Privacy Policy

Last Updated: April 27, 2026

Introduction

Invisible String ("App," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application on iOS or Android.

Key Point: Your photos never leave your device. All processing happens locally on your phone.

Information We Collect

Information You Provide

  • Your Name: Used to identify you to your partner within the App
  • Meeting Date: The date you met your partner, used to filter photo matching
  • Partner Connection: Information about your connected partner (name, pairing data)

Information Collected Automatically

  • Photo Metadata: When you grant photo library access, we scan your photos' metadata (location coordinates and timestamps) on your device. We do not access, view, or store your actual photos.
  • Device Information: Basic device identifiers for app functionality

Information Shared with Your Partner

When you choose to share data with your partner, the following is exchanged:

  • Photo location coordinates (latitude/longitude)
  • Photo timestamps
  • Your name

How We Use Your Information

We use your information solely to:

  1. Find Near-Misses: Compare your photo locations with your partner's to identify times you were in the same place
  2. Generate Stories: Create shareable story cards showing your near-miss encounters
  3. Improve the App: Understand usage patterns (without accessing personal data)

Data Storage and Security

On-Device Processing

  • All photo scanning occurs entirely on your device
  • Your photo library is never uploaded to any server
  • Near-miss calculations happen locally

Data Encryption

  • Data shared between partners is encrypted end-to-end
  • Only you and your partner can decrypt your shared location data
  • We cannot read or access your encrypted data

Partner Data Transfer

  • We do not operate our own servers or databases
  • Invite Code Pairing (iOS and Android): When you pair using a 6-character invite code, your end-to-end encrypted data is temporarily stored in Google Firebase (Cloud Firestore and/or Cloud Storage) for up to 48 hours, then automatically deleted. The data is encrypted on your device before upload, and only your partner's device—using the invite code—can decrypt it. We cannot read its contents.
  • Nearby Pairing (iOS): Data transfers directly between devices over Bluetooth/Wi-Fi with no cloud involvement.
  • No permanent records of your data exist outside your device or your partner's device

Data Sharing

We do NOT:

  • Sell your personal information
  • Share your data with advertisers
  • Use your photos for any purpose other than metadata extraction
  • Store your unencrypted data on any server (encrypted invite-code data is held briefly on Firebase, then auto-deleted within 48 hours)
  • Access your data without your explicit action

We MAY share information:

  • With your connected partner (only the data you explicitly choose to share)
  • If required by law (though we have minimal data to provide)
  • To protect our rights or safety, or those of others

Third-Party Services

iOS Platform Services

  • App Store: Handles app distribution and payment processing
  • StoreKit: Manages in-app purchases
  • Photos Framework: Provides access to photo metadata (with your permission)
  • MapKit: Displays maps and converts coordinates to place names

Android Platform Services

  • Google Play Store: Handles app distribution and payment processing
  • Google Play Billing: Manages in-app purchases
  • MediaStore: Provides access to photo metadata (with your permission)
  • Google Maps SDK: Displays maps and converts coordinates to place names

Google Firebase (Both Platforms)

We use Google Firebase to relay end-to-end encrypted data between paired partners when you use invite code pairing. Specifically:

  • Encrypted data is uploaded to Cloud Firestore and/or Cloud Storage for Firebase, keyed by your one-time invite code
  • Data is encrypted on your device before it reaches Firebase—Google and Invisible String cannot read its contents
  • Encrypted records are automatically deleted within 48 hours
  • Firebase may also be used for anonymous crash diagnostics on Android (Firebase Crashlytics) to help us fix bugs

Firebase is operated by Google LLC. Data may be processed on Google Cloud infrastructure outside your country of residence. See Firebase's Privacy and Security page for more information.

Analytics (Both Platforms)

We use TelemetryDeck, a privacy-focused analytics service, to understand how the app is used. TelemetryDeck collects anonymous usage events (such as "scan started" or "story viewed") without any personal information, device identifiers, or tracking across apps. No advertising networks or data brokers receive your information.

Your Rights and Choices

Access and Control

You can:

  • View Your Data: See all stored data within the App
  • Delete Your Data: Use "Start Over" in Settings to delete all local data
  • Revoke Photo Access: Change permissions in your device's Settings app
  • Disconnect from Partner: End the connection and remove shared data

Data Portability

Your data exists only on your device. Uninstalling the App removes all data.

Opt-Out

You may stop using the App at any time. Deleting the App removes all associated data from your device.

Children's Privacy

The App is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Data Retention

  • Local Data: Stored on your device until you delete it or uninstall the App
  • Shared Data: Exists on your device and your partner's device
  • Pairing Relay (Firebase): End-to-end encrypted invite-code data is automatically deleted within 48 hours
  • Server Data: We do not retain any unencrypted personal data on any server

Security Measures

We implement appropriate security measures including:

  • End-to-end encryption for partner data sharing
  • Local-only processing of sensitive photo data
  • No transmission of actual photo content
  • Secure temporary channels for pairing

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of changes by:

  • Updating the "Last Updated" date
  • Posting a notice in the App for material changes

Your continued use of the App after changes constitutes acceptance of the updated policy.

California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect
  • Request deletion of your personal information
  • Not be discriminated against for exercising your privacy rights

Since we process data locally and don't maintain databases of user information, most CCPA requests are satisfied by the App's built-in data deletion features.

International Users

The App processes your photo metadata locally on your device regardless of your location. When you use invite code pairing, your end-to-end encrypted partner data is briefly relayed through Google Firebase, which may store it on Google Cloud infrastructure outside your country of residence before automatic deletion within 48 hours. Because the data is encrypted on your device before upload, neither Google nor Invisible String can read it.

Summary

Data Type Collected Stored on Our Servers Shared
Your Photos No (metadata only) No No
Photo Locations Yes (on device) Encrypted relay only (Firebase, <48h) With partner only
Photo Timestamps Yes (on device) Encrypted relay only (Firebase, <48h) With partner only
Your Name Yes Encrypted relay only (Firebase, <48h) With partner only
Payment Info No (Apple/Google handles) No No
Usage Analytics Yes (anonymous events) No (sent to TelemetryDeck) No

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Email: support@invisiblestringapp.com