Privacy Policy for Uncluttr

Last Updated: March 9, 2026

Effective Date: March 9, 2026

1. Introduction

This Privacy Policy explains how Uncluttr ("we", "our", or "the App"), operated by Abdelrahman Scherif, gemacht.dev, collects, uses, and protects your information.

Our Commitment: No photos or videos from your gallery ever leave your device. We process your media files locally on your device only.

Contact Information:

• Operator: Abdelrahman Scherif
• Business Name: gemacht.dev
• Address: Bussestraße 17A, 22299 Hamburg, Germany
• Email: boudy@gemacht.dev

2. Age Restriction

Uncluttr is intended for users aged 16 years and older. We do not knowingly collect personal information from users under 16. If we discover that we have collected data from a user under 16, we will delete it immediately. If you believe a user under 16 has provided us with personal information, please contact us at boudy@gemacht.dev.

3. Your Consent Rights (GDPR)

Before we collect any data, you have the right to choose.

When you choose to watch a rewarded ad, we ask for your explicit consent to:

• Show personalized advertisements (Google AdMob)

You can:

• Accept or reject personalized ads when prompted
• Change your choices anytime in your device settings

Crash reporting (Sentry) is enabled by default to ensure app stability and fix bugs. This is based on our legitimate interest in maintaining a functional app. Crash reports contain only technical data and cannot identify you personally.

The core functionality of Uncluttr (viewing and organizing your photos) works without any advertising services.

4. Data We Collect

4.1 Data That Stays on Your Device (Never Sent to Us)

• Your Photos and Videos: All media files remain on your device. We never upload, access, or transmit them.

4.2 Data We Sync to Our Servers (Core Functionality)

To provide Uncluttr's core functionality, we sync the following data to our servers:

• Photo Metadata: Media IDs, timestamps, and grouping information
• Unique User ID (UUID): A universally unique identifier is automatically generated for every user, whether you create an account or not. This allows us to sync your organizational data across devices.

Important: If you do not create an account, your metadata is linked only to an anonymous UUID that cannot be used to identify you personally. This UUID allows the app to sync your photo organization across your devices.

4.3 Account Data (Optional)

If you choose to create an account, you can link your anonymous UUID to:

• Email address and password (if signing up with email)
• OAuth provider information (if signing up with Google, Apple, etc.)

Creating an account allows you to:

• Access your photo organization from multiple devices
• Recover your data if you switch devices
• Manage your preferences across platforms

Data Storage Location: All account data is stored on Supabase servers located in Frankfurt, Germany (EU region).

4.4 Crash Reports (Enabled by Default)

To maintain app stability, we automatically collect:

• Device information (OS, model, app version)
• Crash logs and error messages
• Stack traces showing what went wrong
• App state at time of crash

Purpose: To identify and fix bugs and crashes.

Note: Crash reports do not include your photos, videos, or personal gallery content.

4.5 Advertising Data (When You Watch a Rewarded Ad)

If you choose to watch a rewarded ad and consent to personalized ads via Google AdMob:

• Device advertising ID
• Ad interaction data (views, clicks)
• General location (country/city level)
• Device characteristics

Google may use this data to show you personalized advertisements. You can opt out of personalized ads in your device settings or by rejecting consent in the app.

Non-personalized ads: If you reject consent, you'll see non-personalized ads that don't use your data for targeting.

4.6 Payment Data (RevenueCat)

If you purchase a subscription or one-time premium upgrade:

• Transaction ID
• Purchase status
• Subscription status and expiration date

Note: We do not collect or store your credit card information. All payments are processed securely by Apple App Store or Google Play Store. RevenueCat receives anonymized transaction data to manage your subscription status.

4.7 Data We Do NOT Collect

• Your actual photo and video files (never transmitted from your device)
• Precise GPS location in real-time (we only sync location data already embedded in your photos' EXIF metadata, if present)
• Contacts or other device data unrelated to the app
• Biometric data

5. How We Use Your Data

We use collected data for the following purposes:

Data Type	Purpose	Legal Basis (GDPR)
Metadata & UUID	Enable core app functionality, sync across devices	Legitimate Interest, Contract performance
Account data	User authentication, link devices to user identity	Contract performance
Crash reports	Fix bugs and improve stability	Legitimate Interest
Advertising data	Show relevant ads, support free app version	Consent
Payment data	Process purchases, manage subscriptions	Contract performance

6. Data Sharing and Third Parties

We share data with the following third-party services:

6.1 Supabase (Infrastructure & Authentication)

• What they receive: User UUID (anonymous or linked to account), email (if you create an account), authentication tokens, photo metadata (media IDs, timestamps, grouping data)
• Purpose: Core metadata syncing functionality and optional user account management
• Location: Frankfurt, Germany (EU)
• Privacy Policy: https://supabase.com/privacy

6.2 Google AdMob

• What they receive: Advertising ID, ad interactions (with your consent)
• Purpose: Display advertisements
• Privacy Policy: https://policies.google.com/privacy

6.3 Sentry

• What they receive: Crash logs, error reports (enabled by default)
• Purpose: Error tracking and debugging
• Privacy Policy: https://sentry.io/privacy/

6.4 RevenueCat

• What they receive: Transaction IDs, subscription status
• Purpose: Manage subscriptions and purchases
• Privacy Policy: https://www.revenuecat.com/privacy/

We do not sell your personal data to anyone.

7. Data Retention

• Metadata & UUID: Stored as long as you use the app. Deleted when you uninstall and request deletion via boudy@gemacht.dev
• Account data (if created): Stored as long as your account is active
• Crash reports: Retained for 90 days by Sentry
• Payment data: Retained as required for tax and legal compliance (typically 10 years in Germany)

Upon account deletion or data deletion request: All your personal data is immediately and permanently deleted from our systems. Crash data is anonymized and cannot be linked back to you.

8. Your Rights (GDPR)

As a user in the European Union, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Delete your account and all associated data
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests (e.g., crash reporting)
• Right to Withdraw Consent: Change your ads consent anytime
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at boudy@gemacht.dev.

We will respond to your request within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL
• Authentication: Secure password hashing and OAuth protocols
• Access Control: Limited access to personal data on a need-to-know basis
• Regular Updates: We keep our security measures up to date

However: No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. International Data Transfers

Primary Storage: Your account data is stored in the EU (Frankfurt, Germany via Supabase).

Third-Party Services: Some services (Sentry, RevenueCat) may transfer data to the United States or other countries. These transfers are protected by:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Privacy Shield Framework (where applicable)
• Adequate data protection safeguards

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell data)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at boudy@gemacht.dev.

12. Cookies and Tracking Technologies

Uncluttr does not use cookies. However, third-party services (AdMob) may use similar technologies to display ads. You can control this through your device settings and in-app consent preferences.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

• Update the "Last Updated" date at the top
• Notify you via email (if you have an account) or in-app notification
• Request new consent if required by law

Continued use of Uncluttr after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Email: boudy@gemacht.dev

Mail: Abdelrahman Scherif gemacht.dev Bussestraße 17A 22299 Hamburg, Germany

Summary:

• Your photos and videos never leave your device
• Photo metadata (timestamps, IDs, grouping) is synced to enable core functionality
• We only collect ads and crash data with your explicit consent
• You control consent settings in the app
• You can delete your account and all data anytime by contacting us
• We comply with GDPR, CCPA, and other privacy regulations