Privacy Policy
This policy explains, in plain language, what we process, why, and the rights you have.
1. Who we are
PhotoClean Pro is published by Micany, a company registered in Västerås, Sweden.
Because Micany is established in the EU, no separate Article 27 GDPR representative is required — Micany itself is the point of contact for EU data protection authorities and users.
For privacy questions, contact:
- Privacy inquiries: privacy@photocleanpro.app
- Data Protection Officer: dpo@photocleanpro.app
2. Data we process
2.1 On your device only — never transmitted
- Your photo library — accessed via Apple's PhotoKit / Android MediaStore. We read photos to detect duplicates and quality issues. We never write photos anywhere except, optionally, to the on-device encrypted Vault you control.
- Image analysis results — perceptual hashes, blur scores, exposure scores, duplicate group identifiers. Computed locally, kept in app memory or local CoreData/Room.
- App preferences — onboarding completion flag, consent decisions, cleanup streak count, last cleanup date. Stored in device UserDefaults.
- Vault contents — photos you choose to move to the Private Vault. Encrypted with AES-256-GCM. The encryption key lives in the iOS Keychain (
kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly) and never syncs to iCloud Keychain or any other device. - Biometric authentication state — handled exclusively by iOS / Android. Face ID, Touch ID, and fingerprint data never enter our app and never leave the Secure Enclave / TEE.
2.2 Off your device — only with your consent (EU/EEA/UK/CH)
- Crash reports — sent to Sentry (sentry.io) when the app crashes, so we can fix bugs. Includes app state, stack traces, and breadcrumbs about what you were doing (e.g., "scan started", "deletion confirmed"). Does not include photos, file names, or personal identifiers beyond an anonymous device-installation ID generated by Sentry.
- Anonymous usage analytics — aggregate events such as "scan completed" or "paywall shown", sent to Sentry. Used to understand which features people actually use. No personal identifiers.
In non-GDPR jurisdictions, these are enabled by default under legitimate-interest framing, with a discoverable opt-out in the app's Settings → Privacy screen.
2.3 Subscription processing
- Subscription state — managed by RevenueCat (revenuecat.com) and Apple's App Store. RevenueCat sees an anonymous device identifier and your purchase history. We do not see your payment method, billing address, or Apple ID.
2.4 Data we never collect
- Your name
- Your email address (unless you write to us)
- Your phone number
- Your location
- Your photos, files, or photo content of any kind
- Contacts, calendar, microphone, or camera live feed
3. Legal basis (GDPR Article 6)
For users in the EU, EEA, UK, and Switzerland:
| Processing | Legal basis |
|---|---|
| On-device photo analysis | Necessary for performance of the service you requested (Art. 6(1)(b)) — without it the app cannot function. |
| Crash reports | Consent (Art. 6(1)(a)) |
| Anonymous analytics | Consent (Art. 6(1)(a)) |
| Subscription processing | Performance of a contract (Art. 6(1)(b)) |
We collect consent through a granular in-app dialog on first launch with separate toggles for crash reports and analytics, defaulting OFF, and equally weighted "Accept All" and "Decline All" buttons (per CNIL/EDPB guidance).
You can withdraw consent at any time in Settings → Privacy. Withdrawal is effective immediately and stops all future off-device transmission.
4. Your rights
Under GDPR, UK GDPR, and the Swiss revFADP, you have the right to:
- Access (Art. 15) — Export a summary of the data we hold via the app's Privacy → Your Data → Export My Data button.
- Rectification (Art. 16) — There is no personal data to correct, but you can change consent at any time.
- Erasure / "Right to be forgotten" (Art. 17) — The Privacy → Your Data → Delete All Data button erases your scan history, vault, streak, consent settings, and resets all Sentry diagnostics.
- Restriction (Art. 18) — Equivalent to revoking consent.
- Data portability (Art. 20) — The Export My Data button produces a plain-text file you can keep or move to another service.
- Object (Art. 21) — Equivalent to revoking consent.
- Withdraw consent (Art. 7(3)) — As easy as giving it. One tap in Privacy.
- Lodge a complaint with your national supervisory authority. The EDPB maintains a list at edpb.europa.eu.
You do not need to contact us to exercise rights 1–7 — they are all built into the app. For anything else, email privacy@photocleanpro.app and we will respond within 30 days.
5. Data retention
| Data | Retention |
|---|---|
| On-device data (preferences, vault, streak) | Until you delete the app or use Delete All Data |
| Sentry crash reports | 30 days (Sentry's default) |
| Sentry analytics events | 90 days |
| RevenueCat subscription state | Active subscription period plus accounting records as required by tax law |
6. International data transfers
Sentry and RevenueCat process some data in the United States. We rely on the Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914) as the transfer mechanism, supplemented by both vendors' technical and organizational measures. Both companies are SOC 2 Type II certified.
You can find each vendor's transfer documentation at:
- Sentry: sentry.io/legal/dpa/
- RevenueCat: revenuecat.com/dpa/
7. Children
PhotoClean Pro is not directed to children under 13 (under 16 in some EU member states). We do not knowingly collect data from children. If you believe a child has used the app in a way that involved data collection, contact privacy@photocleanpro.app and we will erase any associated data.
8. Third parties
| Provider | Purpose | Their privacy policy |
|---|---|---|
| Sentry | Crash & error monitoring | sentry.io/privacy/ |
| RevenueCat | Subscription management | revenuecat.com/privacy/ |
| Apple | App Store, StoreKit, iOS frameworks | apple.com/legal/privacy/ |
| Google Play Store, Android frameworks | policies.google.com/privacy |
9. Security
- Vault contents are encrypted with AES-256-GCM, key stored in the iOS Keychain with
kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly. - Vault files use complete file protection — unreadable while the device is locked, even with raw filesystem access.
- All off-device transmission uses TLS 1.2 or higher.
10. Changes to this policy
We will notify you of material changes via the app and, where required by law, request renewed consent. The "Last Updated" date at the top reflects the most recent revision.
11. Contact
| Topic | |
|---|---|
| Privacy inquiries | privacy@photocleanpro.app |
| Data Protection Officer | dpo@photocleanpro.app |
| Subject access / erasure (in-app) | Settings → Privacy → Your Data |
| General support | support@photocleanpro.app |
Micany is established in Sweden (EU/EEA), so EU users can already contact us locally — see Section 1.