Privacy Policy

Last updated: May 25, 2026

This Privacy Policy explains how Jaffaround (“Jaffaround”, “we”, “us”) collects, uses, and shares information when you use any of our products, including the JaffaPhoto iOS app. We aim to collect the minimum amount of personal data needed to operate the product you are using.

1. Information we collect

1.1 Account information

When you sign in with Apple, we receive the email address Apple chooses to share with us (which may be a private relay address) and a stable Apple-generated user identifier. We never see your Apple ID password.

1.2 Content you upload

When you use the JaffaPhoto Backup & Delete workflow, the photos you choose to back up — both the full-resolution original and a low-resolution preview — are uploaded to cloud storage that we operate. Each user’s uploads are stored in a per-user partition readable only by that user’s authenticated session.

Alongside each backup we store the metadata needed to restore the photo later (asset identifier, creation date, location coordinates if present, and album membership). We do not run face detection, classification, or any other machine-learning analysis on the photos you upload.

1.3 Usage records

We keep a count of how many free Backup & Delete runs and free Original-Retrieval runs your account has used, so we know when to present the paywall. We do not record which photos you reviewed, which you kept, or which you discarded.

1.4 Purchases

In-app purchases are processed by Apple. We use RevenueCat to validate and reconcile receipts. We receive the purchase identifier, transaction date, and entitlement status; we do not receive your payment method.

1.5 Support correspondence

If you contact us through the in-app support form or by email, we receive your message and the email address you choose to send it from.

2. Information we do not collect

• No advertising identifiers (IDFA) or other tracking IDs.
• No third-party analytics SDKs or crash reporters that send data to advertisers.
• No precise device location beyond what is embedded in photos you choose to back up.
• No contacts, calendar, microphone, or camera access.

We do not engage in cross-app or cross-site tracking, and we do not sell or rent personal information.

3. How we use information

• To provide the features you asked for — signing you in, storing your backups, restoring originals on request, applying entitlements, and answering support questions.
• To enforce the free-credit limits described in our Terms of Use.
• To diagnose issues you report (we may ask you for context that helps reproduce a bug).
• To comply with legal obligations, when applicable.

4. Where data is stored

Account data, content uploads, and usage records are stored on Amazon Web Services in the us-east-2 region (Ohio, USA). If you are using JaffaPhoto from outside the United States, the data you upload will be transferred to and processed in the United States.

5. Service providers (subprocessors)

• Amazon Web Services — identity, database, object storage, transactional email, and feature configuration.
• Apple Inc. — authentication (Sign in with Apple) and payment processing.
• RevenueCat, Inc. — receipt validation and entitlement bookkeeping for in-app purchases.

Each subprocessor receives only the information needed to perform its specific role.

6. Retention & deletion

Uploaded backups stay in storage until you delete them from within the app or request account deletion. Account deletion removes your Cognito identity, your UserQuota and CompletedWorkflow records, and the contents of your per-user storage partition. To request account deletion, email support@jaffaround.com from the address associated with your account.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal data we hold about you, and to object to or restrict certain processing. You can exercise these rights by emailing support@jaffaround.com.

8. Children

Our products are not directed to children under 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

9. Security

All data is encrypted in transit (TLS) and at rest. Access to backend resources is restricted to least-privilege roles. No system is perfectly secure; if we ever experience a breach that affects you, we will notify you in accordance with applicable law.

10. Changes to this policy

If we make material changes we will update the “Last updated” date above and, where appropriate, notify you in-app or by email.

11. Contact

Questions about this policy or our data practices — please email support@jaffaround.com.

Jaffaround · [Mailing address]