01The on-device promise
Cleanroom scans your photo library entirely on your iPhone or iPad. All detection — screenshots, documents, receipts, duplicates, the Sensitive category, video analysis — runs on your device's own chip.
Your photos, videos, and documents are never uploaded, transmitted, or shared by Cleanroom. There is no account to create, and we operate no server. We could not see a photo of yours even if we wanted to — there is nowhere for it to go.
Photos you place in the Keep are stored encrypted on your device only (see Security). We never receive them, and we cannot recover them.
Being precise matters more to us than sounding perfect, so this policy also discloses the small amount of data that is involved: advertising data handled by Google and purchase processing handled by Apple in the free, ad-supported app, and anonymous page-view counting on this website. None of it includes your photos. The sections below explain each part.
02Who we are
Cleanroom is developed by EQUINOX TECH LLC (trading as EQUINOX TECH), 1240 NE 24th St, Wilton Manors, Florida 33305, United States (the "developer", "we"). For the limited processing described in this policy that we are responsible for, we are the data controller under the GDPR and UK GDPR. You can reach us at hello@cleanroomapp.net.
For advertising data, Google is a separate party that processes data under its own policies, as described in section 05.
03What we don't collect
The app has no developer-operated backend, no analytics SDK, and no crash-reporting SDK. The app itself sends us nothing. Specifically, we do not collect, receive, or store:
- Your photos, videos, or documents — or any thumbnails, crops, or derived versions of them.
- The results of any scan: what categories were found, what was flagged as Sensitive, what you deleted, compressed, or moved to the Keep.
- Your name, email address, contacts, or location. There is no account or sign-up.
- Usage analytics or crash reports from the app.
The only network activity the app itself initiates related to your library is iOS downloading your own iCloud Photos originals to your device during a scan, if you use iCloud Photos (see section 08). That is a download to your phone, not an upload from it.
This section is about the app. The website you are reading this on counts anonymous page views; that is described separately, and deliberately, in section 04.
04This website
Everything above is about the app on your phone. This section is about this website (cleanroomapp.pages.dev) — a different thing entirely, and we keep the two apart on purpose.
The site is a handful of static pages hosted on Cloudflare Pages. It uses Cloudflare Web Analytics so we can see whether anyone is reading it. What that means, precisely:
- No cookies, and no other identifier stored on your device to recognize you. (The only thing the site keeps locally is your light/dark and language choice, in your own browser, which never leaves it.)
- No cross-site tracking, no advertising identifiers, and no advertising profile is built from your visit. Nothing here feeds the app's ads.
- Aggregate page-view data only — which page was loaded, roughly where in the world from (country level), which site referred you, and general browser/device type. It is processed by Cloudflare as our processor, and it does not identify you.
- Like every web server, Cloudflare handles the IP address your browser must send to receive a page. It is used to serve and protect the site and to derive that country-level figure, not to profile you.
The website measures page views. The app does not report anything about your photos — ever. Reading this page tells us that a page was read. Using the app tells us nothing at all.
See Cloudflare Web Analytics and the Cloudflare Privacy Policy. If you block analytics scripts, the site works exactly the same.
05Advertising — Google AdMob
The free version of Cleanroom shows ads using Google AdMob (the Google Mobile Ads SDK). This is the one part of the app where a third party collects data from your device, and we want to describe it accurately rather than pretend it away.
To deliver and measure ads, the AdMob SDK may collect and send to Google:
- The device advertising identifier (IDFA) — only if you allow tracking in the App Tracking Transparency prompt (see section 06).
- Device and app information — such as device model, operating system version, language, general (coarse) location inferred from IP address, and app identifier.
- Ad interaction data — such as which ads were served and whether they were viewed or tapped, plus diagnostic and fraud-prevention signals.
Ad data never includes your photos, videos, documents, or any scan results. The ad SDK has no access to your photo library or the Keep.
Google processes this data under its own terms. To understand Google's practices, see:
- Google Privacy Policy
- How Google uses information from sites or apps that use its services
- Google — Advertising technologies
Buying the one-time Cleanroom+ unlock removes ads, and with them the ad SDK's data collection during use.
06Tracking & consent (ATT and the EU/UK consent form)
App Tracking Transparency (everyone)
Before Cleanroom can allow the ad SDK to access your device's advertising identifier (IDFA) for tracking, iOS shows Apple's App Tracking Transparency prompt. If you choose Ask App Not to Track, the IDFA is not available to Google and you will see non-personalized (contextual) ads instead. The app works identically either way.
You can change this choice at any time in iOS Settings → Privacy & Security → Tracking.
Consent in the EU, EEA, and UK
If you are in the European Economic Area or the United Kingdom, Cleanroom shows Google's consent form (the User Messaging Platform, "UMP") before any ads are served. You can choose whether to consent to personalized ads; if you decline, ads are non-personalized. You can review or change your choice later from the app's settings.
Personalized ads happen only with your consent. Declining costs you nothing — the app is fully functional with non-personalized ads, or with no ads at all after the one-time unlock.
07Purchases — Apple
The optional Cleanroom+ unlock ($4.99 one-time, or $8.99 one-time for Cleanroom+ Family, shareable through Apple Family Sharing with up to six people) is processed entirely by Apple through the App Store's in-app purchase system.
- We never see or receive your payment card details, billing address, or Apple ID credentials. Apple processes the payment under its own terms and privacy policy.
- The app only learns whether the unlock is active, so it can remove ads. That entitlement check happens through Apple's on-device StoreKit framework.
- Refunds are requested from and decided by Apple, not by us.
See the Apple Privacy Policy for how Apple handles purchase data.
08iCloud Photos — a note on Apple's system behavior
If you use iCloud Photos, some of your originals may live in iCloud rather than on your phone. When Cleanroom scans your library, iOS itself may download your own originals to your device so they can be analyzed on-device. This is Apple's standard PhotoKit behavior between your own devices and your own iCloud account.
To be exact: this is a download of your own photos to your own phone, performed by iOS. It is not an upload, and Cleanroom never sends your photos anywhere.
09Security
Photos and videos you move into the Keep are protected on your device:
- AES-GCM encryption — an authenticated encryption standard — protects every item in the Keep, stored only in the app's local storage on your iPhone.
- Face ID (or your device passcode, or a PIN) is required to unlock the Keep. The encryption key is held in the iOS Keychain, restricted to this device, and requires your presence to use.
- The Keep's contents are excluded from device backups and never synced anywhere.
Because there is no server, there is also no cloud recovery. If your device is lost or erased and you have no local copy, the Keep's contents cannot be recovered by us — by design, we never had them.
No security measure is absolute, but on-device encryption with hardware-backed keys is the strongest posture we can offer without ever taking possession of your data.
10Data retention
- By us: nothing. We hold no personal data about you or your library, so there is nothing for us to retain or delete. If you email us for support, we keep the correspondence only as long as needed to help you.
- On your device: scan results, settings, and the Keep live only in the app's local storage. Deleting the app deletes them (deleting the app also permanently deletes the Keep's contents — export first if you want them).
- By Google: advertising data collected by the AdMob SDK is retained by Google under Google's retention policies.
- By Cloudflare: the website's aggregate page-view data is retained by Cloudflare on our behalf under its own retention practices. It is not linked to you, and there is no profile of you to delete.
11For users in the EU, EEA, and UK — GDPR
Legal bases
- Personalized advertising: your consent (Art. 6(1)(a) GDPR), collected via the consent form described in section 06. You can withdraw it at any time with effect for the future.
- Non-personalized advertising and app delivery: legitimate interests (Art. 6(1)(f)) in funding a free app with contextual ads that involve minimal data.
- The in-app purchase: performance of a contract (Art. 6(1)(b)) — processed by Apple.
- Your photo library: processed only on your device at your direction. It never reaches us, so we perform no processing of it as a controller.
- Website page-view counting: legitimate interests (Art. 6(1)(f)) in knowing whether the site is read, measured without cookies, without cross-site tracking, and in aggregate only (section 04). Because no identifier is stored on your device, no cookie consent is required for it.
Your rights
You have the rights of access, rectification, erasure, restriction, data portability, and objection, the right to withdraw consent at any time, and the right to lodge a complaint with a supervisory authority in your country of residence.
Two practical notes, offered honestly:
- We hold no personal data about you or your photos, so an access or erasure request to us will normally come back empty — everything lives on your device, under your control. Deleting the app is the most complete erasure that exists for Cleanroom data.
- For advertising data, Google is the party that holds it. Exercise those rights through Google's tools — Google's My Ad Center and the controls in the Google Privacy Policy — and through the consent and tracking controls in section 06.
12For California residents — CCPA/CPRA
The app collects no personal information about you. When ads are shown, the AdMob SDK may collect on Google's behalf the categories California law calls identifiers (the advertising identifier), device information, and internet or network activity (ad interactions). Visiting this website produces aggregate, cookieless page-view data in the internet or network activity category, which is not linked to you (section 04). We do not collect sensitive personal information, and your photos are never involved.
"Sale" or "sharing": under the CPRA's broad definitions, allowing an advertising SDK to use your identifier for cross-context behavioral (personalized) advertising may qualify as "sharing" or a "sale" of personal information. We do not sell or share personal information in any other sense, and we receive no money for data.
Do Not Sell or Share My Personal Information
You can opt out of any such sharing at any time, and the app fully respects it:
- Choose Ask App Not to Track in the App Tracking Transparency prompt, or turn tracking off later in iOS Settings → Privacy & Security → Tracking. Without the identifier, ads are non-personalized.
- Where the consent form is shown, decline personalized ads.
- Or purchase the one-time unlock, which removes ads entirely.
California residents also have rights to know, delete, and correct, and the right not to be discriminated against for exercising them. Because we hold no personal information, requests to us will normally return nothing; for ad data, direct requests to Google via the links in section 11. We will never treat you differently for opting out.
13International transfers
We hold no personal data of yours, so we transfer none. The third parties involved do process data internationally: the website's aggregate page-view data is processed by Cloudflare, Inc. (United States) on our behalf, and advertising data collected by the AdMob SDK is processed by Google LLC and its affiliates, which may process data on servers around the world, including in the United States. Google states that it relies on appropriate safeguards such as standard contractual clauses and participates in applicable data-transfer frameworks; see Google's data transfer frameworks.
14Children
Cleanroom is a utility for managing your own photo library and is not directed to children. Its App Store age rating (4+) reflects the absence of objectionable content in the app itself, not an intent to attract children.
We do not knowingly collect personal information from children under 13 (or the equivalent minimum age in your country). Because the app shows ads, we configure ad serving to comply with applicable children's-privacy rules, including relying on non-personalized ads where required. If you believe a child has used the app and that an advertising identifier was collected as a result, use the controls in section 06 and contact us at hello@cleanroomapp.net so we can help.
15Changes to this policy
If the app's data practices ever change — for example, a different ad provider, or the removal of ads — we will update this policy and change the "Last updated" date at the top. For material changes, we will also make the change prominent in the app or its App Store release notes. The current version always lives at this page.
16Contact
Questions, rights requests, or concerns about privacy:
Postal address: EQUINOX TECH LLC, 1240 NE 24th St, Wilton Manors, Florida 33305, United States.