Last Updated: June 8, 2026
This Privacy Policy describes how Carvify, Inc. (DBA Carve) ("we," "us," or "our") collects, uses, and protects information when you use the Carve consumer mobile application ("the App") on iOS, Android, or supported mobile platforms. By using the App, you agree to this Privacy Policy. If you do not agree, do not use the App.
1. Scope
This Policy applies to the Carve mobile consumer app — a cloud-hosted social app-building platform. It does not describe the Carve desktop application, which may process data differently (including local command execution). If you use both products, each is governed by its applicable terms and privacy policy.
2. Information We Collect
2.1 Account and Profile
When you create an account, we collect:
- Email address
- Name
- Password (stored in hashed form; we never store plain-text passwords)
- Public handle (@username)
- Optional profile bio and avatar image
- Email verification status
2.2 Social and Community Data
When you use social features, we collect:
- Follow relationships (who you follow and who follows you)
- Comments, reactions, and @mentions on Drops
- Boosts, pings, and share activity
- Play counts, impressions, remix counts, and leaderboard scores
- Play outcomes (scores, outcome text) you submit or share
- Public creator profile data visible to other users
2.3 Direct Messages
When you use Pass Drops messaging, we collect:
- Message text and timestamps
- App Drop and outcome payloads (e.g., app slug, score, outcome text)
- Thread metadata (participants, request/accept status)
- Block and hide preferences
2.4 Contact Discovery (Optional)
If you grant contacts permission:
- We receive hashed email addresses and phone numbers from your device address book — not the raw address book
- Hashing occurs on your device before data is sent to our servers
- We use hashes only to match against registered Carve users and suggest people you may know
- We do not store your full contact list
- You may optionally sync a hashed phone number (E.164 format) to your account to improve matching
2.5 Push Notifications (Optional)
If you enable push notifications, we collect:
- Expo push notification token
- Device platform (iOS or Android)
- Notification delivery metadata
You can disable push notifications in the App or your device settings at any time.
2.6 Guest and Analytics Data
If you browse without an account, we may collect:
- A pseudonymous session identifier
- Play and impression events associated with that session
- Onboarding analytics events (e.g., registration started, registration completed)
- Device platform information
After you sign in, some guest activity may be associated with your account.
2.7 App Builder and Drops Data
When you create or edit Drops, we collect:
- App specifications, drafts, and build conversation history (your prompts and AI responses)
- Sandbox HTML and interactive UI artifacts
- App runtime key-value data stored on our servers
- Publish titles, descriptions, visibility settings, and remix lineage
- Images you upload (e.g., avatars)
2.8 Signup Attribution
If you arrive via a referral link or campaign, we may store UTM parameters and referrer handle to attribute signups and enable features like auto-follow.
2.9 Technical Information
We may collect:
- IP address (for security and fraud prevention)
- Device type and operating system version
- App version
- Authentication tokens (stored securely on your device)
2.10 What We Do Not Collect
- Location data. The App does not request or collect precise or coarse location.
- Full address books. We never store your complete contacts list.
- Google user data via OAuth. The consumer App does not connect to Gmail, Google Calendar, Google Drive, or other Google APIs.
3. Mobile Device Permissions
The App may request the following device permissions:
| Permission | Purpose |
|---|---|
| Contacts | Find friends already on Carve and suggest people to follow. Hashed identifiers only; we never store your address book. |
| Photo library | Upload a profile avatar image. |
| Notifications | Send optional alerts when someone remixes your Drop, comments, follows you, sends a message, or similar activity. |
You can deny any permission and still use most App features. iOS and Android permission prompts describe these uses in plain language.
4. How We Use Your Information
We use collected information to:
- Provide, operate, and improve the App
- Authenticate you and maintain your account
- Display your profile, Drops, and social activity to you and other users according to your visibility settings
- Deliver push and in-app notifications you have opted into
- Match hashed contacts to registered users (only with your permission)
- Process AI builder requests and run published Drops
- Enforce our Terms, prevent abuse, and maintain security
- Analyze usage to improve the product
- Comply with legal obligations
We do not sell your personal information.
5. How We Share Information
We do not sell personal information. We may share information:
- With other users according to your settings (public Arena Drops, Circle-visible Drops, comments, profile, DMs to recipients, Huddle membership)
- With service providers who help operate the App under confidentiality agreements, including:
- Cloud hosting and database providers
- Expo (push notification delivery via Expo's push service)
- AI model providers (see Section 6)
- For legal reasons when required by law or to protect rights and safety
- In corporate transactions (merger, acquisition) with notice as required by law
6. AI Processing and Third Parties
To provide AI-powered app building and Drop runtime features, we transmit your prompts, instructions, and related context to third-party AI model providers ("AI Sub-processors") over encrypted connections. Our current AI Sub-processors include: OpenAI, LLC (large language models); Anthropic PBC (large language models); Perplexity AI, Inc. (internet search and research, when enabled).
We select providers that commit not to use customer inputs to train general-purpose models, but we do not control all internal practices of third-party providers. Consumer Drops do not use Google OAuth APIs or access Google user data.
7. Publishing Visibility
Your Drops and profile data may be visible to others depending on settings you choose:
- Arena: Public to all users and discoverable in feeds
- Circle: Visible to users who follow you
- Huddle: Visible to members of a specific private group
- Stealth: Accessible only via direct link; not listed in public feeds
Comments on public Drops are visible to users who can view the Drop.
8. Data Storage and Security
- Passwords are hashed using industry-standard methods
- Data is transmitted over HTTPS/TLS
- Authentication tokens are stored in your device's secure storage (iOS Keychain / Android Keystore equivalent)
- We implement administrative, technical, and organizational safeguards appropriate to the data we process
No method of transmission or storage is 100% secure. We will notify you of security incidents affecting your personal information as required by applicable law.
9. Data Retention
We retain your account information while your account is active and as needed to provide the App and comply with law. You may request deletion of your personal data by contacting us at info@getcarve.app. We will process deletion requests in accordance with applicable law. Some data may persist in backups for a limited period or as required by law. Analytics data may be retained in aggregated or de-identified form.
Account deletion: The App does not currently offer in-app account deletion. To request account deletion, email info@getcarve.app from the address associated with your account.
10. Your Rights
Depending on your location, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Request deletion of your data
- Object to or restrict certain processing
- Withdraw consent where processing is based on consent (e.g., push notifications, contacts)
- Export your data
- Lodge a complaint with a supervisory authority (EEA/UK residents)
To exercise these rights, contact us at info@getcarve.app. We will respond in accordance with applicable law.
11. Children's Privacy
The App is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us at info@getcarve.app and we will delete it.
12. International Transfers
If we transfer your information outside your country of residence, we do so in accordance with applicable law and implement appropriate safeguards (e.g., standard contractual clauses) where required.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via the App or email. Continued use after the effective date constitutes acceptance. If you do not agree, stop using the App.
14. Contact
For questions about this Privacy Policy or our data practices, contact us at info@getcarve.app.
By using the Carve mobile app, you acknowledge that you have read and understood this Privacy Policy.