Deduply.

Privacy Policy

This Privacy Policy explains what personal data Deduply (the “App”) and this website collect, how that data is used, and what rights you have.

Effective June 3, 2026

Summary

  • Your photos and videos never leave your iPhone. All duplicate and similarity analysis runs locally on your device. We do not upload, copy, or store your photos anywhere.
  • We do not have user accounts. No email, no password, no profile. There is nothing on our side that identifies you.
  • We do not sell, rent, or share personal data.
  • We collect only what is strictly necessary to deliver subscriptions you bought and to reply to you when you write in for support.

1. Who we are

The App and this website are operated by Cloudbeat Inc., a company registered in Canada(“we”, “us”, “our”). For the purposes of the EU General Data Protection Regulation (GDPR), we are the data controller for the limited personal data described below. Contact: support@deduply.app.

2. Your photos and on-device analysis

Deduplyworks entirely on your iPhone. To find duplicate and similar photos, the App reads your photo library through Apple’s Photos framework and computes compact fingerprints (perceptual hashes) and similarity scores locally, on your device.

Your photos, their thumbnails, their fingerprints, file names, album names, and metadata are never transmitted to us or to any third party. We do not operate cloud storage or servers that hold your photos. We cannot see your library, and we cannot recover anything from it — because we never receive it.

When you choose to clean photos, the App asks the iOS Photos framework to move them to your system Recently Deleted album, where they remain recoverable for 30 days. The deletion happens on your device, under your confirmation, and is processed by iOS — not by us.

3. What we do collect

The App and the website collect a small amount of data, listed in full below.

3.1 Subscription billing

Subscriptions are processed by Apple through the App Store. We ourselves never see your payment card, billing address, or Apple ID. We use RevenueCat as a thin layer on top of Apple’s StoreKit to verify your entitlements (whether your trial / subscription is active) and apply them across your devices.

For this to work, the App generates a random anonymous identifier (“App User ID”) and shares it with RevenueCat, together with the receipt that Apple issues for your purchase. RevenueCat therefore processes:

  • An anonymous, randomly-generated user identifier;
  • The App Store receipt and product identifier;
  • The status of your subscription (active, expired, refunded).

RevenueCat acts as our processor under a Data Processing Agreement. See RevenueCat’s privacy notice at revenuecat.com/privacy.

3.2 Support email

When you contact us at support@deduply.app, we receive the email address you used to write in plus whatever you choose to tell us. We use it to reply, and we keep the conversation for as long as is necessary to handle the matter — typically up to 24 months.

3.3 Website

https://deduply.app is a static marketing site. It does not set analytics cookies, advertising cookies, or persistent identifiers. Standard server access logs (IP address, user agent, requested URL) are kept by our hosting provider for security and abuse prevention, and are deleted within 30 days.

4. What we do not collect

  • Your photos or videos — nor their thumbnails, fingerprints, or hashes.
  • Your file names, album names, captions, or metadata.
  • Which photos you keep or delete.
  • Your contacts, calendar, location, or other on-device data.
  • Your name, email, address, age, or gender (we do not ask).
  • Advertising identifiers (IDFA). We do not run ads.

5. Legal bases (GDPR, EU/UK)

If you are in the EU, UK, or another GDPR jurisdiction:

  • Performance of a contract (Art. 6(1)(b)): processing your purchase receipt and entitlement to deliver the subscription you bought.
  • Legitimate interest (Art. 6(1)(f)): keeping static-site server logs for security and abuse prevention.
  • Consent (Art. 6(1)(a)): correspondence you voluntarily send to support.

6. International transfers

Apple and RevenueCat may transfer subscription-related data (anonymous user identifier, App Store receipt, entitlement status) to the United States. Those transfers rely on Apple’s and RevenueCat’s Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable.

7. Your rights

You have the right to:

  • Ask what personal data we hold about you (we’ll usually answer: very little, or none);
  • Ask us to correct or delete it;
  • Object to processing or restrict it;
  • Withdraw consent where consent is the basis;
  • Lodge a complaint with your local data protection authority.

To exercise any right, email support@deduply.app. We aim to reply within 30 days.

8. California (CCPA / CPRA)

We do not sell or share personal information as those terms are defined under California law. California residents have the right to know, to delete, to correct, and to non-discrimination. To exercise these, contact us at the address above.

9. Children

Deduply is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has used the App in a way that caused us to process their data, contact us and we will delete it.

10. Retention

  • Subscription / receipt records: for as long as your subscription is active and for up to 7 years thereafter, to comply with tax and accounting law.
  • Support email: up to 24 months.
  • Static-site server logs: up to 30 days, then permanently deleted.

11. Security

Because your photos are analyzed and deleted entirely on your device, the most important safeguard is iOS itself — the App operates within Apple’s sandbox and the permissions you grant. We use industry-standard transport security (TLS 1.2+) for the receipt and entitlement metadata that does leave your device for subscription verification.

Apple may share aggregated, anonymised crash diagnostics with us through its built-in App Analytics, subject to your iOS privacy settings (Settings → Privacy & Security → Analytics & Improvements) and Apple’s own privacy policy. We do not operate our own crash-reporting SDK.

No system is perfectly secure. If you find a vulnerability, please write to support@deduply.app — we will respond and credit responsible disclosure.

12. Changes

We will update this policy when we change how data is processed. Any change is announced on this page and, if material, in the App. The date at the top of this page reflects the latest version.

13. Contact

Cloudbeat Inc.
Canada
support@deduply.app