Legal

Privacy Policy

Last updated · June 20, 2026

This policy covers sepia.film, the Sepia iOS app, and guest film‑joining (together, "Sepia," "we," or "the Service").

We collect only what we need to run the Service. We do not sell or share your personal information, and we do not use it for advertising or cross‑app tracking. Your films are private by default.

1. Data we collect

Account & identifiers

  • When you create an account we receive an identifier and, where the provider supplies it, your name and email address. You can sign in with Sign in with Apple, Google, or email and password.
  • Apple releases your name and email only on the first authorization. With email sign‑up you provide them directly.
  • To talk to our backend, every device is also issued an anonymous identifier. Guests who join a film without an account are represented only by a device‑local participation token.

User content

  • The photos you and your guests capture in a film.
  • Film details you create: title, cover image, dates, participant and shot settings, and a display name shown to other participants.
  • An optional profile photo, which is stored on your device.

Purchases

If paid film tiers or add‑ons are offered, the purchase is processed by Apple through the App Store. We may receive confirmation of the product purchased. We never receive your payment card details.

Usage & diagnostics

  • Basic app and website interactions, device type, OS, and app version, used to keep Sepia reliable.
  • The marketing website uses privacy‑conscious analytics to understand traffic. We do not run third‑party advertising or session‑replay tracking inside the app.

Camera & photos

  • Camera access only when you capture a photo for a film or scan an invite QR code.
  • Photo‑library access only when you save a photo or QR code, or choose a cover/profile photo through the system picker.
  • All access requires your device permission and is never used in the background.

App Store privacy labels (summary). Data linked to you: Identifiers (email), User Content (photos), Usage Data, Diagnostics, and Purchases where applicable. Data used for tracking: None. Third‑party advertising: None.

2. How we use data

  • To operate films: creating films, inviting participants, and capturing, storing and revealing photos at your chosen time.
  • To enforce participant caps, shot limits, and purchases.
  • To process purchases and prevent fraud and abuse.
  • To keep the Service reliable and secure, and to provide support and respond to your requests.
  • To comply with law and enforce our terms.

Legal bases (EEA/UK): performance of a contract, legitimate interests, consent where required, and legal obligation.

3. How we share data

We do not sell personal information and we do not allow cross‑app tracking.

Within a film

  • A film and its photos are visible only to people you invite, according to the film's settings.
  • Within a film, contributors can see who captured each photo, and your display name may be shown to other participants.
  • Films are reachable by their share code so invited people can join. Only the films your account hosts or has joined are loaded for you.

Service providers (processors)

  • Google Firebase (Google LLC): database (Firestore), photo and cover storage (Cloud Storage), and authentication.
  • Apple: Sign in with Apple and App Store purchases.
  • Google: Google Sign‑In.

Providers access data only to perform services for us and are required to protect it.

4. Guests and invites

Guests can join a film from an invite link or QR code without creating an account. We process only what's needed to let them capture and contribute to that specific film, using camera and network access only while the app is in use.

5. Data retention

  • Account data is kept while your account is active.
  • Photos are kept until the film is deleted or your account is closed. If you delete your account, photos you contributed to others' films may remain in those films.
  • Aggregated or anonymized analytics may be kept longer.

6. Security

  • Encryption in transit (HTTPS/TLS).
  • Encryption at rest provided by our cloud vendor (Google Cloud).
  • Access to stored films and photos requires an authenticated session.

No security method is perfect, and we cannot guarantee absolute security. If a breach involves your personal data, we will notify you and regulators when legally required.

7. Your choices and rights

  • Delete individual photos or an entire film from within the app.
  • Sign out, and manage notification preferences, in the app's settings.
  • Manage purchases through your Apple account.
  • To access, correct, export, or delete your account and associated data, contact us at inandha97@gmail.com. We may retain limited data to meet legal requirements or prevent abuse.

California (CCPA/CPRA): rights to know, delete, correct, and opt out of sale/share (we do not sell or share). No discrimination for exercising your rights. EEA/UK (GDPR): rights to access, rectification, erasure, portability, objection, and restriction. You may lodge a complaint with your local authority.

8. Children

Sepia is not directed to children under 13 (or the age required by your local laws to consent to data processing). We do not knowingly collect personal information from them. If you believe a child has provided data, contact inandha97@gmail.com and we will delete it.

9. International transfers

We operate primarily in the United States, and your data, including data handled by our cloud vendor, may be processed in the U.S. and other countries. Where required, we use appropriate safeguards for international transfers.

10. Changes to this policy

We will update this page when the policy changes and will note material changes in the app or on this page, with the "last updated" date revised accordingly. Continued use of the Service after changes take effect means you accept the updated policy.

11. Contact

Questions about privacy? Reach us at inandha97@gmail.com. We aim to respond within 48 hours. For urgent concerns, include "URGENT - Privacy Request" in the subject line.