CleanUpX — Privacy Policy

Effective: July 15, 2026

Short version: Your photos, videos, and contacts stay on your iPhone — we never see them. AI Assistant queries you type are processed through our secure proxy and the AI provider. We use analytics and, with your permission, ad-attribution tools to understand how the App is used and how people discover it. We do not sell your data, and attribution data is shared only with your permission.

Contents

  1. Who we are
  2. What data the app accesses
  3. How we use that data
  4. Third parties
  5. Storage and retention
  6. International data transfers
  7. Your rights
  8. Children's privacy
  9. Changes to this policy
  10. Contact

1. Who we are

CleanUpX ("the App") is published by Almavira Labs ("we", "us", "our"). Almavira Labs is a trading name of sole proprietor (FOP) Yevhenii Krysiuk, registered in Ukraine (Unified State Register record No. 22230000000028141). This Privacy Policy explains what data the App accesses on your iPhone, how it is processed, and your rights.

2. What data the App accesses

2.1 Photos and videos

The App requests permission to read your iOS Photo Library. All photo and video analysis (duplicate detection, similarity grouping, blur detection, best-shot selection) runs entirely on your device using Apple's Vision framework. Your photos and videos are never uploaded to our servers or any third party.

The App may store technical fingerprints derived from your photos (Apple Vision feature prints) in a local cache on your device to speed up repeated scans. This cache stays on your device and is removed when you uninstall the App.

2.2 Contacts (optional, when feature is enabled)

If you use the Contacts Cleanup feature, the App requests permission to access your iOS Contacts via Apple's CNContactStore framework. All contact analysis runs on your device. Contact data is never uploaded to our servers.

When you confirm a merge or deletion of duplicate contacts, the App modifies or deletes those entries in your iOS Contacts directly on your device. Unlike photos, deleted contacts cannot be recovered from a "Recently Deleted" folder — always review the list before confirming.

2.3 Device storage information

The App reads your device's storage statistics (used and available space, media library size) to show storage insights and give cleanup recommendations. These statistics stay on your device, except as aggregated values included in AI Assistant requests and analytics events described below.

2.4 AI Assistant queries

When you use the AI Assistant feature (available to Pro subscribers), the questions you type are sent to our backend proxy and forwarded to our AI provider (Google Gemini and/or Anthropic Claude). The AI provider returns a response, which is displayed to you.

Along with your question, we include aggregated, non-identifying device context (device model, iOS version, app version, language, storage statistics, and counts of duplicates, blurry photos, large videos, etc.) so the AI can give context-aware suggestions. We do not send your photos, contact details, or any personally identifying information.

We do not store your AI queries or responses on our servers beyond the time required to process the request. Our AI providers process queries under their respective privacy policies (see Section 4).

2.5 Subscription and purchase data

All purchases and subscriptions are processed by Apple via StoreKit. We do not see or store your payment details. We receive only a receipt indicating that an entitlement is active.

2.6 Analytics and diagnostics

We use Firebase Analytics (Google) and PostHog to record usage events — such as which screens are viewed, onboarding progress, permission prompt results, when scans start and complete, cleanup actions (counts and megabytes freed, never content), paywall views, and purchase events. Events include technical context: device model, iOS version, app version, locale, session identifiers, and subscription tier. Events do not include your photos, contacts, or any content from them.

To connect events belonging to the same installation, the App generates a random user identifier and stores it in the iOS Keychain. Because of how the Keychain works, this identifier may persist across app reinstalls on the same device. It is not your Apple ID, name, email address, or phone number, and we cannot identify you personally from it. To request its deletion from our analytics systems, contact us (see Section 10).

2.7 Tracking and attribution

To understand how users discover the App and to measure advertising campaign performance, we use a mobile measurement partner (AppsFlyer). Where required by iOS, the App asks for your permission through the App Tracking Transparency prompt before tracking activity across other companies' apps and websites.

You can change your choice at any time in iOS Settings → Privacy & Security → Tracking.

2.8 Secret Space

The App includes an optional Secret Space — a PIN-protected local vault for photos and videos you choose to move there. Vault content is stored only on your device inside the App's private storage, protected with iOS file-level encryption; your PIN is stored in the iOS Keychain. We never see, upload, or back up your Secret Space content or PIN. If you forget the PIN or delete the App, the content cannot be recovered by us.

3. How we use that data

We do not sell your data for money. We do not share your data with advertisers except for the attribution data described in Section 2.7, which is shared only if you allow tracking, and we do not use your data for profiling beyond what is described above. Under some laws (such as the California Consumer Privacy Act), the use of an advertising identifier for cross-context advertising attribution may be treated as "sharing" of personal information; you can opt out at any time by denying or revoking tracking permission (see Section 2.7).

Where the GDPR or UK GDPR applies, we process personal data on the following legal bases: performance of a contract (providing the App features you request), consent (tracking and attribution via App Tracking Transparency, and optional iOS permissions such as Photos and Contacts), and legitimate interests (analytics, security, fraud prevention, and improving the App, balanced against your rights and freedoms).

4. Third parties

The App relies on the following third-party services:

5. Storage and retention

5.1 On your device

5.2 On our servers and service providers

6. International data transfers

Our service providers (Google, PostHog, AppsFlyer, Cloudflare, and our AI providers) may process data on servers located in the United States and other countries outside your own. Where the GDPR or UK GDPR applies, such transfers rely on appropriate safeguards, such as the EU–U.S. Data Privacy Framework and/or Standard Contractual Clauses maintained by those providers.

7. Your rights

Depending on your jurisdiction (EU/EEA, UK, Australia, California, and others), you may have rights including:

You can revoke Photos, Contacts, Notifications, or Tracking permissions at any time in iOS Settings. To remove all local data, uninstall the App. To request action on data we hold on our servers or in our analytics providers, contact us at privacy@almaviralabs.com.

8. Children's privacy

The App is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Effective" date at the top of this page. Material changes will be highlighted in the App or by email if you have provided one.

10. Contact

For any privacy-related question or request: