1. Information We Collect

1.1 Media Files

• Photos and Videos: VisArc accesses your device's photos and videos to provide backup, organization, and management features. We currently support images and videos, with plans to expand to other file types in the future.
• Metadata: We may collect metadata associated with your media files, including:
  • EXIF data (camera settings, timestamps)
  • Location information (GPS coordinates) if embedded in your photos
  • File names, sizes, and formats
  • Creation and modification dates

1.2 Account Information

VisArc supports the following sign-in methods. We collect only what is necessary to authenticate you:

• Google Sign-In: Your name, email address, profile picture (optional), and Google account ID.
• Sign in with Apple: Your Apple ID. If you choose to hide your email, Apple may provide a private relay email address — we store this relay address and use it only for account-related communication. We do not attempt to identify the underlying email.
• Email & Password: Your email address and a securely hashed password.

1.3 Device Information

• Device type and model
• Operating system version
• App version
• Network connection type (Wi-Fi, mobile data)
• Device storage information

1.4 Facial Recognition Data

VisArc includes a facial recognition feature used exclusively for tagging and organizing your media files. The following applies to all facial recognition data:

• On-Device Processing Only: All facial recognition processing occurs entirely on your device. Face data is never transmitted to our servers, any external server, or any third-party service.
• No Data Leaves Your Device: Facial feature data, face embeddings, and any derived biometric identifiers remain stored solely on your local device and are never uploaded, synced, or backed up to the cloud.
• Purpose Limited to Tagging: Face data is used only for identifying and tagging people in your photos and videos to help you organize your media library. It is not used for surveillance, identification of unknown individuals, advertising, or any other purpose.
• No Third-Party Access: Facial recognition data is never sold, shared, licensed, or disclosed to any third party, including advertisers, data brokers, analytics providers, or law enforcement, except as required by law with a valid legal process.
• User Control and Deletion: You can delete all facial recognition data at any time by removing or changing the storage location configured in the app. Face data is stored within the configured storage directory and is deleted when that directory is removed.
• No Biometric Database: We do not maintain any centralized or server-side database of facial recognition data or biometric identifiers.
• Retention: Face data persists on your device only as long as the app is installed and you have not manually cleared it. It is deleted upon app uninstallation.

1.5 Usage Information

• App interaction data (features used, actions performed)
• Backup and sync status
• Error logs and crash reports

Usage data is collected exclusively for diagnostics and product analytics. It is never used for advertising or shared with advertising networks.

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Core App Functionality

• Media Backup: To securely back up your photos and videos to cloud storage
• Organization: To help you organize, search, and manage your media files
• Sync Across Devices: To synchronize your media library across multiple devices
• On-Device AI Processing: AI-powered features such as media organization, facial recognition for tagging, personal RAG (Retrieval-Augmented Generation), and custom persona interactions are processed entirely on your device. All data processing occurs locally on your machine — no data is sent to external servers during local processing. This ensures enhanced privacy as your data never leaves your device. Your media and face data are never transmitted to an external AI server for these features. No media content or biometric data is shared with third-party AI services during on-device processing. Optional Cloud AI features use Google Vertex AI — see Section 2.5 for details.

2.2 Account Management

• To authenticate your identity
• To provide personalized app experience
• To maintain your app preferences and settings

2.3 Diagnostics & Product Analytics

• To analyze app performance and identify bugs
• To improve app features and user experience
• To develop new features based on usage patterns

Usage data is used only for these diagnostic and product improvement purposes. It is not used for advertising, retargeting, or any commercial profiling.

2.4 Communication

• To send important app updates and notifications
• To respond to your inquiries and support requests
• To notify you about backup completion or failures

2.5 Cloud AI Processing (Optional)

VisArc offers optional Cloud AI features powered by Google Vertex AI, including automated photo tagging, image descriptions, and conversational AI chat. These features are user-initiated and require purchasing AI credits (Vis).

When you use Cloud AI features:

• Your media content (photos) and text prompts are sent to Google Vertex AI for processing via our secure Cloud Functions.
• Processing occurs under Google Cloud's enterprise Terms of Service and Data Processing Addendum (DPA). Google does not use your prompts, media content, or AI responses to train or improve its foundation models.
• Data is processed transiently and is not retained by Google after the API call completes.
• No facial recognition data or biometric identifiers are ever sent to Cloud AI services. Face detection is performed exclusively on-device.
• You can choose to use only on-device AI processing and never use Cloud AI features.

Google Cloud Vertex AI Terms: https://cloud.google.com/terms/service-terms

Google Cloud Privacy: https://cloud.google.com/terms/cloud-privacy-notice

3. Data Storage and Security

3.1 Where We Store Your Data

VisArc distinguishes between archival backup data (persisted by your choice) and ephemeral media data (processed temporarily and never persisted on our servers):

• Archival Backup Data (persistent): Media files you explicitly choose to back up are stored in Firebase Cloud Storage, encrypted at rest using SHA-256 encryption and in transit using TLS. This is the only category of media data we permanently store.
• All Other Media Data (ephemeral): Any media processed for purposes other than permanent backup is handled entirely in memory or in transient on-device storage and is never written to persistent server storage. It is discarded immediately after the operation completes.
• On-Device AI: On-device AI processing (face detection, local RAG, persona features) runs entirely on your device. No media content is uploaded for these features. Optional Cloud AI features (tagging, description, chat) use Google Vertex AI — see Section 2.5.
• Firebase Firestore: Your account information, metadata, and app preferences are stored in Firebase Firestore database.
• Local Device Storage: App cache and temporary files are stored locally on your device.

Data Residency: Firebase Cloud Storage and Firestore data for VisArc is stored in United States (us-central) and India (asia-south1) regions. By using VisArc, you acknowledge that your data may be stored in these regions.

3.2 Security Measures

• At-Rest Encryption: Archived backup files are encrypted using SHA-256; account and metadata records in Firestore are encrypted at rest by Firebase/Google Cloud Platform
• In-Transit Encryption: All data transmitted between your device and our servers uses industry-standard TLS (SSL) encryption
• Secure Authentication: We support Google OAuth 2.0, Sign in with Apple, and encrypted email/password authentication
• Encrypted Local Storage: Sensitive data stored locally on your device is encrypted using Flutter Secure Storage
• Access Controls: Only you can access your backed-up files through your authenticated account
• Firebase Security Rules: Our database is protected with strict security rules to prevent unauthorized access

4. Data Sharing and Third Parties

You can request data deletion at any time through app settings or by submitting a data deletion request.

We may share limited non-biometric data with the following service providers who assist us in operating the app:

4.1 Firebase (Google Cloud Platform)

• Purpose: Cloud storage, database, and authentication services
• Data shared: Media files, account information, metadata
• Privacy Policy: https://firebase.google.com/support/privacy

4.2 Google Sign-In

• Purpose: User authentication
• Data shared: Google account credentials (handled by Google)
• Privacy Policy: https://policies.google.com/privacy

4.3 Sign in with Apple

• Purpose: User authentication
• Data shared: Apple ID and optionally a private relay email address (handled by Apple). We do not receive your Apple ID password.
• Note: If you use Hide My Email, Apple provides a private relay address. We store this address only for account-related communication and do not attempt to de-anonymize it.
• Privacy Policy: https://www.apple.com/legal/privacy/

4.4 Firebase Analytics

• Purpose: Diagnostics and product analytics — to understand how the app is used, identify crashes, and improve performance
• Data collected: App events, session duration, device model, OS version, country, and anonymised usage patterns. No media content or personal files are shared with Firebase Analytics.
• Advertising use: Firebase Analytics data is never used for advertising or shared with advertising networks
• Opt-out: You can limit Analytics data collection by enabling "Limit Ad Tracking" or "Allow Apps to Request to Track" (set to off) in your device settings
• Privacy Policy: https://firebase.google.com/support/privacy

4.5 RevenueCat

• Purpose: In-app purchase management, subscription verification, and entitlement delivery
• Data shared: Firebase user ID, purchase transaction IDs, product identifiers, and platform (iOS/macOS/Android)
• No media content, biometric data, or personal files are shared with RevenueCat
• Privacy Policy: https://www.revenuecat.com/privacy

4.6 Google Vertex AI

• Purpose: Cloud-based AI processing for optional photo tagging, description, and chat features
• Data shared: Photo content and text prompts (only when user explicitly triggers Cloud AI features)
• Data handling: Processed transiently under Google Cloud's enterprise DPA. Not used for model training. Not retained after processing.
• Privacy Policy: https://cloud.google.com/terms/cloud-privacy-notice

5. Your Rights and Choices

5.1 Access and Control

• Access Your Data: You can view all your backed-up files and account information within the app
• Download Your Data: You can download your media files at any time
• Delete Your Data: You can delete individual files or your entire backup from the app
• Delete Facial Recognition Data: Face data is stored within the storage directory you configure in the app. You can delete it by removing or changing this storage location. This data is stored only on your device and is not recoverable once deleted.
• Account Deletion: You can delete your account, which will permanently remove all your data from our servers and all locally stored face data. Submit a data deletion request here

5.2 Permissions Management

• Storage Access: You can revoke storage permissions in your device settings (note: this will prevent backup functionality)
• Location Data: Location metadata is only collected if embedded in your photos; we do not actively track your location
• Camera Access: Only used for QR code scanning feature; you can deny this permission if not using this feature
• Notifications: You can disable app notifications in your device settings

5.3 Data Portability

You have the right to export and download all your data in a machine-readable format.

6. Children's Privacy

VisArc is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately, and we will delete such information promptly.

7. International Data Transfers

Your data is stored on Firebase/Google Cloud Platform infrastructure. VisArc uses the following regions:

• United States (us-central) — primary storage region
• India (asia-south1) — secondary storage region

By using VisArc, you consent to your data being transferred to and processed in these regions. We ensure that all data transfers comply with applicable data protection laws, including GDPR for European users and CCPA for California residents. Firebase's Standard Contractual Clauses (SCCs) apply where required for cross-border transfers under GDPR.

8. Data Retention

• Active Accounts: We retain your data as long as your account is active
• Inactive Accounts: If you don't use the app for 2 years, we may delete your account and data after notifying you
• Deleted Data: When you delete files or your account, data is permanently removed from our servers within 30 days
• Backup Data: Backup copies may be retained for up to 30 days for disaster recovery purposes

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

• Notify you through the app
• Update the "Effective Date" at the top of this policy
• Request your consent if required by law

We encourage you to review this Privacy Policy periodically.

10. Legal Compliance

10.1 GDPR (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR, including:

• Right to access your personal data
• Right to rectification (correction of inaccurate data)
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

10.2 CCPA (California Users)

If you are a California resident, you have rights under CCPA, including:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to deletion of personal information
• Right to non-discrimination for exercising your rights

11. Facial Recognition & Biometric Data

This section provides a consolidated summary of our facial recognition practices for compliance with biometric privacy laws, including the Illinois Biometric Information Privacy Act (BIPA), GDPR, and similar regulations:

• Collection: VisArc generates facial feature data (face embeddings) from your photos and videos for the sole purpose of tagging and organizing people in your media library.
• Processing Location: All facial recognition processing occurs entirely on your device. No biometric data is ever transmitted off-device.
• Storage: Face embeddings and associated tagging data are stored only on your local device. We do not store biometric data on our servers or in the cloud.
• Purpose: Face data is used solely for media file tagging and organization. It is never used for surveillance, tracking, advertising, profiling, or any purpose other than helping you organize your media.
• Sharing: Facial recognition data is never sold, shared, disclosed, or made accessible to any third party.
• Consent: By enabling the facial recognition feature in the app, you consent to the on-device processing of facial data as described in this policy. You may disable this feature at any time.
• Retention & Deletion: Face data is retained on your device until you remove the configured storage location, delete your account, or uninstall the app. Upon any of these actions, all face data is permanently and irreversibly deleted.
• Security: Locally stored face data is protected by your device's built-in security mechanisms and app-level encrypted storage.

We respect your privacy and only access files you choose to back up. The permission does not grant us access to system files or other apps' private data.