RetroLens Privacy Policy

Your "Circle" is your set of accepted friends. RetroLens does not have a public feed, public profiles, or a separate close-friends ranking.

No digital sharing system is perfectly private. People who can see your content may be able to screenshot, screen-record, save, or share it outside the app.

• We don't sell your personal information.
• We don't upload your address book to our servers.
• We don't receive your full payment card details.
• We do not intentionally make your private Roll, Keeps, or friend list public through RetroLens features.
• We don't use your private photos in advertising or marketing without your permission.
• We don't use your private photos to train public AI models.
• We do not share your private photo content, private notes, captions, friend lists, or full contact lists with analytics or attribution providers.

a. Account Information

• your account identifier (Supabase Auth user ID)
• your email address from Sign in with Apple or Google
• limited profile metadata returned by your sign-in provider, such as name or avatar, when available
• authentication session tokens, stored locally on your device in secure storage

b. Profile Information

• display name and username
• bio
• avatar image
• profile statistics derived from your activity, such as friend count

c. Photos and User Content

• photos you capture in the in-app camera or import from your device
• posted photos ("Drops") uploaded to our cloud storage so your Circle can see them
• private notes attached to your own posts (visible only to you)
• comments and reactions you submit
• saved items and Keeps
• share cards and invite messages you generate from the app

Photos stay on your device unless you post them or use a feature that requires uploading.

d. Camera and Photo Metadata

• look or recipe ID and version
• capture and post timestamps
• retake count
• flash mode, focal length label, and exposure bias

e. Social Graph and Safety Data

• friend requests and accepted friendships (your Circle)
• users you have blocked
• reports you submit, including the report reason (such as spam, harassment, impersonation, sexual content, or fake account)

f. Permissions and Device Features

• Camera — to take your daily Drop and other in-app photos.
• Photo Library (read) — to import a photo into RetroLens.
• Photo Library (add) — to save edited photos to your device.
• Contacts — optional, to help you invite friends. When used, your contacts are processed locally on your device and are not sent to RetroLens or third parties — this is treated as local device processing. RetroLens does not upload your address book to our servers.
• Notifications — to remind you to post and to show friend activity.

You can change or revoke any of these permissions at any time in your device settings.

g. Push Notification Information

• your Expo push token
• platform information (iOS, Android, or unknown)
• notification records, including type, message, read state, sender, and the related content ID

We may also schedule local reminders on your device.

h. Subscription and Purchase Information

• a Superwall identity linked to your RetroLens user ID
• your subscription status and entitlement
• the product you purchased (monthly or yearly RetroLens Pro) and the billing period
• trial or introductory offer eligibility
• provider-side customer, product, and transaction identifiers used to sync entitlements

Payments are processed by Apple. We do not receive your full payment card details.

i. Device and Local Data

• a locally generated retrolens_device_id
• onboarding answers and progress
• local photo library metadata and sandbox file paths for in-app use
• streak and last-photo date
• permission flags and pending access-linking state
• recent invited-contact keys

j. App Usage and Diagnostics

• events such as onboarding, authentication, paywall views, purchases, camera use, posting, sharing, friend activity, notifications, reactions, and comments
• event metadata such as platform, app version, and a session ID
• crash, error, and performance data via Sentry, when enabled in production

Sentry diagnostic events may be tagged with your user ID. Sensitive fields such as auth tokens, private notes, captions, URLs, avatars, and friend lists are partially redacted before being sent.

k. Support and Communications

If you contact us, we collect your name, email address, the contents of your message, and any information you choose to attach.

• provide and maintain RetroLens, including the camera, posting, Roll, Keeps, Circle/friend graph, and notifications
• create and manage your account and profile
• authenticate you through Apple or Google sign-in
• process and store the photos and content you choose to upload
• deliver content to the friends you have accepted
• process subscriptions, free trials, entitlements, and restore-purchase requests
• send push notifications and in-app activity alerts
• respond to support requests
• monitor performance, prevent abuse, fraud, and spam, and investigate reports
• enforce our Terms of Use and protect users and the Services
• comply with legal obligations

We do not sell your personal information.

a. Service Providers (Subprocessors)

• Supabase — authentication, database, cloud storage, edge functions
• Apple — Sign in with Apple, App Store distribution, in-app subscriptions
• Google — OAuth sign-in
• Superwall — paywall presentation, subscription status, restore/purchase flow
• Sentry — crash, error, and diagnostic reporting
• Expo — push notification delivery and app runtime services

b. Other Users

Other users may see information you choose to share, such as your profile name, username, bio, avatar, posts you share with your Circle, and your comments and reactions on shared content.

c. Native Share Sheet

When you use the device's native share sheet (for example, to invite a friend or share an exported photo), the recipient and destination app are chosen by you, and content is delivered through the third-party app or service you select.

d. Legal, Safety, and Security

We may preserve, access, or disclose information when we believe in good faith it is reasonably necessary to: respond to lawful requests or legal process; enforce our Terms of Use; investigate or prevent abuse, fraud, spam, harassment, or security incidents; protect the rights, safety, and property of users, the public, or RetroLens; or prevent serious harm or imminent risk to a person.

e. Business Transfers

We may share or transfer information in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business or assets.

Content stays on your device until you post, upload, or save it through a cloud-backed feature. When you post, your post is intended only for your Circle (accepted friends).

Today's friend posts may be locked until you post today. Your Roll and Keeps are private to you and don't change post visibility. Blocking a user removes their visibility into your future activity where applicable, and removing a friend may affect what they can see going forward. Blocking, unfriending, or deleting content does not remove or undo content other users have already seen, screenshotted, screen-recorded, saved outside the app, or received through previous sharing.

Recipients may still be able to screenshot, screen-record, or otherwise capture content they can see. Don't upload content you wouldn't want others to see.

We keep information for as long as reasonably necessary to operate the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Approximate retention by category:

• Account and profile — kept while your account is active
• Posted photos and content — kept until deleted by you or removed through account deletion
• Comments, reactions, saves — kept while the related account or content exists
• Push tokens — kept while notifications and your account remain active
• Diagnostic and error logs — typically 30–90 days
• Safety, abuse, fraud-prevention, and report records — may be retained longer to prevent recurrence
• Backups — may persist for a limited period after deletion

You can delete your account from within RetroLens (Settings → Account → Delete Account). When you delete your account, we delete or de-identify your account information and associated data from our active systems — including your stored photos, posts, comments, reactions, saves, reports, blocks, friendships, friend requests, push tokens, notification records, subscription entitlement records on our side, your profile, and your underlying authentication user — except where we need to retain limited information for legal, safety, fraud-prevention, backup, or legitimate business purposes. Backup deletion may take additional time.

If you have trouble deleting your account, contact [email protected].

Important: deleting your RetroLens account does not cancel an Apple subscription. To cancel a subscription, manage it in your Apple App Store account settings.

To the fullest extent permitted by law, we are not responsible for the loss, deletion, corruption, or unavailability of photos, posts, Keeps, Roll content, comments, reactions, or other content stored on your device or in our cloud infrastructure. Please keep your own backups of anything important to you.

We use reasonable administrative, technical, and organizational safeguards designed to protect your information, including encrypted transport and secure on-device token storage. No system is completely secure, and we cannot guarantee absolute security.

We may use automated systems to help operate RetroLens — for example, to surface friend activity, personalize app surfaces, detect spam or abuse, filter objectionable text in usernames, bios, or comments, improve reliability, and apply camera and photo effects on device. We do not use your private photos to train public AI models.

We may also use analytics, attribution, and measurement providers to understand how RetroLens is used, improve features, measure performance, debug issues, and evaluate the effectiveness of our marketing. We do not provide private photo content, private notes, captions, friend lists, or full contact lists to these providers.

RetroLens is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact [email protected].

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to processing of your personal information, or to withdraw consent where applicable.

U.S. state privacy rights. Depending on your state of residence (including, for example, California, Colorado, Connecticut, Virginia, Utah, Texas, and other states with comprehensive privacy laws), you may have rights to know what personal information we collect, access or receive a copy of your personal information, correct inaccuracies, delete your personal information, and opt out of certain uses such as targeted advertising, sale of personal information, or significant profiling. We do not sell your personal information. To exercise these rights, contact [email protected]. We will not discriminate against you for exercising any of these rights.

EU/UK legal bases. Where the EU or UK GDPR applies, our legal bases for processing your personal information may include: performance of a contract (to provide the Services you request); your consent (for example, optional permissions or marketing where required); our legitimate interests in operating, securing, and improving RetroLens (balanced against your rights); compliance with legal obligations; and protecting the vital interests of users or the public, including safety and abuse prevention. You may withdraw consent at any time where consent is the legal basis.

You can also:

• edit your profile information in the app
• manage notification preferences in your device settings
• manage Camera, Contacts, and Photo Library permissions in your device settings
• delete individual posts in the app
• delete your account in the app
• manage or cancel subscriptions in your Apple App Store account settings

To make a privacy-related request, contact [email protected].

RetroLens relies on the third-party services described above (Supabase, Apple, Google, Superwall, Sentry, and Expo). Those third parties process information in accordance with their own terms and privacy policies.

RetroLens is operated from the United States. If you use RetroLens from outside the United States, your information will be transferred to and processed in the United States and in other countries where our service providers operate. Where required by law, we rely on appropriate legal bases and safeguards for international transfers, including those offered by our service providers.

We may update this Privacy Policy from time to time. If we make material changes, we will update the Effective Date and may provide additional notice where appropriate.

If you have questions about this Privacy Policy, contact us at:

Banana Apps LLC
Florida, United States
[email protected]