Your privacy is the foundation of Private Gallery. This policy explains clearly and honestly what data the app collects, why, and how it is handled.
All photo and video scanning is performed entirely on your device using a local AI model that runs offline. No images, no videos, and no scan results are ever transmitted to any server — ours or anyone else's. Your media never leaves your device.
The only information that reaches our servers is the minimum required to operate the PRO subscription and referral features:
Anonymous Device ID. On first launch the app generates a random UUID (universally unique identifier). This ID has no connection to your name, email address, phone number, or any other personal information. It exists solely to track PRO entitlement and referral rewards tied to your installation.
PRO Subscription Status. We store whether your device ID currently holds an active PRO entitlement and, if so, when it expires. This record is derived from Google Play purchase verification — we receive only a confirmation of the purchase, not your payment details.
Referral Code Usage. If you share or use a referral code, we record which device IDs participated in that exchange so that both parties receive their PRO reward. No further personal data is involved.
We do not collect: your name, email, location, device model, OS version, usage analytics, crash reports, or any content from your photo library.
PRO subscriptions are purchased and managed through Google Play. All payment information — including your billing details and transaction history — is handled exclusively by Google under their own privacy policy. We receive only a cryptographically verified confirmation that a valid purchase exists for your Google Play account. We never see, store, or process your credit card or payment credentials.
We do not sell, rent, license, or otherwise monetise any user data to third parties. We do not share any data with advertisers or analytics platforms. The anonymous device records we hold are used solely to provide the service.
Anonymous device records are retained for up to two years following the last activity on that device. After that period of inactivity the record is automatically deleted. You may also request deletion at any time by contacting us (see below).
Our server infrastructure runs on Google Cloud Platform within a private Kubernetes cluster. Data in transit is encrypted with TLS. Because we store only anonymous identifiers, a hypothetical data breach would expose no personal information.
Private Gallery is not directed at children under 13. We do not knowingly collect any information from children.
If we make material changes to this policy we will update the effective date shown above. Continued use of the app after that date constitutes acceptance of the revised policy.
This policy is governed by and construed in accordance with the applicable local laws of the jurisdiction in which you reside.
For privacy questions or data deletion requests, please email inquire@kyo.ai.