Privacy Policy
Photolio ("Photolio", "we", "us") is a photo-first contacts app operated by Jun Wang. This policy explains what information the app collects, how we use it, and the choices you have. By using Photolio you agree to this policy.
The short version
- We collect only what the app needs to store and sync your contacts.
- We do not sell your data.
- We do not show ads, use third-party advertising SDKs, or track you across other apps.
- You can use the app as a guest, with your data kept only on your device.
- Optional Pro subscriptions are billed by Apple and managed through RevenueCat; we never receive your payment-card details.
- You can permanently delete your account and data from within the app at any time.
Information we collect
The information we process depends on whether you create an account.
- Account information (only if you sign up): your email address, an encrypted password, and a display name. If you sign in with Apple or Google, we receive a basic identifier and the name/email you authorize that provider to share.
- Content you create: profile photos and group photos you add, names, descriptions, photo tags/regions, nicknames, and the contact details you enter (such as phone numbers, email addresses, and social handles), and the groups you create.
- Identifiers: a user account ID and profile IDs used to store and sync your data.
- Subscription information (only if you buy Pro): your subscription status, the plan you chose, and its renewal or expiry date. Purchases are made through Apple's App Store and recorded by our billing provider, RevenueCat — we never receive or store your payment-card details.
- Device permissions: with your permission, the app uses your camera (to take photos and scan QR codes you choose to scan) and your photo library (to pick photos you choose to add). The app does not read your device's system contacts.
- On-device logs: the app keeps diagnostic logs in local storage on your device (retained about 7 days) to help troubleshoot problems. In this version these logs are not transmitted off your device.
How we use information
- To create and secure your account and sign you in.
- To store your contacts, photos, and identities and sync them across the devices you sign in to.
- To process optional Pro subscriptions and unlock cloud sync & backup for subscribers.
- To deliver the information you choose to share when you generate a QR code or share link.
- To operate, maintain, and troubleshoot the app.
How we store and process information
When you create an account, your data is stored and processed using Supabase (authentication, database, and file storage), our cloud infrastructure provider, on our behalf. Data is transmitted over encrypted connections (HTTPS/TLS) and protected by row-level access controls so that, in general, only you can access your own data.
If you use the app as a guest (without signing in), your data stays on your device and is not uploaded to our servers.
If you buy a subscription, your purchase is handled by Apple (the App Store) and recorded through RevenueCat, our subscription-management provider, which verifies your entitlement and keeps your subscription status in sync. We share an account identifier and subscription events (such as purchases, renewals, and expirations) with RevenueCat for this purpose; we do not receive your payment-card details. See RevenueCat's privacy policy at revenuecat.com/privacy.
Sharing your information
We do not sell your personal information. We share information only:
- At your direction — when you share your identity card via a QR code or link, the recipient receives the information you chose to include on that card.
- With service providers — such as Supabase, which hosts and processes data on our behalf, and, for subscriptions, Apple (payment processing) and RevenueCat (subscription management), each under their own terms and security obligations.
- For legal reasons — if required by law or to protect rights, safety, and security.
Data retention and deletion
We keep your account data for as long as your account exists. You can
permanently delete your account at any time in the app at
Settings → Account → Delete Account. Deletion removes your
profiles, photos, contact details, and account identity from our servers.
This action is irreversible. Guest data can be removed by deleting the app
from your device.
If you subscribe and later let your subscription lapse, we keep your cloud-stored photos for 90 days so you can resubscribe or retrieve them, after which they are deleted from our cloud storage. Your contact details and other text information are retained so your contacts are restored if you resubscribe. At any time you can save your photos onto your device or export a complete copy of your data (see “Your rights”).
Your rights
Depending on where you live, you may have rights to access, correct, or
delete your personal information, or to object to or restrict certain
processing. You can exercise the core of these rights directly in the app
(editing your content and deleting your account), or by contacting us at
the address below. You can also export a complete copy of your data at any
time from Settings → Your Data → Export my data, and download
your cloud photos onto your device.
Children's privacy
Photolio is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us and we will delete it.
Security
We use encryption in transit and access controls to protect your information. No method of transmission or storage is completely secure, but we work to protect your data and to limit access to it.
Changes to this policy
We may update this policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, provide additional notice.
Governing law
This policy is governed by the laws of Singapore, without regard to conflict-of-law principles.
Contact us
Questions about this policy or your data? Email us at support@photolioapp.com.