Privately.

Privacy Policy

This Privacy Policy explains what personal data Privately (the “App”) and this website collect, how that data is used, and what rights you have.

Effective April 25, 2026

Summary

  • Your photos and videos never leave your iPhone. They are encrypted on device with AES-256-GCM and a key that is generated on, and stays on, your iPhone.
  • We do not have user accounts. No email, no password, no profile. There is nothing on our side that identifies you.
  • We do not sell, rent, or share personal data.
  • We collect only what is strictly necessary to deliver subscriptions you bought and to reply to you when you write in for support.

1. Who we are

The App and this website are operated by Cloudbeat Inc., a company registered in Canada(“we”, “us”, “our”). For the purposes of the EU General Data Protection Regulation (GDPR), we are the data controller for the limited personal data described below. Contact: support@getprivately.app.

2. Your photos, videos, and content

Everything you import into the App — photos, videos, file metadata, album names, tags, and OCR text extracted by Smart Search — is stored only on your iPhone, inside an encrypted container. The encryption key is wrapped by your PIN and protected by the iPhone Secure Enclave.

We do not operate cloud storage for your content. We do not have servers that hold your photos, your file names, or any thumbnails. We cannot decrypt your content, recover it if you lose your device without a backup, or hand it over to anyone — including ourselves — because we don’t have it.

3. What we do collect

The App and the website collect a small amount of data, listed in full below.

3.1 Subscription billing

Subscriptions are processed by Apple through the App Store. We ourselves never see your payment card, billing address, or Apple ID. We use RevenueCat as a thin layer on top of Apple’s StoreKit to verify your entitlements (whether your trial / subscription is active) and apply them across your devices.

For this to work, the App generates a random anonymous identifier (“App User ID”) and shares it with RevenueCat, together with the receipt that Apple issues for your purchase. RevenueCat therefore processes:

  • An anonymous, randomly-generated user identifier;
  • The App Store receipt and product identifier;
  • The status of your subscription (active, expired, refunded).

RevenueCat acts as our processor under a Data Processing Agreement. See RevenueCat’s privacy notice at revenuecat.com/privacy.

3.2 Support email

When you contact us at support@getprivately.app, we receive the email address you used to write in plus whatever you choose to tell us. We use it to reply, and we keep the conversation for as long as is necessary to handle the matter — typically up to 24 months.

3.3 Website

https://getprivately.app is a static marketing site. It does not set analytics cookies, advertising cookies, or persistent identifiers. Standard server access logs (IP address, user agent, requested URL) are kept by our hosting provider for security and abuse prevention, and are deleted within 30 days.

4. What we do not collect

  • The contents of your photos, videos, or vault — not even thumbnails or hashes.
  • Your file names, album names, tags, captions, or OCR text.
  • Your PIN, biometric data, or encryption keys.
  • Your contacts, calendar, location, or other on-device data.
  • Your name, email, address, age, or gender (we do not ask).
  • Advertising identifiers (IDFA). We do not run ads.

5. Legal bases (GDPR, EU/UK)

If you are in the EU, UK, or another GDPR jurisdiction:

  • Performance of a contract (Art. 6(1)(b)): processing your purchase receipt and entitlement to deliver the subscription you bought.
  • Legitimate interest (Art. 6(1)(f)): keeping static-site server logs for security and abuse prevention.
  • Consent (Art. 6(1)(a)): correspondence you voluntarily send to support.

6. International transfers

Apple and RevenueCat may transfer subscription-related data (anonymous user identifier, App Store receipt, entitlement status) to the United States. Those transfers rely on Apple’s and RevenueCat’s Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable.

7. Your rights

You have the right to:

  • Ask what personal data we hold about you (we’ll usually answer: very little, or none);
  • Ask us to correct or delete it;
  • Object to processing or restrict it;
  • Withdraw consent where consent is the basis;
  • Lodge a complaint with your local data protection authority.

To exercise any right, email support@getprivately.app. We aim to reply within 30 days.

8. California (CCPA / CPRA)

We do not sell or share personal information as those terms are defined under California law. California residents have the right to know, to delete, to correct, and to non-discrimination. To exercise these, contact us at the address above.

9. Children

Privately is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has used the App in a way that caused us to process their data, contact us and we will delete it.

10. Retention

  • Subscription / receipt records: for as long as your subscription is active and for up to 7 years thereafter, to comply with tax and accounting law.
  • Support email: up to 24 months.
  • Static-site server logs: up to 30 days, then permanently deleted.

11. Security

Your content is protected by AES-256-GCM with per-file keys wrapped by a master key, which is in turn wrapped by your PIN and stored in the iPhone Secure Enclave. We use industry-standard transport security (TLS 1.2+) for the receipt and entitlement metadata that does leave your device.

Apple may share aggregated, anonymised crash diagnostics with us through its built-in App Analytics, subject to your iOS privacy settings (Settings → Privacy & Security → Analytics & Improvements) and Apple’s own privacy policy. We do not operate our own crash-reporting SDK.

No system is perfectly secure. If you find a vulnerability, please write to support@getprivately.app — we will respond and credit responsible disclosure.

12. Changes

We will update this policy when we change how data is processed. Any change is announced on this page and, if material, in the App. The date at the top of this page reflects the latest version.

13. Contact

Cloudbeat Inc.
Canada
support@getprivately.app