CleanGo Privacy Policy

---

🛡️ Core Commitment: Strict Data Isolation

We understand your concern: "Will my private photos be seen by Facebook or other third parties?"

The answer is: NEVER. We have built a technical firewall to completely isolate your personal content from analytics data:

Data Type	Processed Locally?	Accessible by Third Parties?
📸 Your Photos & Videos	✅ YES 100% processed locally	❌ NEVER Blocked by technical design
📍 Photo Metadata (GPS/Time)	✅ YES Used locally for sorting only	❌ NEVER Not collected or shared
📊 Usage Statistics (Clicks, Purchase events)	Processed Locally	✅ Limited Access Shared for App Analytics
🆔 Advertising ID (IDFA)	N/A	✅ Optional Collected only with your permission

0. Scope and Key Definitions

This Privacy Policy applies to the CleanGo mobile application for iPhone devices running iOS.

Key Terms:

• "We" / "Developer" = EnerKit Pte. Ltd.
• "App" / "CleanGo" = This iPhone app (local processing only)
• "You" / "User" = The person who installs and uses this App
• "Local Data" = Cache and settings stored on your device only (never uploaded)

1. Information We Collect (and Do Not Collect)

1.1 Photo Library Access (Purely Local)

Purpose Statement: This App requires access to your photo library to implement core functionality.

We scan the following types of media files (locally only):

• Similar Photos: Visually similar photos
• Blurry Photos: Photos with low clarity
• Video Files: Especially large videos
• Screenshots: Device screenshots
• Live Photos: Dynamic photos

1.1.1 About Similar Photo Recognition Technology (pHash)

This App uses "Perceptual Hash" (pHash) technology to identify similar photos:

• Algorithm Principle: pHash is a one-way digital fingerprint algorithm that converts photos into 144-bit digital fingerprints for similarity comparison.
• Security Guarantee: This algorithm is irreversible and cannot restore the original photo from pHash.
• Storage Location: pHash is only stored in local SQLite database and cache files.

1.1.2 Basic Properties We Read (Local Use Only)

This App reads the following basic properties via iOS Photos framework (PHAsset API), strictly for classification and sorting, never uploaded:

• Creation Date (Creation Date) - Used for time sorting and date filtering
• Resolution (Pixel Width/Height) - Used to calculate storage space usage
• File Type (Media Type) - To distinguish photos from videos
• Media Subtypes (Media Subtypes) - To identify screenshots, panoramas, Live Photos, etc.
• Duration (Duration) - For videos only, to display duration

1.1.3 Sensitive Information We Explicitly Do NOT Read

This App explicitly commits NOT to read or store the following sensitive photo metadata (EXIF information):

• ❌ GPS Geographic Location Information (does not access PHAsset.location)
• ❌ Shooting Parameters (ISO, shutter speed, etc.)
• ❌ Face Recognition Data (does not access PHFace related APIs)
• ❌ User Annotations (titles, descriptions, keywords)

1.2 Usage Data and Local Storage

1.2.1 Local Statistics (Not Uploaded)

To display your cleaning achievements, we store the following data locally on your device:

• Cleaning History: Records of the last 100 cleaning operations (date, count, space freed).
• Lifetime Achievements: Statistics on total space freed.

This data is stored only in local UserDefaults and is cleared when you delete the app.

1.2.2 Analytics Data (Uploaded)

To improve app performance and optimize marketing, we collect the following non-personal data:

• Device Information: Model, OS version, language, time zone.
• App Events: Launch, feature usage (e.g., "cleaned 5 photos").
• Purchase History: Subscription status, transaction timestamp (for account status validation).
• Attribution Data: How you found our app (e.g., via which ad channel).

1.3 Location Information

Important: We do not directly collect your precise location or access your GPS data.

However, our third-party analytics providers (AppsFlyer, Facebook SDK) may infer your coarse location (Country/City level) based on your IP address. This is a standard feature of these SDKs, used for the following purposes:

Technical Details:

• Location information is derived from IP address resolution, not GPS positioning
• Accuracy is limited to city level (e.g., "Singapore, Singapore" or "San Francisco, USA")
• This data is not linked to your photos or personally identifiable information
• We do not store or process location data ourselves; it is only processed by third-party SDKs

Your Control:

• You can limit IDFA collection by disabling ATT tracking (iOS Settings > Privacy & Security > Tracking)
• Even if you decline ATT, SDKs may still perform anonymous region-level analysis based on IP address, but cannot link data to your device ID
• The core functionality of the app (photo cleaning) does not depend on location data at all

1.4 Information We Explicitly Do NOT Collect

Except for the necessary analytics data mentioned above, we do not collect:

• ❌ Your name, phone number, email (unless you contact support)
• ❌ Your address book contacts
• ❌ Your precise geographic location (GPS)
• ❌ Your photo and video content
• ❌ Your microphone recordings

1.5 Third-Party Services and SDKs

We use trusted third-party service providers to assist with analytics and attribution:

• AppsFlyer: For mobile attribution and marketing analytics.
• Facebook SDK (Meta): For measuring ad performance.

1.6 Cookies and Similar Technologies

As a native iOS app, we do not use traditional web Cookies. However, our third-party SDKs may use similar technologies:

• IDFV (Identifier for Vendor): Automatically generated by iOS, used for app analytics. Resets when all apps from the same vendor are deleted.
• IDFA (Identifier for Advertisers): Requires your ATT authorization. Used for ad attribution and measurement.
• Local Storage: UserDefaults and file cache to store app preferences and scan results.

Your Control:

• ATT Permission: Control IDFA access via iOS Settings > Privacy & Security > Tracking
• Reset Advertising Identifier: iOS Settings > Privacy & Security > Apple Advertising > Reset Advertising Identifier
• Clear Local Data: Uninstall the app or use in-app "Clear Cache" feature

2. How We Use Information

We use information solely for the following purposes:

1. Core Functionality (Local): To organize and clean your photo album.
2. App Improvement: To analyze crash rates and feature popularity.
3. Marketing Effectiveness: To understand the effectiveness of promotion channels.

2.1 Automated Suggestions and Decision-Making

The app uses algorithms to automatically detect similar/blurry photos and suggest cleaning. These decisions are made entirely on your device, and deletion requires your manual confirmation.

What Our Algorithm Does:

• Analyzes photo visual similarity using perceptual hash (pHash)
• Evaluates photo clarity/sharpness for blur detection
• Identifies media types (screenshots, Live Photos, videos)
• Calculates storage space impact

What It Does NOT Do:

• Make decisions based on sensitive personal characteristics (race, religion, health, etc.)
• Affect your access to services, employment, or credit
• Profile you for discriminatory purposes
• Share analysis results with third parties

3. Data Sharing

We take your privacy seriously. This section details who we share data with and why.

3.1 We Do Not Sell Your Personal Information

3.2 Who We Share Data With (and Why)

3.2.1 Service Providers (Contractually Bound)

We share limited usage data (not photo content) with the following service providers who are contractually obligated to protect your data:

Service Provider	Data Types Shared	Purpose	Data Control
AppsFlyer	Device ID, IDFA (optional), App Events, Region Info (IP-derived)*	Marketing Attribution Analysis	Data Processing Agreement (DPA)
Meta/Facebook	Advertising ID, Purchase Events, App Install Events	Ad Effectiveness Measurement	Standard Data Processing Terms
Apple (StoreKit)	Apple ID (hashed), Subscription Transactions	In-App Purchase Processing	Apple Privacy Policy

*Note on Region Info: We do not collect or upload location data. AppsFlyer automatically infers your region from your IP address when connecting to their servers (server-side analysis). See Section 1.3 for details.

3.2.2 Legal Requirements (Passive Sharing)

We may be compelled to disclose your information in the following circumstances:

• Legal Process: Responding to subpoenas, court orders, search warrants, or other legal processes
• Government Requests: Complying with applicable laws, regulations, or government requests
• Rights Protection: Protecting our or users' rights, property, or safety

3.2.3 Business Transfers (Rare Event)

If a merger, acquisition, or bankruptcy occurs, your information may be transferred. We will provide at least 30 days' advance notice.

3.3 What We Do NOT Share

4. Data Security

Protecting your data is our top priority. We have implemented multi-layered technical and organizational measures to prevent unauthorized access, use, disclosure, alteration, or destruction of your information.

4.1 Technical Security Measures

• Transmission Encryption: All network communications with third-party services (AppsFlyer, Meta) use TLS 1.2+ encryption protocols to prevent data interception during transmission.
• Local Storage Protection:
  • Local cache files (scan_cache.json, scan_cache.sqlite) contain only metadata (photo IDs, file sizes), not photo content
  • These files use iOS Data Protection mechanism, encrypted when device is locked
  • All cache files are marked as excluded from iCloud backup to prevent cloud leakage
• Memory Security: Photo processing occurs in memory and is immediately released after completion, leaving no traces.
• Principle of Least Privilege: The app only requests the minimum permissions necessary for core functionality (photo library access, optional ATT tracking).

4.2 Organizational Security Measures

• Third-Party SDK Vetting: We only integrate industry-recognized, security-audited SDKs (AppsFlyer, Meta).
• Regular Security Assessments: We regularly review our code and privacy practices to ensure compliance with the latest security standards.
• Developer Training: Our development team receives training on privacy and security best practices.
• Data Minimization: We only collect and process data necessary to deliver functionality.

4.3 Third-Party Service Provider Security

Our service providers (AppsFlyer, Meta) commit to:

• Complying with industry-standard security certifications (e.g., ISO 27001, SOC 2)
• Implementing data encryption, access controls, and regular security audits
• Protecting your data and complying with privacy regulations per contractual obligations

4.4 Security Limitations & Disclaimers

4.5 Your Security Responsibilities

Please also take measures to protect yourself:

• Keep your iOS system and app updated to the latest version
• Use strong passwords to protect your Apple ID and device
• Enable biometric lock (Face ID/Touch ID) on your device
• Do not jailbreak your device, as this weakens iOS security protections

4.6 Data Breach Response

If a security incident affecting your personal data occurs, we will:

1. Immediately take measures to contain and remediate the breach
2. Notify you within 72 hours (if legally required)
3. Notify relevant regulatory authorities as required by law
4. Provide guidance on steps you can take to protect yourself

Note: Due to our local-only photo processing architecture (see Section 4.1), your photos would not be affected in a breach event.

5. International Data Transfers

CleanGo is developed and operated by EnerKit Pte. Ltd., a company registered in Singapore. However, the third-party service providers we use may operate servers and process data in other countries.

5.1 Data Transfer Destinations

Your usage data (not photo content) may be transferred to the following regions:

Service Provider	Data Processing Locations	Data Types
AppsFlyer	United States, EU (Ireland, Germany)	Device ID, App Events, Region Info (IP-derived)*
Meta/Facebook SDK	United States, Ireland (EU Data Center)	Advertising ID, App Events, Purchase Data
Apple (StoreKit)	Based on your Apple ID region	Subscription Info, Transaction Records

*Note on Region Info: We do not collect or upload location data. AppsFlyer automatically infers your region (country/city level) from your IP address when your device connects to their servers. This is a server-side analysis, not data we transmit. See Section 1.3 for details.

5.2 Data Protection Standards

Data protection laws in these countries may differ from those in your location. We ensure data transfers comply with the following standards:

• Standard Contractual Clauses (SCCs): Our service providers commit to EU Commission-approved Standard Contractual Clauses, ensuring an appropriate level of data protection.
• EU-U.S. Data Privacy Framework (DPF): AppsFlyer and Meta participate in and are certified under the DPF, providing safeguards for transatlantic data transfers.
• APEC Cross-Border Privacy Rules (CBPR): As an Asia-Pacific company, we commit to the APEC CBPR system.

5.3 For EU/European Economic Area (EEA) Users

If you are located in the EU/EEA:

• Your data transfers to the U.S. are based on Standard Contractual Clauses (SCCs) and our service providers' data protection commitments
• You have the right to request a copy of the applicable data transfer mechanisms (Contact: cleango_ios@support.enerkit.life)
• The European Commission recognizes certain countries (such as Singapore) as providing adequate data protection

5.4 For California Users (CCPA)

Under CCPA, we disclose to you that:

• Your personal information may be transferred outside the United States for processing
• We do not sell your personal information (including cross-border sharing)
• You have the right to opt out of certain data sharing (via ATT permission controls)

5.5 Your Rights and Choices

If you do not agree to have your data transferred to other countries:

• You can decline ATT tracking permission, which will significantly reduce data transfers
• You may choose not to use the app, though this means you cannot enjoy our services
• The app's core functionality (photo scanning and cleaning) runs entirely locally and does not involve data transfers

6. Data Retention

• Photos/Videos: Forever retained on your device; we do not retain them.
• Local Cache: Retained on device until you delete the app or clear cache.
• Analytics Data: Retained by third-party providers according to their policies (typically anonymized after 24 months).

6.5 Local Cache Storage Details

To improve app performance and user experience, we store the following local data on your device. This data is only saved on your device and is never uploaded to our servers.

6.5.1 Scan Cache

Files: scan_cache.json, scan_cache.sqlite

• Purpose: Save your last scan results to avoid re-scanning your entire photo library each time you open the app
• Contents:
  • Photo and video unique identifiers (localIdentifier)
  • File size, format, creation date, and other metadata
  • Perceptual hash values (for similar photo detection)
  • Blur scores, duplicate flags, and other analysis results
  • Does NOT contain: Actual photo/video content, thumbnails, GPS locations
• Retention Period: Permanently saved until you:
  • Manually clear cache in app settings
  • Uninstall the app
  • Or reset your iOS device
• Size: Typically 1-10 MB (depending on photo library size)
• Security:
  • Encrypted using iOS Data Protection mechanism (inaccessible when device is locked)
  • Marked as excluded from iCloud backup (ensures no cloud leakage)
  • Other apps cannot access (iOS sandbox mechanism)

How to View or Delete Local Data:

• View Storage Size: iOS Settings > General > iPhone Storage > CleanGo
• Clear Cache: In-app "Settings" > "Clear Cache" (retains settings)
• Complete Deletion: Uninstall the app (deletes all local data)

7. Your Rights and Choices

We respect and protect your control over your personal data. Depending on your location and applicable privacy laws (including but not limited to GDPR, CCPA, PDPA), you may have the following rights:

7.1 General User Rights

2. Right to Rectification

If you believe the data we hold about you is inaccurate or incomplete, you have the right to request correction.

3. Right to Erasure / Right to be Forgotten

You may request deletion of your personal data in the following circumstances:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent and there is no other legal basis
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Legal compliance requires deletion

Note: Some data may be retained due to legal obligations (e.g., tax records).

4. Right to Restriction of Processing

You can request that we temporarily limit our processing of your data when:

• You contest the accuracy of the data (during our verification)
• Processing is unlawful, but you do not want the data erased
• We no longer need the data, but you require it for legal claims

5. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

6. Right to Object

You have the right to object to our processing of your data based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.

7. Right to Withdraw Consent

If we process your data based on your consent, you have the right to withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).

7.2 How to Exercise Your Rights

To exercise any of the above rights, please contact us via:

7.3 California Residents' Special Rights (CCPA/CPRA)

If you are a California resident, in addition to the above rights, you also have:

7.4 EU/EEA Residents' Special Rights (GDPR)

If you are located in the EU/EEA, you also have:

• Right to Lodge a Complaint: If you believe we have violated GDPR, you have the right to lodge a complaint with your national data protection authority.
• Right to Object to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing. (Note: CleanGo does not engage in such automated decision-making)

7.5 In-App Controls

In addition to the above rights, you can directly control certain data collection in the app and iOS settings:

7.5.1 Opt-Out of Tracking

• iOS Tracking Control: Go to Settings > Privacy & Security > Tracking and toggle off for CleanGo
• Effect: This prevents us from accessing your IDFA, limiting ad attribution
• Impact: Does not affect core app functionality (photo cleaning)

7.5.2 Photo Access Control

• Permission Management: Go to Settings > CleanGo > Photos, you can choose:
  • "None": App cannot access photos (core functionality unavailable)
  • "Selected Photos": Only allows access to photos you choose
  • "All Photos": Allows full access (recommended for all features)

7.5.3 Clear Local Data

• Method 1: Uninstall the app (will delete all local cache and settings)
• Method 2: In the app's "Settings" page, tap "Clear Cache"
• Note: Photos themselves will not be deleted, only scan cache

8. Children's Privacy

8.1 Age Restrictions

Our service is not directed to children under the age of:

• 13 years old (in the United States and most countries, per COPPA)
• 16 years old (in the European Union/EEA, per GDPR)

We do not knowingly collect, use, or disclose personal information from children below these age thresholds.

8.2 Parental Consent

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at cleango_ios@support.enerkit.life. We will:

• Verify the claim and the child's age
• Delete the child's information from our systems within 30 days
• Cease any data collection related to that child

8.3 Parental Controls

We recommend parents take the following measures to protect their children:

• Screen Time: Use iOS "Screen Time" features to restrict app usage by age
• App Restrictions: Enable "Ask to Buy" in Family Sharing to prevent unauthorized purchases
• Photo Access: Review and limit photo library access permissions
• Supervision: Monitor children's device usage and discuss online safety

8.4 No Targeted Advertising to Children

We do not serve targeted advertising to children or knowingly collect data for such purposes. Our app does not display in-app advertisements.

9. Changes to Privacy Policy

We may update this policy from time to time. Material changes will be notified via in-app notice. Continued use of the app constitutes acceptance of the updates.

10. Contact Us

If you have privacy questions, please contact:

• Email: cleango_ios@support.enerkit.life
• Company: EnerKit Pte. Ltd. (Singapore)