This Privacy Policy describes how GIFRUN, INC. ("Company," "we," "us," or "our") collects, uses, and shares information about you when you access or use gifrun.com and any related mobile website or application (collectively, the "Site").

Questions or concerns? Please read this policy carefully. If you do not agree with our practices, please do not use the Site. For questions, contact us at admin@gifrun.com.

1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE USE YOUR INFORMATION?
3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?
4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
5. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
6. HOW LONG DO WE KEEP YOUR INFORMATION?
7. HOW DO WE KEEP YOUR INFORMATION SAFE?
8. DO WE COLLECT INFORMATION FROM MINORS?
9. WHAT ARE YOUR PRIVACY RIGHTS?
10. CONTROLS FOR DO-NOT-TRACK FEATURES
11. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
12. DO OTHER U.S. STATE RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
13. INTERNATIONAL USERS AND GDPR
14. DO WE MAKE UPDATES TO THIS POLICY?
15. HOW CAN YOU CONTACT US ABOUT THIS POLICY?
16. HOW CAN YOU REVIEW, UPDATE, OR DELETE YOUR DATA?

We collect information you voluntarily provide when you register, use features, or contact us, including:

• Account Registration: When you create a free or paid account, we collect your name, email address, and (if registering directly) a hashed password. If you sign in via Google, we receive your name, email address, and profile picture from Google as described in Section 5.
• Profile Information: Username, vanity URL (e.g., gifrun.com/yourusername), and any profile information you choose to add.
• Content You Create: GIFs, WebP images, titles, descriptions, hashtags, and comments you post to the Site. This includes metadata such as creation timestamps, source video URLs used to generate content, and clip parameters (start time, duration, resolution).
• Video Uploads: If you are a paid subscriber, you may upload video files directly. These files are stored in Microsoft Azure Blob Storage and associated with your account.
• Social Activity: Data about your social interactions on the Site, including who you follow, who follows you, content you like, comments you post, and follow requests you send or receive.
• Payment Information: When you subscribe, payment is processed by Stripe, Inc. We do not store your full card number or CVV. We receive from Stripe limited billing information such as your subscription status, billing email, last four digits of your card, card brand, and billing address for tax and fraud prevention purposes.
• Communications: If you contact us directly (e.g., via email for support), we retain the content of your message and your contact details.

When you visit or use the Site, we automatically collect certain technical information, including:

• Log and Usage Data: IP address, browser type and version, operating system, referring URLs, pages viewed, links clicked, and timestamps of your activity on the Site.
• Device Information: We use device detection (Wangkanai) to identify whether you are accessing the Site from a desktop or mobile browser, which determines which version of the Site you are served.
• Session Data: We use server-side session state and Redis Cache to maintain your login session and support real-time features. Session data is temporary and tied to your login.
• Real-Time Processing Data: When you create a GIF or WebP, our system uses Azure Functions and Azure SignalR to process your request and stream real-time progress back to your browser. This processing data (source URL, clip parameters, output settings) is associated with your session and may be logged for debugging and performance monitoring.
• Cookies and Similar Technologies: We use cookies and similar technologies to maintain sessions, remember your preferences, and (for anonymous users) serve advertisements. See Section 4 for details.

We use the information we collect for the following purposes:

• To provide and operate the Site: Creating and serving your GIFs/WebPs, managing your account, saving and displaying your content on your profile, and enabling social features (follows, likes, comments, notifications, feed).
• To process payments and manage subscriptions: Verifying your subscription status, processing charges through Stripe, sending billing confirmations, and managing plan upgrades, downgrades, or cancellations.
• To enforce tier-based access controls: Applying watermarks, duration limits, resolution limits, and advertisement display based on your account tier (Anonymous, Free, Paid).
• To send activity notifications: Notifying you in-app of relevant account activity, such as new followers, likes, comments, and follow request approvals.
• To serve advertisements: Anonymous (Tier 1) users may see advertisements. We do not use behavioral advertising targeting based on personal data beyond basic session context.
• To improve the Site: Analyzing usage patterns, diagnosing technical issues, and improving platform performance, reliability, and features.
• To communicate with you: Responding to support inquiries, sending service-related announcements, and notifying you of material changes to these policies.
• To comply with legal obligations: Responding to valid legal processes, cooperating with law enforcement, enforcing our Terms of Service, and protecting the rights and safety of our users.
• To detect and prevent fraud and abuse: Monitoring for violations of our Terms of Service, unauthorized access attempts, and misuse of the platform.

Legal Bases for Processing (GDPR): For users in the EEA or UK, we rely on the following legal bases: (a) Contract performance — to provide the service you signed up for; (b) Legitimate interests — to improve the Site, detect fraud, and ensure security; (c) Legal obligation — to comply with applicable laws; (d) Consent — where we have asked for and received your consent (e.g., optional marketing communications).

We do not sell your personal information. We may share your information only in the following circumstances:

Service Providers and Processors: We share information with trusted third-party vendors who assist us in operating the Site. These parties are contractually obligated to use your data only on our behalf and in accordance with this policy:

• Microsoft Azure: Cloud hosting infrastructure for the web application, Azure Functions (GIF/WebP processing), Azure Blob Storage (storing your uploaded videos and generated GIFs/WebPs), and Azure SignalR (real-time progress streaming).
• Stripe, Inc.: Payment processing for subscriptions. Stripe collects and processes your payment card information. See Stripe's Privacy Policy at https://stripe.com/privacy.
• Google LLC: If you use Google Sign-In to create your account, Google authenticates your identity and provides us with your name, email, and profile picture. See Google's Privacy Policy at https://policies.google.com/privacy.
• Redis / Azure Cache: Used for session caching and performance optimization. Cached data is temporary and not shared with other parties.
• Advertising Partners: Anonymous (Tier 1) users may be shown advertisements served by third-party advertising networks. These networks may use cookies to serve contextual ads. We do not share personally identifiable information with advertising partners. See Section 4 for opt-out options.

Public Content: Any content you post to a public profile — including GIFs, WebPs, titles, descriptions, hashtags, likes, and comments — is visible to all Site visitors. Your username and vanity URL (if claimed) are publicly associated with your public content.

Legal Compliance: We may disclose your information where required to do so by law or in response to valid legal processes (subpoena, court order, government request), or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change via email or prominent notice on the Site.

Video Privacy Protection Act (VPPA): GifRun stores source video URLs (e.g., YouTube links) associated with your account solely to operate the conversion service. We do not share your video-related records — including source URLs or the GIFs/WebPs linked to your account — with third parties for advertising, profiling, or targeting purposes, consistent with the Video Privacy Protection Act (18 U.S.C. § 2710).

Email Communications (CAN-SPAM): We send transactional emails only — including account verification, password reset, and subscription billing notices. We do not send unsolicited promotional email without your consent. Every email we send includes an unsubscribe mechanism. To opt out of non-essential emails, follow the unsubscribe link in the email or contact us at admin@gifrun.com.

Yes. We use cookies and similar tracking technologies to operate the Site effectively. Here is how we use them:

• Strictly Necessary Cookies: Required for the Site to function. These include session cookies that keep you logged in, anti-forgery tokens for form security (ASP.NET Core), and cookies that enforce your account tier and subscription status. These cannot be disabled without breaking Site functionality.
• Preference Cookies: Remember your settings and preferences, such as your selected layout or notification preferences.
• Analytics Cookies: Help us understand how visitors interact with the Site so we can improve it. These may include anonymized usage data.
• Advertising Cookies (Anonymous Users Only): Anonymous (Tier 1) users may be shown advertisements. Third-party ad networks may set cookies to serve contextual advertisements. Registered and paid users are not shown advertisements.

Managing Cookies: You can control or delete cookies through your browser settings. Disabling strictly necessary cookies will prevent the Site from functioning properly. For advertising cookies, you may opt out through the Network Advertising Initiative (https://optout.networkadvertising.org/) or the Digital Advertising Alliance (https://optout.aboutads.info/).

Cross-Device Tracking: We do not actively correlate your activity across multiple devices or browsers for advertising or profiling purposes. Your authenticated session is tied to a single browser session via a server-side session cookie backed by Redis. If you sign in on a different device, a new independent session is created and no cross-device profile is built.

We offer you the option to register and log in using your existing Google account. When you choose to do this, Google provides us with certain profile information — typically your name, email address, and profile picture.

We use this information only to create or authenticate your GifRun account. We do not receive your Google password, and we do not access your Google contacts, Google Drive, Gmail, or any other Google services beyond what is necessary for authentication.

The information we receive from Google is governed by Google's Privacy Policy. You can review and revoke GifRun's access to your Google account at any time through your Google Account settings at https://myaccount.google.com/permissions.

We retain your personal information for as long as your account is active or as needed to provide you with the Site's services. Specifically:

• Account and Profile Data: Retained for the life of your account. If you request account deletion, we will delete or anonymize your personal data within a reasonable period (typically 30 days), except where retention is required by applicable law.
• Created Content (GIFs/WebPs): Stored in Azure Blob Storage for as long as your account exists or until you delete the content. Deleted content is removed from active storage, though residual copies may exist in backups for a limited period.
• Uploaded Video Files: Subscriber video uploads are processed and may be retained temporarily for reprocessing or re-download. We do not retain source video files from YouTube or other third-party platforms.
• Payment Records: Billing history and payment metadata (as provided by Stripe) are retained for at least 7 years to comply with financial recordkeeping obligations.
• Log Data: Server logs and technical usage data are retained for up to 90 days for security and debugging purposes, then deleted or anonymized.
• Session/Cache Data: Redis session data is transient and expires with your session or after a short inactivity period.

When there is no ongoing legitimate business need to process your personal information, we will delete, anonymize, or aggregate it. If deletion is not immediately possible (e.g., because the data is in backup archives), we will securely store and isolate it from further processing until deletion is feasible.

We implement appropriate technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

• HTTPS/TLS encryption for all data transmitted between your browser and the Site;
• Password hashing using industry-standard algorithms (ASP.NET Core Identity);
• Azure Blob Storage with SAS (Shared Access Signature) tokens for secure access to media files, limiting direct URL access;
• Server-side access controls and authentication middleware enforcing tier-based permissions;
• Regular software updates and security patching;
• Restricted access to production systems and databases by authorized personnel only.

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. If you become aware of any security vulnerability or incident affecting the Site, please notify us immediately at admin@gifrun.com.

Breach Notification: In the event of a data breach that affects your personal information, we will notify you and applicable regulatory authorities in accordance with applicable law, including:

• GDPR / UK GDPR: We will notify the relevant supervisory authority within 72 hours of becoming aware of a breach that poses a risk to individuals' rights and freedoms, and will notify affected individuals without undue delay where required.
• Illinois Personal Information Protection Act (PIPA): As an Illinois-incorporated company, we will notify affected Illinois residents in the most expedient time possible and without unreasonable delay following discovery of a breach involving their personal information.
• CCPA/CPRA: California consumers have a private right of action for certain data breaches involving unencrypted personal information. We implement encryption and other safeguards to minimize this risk.
• Other State Laws: We will comply with applicable breach notification timelines for all states with enacted breach notification requirements.

Notifications will be sent to the email address associated with your account.

The Site is not directed to children under 13 years of age, and we do not knowingly collect personal information from children under 13 in violation of the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq.

Users between the ages of 13 and 18 must have parental or guardian consent before registering for an account or using the Site.

If you are a parent or guardian and believe that your child under the age of 13 has provided us with personal information without your consent, please contact us immediately at admin@gifrun.com. We will investigate and, if confirmed, promptly delete the child's information from our systems.

Depending on where you are located, you may have certain rights with respect to your personal information. These rights include:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete personal information.
• Deletion: Request that we delete your personal information, subject to certain exceptions (e.g., legal retention requirements).
• Data Portability: Request that we provide your personal information in a structured, machine-readable format.
• Withdrawal of Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Objection: Object to our processing of your personal information where we rely on legitimate interests.
• Restriction: Request that we restrict how we use your personal information in certain circumstances.

How to exercise your rights: You may update or delete much of your account information directly from your account settings on the Site. To exercise rights that require our direct assistance — such as a full data export, account deletion, or a formal access request — please contact us at admin@gifrun.com.

Account Deletion: You can request deletion of your account and associated data at any time by emailing admin@gifrun.com with the subject line "Account Deletion Request." We will process your request within 30 days, subject to any legal retention obligations.

Opting Out of Marketing Emails: If you receive any marketing emails from us, you may opt out at any time by clicking the "unsubscribe" link in any such email or by contacting us at admin@gifrun.com. Note that we may still send you transactional emails related to your account (e.g., billing receipts, password resets).

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature you can activate to signal your preference not to have data about your online browsing activities monitored and collected.

At this time, no uniform technology standard for recognizing and implementing DNT signals has been finalized. Accordingly, we do not currently respond to browser DNT signals. If a DNT standard is adopted in the future, we will update this policy accordingly.

California law requires us to disclose this position regarding DNT in our Privacy Policy.

Yes. If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you specific rights regarding your personal information.

Categories of personal information we collect:

• Identifiers (name, email address, IP address, username)
• Personal information categories listed in Cal. Civ. Code § 1798.80(e) (e.g., name, email)
• Commercial information (subscription history, payment metadata)
• Internet or other electronic network activity (log data, usage patterns)
• Geolocation data (inferred from IP address, country-level only)
• User-generated content (GIFs, WebPs, comments, hashtags)

Your CCPA/CPRA Rights:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, the purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt Out of Sale/Sharing: We do not sell your personal information, nor do we share it for cross-context behavioral advertising. You have the right to opt out of any such sale or sharing, should this change.
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond those necessary to provide the service.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

How to submit a request: To exercise your CCPA/CPRA rights, contact us at admin@gifrun.com or write to us at GIFRUN, INC., Wheeling, IL 60090. We will verify your identity before processing your request and will respond within 45 days as required by law. If we need an extension, we will notify you within the initial 45-day period.

In addition to California (Section 11), the following U.S. states have enacted comprehensive consumer privacy laws that may grant you rights with respect to your personal data. These rights generally include the right to access, correct, delete, and obtain a portable copy of your personal data, as well as the right to opt out of the sale of personal data and targeted advertising:

• Virginia — Consumer Data Protection Act (VCDPA), effective Jan. 1, 2023
• Colorado — Colorado Privacy Act (CPA), effective Jul. 1, 2023
• Connecticut — Connecticut Data Privacy Act (CTDPA), effective Jul. 1, 2023
• Utah — Utah Consumer Privacy Act (UCPA), effective Dec. 31, 2023
• Texas — Texas Data Privacy and Security Act (TDPSA), effective Jul. 1, 2024
• Oregon — Oregon Consumer Privacy Act (OCPA), effective Jul. 1, 2024
• Montana — Montana Consumer Data Privacy Act (MCDPA), effective Oct. 1, 2024
• Delaware — Delaware Personal Data Privacy Act (DPDPA), effective Jan. 1, 2025
• Iowa — Iowa Consumer Data Protection Act (ICDPA), effective Jan. 1, 2025
• Nebraska — Nebraska Data Privacy Act (NDPA), effective Jan. 1, 2025
• New Hampshire — New Hampshire Privacy Act, effective Jan. 1, 2025
• New Jersey — New Jersey Data Privacy Act, effective Jan. 15, 2025
• Tennessee — Tennessee Information Protection Act (TIPA), effective Jul. 1, 2025
• Minnesota — Minnesota Consumer Data Privacy Act (MCDPA), effective Jul. 31, 2025
• Maryland — Maryland Online Data Privacy Act (MODPA), effective Oct. 1, 2025
• Indiana — Indiana Consumer Data Protection Act (INCDPA), effective Jan. 1, 2026
• Kentucky — Kentucky Consumer Data Protection Act (KCDPA), effective Jan. 1, 2026
• Rhode Island — Rhode Island Data Transparency and Privacy Protection Act, effective Jan. 1, 2026

To the extent these laws apply to your use of the Site and to our processing of your personal data, we will honor the rights they grant. To exercise any of these rights, please contact us at admin@gifrun.com with the subject line "Privacy Rights Request — [Your State]." We will respond within the timeframe required by applicable law and will not discriminate against you for exercising your rights.

Automated Decision-Making: Certain aspects of the Service — including watermark display, advertisement delivery, resolution limits, and rate limits — are determined automatically based on your account status (Anonymous, Free, or Paid) and device type (detected via the Wangkanai device detection library). These automated decisions are based on objective, pre-defined criteria tied to your subscription tier and are not based on profiling. If you believe an automated determination has been applied to you in error, please contact us at admin@gifrun.com.

The Site is operated from the United States. If you access the Site from outside the United States, your information will be transferred to, processed, and stored in the United States, where data protection laws may differ from those in your country.

European Economic Area (EEA) and United Kingdom: If you are located in the EEA or United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR applies to our processing of your personal data. In addition to the rights set out in Section 9, you have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

Data Transfers: When we transfer personal data from the EEA or UK to the United States, we rely on appropriate legal safeguards for such transfers, including Standard Contractual Clauses (SCCs) where required. By using the Site, you consent to such transfers.

Data Controller: GIFRUN, INC. (Wheeling, IL 60090, USA) acts as the data controller for personal data collected through the Site. For GDPR-related inquiries, contact us at admin@gifrun.com.

Yes. We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we do, we will update the "Last updated" date at the top of this page.

For material changes — such as new types of data collected, new sharing practices, or changes that significantly affect your rights — we will make reasonable efforts to notify you directly (e.g., via email or a prominent notice on the Site) prior to the change taking effect.

Your continued use of the Site after any changes become effective constitutes your acceptance of the updated Privacy Policy.

If you have questions or comments about this Privacy Policy, or wish to exercise any of your privacy rights, please contact us at:

GIFRUN, INC.
Wheeling, IL 60090
United States

Email: admin@gifrun.com

Based on applicable laws, you may have the right to request access to the personal information we have collected from you, to correct that information, or to request its deletion.

You can update most of your account information (username, profile details, vanity URL, privacy settings, notification preferences) directly from your account settings page on the Site.

For requests that require our direct involvement — including full data exports, account deletion, or formal data subject access requests — please contact us at admin@gifrun.com with the subject line corresponding to your request type (e.g., "Data Access Request," "Account Deletion Request," "Data Correction Request"). We will respond within 30 days, or within any shorter timeframe required by applicable law.