, content moderation actions, and platform engagement patterns. This score is used to calibrate matching eligibility, feature access, and the priority of safety reviews. It is not shared with other users or external parties.

You may report another user at any time during or after a call using the in-app reporting function. Reports are reviewed by our safety team and may result in account warnings, feature restrictions, or permanent termination. Your identity as the reporting party is kept confidential from the reported user.

This Privacy Policy is governed by applicable international data protection law and the laws of the jurisdiction in which Cici is incorporated, except where mandatory local law in your country of residence (including GDPR, CCPA/CPRA, LGPD, PDPA, or PIPL) imposes higher standards that cannot be contractually excluded.

If our response to a direct complaint has not resolved your concern, you retain the right to escalate to the relevant data protection supervisory authority in your country of residence.

We may update this Policy periodically. For material changes, we will notify you at least 14 days before they take effect via in-app notice, push notification, and/or email to your registered address. Non-material corrections may be made without advance notice.

Your continued use of Cici after the effective date of any revised Policy constitutes acceptance of the updated terms. If you do not agree, you may delete your account before the changes take effect.

Prior versions of this Policy are available upon request at service@cici.ink.

For questions, concerns, or data rights requests regarding this Policy, please contact us at:

• Email: service@cici.ink
• Subject: “Privacy Inquiry – [Your Name]”

We aim to acknowledge inquiries within 5 business days and provide a substantive response within 30 days.

To report suspected CSAE content or child safety concerns on Cici, use the in-app “Report” function or email service@cici.ink immediately with subject line “CSAE Report.” These reports are our highest-priority safety matter and will be actioned without delay.