SweePic – Privacy Policy

Last updated: June 6, 2026

This Privacy Policy explains how data is collected, used, and protected when using the SweePic mobile application (the “Application”).

1. Data Controller

The data controller is:

Mariusz Bugajski Dev

Poland

📧 mariusz@bugajski.dev

2. Legal Basis for Data Processing (GDPR)

Data is processed in accordance with Regulation (EU) 2016/679 (GDPR) on the following legal bases:

  • Article 6(1)(b) – performance of a contract (providing access to the Application and its premium features),
  • Article 6(1)(f) – legitimate interest (monitoring application stability, fixing crashes, and analyzing user conversion funnels to improve the product).

3. Scope of Collected Data

The Application operates on an anonymous-by-default basis. We do not require you to create an account, register, or provide any personal details (such as your name or email).

The Application processes only:

  • Anonymized technical and product usage data (e.g., app launch, steps taken during the onboarding process, paywall views, interaction with premium features).
  • Technical crash logs and errors (to identify and fix software bugs).
  • Anonymized billing identifiers linked strictly to your App Store account state.

4. Data We Do NOT Collect

Photos: The Application does not upload, process, or store your photos on external servers. All photo scanning, sorting, and deleting happen exclusively on your local device.

Identity Data: We do not collect names, genders, phone numbers, or email addresses.

5. Purpose of Data Processing

Data is processed strictly in order to:

  • Provide access to Application features without requiring a login,
  • Handle and validate premium in-app subscriptions via Apple App Store,
  • Monitor application stability, performance, and catch errors in real-time,
  • Analyze user behavior within the onboarding and purchase funnels to optimize the product experience.

6. Third-Party Services

To deliver the service smoothly, we use two highly specialized third-party providers:

  • RevenueCat, Inc.
    Used to manage in-app subscriptions and validate purchases made through Apple. RevenueCat processes anonymized transaction identifiers, device data, and subscription status. It does not have access to your personal identity or credit card details.
  • PostHog, Inc.
    Used for unified product analytics, user session replays, and technical error tracking. PostHog automatically captures JavaScript errors, app events, and session flows using a unique, randomized identifier generated by the app. No personal identity data is shared with PostHog.
  • Apple (App Store)
    All financial transactions and payments are handled exclusively by Apple. Apple acts as an independent data controller according to its own privacy policy.

7. Data Transfers Outside the EEA

Your anonymized technical data may be processed outside the European Economic Area (EEA) by our infrastructure partners (RevenueCat and PostHog). These transfers are fully safeguarded using standard contractual clauses (SCCs) approved by the European Commission to ensure a high level of data protection.

8. Data Retention

Since the Application does not utilize traditional user accounts, we do not store personal identity records. Anonymized analytical events and crash reports are retained within our analytical tools for a limited period (typically up to 90 days for session recordings and error logs) to monitor stability and are then automatically purged or aggregated.

9. User Rights (GDPR)

Even though your data is strictly anonymized, under the GDPR you retain all fundamental rights where applicable:

  • Right to access or rectify data,
  • Right to request deletion ("right to be forgotten"),
  • Right to restrict or object to data processing.

Because we do not store your name or email, to exercise any rights regarding your specific anonymous device token, please contact us directly via the email below.

10. Right to Lodge a Complaint

Users have the right to lodge a complaint with a supervisory authority. In Poland, this is the President of the Personal Data Protection Office (UODO).

11. Data Security

We apply modern technical and organizational security standards. All network communications between the Application, RevenueCat, and PostHog are fully encrypted using SSL/TLS protocols.

12. Changes to This Privacy Policy

This Privacy Policy may be updated to reflect app changes. The current version will always be accessible within the Application.

13. Contact

📧 mariusz@bugajski.dev