Privacy Policy

Life Reel is a personal memory app that helps you turn the photos and videos already stored on your iPhone into short video moments, trip recaps, and highlights. This Privacy Policy explains how ULADZISLAU ZINCHANKA ("we," "us," or "our") handles your information when you use the App.

By installing or using Life Reel, you acknowledge that you have read this Policy. If you do not agree, please do not use the App.

Your photos and videos stay on your iPhone. The App reads your photo library so you can browse and use it inside Life Reel. The contents of your library are not uploaded to our servers.
On-device processing. Trip detection, "On This Day", smart groups, place-name lookups, and the composition of exported videos all run locally on your iPhone, using Apple system APIs.
No facial recognition or biometric processing (as those terms are used under U.S. state biometric laws — Illinois BIPA, Texas CUBI, Washington biometric law — and EU/UK GDPR Article 9).
No AI/ML training on your content. Your photos, videos, location data, or other personal content are never used to train AI or machine-learning models.
No third-party advertising. The App does not display ads and does not embed any advertising or attribution SDKs.
No sale or "share" of personal information for cross-context behavioral advertising under U.S. state privacy laws.
No account required. The App works without sign-in.

1. Who We Are

Life Reel is operated by ULADZISLAU ZINCHANKA, an individual entrepreneur registered in Poland. We are the "data controller" of your personal data under EU/UK GDPR and Swiss FADP, and the "business" (under California CCPA/CPRA) or "controller" (under other U.S. state privacy laws) responsible for your information.

Contact: dev.ohmyapp@gmail.com — single point of contact for all privacy questions, consumer-rights requests, complaints, and authorized-agent inquiries.

2. What We Collect and Why

2.1 On Your iPhone (Not Transmitted to Us)

The following information is created and stored locally on your iPhone and is not transmitted to our servers:

The photos and videos in your iOS photo library that the App reads with your permission.
Photo/video metadata exposed by iOS (creation date, dimensions, duration, media type, GPS coordinates already embedded in your own media).
iOS asset identifiers — used to remember which photos/videos you added to which Moments or groups.
Your Moments, Trips, custom groups, project titles, captions, theme preference, default project, "On This Day" reminder progress, and other in-app settings.
Generated videos — composed on your iPhone from clips you choose, saved to your Photos library only if you tap "Save".

This local data remains on your iPhone until you delete it inside the App or uninstall the App. We do not receive or access it.

2.2 Location Data — From Your Own Photo Metadata Only

Life Reel uses location data only as it is already embedded in your own photos and videos (EXIF / asset metadata) to:

Detect "Trips" — clusters of photos and videos taken away from your usual area.
Group moments by season or region.
Display approximate place names ("Paris", "Bali") on cards and moments.

To convert GPS coordinates into a human-readable place name, the App uses Apple's built-in geocoder (CLGeocoder, via Apple system services). The App does not send your GPS coordinates to any third-party server.

Life Reel does not track your live location. The App does not request "Always" or background location, does not run in the background to collect location, and does not transmit coordinates to our servers. It reads only the location your camera already saved with each photo or video.

Legal basis (GDPR/UK GDPR): Art. 6(1)(b) performance of a contract.

2.3 Subscription and Payment Data

If you purchase a subscription or one-time premium upgrade, we receive, via RevenueCat, Inc.:

A pseudonymous app user identifier.
Subscription status and plan type (e.g. weekly, monthly, yearly).
Transaction identifiers and platform purchase receipts.
Subscription start, expiration, and renewal dates; free-trial status (if applicable).
Country/region used by the App Store at the time of purchase.

We do not collect or store payment-card information. All payment processing is handled by the Apple App Store under its own terms and privacy policy.

Legal basis: Art. 6(1)(b) performance of a contract; Art. 6(1)(c) compliance with tax/accounting obligations.

2.4 Usage Analytics and Crash Reports

To improve the App, diagnose crashes, and test paywall and feature variants, the App emits:

App usage events (e.g. screen viewed, button tapped, paywall shown, moment saved, video generated, restore-purchases tapped).
Performance metrics and timing information.
Crash reports — device model, iOS version, App version, stack traces.
Remote-config assignment — which feature flag or paywall variant your install received.

Usage events are sent to Mixpanel, Inc.; crash reports are sent to Firebase Crashlytics (Google LLC); feature flags are delivered by Firebase Remote Config. None of these systems receive your photos, videos, captions, location coordinates, account email, or contact details. Events are keyed to a pseudonymous install identifier, not your real identity.

Legal basis: Art. 6(1)(f) legitimate interest in operating, securing, and improving the Service. Where required by EU ePrivacy rules, we obtain consent before activating non-essential analytics.

2.5 Device and Network Information

When the App communicates with our service providers, the following technical information is necessarily transmitted:

Device type and model (e.g. "iPhone15,3").
iOS version, App version and build number.
Locale, time zone, and preferred language.
Pseudonymous device or install identifier.
IP address (collected automatically by service providers' servers; used for geographic aggregation, fraud prevention, and security — not for advertising).

Legal basis: Art. 6(1)(f) legitimate interest in service operation, security, and debugging.

2.6 Notifications

With your permission, the App may schedule local notifications (delivered by iOS) to remind you to capture a moment or to let you know that a recap is ready. Reminder schedules are stored locally. Life Reel does not send remote push notifications — the push entitlement is intentionally disabled in the build, and no APNs token is registered with our servers.

Legal basis: Art. 6(1)(a) consent (iOS permission you grant).

2.7 Email Correspondence

If you contact us by email, we receive your email address, message body, and any attachments. We use them solely to respond to you.

Legal basis: Art. 6(1)(f) legitimate interest in support; Art. 6(1)(b) performance of a contract.

3. What Life Reel Does NOT Do

We expressly confirm that the App does not:

Perform face recognition, facial identification, face-geometry scanning, retina/iris scans, fingerprint scans, voiceprint analysis, or any other biometric processing within the meaning of the Illinois BIPA (740 ILCS 14), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code § 503.001), the Washington biometric statute (RCW 19.375), or GDPR/UK GDPR Article 9.
Collect "consumer health data" within the meaning of the Washington My Health My Data Act (RCW 19.373) or analogous laws.
Run any artificial-intelligence inference on your media on our servers.
Use your photos, videos, captions, or any other personal content to train AI or machine-learning models — ours or any third party's.
Sell your personal information for monetary or other valuable consideration.
"Share" your personal information for cross-context behavioral advertising (as defined under California Civ. Code § 1798.140(ah)).
Engage in targeted advertising, behavioral profiling, or automated decision-making with legal or similarly significant effects.
Track you across other companies' apps or websites (the App does not present Apple's App Tracking Transparency prompt).
Embed advertising or attribution SDKs such as Meta/Facebook SDK, TikTok Pixel, Google Ads SDK, AppsFlyer, Adjust, Branch, Singular, or Kochava.
Maintain user profiles, public feeds, comment systems, friend networks, or any public-sharing infrastructure.
Require an account, real name, date of birth, email address, phone number, photograph of you, biometric identifier, or precise geolocation in order to function.

4. Third-Party Service Providers

Life Reel relies on the following service providers. Each acts as a processor under written data-processing terms. Your use of the App is also subject to their own privacy policies.

Provider	Role	Data Transferred	Location	Privacy Policy
Apple Inc. (App Store, StoreKit, APNs, CLGeocoder)	App distribution, in-app purchase processing, local-notification delivery, place-name lookups	Purchase information; device token used for local-notification scheduling; lat/lon submitted to system geocoder	USA / global	apple.com/legal/privacy
Google LLC — Firebase (Crashlytics, Remote Config)	Crash reporting; remote feature-flag delivery	Crash logs, device info, anonymized identifiers, remote-config assignment	USA / global	firebase.google.com/support/privacy
RevenueCat, Inc.	Subscription management, entitlement delivery, restore-purchases handling, paywall experiment assignment	Pseudonymous app user ID, platform purchase receipts, subscription status, transaction history, country/region of purchase	USA	revenuecat.com/privacy
Mixpanel, Inc.	Product analytics	App usage events, anonymized counters, device/OS info, pseudonymous install identifier, locale	USA	mixpanel.com/legal/privacy-policy

5. Disclosure of Your Data

We disclose personal data only in the limited circumstances below:

Service providers (Section 4), acting on our instructions for the specific purposes listed.
Operating-system vendors (Apple) for system-level features such as in-app purchases, local-notification delivery, and place-name lookups via CLGeocoder.
Legal compliance — where required by law, regulation, subpoena, court order, or to protect rights, property, or safety.
Business transfers — if all or substantially all of Life Reel is sold, merged, financed, or otherwise transferred, your data may be transferred as part of that transaction, subject to a successor's compliance with this Policy (or one at least as protective).
With your consent — for any other disclosure not described here.

What we never share with third parties: the contents of your photos, videos, captions, notes, GPS coordinates from your media, or your in-app usage of content tools.

6. Children

Life Reel is not directed to children. We do not knowingly collect personal data from children under the applicable age of digital consent — 13 in the U.S. under COPPA (15 U.S.C. § 6501 et seq.); 16 by default under GDPR Art. 8 (lowered to 13 in some EU Member States including Poland); 13 in the UK. To purchase a subscription you must be at least 18 (or the age of legal majority in your jurisdiction) or have a parent/guardian's consent.

You — the user — are solely responsible for ensuring you have all rights to include other people (including children) in the photos and videos you organize, export, or share through Life Reel. If you believe a child's data has been inadvertently collected by us, contact dev.ohmyapp@gmail.com and we will delete it promptly.

7. Retention

Category	Retention
On-device data (photos, Moments, settings)	For as long as the App is installed. Uninstall removes app-managed local data.
Email correspondence with support	As long as needed to handle your inquiry, plus a reasonable period afterward (typically up to 3 years).
Subscription / transaction records	For the subscription duration and afterward as required by law (typically up to 7–10 years for tax purposes).
Usage analytics (Mixpanel)	Up to 24 months keyed to your pseudonymous install ID, then de-identified or deleted.
Crash reports (Firebase Crashlytics)	Up to 90 days for individual events; aggregated data may be retained longer.

8. Security

We use reasonable safeguards to protect your data:

All network traffic uses HTTPS/TLS.
Access to production systems is limited to authorized personnel on a need-to-know basis.
We select service providers (Apple, Google, RevenueCat, Mixpanel) with established industry-standard security practices and binding contractual data-protection commitments.
Local-first architecture — most of your data never leaves your iPhone, reducing risk materially.

No security measure is 100% effective. Because most of your data lives on your iPhone, protect it with a passcode, Face ID/Touch ID, and the latest iOS updates.

If we discover a personal data breach likely to result in risk to your rights, we will notify the Polish UODO (or another competent EU supervisory authority) without undue delay and where feasible within 72 hours (GDPR Art. 33), and notify you directly where the risk is high. We will comply with U.S. state breach-notification laws in the same manner. To report a suspected breach, contact dev.ohmyapp@gmail.com.

9. International Data Transfers

We are established in Poland (European Union). Several of our service providers operate in or transfer data to the United States. For transfers out of the EEA, the UK, or Switzerland, we rely on appropriate safeguards required by law, including:

The EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914);
The UK International Data Transfer Agreement / UK Addendum (where relevant);
The EU-U.S. Data Privacy Framework (and its UK and Swiss extensions);
Applicable adequacy decisions of the European Commission, UK Government, or Swiss Federal Council.

You may request a copy of the safeguards by contacting us.

10. Your Rights

10.1 In-App and iOS Controls

You can exercise the following controls without contacting us:

Photo library and notification access — revoke at any time from iOS Settings.
Subscription — cancel and manage from your Apple Account.
Local data — uninstall the App to remove app-managed local data; manage photos directly in your iOS Photos library.

10.2 GDPR / UK GDPR / Swiss FADP (EU, UK, Switzerland)

If you are located in the EEA, the UK, or Switzerland, you have the rights of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection (Art. 21), not to be subject to automated decisions with legal effect (Art. 22) — which we do not perform — withdrawal of consent (Art. 7), and to lodge a complaint with a supervisory authority (Art. 77).

Our lead supervisory authority is the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland, uodo.gov.pl. You may also complain to your local supervisory authority — for UK users, the ICO (ico.org.uk); for Swiss users, the FDPIC (edoeb.admin.ch).

10.3 California (CCPA / CPRA) and Other U.S. States

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, Indiana, Tennessee, New Jersey, New Hampshire, Maryland, Minnesota, Nebraska, Kentucky, Rhode Island, or Nevada, you have rights to know / access, delete, correct, port, and (where applicable) appeal denials of requests. You also have the right to opt out of sale, "sharing" for cross-context behavioral advertising, and targeted-advertising profiling — none of which apply to our processing, because we do not engage in those activities.

We recognize universal opt-out signals (e.g. Global Privacy Control) to the extent legally required; because we do not engage in sale or targeted advertising, there is no relevant processing to opt out of. California minors: we do not knowingly collect or "share" personal information of California residents under 16 without affirmative authorization (opt-in), and for those under 13 we comply with COPPA. California's "Shine the Light" law (Civ. Code § 1798.83) — we do not disclose personal information to third parties for their direct-marketing purposes.

10.4 How to Exercise Your Rights

Email dev.ohmyapp@gmail.com. We will respond within the time required by applicable law (typically 30 days for EU/UK/Swiss requests; up to 45 days for U.S. state-law requests), extendable as permitted by law. We may need information to reasonably authenticate you (typically the email used to contact support).

Users in other jurisdictions with comparable laws (Brazil LGPD, Canada PIPEDA / Quebec Law 25, Australia Privacy Act, Japan APPI, South Korea PIPA, etc.) have similar rights — same contact email.

11. Cookies, App Tracking Transparency, and Similar

Life Reel is a native iOS app and does not deploy browser cookies. Standard mobile-SDK identifiers used by analytics and crash reporting are described in Sections 2.4–2.5. The App does not engage in "tracking" as defined by Apple's App Tracking Transparency framework and does not present an ATT prompt. We do not currently operate a public website; if we do in the future, any cookies used there will be disclosed separately.

12. Marketing

We do not send marketing emails unless you have given prior consent (for example, by signing up to a newsletter). You may withdraw consent at any time by replying "unsubscribe" or contacting us. We may always send service-related messages (e.g. a reply to a support ticket, or a notice of material changes to this Policy).

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date above and, where required by law, provide additional notice (for example, an in-app banner the first time you launch the App after the change). Your continued use of the App after the new Policy takes effect constitutes acceptance, to the extent permitted by law.

14. Contact

ULADZISLAU ZINCHANKA (Life Reel)
Email: dev.ohmyapp@gmail.com

Effective Date: May 20, 2026 · Last Updated: May 20, 2026