Privacy Policy
Last updated: February 7, 2026|Effective date: February 7, 2026
At a Glance
Swipenter is a photo cleanup app that helps you organize your camera roll by swiping. Your photos never leave your device — we do not upload, store, or process your photos on any server. The app stores your progress and settings locally on your device. We use Google AdMob to display ads in the free version and Firebase Analytics to understand how the app is used. When you make a purchase, Apple handles the transaction. You can contact us at [email protected] with any questions about your privacy.
1. Who We Are
This app is provided by:
InDevLab Ro S.R.L.
Email: [email protected]
InDevLab Ro S.R.L. is the data controller responsible for processing your personal data through the Swipenter app, in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and Romanian Law 190/2018.
The supervisory authority for data protection in Romania is:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 București, România
Email: [email protected]
Phone: +40 318 059 211
Website: www.dataprotection.ro
2. What Data We Collect
2.1 Data Collected Directly by the App (On-Device Only)
The following data is created and stored exclusively on your device. It is never transmitted to our servers or any third party:
- App settings and preferences — theme selection, haptic feedback preference, swipe sensitivity, notification settings.
- Review progress and statistics — photos reviewed, kept, deleted, and bookmarked; session history; streak data; achievement progress.
- Photo library metadata — Swipenter reads metadata (dates, file sizes, media types) from your photo library to organize and display your photos. This data is accessed through Apple's PhotoKit framework and remains on your device.
2.2 Data Collected by Third-Party Services
When you use the app, the following third-party services may collect data as described below:
- Google AdMob (advertising) — IP address (for coarse location estimation), device advertising identifier (IDFA, when permitted), advertising data (ads viewed and interacted with), product interaction data, crash data, and performance data.
- Firebase Analytics (usage analytics) — app-instance identifier, session data, device model, operating system version, approximate geographic location (derived from IP address), app events (first launches, app opens, updates, in-app purchase events).
- Apple StoreKit (in-app purchases) — purchase history, product identifiers, subscription status. Payment information such as credit card details is handled entirely by Apple and is never accessible to us.
2.3 What We Do NOT Collect
- Photos and videos. We never access the pixel content of your photos or videos for any purpose other than displaying them to you on your device. Your photos are never uploaded, copied, transmitted, or stored on any external server.
- User accounts. We do not require registration, login, or any account creation.
- Contacts, messages, or call history.
- Precise location data. We do not access your GPS, Wi-Fi, or Bluetooth location.
- Biometric data.
- Payment or banking information. All transactions are handled by Apple.
- Names, email addresses, or other personal identifiers — unless you contact us directly for support.
3. How and Why We Process Your Data
| Purpose | Data Involved | Legal Basis (GDPR) |
|---|---|---|
| Providing the core photo review service | Photo library metadata (on-device only), app settings, review progress | Contract performance — Art. 6(1)(b) |
| Displaying advertisements (free tier) | IP address, device identifier, ad interaction data | Consent — Art. 6(1)(a) |
| Understanding app usage through analytics | App-instance ID, session and event data, device information | Consent — Art. 6(1)(a) |
| Processing in-app purchases | Purchase history, subscription status | Contract performance — Art. 6(1)(b) |
| Retaining purchase records for accounting | Transaction records | Legal obligation — Art. 6(1)(c) |
| Sending local notifications (reminders, streaks) | Notification preferences (on-device) | Consent — Art. 6(1)(a) |
| Displaying home screen and lock screen widgets | Statistics and streak data (on-device) | Contract performance — Art. 6(1)(b) |
| Responding to support requests | Email address, correspondence content | Legitimate interest — Art. 6(1)(f) |
Where we rely on consent, you may withdraw it at any time (see Section 10). Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
4. On-Device Processing
Swipenter is designed with privacy at its core. Your photos and videos never leave your device. All photo analysis, display, and management operations are performed entirely on your iPhone using Apple's PhotoKit framework. No image data is uploaded to our servers, to the cloud, or to any third party.
Your review progress, statistics, settings, and preferences are stored locally on your device using Apple's SwiftData framework. This data is not synchronized to any external server.
You can delete all locally stored app data at any time by uninstalling Swipenter or by using the “Clear All App Data” option in the app's Settings.
5. Third-Party Services and Data Sharing
Swipenter integrates the following third-party services. Each service has its own privacy policy governing the data it collects:
5.1 Google AdMob (Advertising)
We use Google AdMob to display advertisements in the free version of Swipenter. For the purposes of AdMob, Google operates as an independent data controller — meaning Google independently determines how it uses the data collected through its advertising services.
AdMob may collect device identifiers, IP address, ad interaction data, and diagnostic information. When you have granted App Tracking Transparency (ATT) permission, AdMob may use your device's advertising identifier (IDFA) to deliver personalized ads. When ATT permission is denied, AdMob serves contextual (non-personalized) ads, which may still involve limited data collection for ad serving, frequency capping, and fraud prevention.
- Google Privacy Policy: policies.google.com/privacy
- Google Ads Settings: adssettings.google.com
- Google Ads data practices: business.safety.google/gdpr
5.2 Firebase Analytics (Usage Analytics)
We use Firebase Analytics, provided by Google, to collect anonymous usage data that helps us understand how Swipenter is used and to improve the app. For the purposes of Firebase Analytics, Google operates as a data processor acting on our instructions under the Firebase Data Processing and Security Terms.
Firebase Analytics collects an app-instance identifier (not tied to your identity), session data, device model, operating system version, approximate location (from IP address), and app events such as screen views and feature usage. Firebase Analytics does not access your photos or personal files.
- How Google uses data from apps: policies.google.com/technologies/partner-sites
- Firebase privacy information: firebase.google.com/support/privacy
5.3 Apple (In-App Purchases)
When you make a purchase in Swipenter (monthly, yearly, or lifetime subscription), the transaction is processed entirely by Apple through StoreKit 2. We receive confirmation of your purchase status (product identifier, subscription expiration date, renewal status) but never receive your payment details. Apple's handling of purchase data is governed by Apple's Privacy Policy at apple.com/legal/privacy.
We do not sell, rent, or trade your personal data to any third party.
6. Advertising and Consent
6.1 Personalized vs. Non-Personalized Ads
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, Swipenter will request your consent before displaying personalized advertisements or activating analytics tracking. This is done through a consent dialog that complies with the IAB Transparency and Consent Framework (TCF) v2.2 and Google's EU User Consent Policy.
You have three choices:
- Consent — personalized ads and analytics will be activated.
- Do not consent — only contextual (non-personalized) ads will be shown, and analytics will not collect data.
- Manage options — choose granularly which purposes you consent to.
6.2 App Tracking Transparency (ATT)
In addition to the GDPR consent dialog, iOS will display Apple's App Tracking Transparency prompt. This controls whether your device's advertising identifier (IDFA) can be shared with advertising networks. You can change your ATT preference at any time in your device's Settings under Privacy & Security > Tracking.
6.3 Withdrawing Consent
You can withdraw your advertising and analytics consent at any time by:
- Opening Swipenter's Settings and selecting “Privacy & Data Settings.”
- Changing your ATT preference in iOS Settings > Privacy & Security > Tracking.
- Resetting your advertising identifier in iOS Settings > Privacy & Security > Apple Advertising.
When consent is withdrawn, we will stop collecting analytics data and will switch to non-personalized ads (or no ads for premium subscribers). Withdrawal does not affect data already lawfully collected prior to withdrawal.
6.4 Premium Ad-Free Experience
Swipenter Premium subscribers do not see advertisements. AdMob is not initialized for premium users, meaning no advertising-related data collection occurs.
7. International Data Transfers
When you consent to advertising and/or analytics, data collected by Google AdMob and Firebase Analytics may be transferred to and processed on Google's servers located outside the European Economic Area, including in the United States.
These transfers are protected by the following safeguards:
- EU-US Data Privacy Framework — Google LLC is certified under the EU-US Data Privacy Framework.
- Standard Contractual Clauses (SCCs) — Google's data processing agreements incorporate the European Commission-approved Standard Contractual Clauses for international transfers.
For more information, see Google's data transfer practices at business.safety.google/gdpr.
All locally stored data (photos, settings, statistics, progress) remains exclusively on your device and is never transferred internationally.
8. Data Retention
| Data Category | Retention Period | Reason |
|---|---|---|
| Photos and media | Never retained — processed on-device only | Data minimization |
| App settings and preferences | Until you uninstall the app or reset data | Service provision |
| Review progress and statistics | Until you uninstall the app or reset data | Service provision |
| Firebase Analytics data | Up to 14 months (default Google retention setting) | Analytics purpose |
| AdMob advertising data | Per Google's retention policy | Independent controller relationship |
| In-app purchase records | Duration of subscription + 10 years | Legal obligation (Romanian accounting law) |
| Support correspondence | Up to 2 years after issue resolution | Legitimate interest |
You can delete all on-device data at any time by uninstalling Swipenter or using the “Clear All App Data” option in Settings. To request deletion of data held by Google, you can use Google's account settings at myaccount.google.com or contact us at [email protected].
9. Your Privacy Rights Under GDPR
As a user in the European Economic Area, you have the following rights regarding your personal data:
Right of access (Art. 15) — You can request confirmation of whether we process your personal data and obtain a copy of that data.
Right to rectification (Art. 16) — You can request correction of inaccurate personal data without undue delay.
Right to erasure (“right to be forgotten”) (Art. 17) — You can request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when processing is unlawful. Local data can be erased by uninstalling the app. For data held by Google, we will facilitate your request.
Right to restriction of processing (Art. 18) — You can request that we limit the processing of your personal data while its accuracy is contested, while processing is disputed, or while we assess a right-to-erasure request.
Right to data portability (Art. 20) — Where processing is based on consent or contract performance and is carried out by automated means, you can request to receive your data in a structured, machine-readable format. Swipenter offers a data export function in Settings for your on-device data.
Right to object (Art. 21) — You can object to processing based on legitimate interests. You have an absolute right to object to processing for direct marketing purposes at any time, without needing to provide a reason.
Right regarding automated decision-making (Art. 22) — You have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you. Swipenter does not make automated decisions about you.
Right to withdraw consent (Art. 7(3)) — Where processing is based on your consent, you can withdraw that consent at any time. Withdrawal is as easy as giving consent — see Section 6.3 for instructions. Withdrawal does not affect the lawfulness of processing carried out before it.
Right to lodge a complaint (Art. 77) — You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. The Romanian supervisory authority is:
ANSPDCP
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 București, România
Email: [email protected]
Phone: +40 318 059 211
How to Exercise Your Rights
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days of receiving your request. If a request is complex or we receive a high volume of requests, we may extend this period by a further two months, and we will inform you of any such extension within the initial 30-day period.
We will not charge a fee for processing your request, unless requests are manifestly unfounded or excessive.
10. Children's Privacy
Swipenter is not directed at children. In accordance with GDPR Article 8 and Romanian Law 190/2018, we do not knowingly collect personal data from anyone under the age of 16 years.
If we become aware that a child under 16 has provided us with personal data, we will take steps to delete that information promptly. If you are a parent or guardian and you believe your child has provided data to us, please contact us at [email protected].
For users identified as under the age of consent, AdMob ad personalization is automatically disabled and data processing is restricted in compliance with Google's policies.
11. Security Measures
We take reasonable measures to protect the data associated with Swipenter:
- On-device storage protection. All locally stored data benefits from iOS's built-in data protection and encryption capabilities, including full-disk encryption and the app sandbox, which prevents other apps from accessing Swipenter's data.
- Encryption in transit. All communications between the app and third-party services (AdMob, Firebase Analytics, Apple StoreKit) use industry-standard TLS/SSL encryption.
- Third-party security certifications. Firebase services maintain ISO 27001, SOC 1, SOC 2, and SOC 3 certifications. Apple's infrastructure maintains comparable certifications.
- Data minimization. We collect only the minimum data necessary for each purpose. Photos and media are never transmitted from your device.
No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
12. Notifications and Widgets
Notifications
Swipenter may send local notifications to your device (such as daily memory reminders and streak reminders). These notifications are scheduled and delivered entirely on your device using Apple's notification framework. No notification content or scheduling data is transmitted to our servers or any third party.
You can manage notification preferences within the app's Settings or through iOS Settings > Notifications > Swipenter.
Widgets
Swipenter offers home screen and lock screen widgets displaying your streak count, statistics, and “On This Day” memories. Widget data is stored in a shared app container on your device and is never transmitted externally. Widgets are rendered by iOS using Apple's WidgetKit framework.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or third-party services. When we make material changes:
- We will update the “Last updated” date at the top of this policy.
- We will notify you through the app (via an in-app notice or notification) before the changes take effect.
- The updated policy will be made available at the same public URL.
We encourage you to review this Privacy Policy periodically. Your continued use of Swipenter after any changes become effective constitutes your acknowledgment of the modified policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
InDevLab Ro S.R.L.
Email: [email protected]
We aim to respond to all inquiries within 30 days.
This Privacy Policy is provided in English. In the event of any discrepancy between translated versions, the English version shall prevail.