Skip to content
Decluttr AI Decluttr AI
Legal

Privacy Policy

Effective date: 2026-05-17 · Last updated: 2026-05-20

This Privacy Policy explains how Visatech S.R.L. ("Visatech", "we", "us") processes personal data when you use the Decluttr AI mobile application (the "App") or this website at decluttrai.com (the "Site"). It is written to comply with the EU General Data Protection Regulation (Regulation 2016/679, the "GDPR"), the Italian Personal Data Protection Code (Legislative Decree 196/2003 as amended), the EU ePrivacy Directive and the Italian Garante's May 2021 Cookie Guidelines, Apple's App Store Review Guidelines (Section 5.1), and Google Play's User Data Policy.

1. Data controller and contact

The data controller is:

Visatech S.R.L.
Via del Lauro 9, Milan, Italy, 20121
Email: support@decluttrai.com

For privacy-related inquiries, including the exercise of any rights described in section 11, please write to the email above.

2. Scope

This policy applies to: (a) the Decluttr AI app on iOS (App Store) and Android (Google Play); and (b) this marketing and support website at decluttrai.com. It does not apply to third-party services to which we may link.

3. Privacy summary: what makes Decluttr AI different

  • Your photos never leave your phone. All AI inference (duplicate detection, blur scoring, OCR, classification) runs locally using Apple Vision, Core ML, and on supported devices, Apple Intelligence Foundation Models.
  • No account, no login. We use an anonymous identifier stored in your device Keychain. We never ask for your name, email, or password to use the app.
  • No cloud sync of your content. We do not upload photos, photo embeddings, contacts content, or calendar content.
  • No advertising tracking by default. On iOS we ask through Apple's App Tracking Transparency (ATT) before any tracking that could be linked across apps.

4. What we collect and why

The table below describes every category of personal data we process, the source, the purpose, the GDPR legal basis, and the retention period.

Data category Source Purpose Legal basis (GDPR) Retention
Photo, contact, and calendar metadata Read locally from your device, with your permission Detect duplicates, blurry shots, large videos; merge duplicate contacts; identify old calendar events Art. 6(1)(b), contract performance Not retained by us, processed only on your device
Anonymous device identifier (UUID) Generated locally and stored in your device Keychain; mirrored across your devices via Apple iCloud Key-Value Store Persist your Pro entitlement, prevent free-trial abuse Art. 6(1)(f), legitimate interests (service continuity) Until you uninstall the app on all your devices and clear iCloud Key-Value Store, or until you request deletion (see section 11)
Purchase and subscription events Apple StoreKit / Google Play Billing; entitlements processed via Adapty Verify your entitlements; provide receipt; comply with tax and accounting law Art. 6(1)(b), contract; Art. 6(1)(c), legal obligation 10 years (Italian tax law); transaction tokens retained per Apple/Google
Crash diagnostics and performance logs Generated on your device when the app crashes; anonymized Diagnose bugs, improve stability Art. 6(1)(f), legitimate interests 90 days
Attribution data (install source, campaign) AppsFlyer SDK on your device; no IDFA unless you grant ATT Measure marketing effectiveness in aggregate Art. 6(1)(f) without ATT (no cross-app linking); Art. 6(1)(a), consent when ATT is granted Per AppsFlyer's data-retention policy (aggregate attribution reporting)
Contact form / support email content You, when you write to support@decluttrai.com or use our contact form Reply to your inquiry, provide support Art. 6(1)(b), contract; Art. 6(1)(f), legitimate interests 24 months from last interaction, then deleted

5. What we do NOT collect

  • Photo contents, photo embeddings, or facial recognition templates
  • Contact names, phone numbers, emails, or messages
  • Calendar event titles, descriptions, or attendees
  • IDFA or any cross-app identifier without your explicit ATT consent
  • Your name, email address, or password (we have no user accounts)
  • Your precise location
  • Your contacts list or social graph

6. On-device AI disclosure

All artificial-intelligence inference performed by Decluttr AI, including perceptual hashing, feature-print similarity, Laplacian blur scoring, optical character recognition, face quality scoring, image classification, and where supported, large-model natural-language search, runs on your device using Apple's Vision, Core ML, and Foundation Models frameworks. We do not send any image, video, audio, or text content to any server for inference.

7. Third-party processors

We share limited data only with the following processors, each bound by a data-processing agreement and, where applicable, by EU Standard Contractual Clauses for international transfers:

  • Apple Inc.: App Store distribution, StoreKit billing, iCloud Key-Value Store for entitlement sync. (Apple Privacy Policy)
  • Google LLC: Google Play distribution and Play Billing (Android). (Google Privacy Policy)
  • AppsFlyer Ltd. (Israel/USA), mobile install attribution and deep links (OneLink). (AppsFlyer Privacy Policy) Transfers occur under EU Standard Contractual Clauses.
  • Adapty Tech, Inc. (USA), subscription management, entitlement validation, and purchase/paywall analytics. (Adapty Privacy Policy) Transfers occur under EU Standard Contractual Clauses.
  • Crash diagnostics provider: Apple's built-in crash reporting; no third-party crash-reporting SDK is used.

8. International data transfers

Some of our processors are located outside the European Economic Area, notably in the United States. Where personal data is transferred, we rely on the European Commission's Standard Contractual Clauses (2021/914) and, where available, on adequacy decisions. You can request a copy of the transfer safeguards by emailing support@decluttrai.com.

9. Apple App Tracking Transparency (ATT)

On iOS, before any tracking that could be linked across apps or websites owned by others, we will display Apple's App Tracking Transparency prompt asking for your permission. If you decline, attribution still works through Apple's privacy-preserving measurement framework. You can change your choice anytime in Settings → Privacy & Security → Tracking.

10. Apple Privacy Manifest and Google Play Data Safety

Apple Privacy Manifest

Our iOS app ships with a complete PrivacyInfo.xcprivacy manifest declaring all required-reason API usage (UserDefaults, CA92.1; File Timestamp, C617.1; Disk Space, E174.1) and the categories of data we collect. The manifest is verifiable in the App Store binary and on our public source where applicable.

Google Play Data Safety

The Data Safety form for the Android app mirrors this policy:

  • Data collected: Purchases (linked to user, required), Crash logs (not linked to user, optional), App interactions (not linked to user, optional).
  • Data shared: No data is shared with third parties for advertising. Data is shared with processors strictly for service delivery as listed in section 7.
  • Security: Data is encrypted in transit (TLS 1.3) and at rest where stored.
  • Data deletion: You can delete your data in-app (Settings → Delete my data) or request it at decluttrai.com/delete-data. Section 11 below describes exactly what is erased and what we are legally required to retain.

11. Your rights under the GDPR

If you are in the European Economic Area, the United Kingdom, or Switzerland you have the following rights regarding your personal data:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure / "right to be forgotten" (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object to processing based on legitimate interests (Art. 21)
  • Right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal (Art. 7(3))
  • Right to lodge a complaint with a supervisory authority, for users in Italy, the Garante per la protezione dei dati personali at www.garanteprivacy.it

To exercise any of these rights, email support@decluttrai.com. We will respond within one month as required by Art. 12(3) GDPR. Because we have no user accounts, please include enough information for us to identify the data, typically the anonymous device identifier available in the app under Settings → About, or the order ID of any purchase.

Deleting your data (Art. 17)

You can erase your data in two ways:

  • In the app (fastest): open Settings → Delete my data. This immediately deletes the records described below from our servers.
  • By request, if you have already uninstalled: use decluttrai.com/delete-data or email support@decluttrai.com. As above, please include the anonymous device identifier or an order ID so we can locate the data.

A deletion request erases your device identity records (including the App Attest / Play Integrity security material), and our cached copy of your Pro entitlement; and it anonymizes your usage analytics by permanently unlinking them from your identifier.

We retain your purchase and subscription records for up to 10 years, because we are required to under Italian tax and accounting law and for fraud prevention — an exception expressly permitted by Art. 17(3)(b) and (e) GDPR. These records reference only the anonymous identifier and the store transaction; they contain no name or email. Deleting your data does not cancel an active subscription, which is billed by Apple or Google and must be cancelled through them.

12. California and US state privacy rights

If you are a resident of California, Colorado, Connecticut, Virginia, Utah, or another US state with comprehensive privacy law, you have the right to access, delete, and opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising within the meaning of the CCPA / CPRA. To exercise your rights, email support@decluttrai.com.

13. Children

Decluttr AI is rated 4+ on the App Store and "Everyone" on Google Play, but is intended for general audiences. We do not knowingly collect personal data from children under 13 (or under 16 in the EU, per Art. 8 GDPR and Italian implementing rules). If you believe a child has provided us with personal data, please contact us and we will delete it.

14. Security

  • The anonymous device identifier is stored in the iOS Keychain with kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly.
  • Secret Vault contents are encrypted with AES-GCM; the encryption key is generated and stored in the Secure Enclave and never leaves it.
  • All network communication uses TLS 1.3.
  • We follow Apple's and Google's recommended security practices and review our dependencies for known vulnerabilities before each release.

15. Cookies and similar technologies on the Site

This section describes the cookies and local-storage technologies used on the decluttrai.com website. The categories below match the choices presented to you in our consent banner (which you can re-open at any time via "Cookie settings" in the footer).

Strictly necessary (always on, no consent required)

  • decluttr_consent, stores your cookie consent choice itself, so we do not ask again on every page. Storage: localStorage. Duration: until you clear it.
  • decluttr_consent_ts, timestamp of your consent choice. Storage: localStorage. Duration: until you clear it.

Analytics (consent required, off by default)

None active at the time of writing. If we enable an analytics provider in the future, its name, purpose, processor identity, and retention will be listed here before activation.

Marketing / advertising (consent required, off by default)

None active. No advertising cookies are set on this Site.

You may change or withdraw your consent at any time by clicking "Cookie settings" in the footer of any page on this Site.

16. Data breach notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the Italian Garante within 72 hours under Art. 33 GDPR and, where required, communicate the breach to affected users under Art. 34 GDPR.

17. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced in the App's release notes and on this page. The "Last updated" date at the top reflects the most recent revision.

18. Contact

Visatech S.R.L.
Via del Lauro 9, Milan, Italy, 20121
support@decluttrai.com