Privacy Policy for AITaggerPro

1. Information We Collect

We collect the following types of information from users of AITaggerPro:

Account Information:

Basic details for account creation and authentication, collected via Firebase Authentication. This includes:

• Email Address: Collected when you create an account (used solely for identification and login authentication).
• User ID: A unique identifier automatically generated by Firebase to distinguish your account.

User Content:

Content that you choose to input or generate within the App:

• Photos: You may select photos from your device's library for AI-powered metadata generation. These photos are processed locally on your device; only a compressed version (max 640px on the longest side) is temporarily sent to our secure server function for AI processing. Original photos never leave your device, and we explicitly strip out any location data from the photo metadata before processing to protect your privacy.
• Metadata Templates: Custom templates (for titles, descriptions, keywords) that you create are stored in association with your account.
• CSV Templates: Custom CSV export templates you create are also stored with your account data.

Usage Information:

Data about how you interact with the App's features:

• Product Interaction: We track the number of AI metadata generations you perform, in order to manage your monthly generation limits and credit usage.
• Generation History: We maintain a history log of your metadata generation requests. This allows you to review past generations and helps us provide usage tracking features.
• Diagnostics: Not collected. We do not collect any crash reports, error logs, or technical diagnostic data from the App. (In other words, AITaggerPro does not gather device crash analytics or performance monitoring data.)

Purchase Information:

Details related to in-app purchases and subscriptions:

• In-App Purchases: We record your subscription status and any credit packages you purchase, so that we can grant appropriate access to premium features. All payment processing is handled entirely by Apple through the App Store's system. We never receive or store your payment card details or other financial information — those remain with Apple's secure payment system.

Push Notifications:

Information related to push notification services:

• Notification Preferences: We collect and store your push notification preferences (enabled/disabled status) when you grant or deny permission for notifications in the app.
• Device Token: When you enable push notifications, Apple provides us with a unique device token that allows us to send notifications to your specific device. This token is stored securely in our Firebase database and is only used for delivering notifications.
• Notification Events: We send push notifications for specific events: when your monthly credits renew, when your credits are running low (below 20% remaining), and when large batch processing operations (20+ images) are completed. We do not send marketing or promotional notifications.

Note: AITaggerPro does not collect certain categories of data at all. For example, we do not have any in-app contact forms or feedback forms that gather your input (users can reach us via email instead), and we do not collect your device's location data (any location info in photos is removed, as noted above). We also do not use any third-party advertising or analytics services that would collect additional personal data beyond what is described in this policy.

2. How We Use Your Information

We use the collected information for various purposes necessary to operate and improve the App, including:

• Providing Core Functionality: To deliver and maintain the App's primary features (e.g. generating photo metadata via AI).
• Account Management: To authenticate users, secure your account, and personalize your experience.
• Local Photo Processing: To process photos on your device and generate AI-powered metadata (using the information and templates you provide).
• Usage Tracking: To monitor usage counts (e.g. number of generations) and enforce subscription limits or credit balances.
• Subscription Management: To verify your subscription status or credits for accessing premium features.
• Customer Support: To assist you if you contact us with questions or issues, using your account info and history as needed.
• Push Notifications: To send you important service notifications about your account and usage, including credit renewal confirmations, low credit warnings, and batch processing completion alerts. These are service-related notifications, not marketing messages.
• App Improvement: To analyze usage patterns (in aggregate) and user feedback in order to fix bugs, enhance existing features, and develop new features.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests (if any arise).

We will not use your information for any purposes other than those outlined above, unless we obtain your consent or have a legal obligation.

3. Data Processing and Storage

We take a privacy-conscious approach in how data is processed and stored:

• Photo Processing: As noted, all photo processing happens locally on your device whenever possible. When the AI needs to analyze an image, the App sends a temporarily compressed version of the photo to our cloud function (hosted on Firebase) for processing. This compressed image is just large enough for the AI to work (maximum 640 pixels on the longest side) and does not include precise location metadata. Once the AI processing is complete (typically within seconds), the compressed image is immediately discarded from our cloud—no photo data is persistently stored on our servers.
• Cloud Storage: Certain user-generated data and account info are stored securely in the cloud to support your App experience. This includes your metadata templates, CSV templates, usage counters, and basic account details (like email and UID). We use Google Firebase Firestore databases for this storage. Firebase is a Google-provided service with robust security measures in place to protect stored data.
• Data Transmission Security: All communication between the App and our servers (or third-party services) is transmitted over encrypted connections (HTTPS/TLS). This means any data in transit (such as the compressed photo for AI processing, or your login credentials during sign-in) is encrypted to prevent eavesdropping.
• Security Measures: We rely on industry-standard security infrastructure provided by Firebase and our other service providers. This includes access controls, authentication safeguards, and regular security updates. We continuously monitor the system for potential vulnerabilities. While no method of transmission or storage is 100% secure, we strive to use commercially acceptable means to protect your personal information and maintain a secure environment.

4. Third-Party Services

AITaggerPro integrates a few trusted third-party services to function correctly. We disclose these providers and what data is shared with them:

Firebase (Google):

• Purpose: Provides our user authentication, database storage, cloud function execution, and push notification delivery infrastructure.
• Data Collected/Used: Firebase handles your email and password (for auth), stores your user ID, and stores other data like templates and usage stats in its Firestore database. Firebase Cloud Messaging (FCM) handles the delivery of push notifications using device tokens. It may also log general usage events for service reliability. (Firebase's privacy practices are governed by Google's privacy policy.)

OpenRouter AI:

• Purpose: Powers the AI metadata generation (i.e., it processes the text and image data to generate titles/descriptions/keywords).
• Data Shared: When you request an AI generation, the App sends the temporary compressed photo data to OpenRouter's AI endpoint. This data is used only for the purpose of generating the metadata and is not stored by OpenRouter long-term. (OpenRouter's Privacy Policy outlines their data handling; see OpenRouter Privacy Policy.)

Apple In-App Purchase (StoreKit):

• Purpose: Handles subscription management and one-time credit purchases through Apple's App Store.
• Data Handled: Information about your purchase transactions (such as which subscription tier you bought, and whether a transaction was successful) is communicated to us by Apple. Crucially, we never see your credit card or payment details – those are processed by Apple and not shared with us. (You can refer to Apple's privacy policy for how they handle payment data.)

Note: We do not share your personal information with any other third parties beyond the services listed above, except in the limited situations described in Section 5 (Data Sharing) below. We do not use any third-party advertising networks or analytics platforms in the App. This means your data is not being sent to marketers or trackers for advertising purposes.

5. Data Sharing

We do not sell, trade, or rent your personal information to any third parties for marketing or any other purposes. Your data is only shared in a few select circumstances, as outlined here:

• Service Providers: We may share necessary information with the third-party services mentioned above (Firebase, OpenRouter, Apple) strictly to enable the App's functionality. For example, your email and UID go to Firebase for authentication, or a compressed photo goes to OpenRouter for AI processing. These providers are bound by their own privacy agreements to use the data only for the intended service.
• Legal Requirements: We may disclose your information if required by law or in response to valid legal process (e.g., a subpoena, court order, or government demand). We will only do so in good faith belief that such disclosure is necessary to comply with applicable laws or to respond to a legal obligation.
• Protection of Rights and Safety: If necessary, we may share information to enforce our terms of service, to investigate or defend against legal claims, to prevent fraud or security issues, or to protect the rights, property, and safety of our users, ourselves, or others.
• With Your Consent: In any scenario where your personal information would be shared for purposes not covered above, we will obtain your explicit consent. For instance, if in the future you opt-in to some new feature that involves sharing data with a new service, we will explain and ask for your agreement.
• Push Notification Data: We do not share your notification preferences or device tokens with any third parties for marketing purposes. Firebase Cloud Messaging (operated by Google) is used solely as the technical infrastructure to deliver notifications, and they process this data according to their privacy policy.

Aside from the cases above, your data remains private and accessible only to you and AITaggerPro (and its integrated service providers acting on our behalf).

6. Data Retention and Deletion

We retain personal information only as long as necessary to fulfill the purposes for which it was collected or to comply with legal or operational obligations. Below is our data retention policy for different types of data:

• Account Data: Your account information (email, user ID, templates, etc.) is retained and stored for as long as your account remains active. This data allows you to have a persistent account with your saved preferences and content.
• Usage Data: Usage records (like generation history and counters) are retained to provide you with in-app history and to help us improve our services. We keep this data as long as needed for service provision, analysis, and improvement purposes, unless you request deletion sooner.
• Photos: As mentioned, original photos never leave your device. The temporarily transmitted compressed images for AI processing are immediately deleted from our cloud function after processing is completed. We do not store any copies of your photos on our servers.
• In-App Purchase Records: Subscription status and purchase history are retained as long as necessary (while you have an active subscription or outstanding credits) to manage your access to features and for our financial record-keeping. We do not retain any payment card information (handled by Apple), only the fact of your purchase and its details (e.g., product ID, date).
• Account Deletion: You have the right to delete your account at any time. Within the App, you can go to Settings > Delete Account to initiate this process. We may prompt you to confirm and offer an option to export your data first (so you can keep a copy of your templates or history if you want). Once you confirm deletion, we will permanently remove all data associated with your account from our systems. This includes your account info, templates, usage history, and any other personal data we have about you. Important: Account deletion is irreversible – after deletion, your data cannot be recovered.

If you simply stop using AITaggerPro without deleting your account, we will continue to retain your information as described above. If at any time you want us to remove your data, you can use the in-app delete option or contact us for assistance. We will also periodically review user accounts and may delete or anonymize data that is no longer needed for any business or legal purpose.

7. Your Privacy Rights

Depending on your jurisdiction or place of residence, you may have certain rights regarding your personal information. We are committed to honoring applicable data rights and provide mechanisms for you to exercise them. These rights may include:

• Right of Access: You can request a copy of the personal information we hold about you, as well as information about how we use and share it.
• Right of Correction (Rectification): If any personal data we have is inaccurate or incomplete, you have the right to request that we correct or update it.
• Right of Deletion (Erasure): You can ask us to delete your personal information. For example, you may delete your account (as described above) or request removal of specific data. We will erase data except where retention is required by law or legitimate business needs (in which case we'll inform you).
• Data Portability: You have the right to request a copy of your data in a portable format, so you can transfer it to another service. We can provide certain account data in a machine-readable format upon request.
• Right to Restrict Processing: You can request that we limit processing of your data in certain circumstances (for instance, if you contest the accuracy of the data or have objected to processing and we are evaluating the request).
• Right to Opt-Out of Certain Processing: You have the ability to opt out of any non-essential data uses. You can disable push notifications at any time through your device's iOS Settings app or within the AITaggerPro app settings. This will stop all push notifications while still allowing you to use the app's core features.
• Right to Object: In some jurisdictions, you may object to our processing of your personal information, particularly if done on a legal basis of legitimate interests. If you object, we will consider whether we have compelling grounds to continue processing or if we must cease.
• Rights Related to Automated Decisions: If we were to make any decisions about you that are based solely on automated processes (with no human involvement) and those decisions significantly affect you, you have rights to know about the logic involved and to request human review. (Note: AITaggerPro does not engage in automated decision-making that produces legal or similarly significant effects. The AI generation feature doesn't make decisions about you; it simply creates content based on your inputs.)

To exercise any of your rights, please contact us using the contact information provided in Section 14. We will respond to your request in accordance with applicable law. Typically, we will not charge a fee for fulfilling such requests, unless they are excessive or repetitive, in which case we will inform you of any cost before proceeding. Some rights may be subject to verification of your identity and certain exemptions under law.

8. Children's Privacy

Our App is not intended for children under 13 years of age. We do not knowingly collect personal information from anyone under 13. If you are under 13, please do not use the App or provide any information about yourself. In the event that we learn we have collected personal data from a child under 13 without parental consent, we will take immediate steps to delete that information from our servers.

If you are a parent or guardian and you believe that your child under 13 has somehow provided personal information to us (for example, by creating an account or using the App), please contact us right away. We will promptly investigate and remove the information, and take any other necessary steps to comply with applicable laws (such as the Children's Online Privacy Protection Act in the U.S.).

9. International Data Transfers

AITaggerPro is operated from the United States, but our services may be accessible globally. If you are using the App from outside the U.S., be aware that your information may be transferred to, stored in, and processed in the United States or other countries where our servers or our service providers (like Firebase or OpenRouter) are located. These countries may have data protection laws that are different from those in your country of residence (and in some cases, may not be as protective).

By using our App and providing information to us, you consent to the transfer of your personal information to the United States and any other jurisdiction where we or our third parties operate. We will take reasonable measures to ensure that your data is treated securely and in accordance with this Privacy Policy wherever it is processed. However, when data is in another jurisdiction, it may be accessible to law enforcement or governmental authorities in those jurisdictions under applicable laws.

If you are located in a region with data transfer restrictions (for example, the European Economic Area), we will comply with legal requirements for cross-border data transfer. This may include using standard contractual clauses or other legally approved transfer mechanisms to protect your information. Feel free to contact us if you have questions about international data transfer or the safeguards we apply.

10. California Privacy Rights

If you are a California resident, you are entitled to certain rights under the California Consumer Privacy Act (CCPA) and its amendments. These rights empower you to have more control over your personal information. In summary, California residents have the right to:

• Know What Personal Information is Collected: You can request that we disclose the categories and specific pieces of personal information we have collected about you, as well as the sources of that information and the purposes for which we use it.
• Know Whether Personal Information is Sold or Disclosed: You have the right to ask whether we have sold or shared your personal data with any third parties, and if so, to know the categories of information and third parties involved.
• Say No to the Sale of Personal Information: You can direct us not to sell your personal information to third parties (also known as the right to opt-out). Note: As stated, we do not sell personal data, so this right can be considered automatically observed, but it is still your right to explicitly opt-out if that practice ever changed.
• Access Your Personal Information: Similar to the “know” right, you can request access to the personal data we have about you and get a copy in a portable format.
• Request Deletion of Personal Information: You may request that we delete personal information we have collected from you (with certain exceptions, such as if the information is needed to complete a transaction or comply with a legal obligation).
• Correction of Inaccurate Information: Effective January 1, 2023 (with the California Privacy Rights Act update), you have the right to request that we correct any inaccurate personal information we hold about you.
• Limit Use of Sensitive Personal Information: You also have the right, in certain circumstances, to limit how we use or disclose sensitive personal information about you (for example, precise geolocation, race/ethnicity, health data, etc.), allowing such information to be used only for purposes necessary to provide the services. (In our case, we do not collect sensitive categories of personal data aside from what you may provide, and we already limit our data use to the service functionality.)
• Right to Non-Discrimination: You are entitled to equal service and pricing, even if you exercise any of your privacy rights. This means we will not deny you our services, charge you a different price, or provide a lesser quality of service just because you exercised your rights under CCPA.

These rights are provided by California law to give you transparency and control over your data. To exercise any of these rights, you (or an authorized agent acting on your behalf) can contact us at the email address in Section 14. We will need to verify your identity (for example, by confirming information associated with your account) when you make a request to ensure we are protecting your data from unauthorized access. We will respond to your request within the timeframe required by law (typically within 45 days, with an extension if necessary which we will communicate to you).

For more detailed information on your rights under California law, you can visit the California Attorney General's CCPA page. Remember that these CCPA rights apply only to California residents – if you are not a California resident, these specific rights may not apply, but you may have similar rights under the laws of your jurisdiction (as described elsewhere in this Policy).

11. European Privacy Rights

If you are located in the European Economic Area (EEA) or another jurisdiction subject to the EU General Data Protection Regulation (GDPR), you are granted a comprehensive set of rights regarding your personal data. Under the GDPR, you have the following rights as a data subject:

• Right to Be Informed: You have the right to clear and transparent information about how we collect and use your personal data (which is one reason we provide this detailed Privacy Policy).
• Right of Access: You can request confirmation of whether we are processing your personal data, and if so, request access to that data (similar to an “access request” mentioned above). We will provide a copy of the personal data undergoing processing, and details on how we use it.
• Right to Rectification: You can have us correct any personal data that is inaccurate or incomplete.
• Right to Erasure: You can ask us to delete your personal data, and we must do so unless an exemption applies (this is equivalent to the “right to be forgotten”). If, for example, you withdraw consent or the data is no longer necessary for the purposes, we will erase it.
• Right to Restrict Processing: You can request that we limit the processing of your data under certain conditions (e.g., while a dispute about accuracy or usage is resolved, or you need the data preserved for legal claims).
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and have the right to transmit that data to another controller. In practice, this means you can ask for an export of your data to take to another service.
• Right to Object: You may object to our processing of your personal data in certain situations, especially if we are processing it on the basis of legitimate interests or for direct marketing. We will cease processing upon an objection unless we have compelling legitimate grounds to continue (or the processing is needed for legal claims).
• Rights Related to Automated Decision-Making: If we conduct any automated decision-making (including profiling) that has legal or similarly significant effects on you, you have the right to: be informed about it, request human intervention, express your point of view, and contest the decision. (As noted, AITaggerPro's AI features do not involve automated decisions about individuals – it generates content about your photos, not decisions about you.)

Our legal basis for processing your personal data under GDPR is typically one of the following: (a) your consent – for example, you consent to processing when you sign up and agree to this policy and when you use the AI generation features; (b) performance of a contract – we process data to deliver the services you've requested (e.g., to actually generate metadata, we must process the photo and inputs you provide, which is necessary to perform our contract with you to provide the service); or (c) legitimate interests – in some cases, we may process data for purposes like improving security or enhancing our app's functionality, in ways that are not overridden by your privacy rights. In certain instances, we might also rely on a legal obligation (if we have to retain or disclose data by law) or vital interests/public interest, though those are less common for this App.

If you wish to exercise any of your GDPR rights, please contact us (see Section 14). You also have the right to lodge a complaint with a supervisory data protection authority in your country. We kindly ask that you contact us first so we can address your concerns directly, but you are within your rights to contact an EU Data Protection Authority (DPA) at any time.

(These eight fundamental GDPR rights are well-established under EU law, and we are committed to upholding them.)

12. Security Measures

We take the security of your personal information seriously and implement a variety of technical and organizational measures to safeguard it:

• Encryption: All data in transit between your device and our servers (or third-party services) is encrypted using HTTPS (TLS encryption). This helps prevent unauthorized parties from intercepting your data during transmission.
• Secure Storage: Data stored in our cloud databases (Firebase Firestore) is protected by Google Firebase's security infrastructure. Firebase automatically encrypts data at rest on their servers. We also enforce security rules to ensure that each user can only access their own data in our database (and not someone else's).
• Authentication & Access Control: Access to personal data within our systems is restricted to authorized personnel who need it to operate or support the service. Developer access to Firebase and other systems is protected with strong authentication (e.g., secure passwords, 2-factor authentication) to prevent unauthorized access.
• Protective Practices: We keep our software frameworks, libraries, and servers updated with the latest security patches. Regular reviews of code and data practices are performed to identify potential vulnerabilities. Where applicable, we follow industry best practices for mobile app security (such as secure storage of tokens, avoiding unnecessary logging of sensitive info, etc.).
• Monitoring: Our backend infrastructure has monitoring in place to detect unusual activity or potential intrusions. If we notice suspicious activity, we will investigate and respond accordingly to secure the system.
• No Absolute Guarantee: While we strive to protect your data, it's important to acknowledge that no method of electronic transmission or storage is 100% secure. Despite our best efforts, we cannot guarantee absolute security of information. You can help by keeping your account credentials secure and notifying us immediately of any unauthorized use of your account.

If we ever experience a data breach that affects your personal information, we will notify you and the appropriate authorities as required by law.

13. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time. If we make changes, we will update the “Last Updated” date at the top of this policy. For substantive or material changes, we will also provide a notice within the App (or via email, if appropriate) to inform you of what's changing.

Your continued use of AITaggerPro after any modifications to this Privacy Policy will signify your acknowledgment of the changes and your agreement to be bound by the updated policy. However, if we plan to use your personal information in a manner significantly different from what is stated in the policy at the time of collection, we will endeavor to notify you in advance and, if required by law, seek your consent.

We encourage you to review this Privacy Policy periodically for any updates. It's important that you stay informed about how we are protecting your information. If you do not agree with any changes to the Privacy Policy, you should stop using the App and, if you wish, delete your account.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or how your data is handled in AITaggerPro, please feel free to contact us:

Developer Contact: Rohane Hamilton
Email: aitaggerpro@gmail.com
App Name: AITaggerPro (available on the Apple App Store)

When emailing us, please include any relevant information that will help us address your question or request (for example, the email associated with your account, if you have one, and the topic of your inquiry). We will do our best to respond promptly.

Additionally, for privacy-specific concerns related to Firebase (the Google service we use), you can refer to Google's privacy resources here: Google Firebase Privacy & Security: Firebase Privacy and Security Information. This link provides details on how Firebase services handle data security and privacy.

15. Consent

By using AITaggerPro, you acknowledge that you have read this Privacy Policy and consent to its terms. This includes consent to the collection and use of your information as described herein. If you do not consent to this policy, please refrain from using the App.

(This Privacy Policy is provided in English. In case of any discrepancy between translations and the English version, the English version shall prevail.)