Unisaver — Privacy Policy | Local-first downloads, no data sold

Effective: 5 May 2026 · App ID (Android): com.creed.unisaver · App ID (iOS): 6746811725

This is the per-app privacy policy for Unisaver. It complements the company-wide CreedStack Motions privacy policy, which covers our website and direct support. Plain-English, feature-by-feature, zero data sold.

1 · Introduction

This Privacy Policy describes how CreedStack Motions Limited handles information in connection with the Unisaver mobile application — Android (com.creed.unisaver) and iOS (App Store ID 6746811725). Unisaver lets you download videos, images and audio from 1,000+ public web sources to your device's local storage.

2 · Information collected — feature by feature

Unisaver is local-first. Most things stay on your phone. Where we do touch a server, we say so plainly:

Pasted URL. When you paste a link, the URL is sent to our extraction backend (Koyeb) only long enough to resolve the source media URL. We do not log the URL after the response is returned.
Downloaded files. Once Unisaver gets the source URL, the file streams from the original platform (TikTok, Instagram, YouTube, etc.) directly to your device. The file never passes through our servers. We do not store, archive or re-host your downloads.
Download history. A list of what you've downloaded is kept locally on your device so you can reopen, share or re-download. It is not synced to any server. Clear it from Settings → History.
WhatsApp status saving. Statuses you save are read directly from your WhatsApp media folder and copied to Unisaver's storage. No external server involvement.
Private vault. Any download you move into the locked folder is encrypted with a key derived from your PIN/biometric and never leaves your device.
Crash diagnostics. Anonymous crash stack traces and a device-model identifier are sent to Firebase Crashlytics so we can fix bugs. No URL or file content is included.
Anonymous usage analytics. Aggregated, anonymised events (e.g. "user opened the downloads tab") flow through Firebase Analytics. We use them to know which features are actually used. No personal identifiers are linked to events.
Advertising. Google Mobile Ads (AdMob) shows banner, native and rewarded-video ads. AdMob's own SDK handles ad targeting using its own device-level identifiers; we don't pass it any personal data of yours.
Push notifications. If you allow notifications, your device's push token is held by Firebase Cloud Messaging so we can send "download complete" alerts. You can revoke any time in your OS settings.
Pro purchases. Subscriptions and one-time purchases are processed by Apple App Store or Google Play. We receive only the transaction reference needed to verify entitlement, never your card number.

We do not collect: your name, email, phone number, address, contacts, calendar, photos library at large (only files you explicitly download), microphone, precise GPS, social-media credentials, or biometric templates.

3 · Permissions explained

Internet. Required — without it, Unisaver can't fetch media from public links.
Storage. Required — to save downloaded files to your device.
Notifications. Optional — for download-complete alerts. Off-by-default; you'll be asked.
Foreground service. Required for background downloading — keeps the download alive when you switch apps or lock your phone.
Biometric. Optional — to unlock the private vault.

4 · Third-party services we use

Each is named, and each has its own privacy policy that applies to its part of the experience:

Firebase (Crashlytics, Analytics, Cloud Messaging) — Google privacy policy.
Google Mobile Ads (AdMob) — AdMob data practices.
Apple App Store / Google Play — purchase processing and store distribution. We never see your full card number.
Unisaver backend (Koyeb) — URL extraction service. Holds your URL only long enough to resolve. No persistent log past 24h debug retention.
Source platforms (TikTok, Instagram, YouTube, Facebook, X, Reddit, Pinterest, Vimeo, SoundCloud, Mixcloud, Threads, Twitch, LinkedIn, Snapchat, Tumblr, Dailymotion, Rumble, Streamable, Spotify, Telegram, Bluesky, Bilibili, Douyin, VK, OK, CapCut, Kuaishou, Likee, Bandcamp, Terabox, etc.) — when their content streams to your device, your IP and user-agent are visible to them.

5 · How we use the information

To resolve the URL you paste so we can return a downloadable media link.
To deliver in-app and rewarded ads in the free tier.
To verify Pro purchases and restore them across reinstalls.
To send download-complete notifications if you opted in.
To diagnose crashes and improve stability.
To respond to support, privacy and deletion requests.

We do not use your data to: train AI models, profile you for political targeting, build a marketing list, or share with data brokers. We don't sell anything.

6 · Retention

Pasted URLs. Held in memory on the backend only during extraction. No persistent log past 24h debug retention.
Downloaded files. Stored on your device until you delete them or uninstall the app.
Download history. Stored locally until you clear it.
Crash diagnostics. 90 days in Firebase Crashlytics.
Analytics events. 14 months in Firebase Analytics.
Push tokens. Until you revoke notifications or uninstall.
Purchase records. Held by Apple/Google + a transaction reference on our side as needed for compliance and refunds.

7 · Your rights & choices

Clear download history and cached metadata from Settings → History.
Disable analytics and crash reporting from Settings → Privacy.
Limit ad personalisation via your phone's OS settings (Android: Ad ID; iOS: Tracking).
Use the iOS "Delete All Data" option where available, or our data-deletion page.
Email info.creedmotions@gmail.com for access, correction or full deletion. We confirm in 48h, complete in 30d.
Manage purchases through your App Store or Google Play account.
Lodge a complaint with your local data-protection authority if needed.

8 · Security

We use reasonable technical and organisational measures: HTTPS for all backend calls, Firebase's at-rest encryption, biometric/PIN encryption for the locked folder, sandboxed app storage on Android and iOS. No app, network or storage system can promise absolute security, but we follow best practices and disclose breaches as required.

9 · Children

Unisaver is rated 12+ on Apple and Teen on Google Play. It is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided personal data, contact us — we will delete it.

10 · International transfers

Because Unisaver uses third-party providers headquartered in the US (Google, Apple, Koyeb), data may be processed in countries other than your own. Where required for EU/UK transfers, we and our processors rely on Standard Contractual Clauses or equivalent mechanisms.

11 · Changes to this policy

We may update this policy from time to time. Material changes update the "Effective" date at the top, and we'll surface an in-app notice for at least 30 days after a substantive change. Continued use after the new effective date means you accept the updated policy.

12 · Contact

Privacy questions, deletion requests or data-subject access requests:

Email: info.creedmotions@gmail.com
Company: CreedStack Motions Limited
Locations: New York, NY (HQ) · London · Kampala
App Store: apps.apple.com/app/id6746811725
Google Play: play.google.com/store/apps/details?id=com.creed.unisaver

← Back to Unisaver View Terms of Service Studio privacy policy Delete your data →

UnisaverPrivacy Policy