Privacy Policy

Last updated: March 31, 2026

1. Introduction

We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use ScrollShots (the "App"). We comply with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Data Controller

The data controller is SM SEAMLESS DIGITAL LTD, operating from the European Union (Cyprus).
Contact: [email protected]

3. Data We Collect

We collect the following data:

• Account data: Email address and name (if provided) when you sign in with Apple, Google, or email/password. Stored securely via Supabase (hosted in the EU).
• Content you provide: Text, topics, or prompts you enter for AI carousel generation. This content is sent to our server and processed by third-party AI services (see Section 5) to generate your carousel slides. We do not use your content to train AI models.
• Generated content: AI-generated carousel slides are stored locally on your device. For registered users, carousels are also synced to our secure cloud database for cross-device access.
• Purchase data: Processed through Apple App Store or Google Play Billing. We receive only anonymized transaction information via RevenueCat for subscription management.
• Usage data: Daily generation counts and device identifiers for rate limiting and abuse prevention.
• Analytics: Optional Firebase Analytics (device model, OS version, app events). No personal identifiers are collected.
• Push notification tokens: Device token for sending notifications (with your permission).
• Feedback and reports: Name, email, message, platform, device model, and app version when you send feedback or report content.
• Media access: Camera and photo library access only when you actively use features to import or export images. We do not access your media in the background.
• Images: Custom background images you upload are stored on Cloudflare R2 (encrypted at rest). AI-generated background images are also stored on Cloudflare R2.

4. AI-Generated Content

ScrollShots uses artificial intelligence to generate carousel slide content based on text you provide. Important details:

• Your input text is sent to our backend server, which forwards it to third-party AI providers for processing.
• We do not use your input or generated content to train AI models.
• AI-generated content may not always be accurate, complete, or appropriate. You are responsible for reviewing all generated content before sharing or publishing.
• We implement content moderation filters to prevent generation of harmful, explicit, or illegal content. You may report problematic content using the in-app report feature.

5. Data Sharing

We share data only with trusted processors necessary to provide the service:

• Apple and Google: Authentication (Sign in with Apple/Google) and in-app purchase processing.
• RevenueCat: Subscription management and purchase validation.
• Supabase: Authentication, user database, and cloud storage for carousels.
• Cloudflare: Image storage (R2) and network security.
• OpenRouter / AI providers: Your input text is sent to AI language model providers to generate carousel content. No personal identifiers are included in these requests.
• Firebase: Push notifications and optional analytics.
• Purelymail: Email delivery for feedback and content reports.

All processors are GDPR-compliant. We do not sell your personal data to third parties.

6. Legal Basis for Processing (GDPR)

• Contract: To provide the App and its features (content generation, purchases, cloud sync).
• Consent: Push notifications, analytics, camera/gallery access.
• Legitimate interest: Improving the App, fraud and abuse prevention, content moderation, feedback processing.

7. Your Rights (GDPR)

You have the right to:

• Access, rectify, or delete your personal data (use "Delete Account" in Settings).
• Withdraw consent at any time (e.g., disable push notifications in device settings).
• Object to processing or request restriction of processing.
• Request data portability.
• Lodge a complaint with your local data protection supervisory authority.

Contact us at [email protected] to exercise these rights. We will respond within 30 days.

8. Data Retention

We retain data only as long as necessary:

• Account data: Until you delete your account.
• Generated content: Local data remains on your device until deleted. Cloud-synced data is deleted when you delete the carousel or your account.
• Uploaded images: Stored until the associated carousel is deleted or your account is deleted.
• Purchase records: As required by law (typically 7 years).
• Usage data: Daily counts are retained for 90 days.
• Content reports: Retained for up to 12 months for moderation purposes.

9. International Data Transfers

Your data may be processed outside the EU by our service providers (e.g., AI providers, Cloudflare). All transfers are protected by Standard Contractual Clauses or equivalent safeguards as required by GDPR.

10. Children's Privacy

ScrollShots is not directed at children under the age of 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Security

We use encryption in transit (TLS/SSL), encrypted storage, secure authentication, and regular security reviews to protect your data. However, no method of transmission over the Internet is 100% secure.

12. Changes to This Policy

We may update this policy from time to time. Significant changes will be notified in-app or via email. The "Last updated" date at the top indicates the most recent revision.

13. Contact Us

For privacy-related questions or requests:
[email protected]