CleanUpX — Privacy Policy
Short version: Your photos, videos, and contacts stay on your iPhone — we never see them. AI Assistant queries you type are processed through our secure proxy and the AI provider. We use analytics and, with your permission, ad-attribution tools to understand how the App is used and how people discover it. We do not sell your data, and attribution data is shared only with your permission.
Contents
1. Who we are
CleanUpX ("the App") is published by Almavira Labs ("we", "us", "our"). Almavira Labs is a trading name of sole proprietor (FOP) Yevhenii Krysiuk, registered in Ukraine (Unified State Register record No. 22230000000028141). This Privacy Policy explains what data the App accesses on your iPhone, how it is processed, and your rights.
2. What data the App accesses
2.1 Photos and videos
The App requests permission to read your iOS Photo Library. All photo and video analysis (duplicate detection, similarity grouping, blur detection, best-shot selection) runs entirely on your device using Apple's Vision framework. Your photos and videos are never uploaded to our servers or any third party.
The App may store technical fingerprints derived from your photos (Apple Vision feature prints) in a local cache on your device to speed up repeated scans. This cache stays on your device and is removed when you uninstall the App.
2.2 Contacts (optional, when feature is enabled)
If you use the Contacts Cleanup feature, the App requests permission to access your iOS Contacts via Apple's CNContactStore framework. All contact analysis runs on your device. Contact data is never uploaded to our servers.
When you confirm a merge or deletion of duplicate contacts, the App modifies or deletes those entries in your iOS Contacts directly on your device. Unlike photos, deleted contacts cannot be recovered from a "Recently Deleted" folder — always review the list before confirming.
2.3 Device storage information
The App reads your device's storage statistics (used and available space, media library size) to show storage insights and give cleanup recommendations. These statistics stay on your device, except as aggregated values included in AI Assistant requests and analytics events described below.
2.4 AI Assistant queries
When you use the AI Assistant feature (available to Pro subscribers), the questions you type are sent to our backend proxy and forwarded to our AI provider (Google Gemini and/or Anthropic Claude). The AI provider returns a response, which is displayed to you.
Along with your question, we include aggregated, non-identifying device context (device model, iOS version, app version, language, storage statistics, and counts of duplicates, blurry photos, large videos, etc.) so the AI can give context-aware suggestions. We do not send your photos, contact details, or any personally identifying information.
We do not store your AI queries or responses on our servers beyond the time required to process the request. Our AI providers process queries under their respective privacy policies (see Section 4).
2.5 Subscription and purchase data
All purchases and subscriptions are processed by Apple via StoreKit. We do not see or store your payment details. We receive only a receipt indicating that an entitlement is active.
2.6 Analytics and diagnostics
We use Firebase Analytics (Google) and PostHog to record usage events — such as which screens are viewed, onboarding progress, permission prompt results, when scans start and complete, cleanup actions (counts and megabytes freed, never content), paywall views, and purchase events. Events include technical context: device model, iOS version, app version, locale, session identifiers, and subscription tier. Events do not include your photos, contacts, or any content from them.
To connect events belonging to the same installation, the App generates a random user identifier and stores it in the iOS Keychain. Because of how the Keychain works, this identifier may persist across app reinstalls on the same device. It is not your Apple ID, name, email address, or phone number, and we cannot identify you personally from it. To request its deletion from our analytics systems, contact us (see Section 10).
2.7 Tracking and attribution
To understand how users discover the App and to measure advertising campaign performance, we use a mobile measurement partner (AppsFlyer). Where required by iOS, the App asks for your permission through the App Tracking Transparency prompt before tracking activity across other companies' apps and websites.
- If you allow tracking, the device advertising identifier (IDFA) may be used to attribute your install and purchases to the advertising campaign that led you to the App, and limited event data (install, subscription events) may be shared with the ad network that showed you the ad.
- If you deny tracking, the App remains fully usable. Attribution is then limited to aggregated, privacy-preserving methods provided by Apple (SKAdNetwork).
You can change your choice at any time in iOS Settings → Privacy & Security → Tracking.
2.8 Secret Space
The App includes an optional Secret Space — a PIN-protected local vault for photos and videos you choose to move there. Vault content is stored only on your device inside the App's private storage, protected with iOS file-level encryption; your PIN is stored in the iOS Keychain. We never see, upload, or back up your Secret Space content or PIN. If you forget the PIN or delete the App, the content cannot be recovered by us.
3. How we use that data
- To provide the App's features: photo analysis, contacts cleanup, video compression, AI assistance — all as described above.
- To improve the App: we use aggregated analytics to understand which features are used, where users encounter errors, and how to improve user experience.
- To measure marketing: attribute installs and purchases to advertising campaigns, as described in Section 2.7, subject to your tracking permission.
- To process subscriptions: verify Pro entitlement, enable Pro features.
- To respond to your inquiries: if you contact us by email, we keep that correspondence to respond and improve our support.
We do not sell your data for money. We do not share your data with advertisers except for the attribution data described in Section 2.7, which is shared only if you allow tracking, and we do not use your data for profiling beyond what is described above. Under some laws (such as the California Consumer Privacy Act), the use of an advertising identifier for cross-context advertising attribution may be treated as "sharing" of personal information; you can opt out at any time by denying or revoking tracking permission (see Section 2.7).
Where the GDPR or UK GDPR applies, we process personal data on the following legal bases: performance of a contract (providing the App features you request), consent (tracking and attribution via App Tracking Transparency, and optional iOS permissions such as Photos and Contacts), and legitimate interests (analytics, security, fraud prevention, and improving the App, balanced against your rights and freedoms).
4. Third parties
The App relies on the following third-party services:
- Apple (App Store, StoreKit, Photo Library and Contacts frameworks) — governed by Apple's Privacy Policy.
- Google (Firebase Analytics) — governed by Google's Privacy Policy.
- PostHog (product analytics) — governed by PostHog's Privacy Policy.
- AppsFlyer (mobile measurement / install attribution) — governed by AppsFlyer's Privacy Policy.
- Google Gemini (AI provider for the AI Assistant) — governed by the Gemini API terms and Google's Privacy Policy.
- Anthropic (fallback AI provider for the AI Assistant) — governed by Anthropic's Privacy Policy.
- Cloudflare (backend proxy for AI Assistant) — governed by Cloudflare's Privacy Policy.
5. Storage and retention
5.1 On your device
- Vision feature print cache — removed when you uninstall the App or clear local data.
- Secret Space content and PIN — stored locally (content in the App's private storage, PIN in the iOS Keychain); removed when you uninstall the App.
- App preferences, cached scan results, and subscription state — removed on uninstall.
- Random analytics user identifier — stored in the iOS Keychain; may persist across reinstalls on the same device.
5.2 On our servers and service providers
- AI Assistant requests — processed ephemerally; we do not store request bodies or responses beyond the processing window.
- Analytics events — retained for up to 14 months in Firebase; PostHog and AppsFlyer retain event data per our configuration and their policies, used for aggregated reporting and attribution only.
- Email correspondence with our support — retained as long as required to provide ongoing support and comply with applicable laws.
6. International data transfers
Our service providers (Google, PostHog, AppsFlyer, Cloudflare, and our AI providers) may process data on servers located in the United States and other countries outside your own. Where the GDPR or UK GDPR applies, such transfers rely on appropriate safeguards, such as the EU–U.S. Data Privacy Framework and/or Standard Contractual Clauses maintained by those providers.
7. Your rights
Depending on your jurisdiction (EU/EEA, UK, Australia, California, and others), you may have rights including:
- Access — request a copy of the personal data we hold about you.
- Correction — request that we correct inaccurate or incomplete data.
- Erasure — request that we delete data we hold about you.
- Restriction or objection — request that we limit how we use your data, or object to certain processing.
- Data portability — receive your data in a structured, commonly used format.
- Withdrawal of consent — withdraw consent for any processing based on your consent.
- Complaint — lodge a complaint with your local data protection authority.
- Opt-out of "sharing" (California) — opt out of the sharing of personal information for cross-context behavioral advertising by denying or revoking tracking permission (see Section 2.7).
You can revoke Photos, Contacts, Notifications, or Tracking permissions at any time in iOS Settings. To remove all local data, uninstall the App. To request action on data we hold on our servers or in our analytics providers, contact us at privacy@almaviralabs.com.
8. Children's privacy
The App is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
9. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Effective" date at the top of this page. Material changes will be highlighted in the App or by email if you have provided one.
10. Contact
For any privacy-related question or request:
- Email: privacy@almaviralabs.com
- Postal: FOP Yevhenii Krysiuk, Vasylievska St., build. 121B, fl. 4, office 12, Kamianske, Dnipropetrovska region, 51900, Ukraine