Privacy Policy

Effective date: [TO BE CONFIRMED]  ·  Last updated: [TO BE CONFIRMED]

⚠️ This is a scaffold. Final legal text must be reviewed before public release. Sections marked [PLACEHOLDER] require completion.

1. Who we are

SquatchPix ("we", "our", "us") is a personal photo and video archive application developed and operated by [DEVELOPER NAME / COMPANY]. Our primary website is squatchpix.com.

You can reach us at: privacy@squatchpix.com

2. What data we collect

SquatchPix collects only the minimum data necessary to operate the service:

  • Device install ID — a randomly generated UUID assigned to your device on first launch. This is not linked to your name, email address, or any other personal identifier.
  • Photo and video metadata — file names, capture dates, GPS coordinates (where present in EXIF), AI-generated captions and tags, and perceptual hashes used for deduplication. We do not store photo or video content on our servers.
  • Face grouping data — face embeddings and cluster assignments used to group photos by person. Embeddings are mathematical representations stored on your backend; we do not identify individuals by name unless you choose to name a group.
  • Cloud source credentials — OAuth access and refresh tokens for Google Drive, Google Photos, OneDrive, and Dropbox. These are stored encrypted in your own Azure Key Vault and are never transmitted to SquatchPix servers.
  • App usage data — basic telemetry (crash reports, API error rates) collected via Azure Application Insights. This data is stored in your own Azure subscription.

We do not collect: your name, email address, phone number, payment information, photo or video content, or any biometric identifiers that could be used to identify you outside the app.

3. How we use your data

  • To provide, maintain, and improve the SquatchPix service.
  • To detect and resolve technical issues.
  • To fulfil legal obligations where required.

We do not sell, rent, or share your data with third parties for advertising or marketing purposes.

4. Where your data is stored

All data processed by SquatchPix is stored in your own Azure subscription in the region you choose at setup. SquatchPix does not operate centralised servers that store user data. Your photos remain in your existing cloud accounts (Google Drive, OneDrive, Dropbox, etc.) and are never copied to SquatchPix infrastructure.

5. Third-party services

SquatchPix integrates with the following third-party services. Each has its own privacy policy:

  • Microsoft Azure — hosting, storage, AI services. privacy.microsoft.com
  • Google Drive / Google Photos API — read access to your media. policies.google.com/privacy
  • Microsoft OneDrive API — read access to your media.
  • Dropbox API — read access to your media. dropbox.com/privacy
  • Azure OpenAI Service — natural language search (text only; no images are sent to OpenAI).
  • Google Play Integrity API — device attestation to prevent automated abuse.

6. Data retention

Your data is retained for as long as you use the service. You may delete all data associated with your device at any time — see Section 8.

7. Security

We use industry-standard security practices including TLS in transit, Azure Managed Identity for service-to-service authentication, and role-based access control. OAuth credentials are stored in Azure Key Vault and are never logged or transmitted in plain text. [PLACEHOLDER: Add any additional security certifications or audit references when available.]

8. Your rights and data deletion

You have the right to access, correct, and delete the data SquatchPix holds about your device. To delete all your data:

  • In the app: Settings → Danger zone → Delete my data.
  • Via web: squatchpix.com/delete (requires the signed link generated in-app, valid for 24 hours).
  • By email: Send a request to privacy@squatchpix.com with the subject "Delete my data". Include your device install ID (found in Settings → Account). We will process the request within 30 days.

Deletion is permanent and cannot be undone. Your original photos in Google Drive, OneDrive, Dropbox, and on your device are not affected.

9. Children's privacy

SquatchPix is not directed at children under 13 (or the applicable age in your jurisdiction). We do not knowingly collect data from children. If you believe a child has provided data to SquatchPix, please contact us at privacy@squatchpix.com and we will delete it promptly.

10. Changes to this policy

We may update this policy from time to time. Material changes will be notified via an in-app notice. The current version is always available at squatchpix.com/privacy.

11. Contact

Questions or concerns about this policy: privacy@squatchpix.com

[PLACEHOLDER: Add postal address if required by applicable law (e.g., GDPR, CalOPPA).]