CleanLab Privacy Policy
Last updated: June 18, 2026
This Privacy Policy explains how PRISMA YAZILIM LIMITED SIRKETI ("we", "us", "our") handles information in connection with the CleanLab mobile application (the "App"). We have designed CleanLab to be privacy-first: your photos, videos, contacts, and private files are processed on your device and are never uploaded to our servers. We do not operate a backend that stores your personal content.
By downloading or using the App, you agree to this Privacy Policy. If you do not agree, please do not use the App.
1. Summary (the short version)
- We have no user accounts and do not collect your name, email, or phone number.
- Your photos, videos, and contacts never leave your device through us. All cleanup, duplicate detection, compression, and analysis happens locally on your iPhone/iPad.
- The Vault stores your private items encrypted on your device (AES-GCM) and protected by Face ID / Touch ID / passcode. We cannot read its contents.
- We use third-party services (Firebase, RevenueCat, Apple, Google Ads) for analytics, crash reporting, subscriptions, and advertising measurement. These services may collect device and usage data as described below.
- We ask for App Tracking Transparency permission before using your device advertising identifier (IDFA). You can decline, and you can change your mind anytime in iOS Settings.
2. Information processed on your device only
The following data is accessed locally on your device to provide the App's core features. It is not transmitted to us and is not stored on any server we control:
| Data | Used for | Permission |
|---|---|---|
| Photos & videos (Photo Library) | Detecting duplicates, similar photos, blurry shots, screenshots; compression; Live Photo conversion | NSPhotoLibraryUsageDescription, NSPhotoLibraryAddUsageDescription |
| Contacts | Local backup, duplicate/incomplete-contact cleanup | NSContactsUsageDescription |
| Microphone audio | Recording voice memos | NSMicrophoneUsageDescription |
| Files you add to the Vault | Private encrypted storage | — |
| File metadata, disk space | Storage analysis | (Apple-declared API usage) |
On-device storage details:
- Cleanup analysis results, photo/video fingerprints, contact backup snapshots, and compression job records are stored locally using Apple's SwiftData and the file system.
- Contact backups are written as files in the App's private storage on your device. They are not uploaded anywhere by us.
- Vault items are encrypted with AES-GCM. The encryption key is stored in the device Keychain and gated by biometric/passcode authentication, with a user-held recovery code. We have no access to your Vault key or contents.
When you delete this data in the App (or delete the App), it is removed from your device.
3. Information collected by third-party services
To keep the App running, understand how it is used, fix crashes, process subscriptions, and measure advertising, we use the following third-party services. Data flows directly from your device to these providers; we do not attach your identity to it.
a) Firebase (Google LLC) — Analytics, Crashlytics, Remote Config
- Analytics: anonymous usage and product-interaction events (e.g. screens viewed, scans started/completed, paywall shown, feature opened), approximate device/app information, and an app-instance identifier.
- Crashlytics: crash reports and performance/diagnostic data to help us fix bugs and stability issues.
- Remote Config: configuration values used for feature flags and A/B tests.
b) RevenueCat, Inc. — Subscription management
We use RevenueCat together with Apple's App Store to manage in-app purchases and subscriptions. RevenueCat receives a purchase/subscriber identifier and your subscription status and transaction events (e.g. trial started, purchase, renewal, cancellation). It does not receive your name or email from us.
c) Apple — App Store, StoreKit & SKAdNetwork
Purchases and subscriptions are processed by Apple through your Apple ID. We never see your payment details. Apple's SKAdNetwork is used to measure advertising campaign performance in a privacy-preserving way.
d) Google Ads / Google App Campaigns — Advertising measurement
We advertise the App and measure campaign effectiveness. Conversion events (e.g. install, trial started, subscription purchased) are shared via Firebase with Google Ads. When you grant tracking permission, your device advertising identifier (IDFA) may be used for attribution.
4. Data we (via these services) collect — App Store categories
Consistent with the App's Apple Privacy Manifest, the following data types may be collected. None of it is linked to your identity by us:
| Data type | Linked to you? | Used for tracking? | Purpose |
|---|---|---|---|
| Device ID (IDFA) | No | Yes | Third-party advertising, analytics |
| Product interaction | No | Yes | Analytics, third-party advertising |
| Purchase history | No | No | Analytics |
| Crash data | No | No | App functionality |
| Performance data | No | No | App functionality |
We do not collect your photos, videos, contacts, audio, precise location, name, email, or phone number.
5. App Tracking Transparency (ATT)
Before any tracking that uses your device advertising identifier (IDFA), iOS shows you the App Tracking Transparency prompt. We request this after you have used a core feature (not at first launch), and only once.
- If you allow tracking, the IDFA may be used for advertising attribution.
- If you decline, we do not use the IDFA, and our advertising measurement relies on Apple's privacy-preserving SKAdNetwork instead.
- You can change this choice at any time in iOS Settings → Privacy & Security → Tracking.
You can also disable analytics by turning off "Allow Apps to Request to Track" and limiting ad tracking in iOS Settings.
6. How we use information
We use the limited information described above to:
- Provide and maintain the App's features;
- Diagnose crashes and improve stability and performance;
- Understand which features are used so we can improve the product;
- Process and manage subscriptions and free trials;
- Measure and optimize advertising campaigns;
- Comply with legal obligations.
We do not sell your personal information.
7. Data sharing
We share data only with the service providers listed in Section 3, who process it on our behalf or as independent controllers under their own privacy policies:
- Google / Firebase Privacy Policy
- Google Privacy Policy
- RevenueCat Privacy Policy
- Apple Privacy Policy
We may also disclose information if required by law or to protect our legal rights.
8. Data retention
- On-device data (cleanup results, backups, Vault items) is retained until you delete it or uninstall the App.
- Analytics and crash data held by Firebase are retained according to Google's retention settings (typically up to 14 months for event data, longer for aggregated metrics).
- Subscription data held by RevenueCat and Apple is retained as needed to manage your subscription and for their record-keeping requirements.
9. Your rights
Depending on where you live (e.g. EEA/UK under GDPR, or California under CCPA/CPRA), you may have the right to access, correct, delete, or port your data, to object to or restrict processing, and to opt out of "sharing" for targeted advertising.
Because we do not maintain accounts and most data is on your device or pseudonymous, you can exercise key controls directly:
- Delete on-device data: remove items in the App or uninstall the App.
- Opt out of tracking/advertising ID: decline the ATT prompt or disable it in iOS Settings.
- Other requests: contact us at the email below and we will respond as required by applicable law.
10. Security
We use Apple platform protections, on-device encryption (AES-GCM with iOS file protection) for the Vault, and the device Keychain for secrets. No method of storage or transmission is 100% secure, but we work to protect your information using industry-standard measures.
11. Children's privacy
The App is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.
12. International users
The third-party services we use may process data on servers located outside your country, including the United States. By using the App, you understand that data may be transferred and processed in those locations, subject to the safeguards of the respective providers.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will update the "Last updated" date above and, for material changes, provide a notice in the App or on this page. Continued use of the App after changes take effect constitutes acceptance of the updated policy.
14. Contact us
If you have questions about this Privacy Policy or your data, contact us:
- Email: info@prismasoftlab.com
- Entity: PRISMA YAZILIM LIMITED SIRKETI
This document is provided for transparency and App Store compliance and is not legal advice. Have it reviewed by a qualified attorney for your jurisdiction before publishing.