Privacy Policy

Last updated: March 31, 2026 | Effective: March 31, 2026

REGRADE ("we", "us", "our") operates the REGRADE mobile application. This policy explains what data we collect, why we collect it, how we process it, and what rights you have.

We built REGRADE to be a photography tool, not a data harvesting product. We collect only what is strictly necessary to provide the service.

1. Data We Collect

Account Information

When you sign in with Apple, we receive:

Your email address (or Apple's private relay email if you choose to hide it)
A unique user identifier

This information is stored in our authentication system powered by Supabase. We do not collect your name, phone number, or physical address.

Photos You Submit

When you take a photo and select a film stock for regrading, the optimized image is sent to our backend API at api.regradeapp.com. Our server forwards it to the Google Gemini API (specifically Google's generative AI image model) for AI-powered film stock emulation.

Your original photo is downscaled and compressed before transmission
The regraded result is temporarily stored on Cloudflare R2 using presigned URLs that expire after 24 hours
We do not permanently store your photos on our servers
Your regraded photos are saved locally on your device

Purchase Information

In-app purchases (film rolls / exposure credits) are processed through Apple's App Store and managed by RevenueCat. We receive:

Purchase status and entitlement information
An anonymous RevenueCat user identifier

We never see or store your payment card details. Apple handles all payment processing.

Technical Data

We may collect minimal technical data required for the app to function:

Device type and iOS version (for compatibility)
Crash logs (if the app crashes, basic diagnostic data may be sent)

2. What We Do Not Collect

                We do not use tracking, advertising SDKs, or third-party analytics. There are no ads in REGRADE. We do not sell, rent, or share your personal data with advertisers or data brokers. We do not build user profiles for targeted advertising.
            

3. How We Use Your Data

Authentication: Your email and user ID allow you to sign in and access your account
Photo processing: Your photos are sent to Google's Gemini API solely to perform AI film stock emulation and return the regraded image to you
Purchase management: RevenueCat tracks your exposure credits so you can use the service
Service operation: Technical data helps us keep the app working and fix bugs

4. Third-Party Services

We use the following third-party services to operate REGRADE. Each processes data only as necessary to provide their respective function:

Supabase (Authentication & Database)

Handles user authentication and stores account data. Supabase processes your email and user ID. Supabase Privacy Policy

Google Gemini API (Photo Processing)

Your photos are sent to Google's generative AI API for film stock emulation. Google processes the image data to generate the regraded result. Google API Terms of Service

                Important: When you submit a photo for regrading, it is transmitted to Google's servers for AI processing. Google's data handling policies apply to this processing. We encourage you to review Google's terms.
            

Cloudflare R2 (Temporary Photo Storage)

Regraded photos are temporarily stored on Cloudflare R2 using presigned URLs that expire after 24 hours. After expiration, the files are no longer accessible. Cloudflare Privacy Policy

RevenueCat (In-App Purchases)

Manages purchase entitlements and exposure credit tracking. RevenueCat receives an anonymous user identifier and purchase status. RevenueCat Privacy Policy

Apple (Authentication & Payments)

5. Data Retention

Account data: Retained as long as your account is active. Deleted when you delete your account.
Photos sent for processing: Not permanently stored on our servers. Regraded results on Cloudflare R2 expire after 24 hours.
Purchase records: Retained as long as your account exists, or as required by law for financial records.
Technical/crash data: Retained for up to 90 days for debugging purposes.

6. Your Rights

For All Users

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate data
Deletion: Request deletion of your account and associated data
Account deletion: You can delete your account directly within the app under Settings. This removes your account data from Supabase.

For EU/EEA Residents (GDPR)

Under the General Data Protection Regulation (GDPR), you have additional rights:

Legal basis: We process your data based on contract performance (providing the service), legitimate interests (maintaining security), and consent (Sign in with Apple)
Right to restrict processing: You can request we limit how we use your data
Right to data portability: Receive your data in a machine-readable format
Right to object: Object to processing based on legitimate interests
Right to withdraw consent: Withdraw consent at any time without affecting prior processing
Right to lodge a complaint: File a complaint with your local data protection authority

Response time: Within 30 days of a verified request.

For California Residents (CCPA)

Under the California Consumer Privacy Act (CCPA), you have the right to:

Know: What personal information we collect and how it is used
Delete: Request deletion of your personal information
Opt-out: We do not sell personal information, so this right is automatically satisfied
Non-discrimination: We will not discriminate against you for exercising your rights

Response time: Within 45 days of a verified request.

7. Data Security

We use industry-standard measures to protect your data:

All data in transit is encrypted via TLS/HTTPS
Authentication is handled through Supabase with secure token management
Photo transfers use presigned URLs with 24-hour expiration
API communication between the app and our backend is authenticated

No system is 100% secure. If we become aware of a data breach affecting your personal data, we will notify you and relevant authorities as required by applicable law.

8. International Data Transfers

Our services use infrastructure located in various regions. Your data may be processed in countries outside your own, including the United States. When this occurs, we rely on appropriate safeguards such as the service providers' data processing agreements and, where applicable, Standard Contractual Clauses.

9. Children's Privacy

REGRADE is not directed at children under the age of 13 (or 16 in the EU/EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this policy from time to time. If we make significant changes, we will notify you through the app or by other means before the changes take effect. The "Last updated" date at the top of this page indicates the most recent revision.

11. Contact Us

If you have questions about this privacy policy, want to exercise your data rights, or have any concerns:

Email: contact@regradeapp.com
Website: regradeapp.com