Privacy Policy
Keep Photos
Effective date: May 24, 2026
Last updated: May 26, 2026
Keep Photos (“the App”) is developed by the Keep Photos team (“we,” “us,” or “our”). This Privacy Policy explains how the App handles your information.
Summary
Keep Photos is a local-only photo and video vault. All your data stays on your device. We have no servers, no accounts, no analytics, and no way to access your content.
Information We Do Not Collect
We do not collect, transmit, or store any personal data on external servers. Specifically:
- We have no user accounts or registration
- We do not collect names, email addresses, phone numbers, or contact information
- We do not track your location
- We do not use analytics, advertising, or tracking technologies
- We do not use third-party SDKs or libraries
- We do not build user profiles, fingerprint devices, or sell data
- We do not have the ability to access, view, or retrieve your vault contents
- We do not sell personal information as defined by the California Consumer Privacy Act (CCPA)
Our App Store privacy label reports “Data Not Collected” across all categories, consistent with this policy.
Information Stored on Your Device
The App stores the following data locally on your device only. None of this data is transmitted off your device.
Vault Contents
Photos and videos you import are stored in the App’s private sandbox on your device, protected by your PIN and the iOS app sandbox. Only the App can access these files, and only after you unlock with your PIN or biometric authentication.
Vault Metadata
Folder names, item filenames, dimensions, and organizational data are stored in a local database (SwiftData) on your device to enable display and organization. This metadata does not leave your device.
PIN and Security Credentials
Your PIN is used to gate access to the App. It is not stored as entered — the App verifies your PIN by comparing it against stored credential data. Your PIN and decoy PIN (if configured) are stored in the iOS Keychain and synced via iCloud Keychain so they survive device upgrades and transfers. This requires iCloud Keychain to be enabled on your device.
Break-in Capture (Optional, Pro Feature)
When enabled, the App uses the front-facing camera to capture a photo when an incorrect PIN is entered beyond your chosen threshold. These captures are:
- Stored locally on your device only
- Never transmitted to any server or third party
- Viewable only by you in the Intruder Log (Settings > Security)
- Limited to 50 entries (oldest entries are automatically removed)
- Deletable individually or all at once from within the App
No audio is recorded. No video is retained. No location data is captured.
Failed Attempt Counter
The App tracks the number of consecutive failed PIN attempts to enforce rate-limiting delays. This counter stores only the attempt count and timing data, resets on successful unlock, and contains no personally identifiable information.
Subscription Status
Your Pro subscription status is managed entirely by Apple’s StoreKit framework. The App stores your current subscription state (active, expired, etc.) locally to determine which features to unlock. We do not process payments, do not receive your payment details, and have no access to your Apple ID or billing information.
App Preferences
The App stores your settings (theme, accent color, auto-lock preference, feature toggles) in local device storage (UserDefaults). These preferences contain no personally identifiable information.
Device Permissions
The App requests the following permissions only when you use the related feature. You can revoke any permission at any time in your device’s Settings.
| Permission | Purpose | When Requested |
|---|---|---|
| Camera | Capture a photo on failed PIN attempts (break-in protection) | When you enable Break-in Protection in Settings |
| Face ID / Touch ID | Unlock your vault without entering your PIN | When you enable biometric unlock during onboarding or in Settings |
| Photos (Read) | Import photos and videos you select into your vault | When you tap the import button in a folder |
| Photos (Add Only) | Export photos and videos from your vault back to your camera roll | When you choose to export items |
Face ID / Touch ID
Biometric authentication is handled entirely by Apple’s LocalAuthentication framework and the device’s Secure Enclave. The App never accesses, processes, stores, or transmits your biometric data. We only receive a success or failure result from the operating system.
Device Motion
The App monitors device orientation using the gravity sensor to support the face-down auto-lock feature (Pro). This sensor data is processed in real time and is never stored, logged, or transmitted.
Data Export and Portability
The App provides an Export feature (Settings > Data) that allows you to export your vault contents as decrypted files. Exported files leave the App’s protected sandbox and are handled by the iOS share sheet or saved to a location you choose. Once exported, those files are no longer protected by the App.
Data Retention and Deletion
- Vault contents: Retained until you delete them. Deleted items move to Trash and are permanently removed after 30 days, or immediately if you choose permanent deletion.
- Intruder log: Capped at 50 entries. You can clear all entries or delete individual entries at any time.
- App preferences and subscription state: Removed when you uninstall the App.
- Keychain items: The decoy PIN is stored in the iOS Keychain. Keychain items may persist after app deletion on some iOS versions. You can disable the decoy vault in Settings before uninstalling to remove this data.
- All other app data: Permanently deleted when you uninstall the App.
Since all data is stored locally on your device, we have no backups, copies, or access to your data. We cannot recover data on your behalf.
Third-Party Services
The App communicates with the following Apple system services only:
- Apple’s App Store — subscription verification and management via the StoreKit framework
- iCloud Keychain— your PIN and decoy PIN are synced across your devices via Apple’s iCloud Keychain so they survive device upgrades and transfers. No vault contents are synced.
Both are initiated by Apple’s system frameworks, not by our code. We do not operate any servers, APIs, or backend services.
Children’s Privacy
You must be at least 13 years old to use the App. The App does not knowingly collect any information from children under the age of 13. The App has no data collection, accounts, social features, or advertising.
Data Security
Your vault contents are protected by:
- PIN-gated access — content is only accessible after successful PIN or biometric authentication
- iOS app sandbox— vault files are stored in the App’s private container, inaccessible to other apps
- Keychain protection — your PIN syncs via iCloud Keychain so it survives device transfers; other security credentials remain device-bound
- Rate limiting — automatic delays after failed PIN attempts to prevent brute-force access
Important: If you forget your PIN, your vault contents cannot be recovered. We do not have access to your credentials and cannot reset your PIN or unlock your vault under any circumstances.
International Users and Data Transfers
The App processes all data locally on your device regardless of your location. No data is transmitted to any server, domestically or internationally.
Your Privacy Rights
For All Users
Since we do not collect any personal data, there is no personal data for us to access, correct, delete, or port. All your data is under your direct control on your device. You can:
- View, organize, and delete your vault contents at any time
- Export your vault contents using the Export feature
- Clear the intruder log at any time
- Revoke device permissions in your device’s Settings
- Uninstall the App to remove all app data
For Users in the European Economic Area (GDPR)
We do not collect or process personal data as defined by the General Data Protection Regulation. All processing occurs locally on your device. There is no data controller or processor relationship because no data is transmitted to us.
For Users in California (CCPA)
We do not collect, sell, or share personal information as defined by the California Consumer Privacy Act. We have no data about you to disclose, delete, or opt out of.
Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by the “Last updated” date at the top. Material changes will be communicated through an in-app notice. Your continued use of the App after changes constitutes acceptance of the revised policy.
Contact
If you have questions about this Privacy Policy, contact us at:
Email: knowledgedevil@gmail.com