PhotoFlickPhotoFlickBack to Home

Privacy Policy

Last updated: March 20, 2026

1. Introduction

This Privacy Policy explains how CoreEngineX ("we," "us," or "our") handles information when you use PhotoFlick ("the App"). We are a small, founder-led company based in Halifax, Nova Scotia, Canada.

The short version: PhotoFlick is designed to keep your data on your device. We do not collect your photos, we do not upload your photos, and we do not have servers that store your personal content. This policy explains in detail what data exists, where it lives, and your rights regarding it.

This policy applies only to the App. It does not apply to any third-party websites or services we may link to (such as Apple's App Store or our own website), which are governed by their own privacy policies.

2. Information We Do Not Collect

To be clear about what PhotoFlick does not do:

  • We do not collect your photos or videos. Your photos are accessed on-device only, through Apple's PhotoKit framework, and are never uploaded, copied, or transmitted to any server.
  • We do not collect photo metadata. Location data, timestamps, EXIF data, and other metadata embedded in your photos are read locally by the App for display purposes only and are never transmitted externally.
  • We do not create user accounts. There is no sign-up, login, email, or password.
  • We do not collect your name, email address, or contact information through the App.
  • We do not use advertising networks. There are no third-party advertising SDKs in the App. The App does use Superwall, a third-party subscription management SDK, which may collect limited anonymized data as described in Section 4 below.
  • We do not sell, rent, or trade any personal information.

3. Information That Exists on Your Device

The App stores a small amount of data locally on your device to support its core functionality. This data never leaves your device.

3.1 Session Data

When you select an album to review, the App creates a local session record containing:

  • The album identifier (a system-generated string used by iOS to identify the album).
  • The album name (for display purposes).
  • Session status (active or paused).
  • Timestamps for when the session was created and last accessed.

3.2 Decision Records

As you swipe through photos, the App records your keep or delete decision for each photo. These records contain:

  • The photo's local identifier (a system-generated string used by iOS to identify the asset).
  • Your decision (keep or delete).

These records are stored locally so the App can resume interrupted sessions and avoid showing you the same photo twice across different albums.

3.3 Preference Settings

The App stores your filter preferences (such as which album categories to show and their display order) in the device's local preferences storage (UserDefaults). A flag recording whether you have completed the onboarding flow is also stored locally.

3.4 Clearing Local Data

You can clear all stored decision records through the App's Settings screen. Deleting the App from your device removes all locally stored data, including session records, decision records, and preferences.

4. Information Collected by Third-Party Services

4.1 Subscription Management (Superwall)

The App uses Superwall, a third-party service, to manage the presentation of subscription offers. Superwall may collect:

  • Anonymized device identifiers (specifically Apple's Identifier for Vendor, or IDFV — not the advertising identifier IDFA) for the purpose of managing subscription state and paywall presentation.
  • Non-personal interaction data, such as which paywall screen was displayed and whether a purchase was initiated.
  • Anonymized purchase and subscription event data (such as whether an in-app purchase was completed and the subscription tier selected) to measure paywall conversion performance and unlock correct app features.

None of this data is linked to your personal identity, is not used for advertising or tracking purposes, and is not shared with data brokers or advertising networks.

Superwall does not have access to your photos, photo metadata, or any personally identifiable information collected by us (because we do not collect any). Superwall's data practices are governed by their own privacy policy, which we encourage you to review.

4.2 Apple's App Store and In-App Purchases

If you purchase a subscription, the transaction is processed entirely by Apple through their in-app purchase system. We receive a confirmation of your subscription status from Apple but do not receive or store your payment card information, billing address, or Apple ID.

Apple's collection and use of your data in connection with App Store transactions is governed by Apple's own privacy policy.

4.3 Apple's PhotoKit Framework

The App uses Apple's PhotoKit framework to read your photo library and to perform deletions (by moving photos to the iOS system trash). PhotoKit operates entirely on-device. Apple's handling of your photo library data is governed by Apple's privacy policy and iOS privacy settings.

4.4 Legal Basis for Third-Party Processing (GDPR / UK DPA)

For users in the European Union or United Kingdom, we disclose the legal basis for our engagement of Superwall as a data processor:

  • The processing of your IDFV (Apple's Identifier for Vendor) and anonymized purchase events by Superwall is necessary for the performance of our contract with you — specifically, to deliver subscription management and paywall functionality.
  • This processing is conducted under GDPR Article 6(1)(b) (contract necessity) and equivalent provisions of the UK Data Protection Act 2018.
  • Superwall acts as a Data Processor under a Data Processing Agreement and processes data only on our instructions and in accordance with GDPR safeguards.
  • We do not engage in profiling, automated decision-making, or marketing-based tracking of EU/UK users.

For Superwall's own privacy practices, please review their privacy policy at superwall.com/privacy.

5. How We Use Information

Since we do not collect personal information through the App, there is very little to describe here:

  • Local session and decision data is used solely to provide the App's core functionality: tracking your progress through an album, recording your keep/delete decisions, resuming interrupted sessions, and confirming which photos to move to the system trash.
  • Local preference data is used to remember your filter settings and onboarding status.
  • Subscription status is used to determine which features are available to you.

We do not use any data for profiling, targeted advertising, or purposes unrelated to the App's core functionality.

6. Data Sharing

We do not share your personal information with third parties because we do not collect personal information.

The limited, anonymized data that Superwall may collect in connection with subscription management is described in Section 4.1. We do not control or direct Superwall's use of that data beyond what is necessary to operate the paywall functionality.

We may disclose information if required to do so by law, regulation, legal process, or enforceable governmental request. However, given that the App does not collect or transmit personal information to our servers, we would have very little (if any) information to disclose in response to such a request.

7. International Data Transfers

Because the App processes data locally on your device, your photos and session data do not leave your device and are not transferred internationally by us.

The limited data that Superwall may collect (as described in Section 4.1) may be processed in countries other than your own, including the United States. Superwall is responsible for ensuring appropriate safeguards for any such transfers in accordance with applicable law.

8. Data Retention

8.1 Local Data

Session records, decision records, and preferences are stored on your device for as long as the App is installed, unless you clear them manually through the Settings screen. Deleting the App removes all local data.

8.2 Subscription Records

Apple retains records of your App Store transactions in accordance with Apple's own data retention policies. We retain only the minimum subscription status information necessary to determine your access to premium features, and only for the duration of your subscription.

9. Security

Because the App does not transmit your photos or personal data to any server, the primary security boundary is your device itself. The App relies on:

  • iOS device-level security (passcode, biometric authentication, device encryption).
  • Apple's PhotoKit framework, which enforces photo library access permissions at the operating system level.
  • Local database storage on-device, protected by the device's own encryption and access controls.

We do not store your data on external servers, so there is no server-side attack surface for your photo data.

10. Your Rights and Choices

10.1 Photo Library Access: You can revoke the App's access to your photo library at any time through your device's Settings (Settings > Privacy & Security > Photos). The App will not function without photo library access, but revoking access will not delete any data already stored locally by the App.

10.2 Clearing Decision Data: You can clear all stored keep/delete decision records through the App's Settings screen at any time.

10.3 Deleting the App: Deleting the App from your device removes all locally stored data, including session records, decision records, and preferences.

10.4 Subscription Management: You can manage or cancel your subscription at any time through your Apple ID account settings (Settings > [Your Name] > Subscriptions).

10.5 Rights Under Canadian Privacy Law: If you are a resident of Canada, you have the right to access and correct the personal information we hold about you, or withdraw consent. Contact us at privacy@photoflick.app.

10.6 Rights Under US State Privacy Laws: Residents of US states with applicable privacy legislation may have rights to access, delete, or correct personal information. We do not sell or share personal information. Contact us at privacy@photoflick.app.

11. Children's Privacy

The App is not designed for, directed to, or intended for use by children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has used the App in a way that has resulted in the collection of personal information, please contact us at privacy@photoflick.app.

12. Contact Us

If you have questions about this Privacy Policy, contact us at:

Email: privacy@photoflick.app

CoreEngineX has designated a Privacy Officer responsible for managing privacy requests and compliance with applicable data protection laws. Mark the subject line "Privacy Request" for priority handling.

We acknowledge receipt of all privacy requests and provide responses within:

  • 30 days under Canadian PIPEDA, GDPR, or UK Data Protection Act 2018
  • 45 days under California CCPA or other applicable US state privacy laws
  • Other timeframes as required by applicable law in your jurisdiction

CoreEngineX

Halifax, Nova Scotia, Canada