Privacy Policy

Photo Scale AI

Effective: February 22, 2026

This Privacy Policy describes how Photo Scale AI ("we", "our", or "the app"), developed by Yalçın Arslan, collects, uses, and protects your information. By using Photo Scale AI, you agree to the practices described in this policy.

1. Information We Collect

We are committed to collecting only the minimum data necessary to provide our service. We do not collect your name, email address, or any personally identifiable information.

Device Identifier

We generate an anonymous device identifier using a SHA-256 hash derived from device model, manufacturer, and hardware characteristics. This identifier cannot be reversed to reveal your personal information.

Authentication

We use Firebase Anonymous Authentication to create a session. No email, phone number, or personal account information is collected.

Usage Data

  • Number of measurement requests
  • Timestamps of requests
  • Measurement modes used (weight, length, counting)

Device Information

  • Device model and operating system version
  • App version

Photos

Photos are transmitted for AI analysis only. They are processed in memory and never stored on our servers or any database.

2. How We Use Your Information

  • Providing AI-powered measurement analysis
  • Maintaining service quality and preventing abuse (rate limiting)
  • Improving the app through aggregated analytics
  • Crash reporting and bug fixing
  • Managing subscription status

3. Third-Party Services & AI Disclosure

We use the following third-party services to operate Photo Scale AI:

AI Processing Disclosure: Your photos are sent to a third-party AI provider (OpenAI) for measurement analysis. OpenAI retains API data for up to 30 days for abuse monitoring purposes only. API data is not used for model training.

OpenAI — San Francisco, CA

Photos are sent via API for AI-powered measurement analysis. OpenAI retains API data for up to 30 days for abuse monitoring. API data is not used for model training. Learn more

Firebase / Google — Mountain View, CA

Anonymous Authentication, Analytics (90-day data retention), and Crashlytics for crash reporting.

Adapty — Subscription Management

Manages subscription status. Receives an anonymous user identifier and device fingerprint only.

Cloudflare — San Francisco, CA

API hosting, DDoS protection, and security infrastructure.

4. Photo Data

  • Photos are transmitted to our servers via encrypted connection (HTTPS/TLS)
  • Forwarded to OpenAI for AI analysis
  • Not stored on our servers or any database
  • Not used for AI model training
  • Processed in memory only, discarded immediately after analysis
  • EXIF/GPS metadata is stripped before transmission

5. Data Retention

Data TypeRetention Period
Device identifierWhile account is active
Usage counters (daily)48 hours
Usage counters (lifetime, free tier)Permanent
Firebase Analytics90 days
Firebase Crashlytics90 days
PhotosNot stored (in-memory only)
Subscription statusWhile active + 1 day buffer

6. Data Sharing

  • Data is shared only through the third-party services listed above
  • We do not sell your data or share it for advertising purposes
  • We may disclose information if required by law or to protect our legal rights

7. Your Rights (GDPR / CCPA)

Regardless of your location, we respect the following rights:

  • Access: Request to know what data has been collected about you
  • Deletion: Request deletion of all your data
  • Portability: Request a copy of your data in a portable format
  • Opt-out: Disable analytics tracking through your device settings

To exercise any of these rights, contact us at [email protected].

8. Data Security

  • All data is transmitted via HTTPS/TLS encryption
  • Device fingerprint is stored in iOS Keychain / Android Secure Storage
  • API keys are stored in Cloudflare Secrets (never embedded in the client app)
  • Firebase ID tokens use short expiry periods

9. Children's Privacy

Photo Scale AI is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with data, please contact us at [email protected] and we will promptly delete it.

10. International Data Transfer

Your data may be processed in the United States and the European Union through our third-party service providers (Cloudflare edge network, OpenAI, Firebase). These providers maintain standard contractual clauses and appropriate safeguards for international data transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. For significant changes, we will provide notice through the app's update notes.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: [email protected]

Data deletion requests: [email protected]