Privacy Policy

Effective Date: February 7, 2026

Blurr ("we", "our", "us") is a photo curation app that helps you intentionally manage your photo library. Your privacy matters to us. This policy explains what data we collect, how we use it, and your rights.

1. Your Photos Stay on Your Device

Blurr accesses your device's photo library locally to help you review and curate your photos. Your photos are never uploaded to our servers. All photo processing, including duplicate detection and fingerprinting, happens entirely on your device.

2. Information We Collect

We collect the minimum information needed to provide the service:

Account information: Your email address and a securely hashed version of your password. We never store your password in plain text.
Curation activity: Basic statistics about your daily ritual sessions (number of photos kept, deleted, or shared) to show your progress on the dashboard.
Push notification tokens: If you enable notifications, we store your device's push token to support future notification features. Currently, all reminders are scheduled locally on your device.
Device information: Basic device identifiers used for authentication sessions.

3. Information We Do Not Collect

Your actual photos or photo content
Photo fingerprints or hashes (these are computed and cached only on your device)
Location data
Contacts
Browsing history

4. How We Use Your Information

To create and manage your account
To track your curation progress and display dashboard statistics
To authenticate your sessions securely
To process your subscription through our payment provider

5. Third-Party Services

We use the following third-party services:

RevenueCat: Manages subscription billing and entitlements. RevenueCat receives anonymized purchase data from Apple. You can review their privacy policy at revenuecat.com/privacy.
Apple App Store: Handles payment processing for subscriptions. Apple manages all payment information directly.

6. Data Security

We protect your data using industry-standard practices:

Passwords are hashed with bcrypt before storage
Authentication uses secure JWT tokens that expire after 30 days
Biometric authentication data (Face ID / Touch ID) is handled entirely by your device's secure hardware and is never transmitted to us
All communication between the app and our servers uses encrypted connections

7. Data Retention

We retain your account data for as long as your account is active. When you log out, user-specific local data (ritual sessions, photo fingerprint caches, reviewed photo lists) is cleared from your device for privacy.

8. Deleting Your Data

You can permanently delete your account and all associated data at any time from the Settings screen in the app. Account deletion is immediate and irreversible - all your data (account information, curation history, session data) will be permanently removed from our servers.

9. Children's Privacy

Blurr is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can delete it.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes through the app or by updating the effective date at the top of this page.

11. Contact Us

If you have questions about this privacy policy or your data, please contact us at:

privacy@blurrapp.com