Privacy Policy

Effective date: May 27, 2026  ·  Last updated: May 27, 2026

1. Who we are

SquatchPix ("we", "our", "us") is a personal photo and video archive application developed and operated by J.M. Squatch, LLC. Our primary website is squatchpix.com.

You can reach us at: admin@jmsquatch.com

2. What data we collect

SquatchPix collects only the minimum data necessary to operate the service:

  • Device install ID — a randomly generated UUID assigned to your device on first launch. This is not linked to your name, email address, or any other personal identifier.
  • Photo and video metadata — file names, capture dates, GPS coordinates (where present in EXIF), AI-generated captions and tags, and perceptual hashes used for deduplication. We do not store photo or video content on our servers.
  • Face grouping data — face embeddings and cluster assignments used to group photos by person. Embeddings are mathematical representations stored on your backend; we do not identify individuals by name unless you choose to name a group.
  • Cloud source credentials — OAuth access and refresh tokens for Google Drive, Google Photos, OneDrive, and Dropbox. These are stored encrypted on SquatchPix's secure infrastructure and are never logged or transmitted in plain text.
  • App usage data — basic telemetry (crash reports, API error rates) collected via Azure Application Insights. This data is stored on SquatchPix's infrastructure.

We do not collect: your name, email address, phone number, payment information, photo or video content, or any biometric identifiers that could be used to identify you outside the app.

3. How we use your data

  • To provide, maintain, and improve the SquatchPix service.
  • To detect and resolve technical issues.
  • To fulfil legal obligations where required.

We do not currently sell or rent your personal data to third parties for advertising or marketing purposes. Any future changes to this practice will be reflected in an updated version of this policy with appropriate notice.

4. Where your data is stored

SquatchPix operates centralised cloud infrastructure hosted on Microsoft Azure. Your photo and video metadata, face groupings, AI-generated tags, search indexes, and OAuth credentials are stored on SquatchPix's servers — not in your own Azure account.

Your original photos and videos remain in the cloud accounts you connected (Google Drive, OneDrive, Dropbox, etc.) and are not copied to SquatchPix storage. If you choose to delete your SquatchPix data (see Section 8), your original files in those accounts are not affected unless you explicitly request their removal through the respective service.

5. Third-party services

SquatchPix integrates with the following third-party services. Each has its own privacy policy:

  • Microsoft Azure — hosting, storage, AI services. privacy.microsoft.com
  • Google Drive / Google Photos API — read access to your media. policies.google.com/privacy
  • Microsoft OneDrive API — read access to your media.
  • Dropbox API — read access to your media. dropbox.com/privacy
  • Azure OpenAI Service — natural language search (text only; no images are sent to OpenAI).
  • Google Play Integrity API — device attestation to prevent automated abuse.

6. Data retention

Your data is retained for as long as you use the service. You may delete all data associated with your device at any time — see Section 8.

7. Security

We use industry-standard security practices to protect your data, including:

  • Encryption in transit — all connections use TLS 1.2 or higher.
  • Encryption at rest — data is encrypted at rest using Azure-managed encryption keys.
  • Managed Identity — Azure Managed Identity is used for all service-to-service authentication; no secrets are stored in application code.
  • Secret management — application secrets are held in Azure Key Vault; your OAuth cloud-source credentials are stored in our access-controlled backend database, encrypted at rest, and are never logged or transmitted in plain text.
  • Network isolation — backend services run within isolated Azure infrastructure with restricted public access.
  • Row-level security — database access is enforced at the row level so each user's data is isolated from others.
  • Signed tokens — all app API access requires a signed JWT issued at registration; unauthenticated requests are rejected.

8. Your rights and data deletion

You have the right to access, correct, and delete the data SquatchPix holds about your device. To delete all your data:

  • In the app: Settings → Danger zone → Delete my data.
  • Via web: squatchpix.com/delete (requires the signed link generated in-app, valid for 24 hours).
  • By email: Send a request to admin@jmsquatch.com with the subject "Delete my data". Include your device install ID (found in Settings → Account). We will process the request within 30 days.

Deletion is permanent and cannot be undone. Your original photos in Google Drive, OneDrive, Dropbox, and on your device are not affected.

9. Children's privacy

SquatchPix is not directed at children under 13 (or the applicable age in your jurisdiction). We do not knowingly collect data from children. If you believe a child has provided data to SquatchPix, please contact us at admin@jmsquatch.com and we will delete it promptly.

10. Changes to this policy

We may update this policy from time to time. Material changes will be notified via an in-app notice. The current version is always available at squatchpix.com/privacy.

11. Contact

Questions or concerns about this policy: privacy@squatchpix.com