MAX Cleaner Privacy Policy

Effective Date: June 29, 2025
Developer: EnerKit Pte. Ltd.
"Photos and Videos Never Leave Your Device. Emails Are Processed Securely."

Your privacy is our top priority. We strictly isolate personal content from usage data.


🛡️ Core Commitment: Strict Data Isolation

We understand your concern: "Will my private photos or emails be seen by Facebook or other third parties?"

The answer is: NEVER. We have built a technical firewall to completely isolate your personal content from analytics data:

Data Type Processed Locally? Accessible by Third Parties?
📸 Your Photos & Videos YES
100% processed locally
NEVER
Blocked by technical design
📍 Photo Metadata (GPS/Time) YES
Used locally for sorting only
NEVER
Not collected or shared
📊 Usage Statistics
(Clicks, Purchase events)
Processed Locally Limited Access
Shared for App Analytics
🆔 Advertising ID (IDFA) N/A Optional
Collected only with your permission
📧 Your Gmail Data
(Email content, sender info)
YES
Processed on-device only
NEVER
Not transmitted to our servers

0. Scope and Key Definitions

This Privacy Policy applies to the MAX Cleaner mobile application for iPhone devices running iOS.

Key Terms:

Scope Limitation: This policy does not cover third-party services or activities you initiate outside the App (e.g., manual sharing, backups).

1. Information We Collect (and Do Not Collect)

1.1 Photo Library Access (Purely Local)

Purpose Statement: This App requires access to your photo library to implement core functionality.

We scan the following types of media files (locally only):

Technical Safeguards:

1.1.1 About Similar Photo Recognition Technology (pHash)

This App uses "Perceptual Hash" (pHash) technology to identify similar photos:

1.1.2 Basic Properties We Read (Local Use Only)

This App reads the following basic properties via iOS Photos framework (PHAsset API), strictly for classification and sorting, never uploaded:

1.1.3 Sensitive Information We Explicitly Do NOT Read

This App explicitly commits NOT to read or store the following sensitive photo metadata (EXIF information):

1.2 Usage Data and Local Storage

1.2.1 Local Statistics (Not Uploaded)

To display your cleaning achievements, we store the following data locally on your device:

This data is stored only in local UserDefaults and is cleared when you delete the app.

1.2.2 Analytics Data (Uploaded)

To improve app performance and optimize marketing, we collect the following non-personal data:

1.3 Location Information

Important: We do not directly collect your precise location or access your GPS data.

However, our third-party analytics providers (AppsFlyer, Facebook SDK) may infer your coarse location (Country/City level) based on your IP address. This is a standard feature of these SDKs, used for the following purposes:

Collection Purposes:

Technical Details:

Your Control:

1.4 Information We Explicitly Do NOT Collect

Except for the necessary analytics data mentioned above, we do not collect:

1.5 Third-Party Services and SDKs

We use trusted third-party service providers to assist with analytics, attribution, and functionality:

Important: Third-party analytics SDKs (AppsFlyer, Facebook) do NOT have access to your Gmail data. Gmail data is only communicated between your device and Google's servers via the Gmail API.

1.5.1 Camera & Microphone Access

The App declares camera and microphone permissions in its configuration. These are used exclusively for attaching photos or video recordings when you submit feedback through our in-app support form (powered by Zendesk). We do not proactively activate your camera or microphone at any other time.

1.5.2 Local Notifications

The App may send local push notifications (not server-pushed) to remind you about cleaning schedules, subscription status, or feature tips. These notifications are generated and scheduled entirely on your device. No notification content or interaction data is sent to our servers. You can disable notifications at any time via iOS Settings > Notifications > MAX Cleaner.

1.5.3 Crash Reporting (Firebase Crashlytics)

To diagnose app crashes and improve stability, we use Firebase Crashlytics which collects:

Crashlytics does NOT collect or have access to your photos, videos, or email data.

1.6 Cookies and Similar Technologies

As a native iOS app, we do not use traditional web Cookies. However, our third-party SDKs may use similar technologies:

Your Control:

1.7 Gmail Data Access (Email Cleaner Feature)

Google API Services User Data Policy Compliance: MAX Cleaner's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

1.7.1 What Gmail Data We Access

When you voluntarily connect your Google account via "Sign in with Google," we request access to the following Gmail data through Google OAuth 2.0:

OAuth Scope Data Accessed Purpose
gmail.readonly Email message headers (sender, subject, date), message metadata Identify subscription emails and categorize junk mail
gmail.modify Ability to modify email labels, archive, and delete messages Unsubscribe from unwanted senders, delete junk mail, archive emails
gmail.settings.basic Email filter/forwarding settings Create filters to block future emails from unsubscribed senders
userinfo.email Your Gmail address Display your connected account
userinfo.profile Your name and profile photo Display your account identity in the app

1.7.2 How We Process Gmail Data

Local Processing Only: All Gmail data is processed entirely on your device. Email content is fetched directly from Google's servers to your device via the Gmail API, processed locally, and displayed in the app. We do NOT relay, store, or cache your email data on any server operated by us.

1.7.3 How We Use Gmail Data

We use your Gmail data exclusively for the following purposes:

We do NOT use Gmail data for:

1.7.4 Gmail Data Storage and Retention

1.7.5 Gmail Data Sharing

We do NOT share, transfer, or disclose your Gmail data to any third party.

1.7.6 Revoking Gmail Access

You can disconnect your Google account at any time:

Upon disconnection:

2. How We Use Information

We use information solely for the following purposes:

  1. Core Functionality (Local): To organize and clean your photo album and email inbox.
  2. App Improvement: To analyze crash rates and feature popularity.
  3. Marketing Effectiveness: To understand the effectiveness of promotion channels.

2.1 Automated Suggestions and Decision-Making

The app uses algorithms to automatically detect similar/blurry photos and suggest cleaning, and to identify subscription emails and junk mail. These decisions are made entirely on your device, and all actions (deletion, unsubscription) require your manual confirmation.

Important Clarification (GDPR Compliance):

Our app uses algorithm-based suggestions but does NOT engage in automated decision-making as defined by GDPR Article 22. Specifically:

What Our Algorithm Does:

What It Does NOT Do:

3. Data Sharing

We take your privacy seriously. This section details who we share data with and why.

3.1 We Do Not Sell Your Personal Information

Important Statement:

3.2 Who We Share Data With (and Why)

3.2.1 Service Providers (Contractually Bound)

We share limited usage data (not photo content) with the following service providers who are contractually obligated to protect your data:

Service Provider Data Types Shared Purpose Data Control
AppsFlyer Device ID, IDFA (optional), App Events, Region Info (IP-derived)* Marketing Attribution Analysis Data Processing Agreement (DPA)
Meta/Facebook Advertising ID, Purchase Events, App Install Events Ad Effectiveness Measurement Standard Data Processing Terms
Apple (StoreKit) Apple ID (hashed), Subscription Transactions In-App Purchase Processing Apple Privacy Policy
Google Firebase Device Info, Crash Logs (with anonymous user ID), Performance Data, App Events App Analytics, Crash Reporting, Performance Monitoring Google Privacy Policy
Google Gmail API OAuth tokens (device-to-Google only) Email Cleaner feature — all data stays between your device and Google Google API Services User Data Policy
BytePower (Caspian) Device ID (CUID), IDFV, IDFA (if granted), AppsFlyer ID, ATT status, country code, IAP receipts Purchase receipt validation & custom event analytics Data Processing Agreement (DPA)
Zendesk User-written feedback text, app diagnostics (device info, subscription status) Customer support ticket processing Zendesk Privacy Policy
TestSolution (Autopilot) Device ID (CUID), experiment group assignment, feature usage events A/B testing to improve user experience Data Processing Agreement (DPA)

*Note on Region Info: We do not collect or upload location data. AppsFlyer automatically infers your region from your IP address when connecting to their servers (server-side analysis). See Section 1.3 for details.

3.2.2 Legal Requirements (Passive Sharing)

We may be compelled to disclose your information in the following circumstances:

3.2.3 Business Transfers (Rare Event)

If a merger, acquisition, or bankruptcy occurs, your information may be transferred. We will provide at least 30 days' advance notice.

3.3 What We Do NOT Share

Absolutely NOT Shared:

4. Data Security

Protecting your data is our top priority. We have implemented multi-layered technical and organizational measures to prevent unauthorized access, use, disclosure, alteration, or destruction of your information.

4.1 Technical Security Measures

Core Architecture Security:

4.2 Organizational Security Measures

4.3 Third-Party Service Provider Security

Our service providers (AppsFlyer, Meta) commit to:

4.4 Security Limitations & Disclaimers

Important Notice:

While we implement reasonable security measures, please understand that:

4.5 Your Security Responsibilities

Please also take measures to protect yourself:

4.6 Data Breach Response

If a security incident affecting your personal data occurs, we will:

  1. Immediately take measures to contain and remediate the breach
  2. Notify you within 72 hours (if legally required)
  3. Notify relevant regulatory authorities as required by law
  4. Provide guidance on steps you can take to protect yourself

Note: Due to our local-only processing architecture (see Section 4.1), your photos and Gmail data would not be affected in a breach event.

5. International Data Transfers

MAX Cleaner is developed and operated by EnerKit Pte. Ltd., a company registered in Singapore. However, the third-party service providers we use may operate servers and process data in other countries.

5.1 Data Transfer Destinations

Your usage data (not photo content) may be transferred to the following regions:

Service Provider Data Processing Locations Data Types
AppsFlyer United States, EU (Ireland, Germany) Device ID, App Events, Region Info (IP-derived)*
Meta/Facebook SDK United States, Ireland (EU Data Center) Advertising ID, App Events, Purchase Data
Apple (StoreKit) Based on your Apple ID region Subscription Info, Transaction Records

*Note on Region Info: We do not collect or upload location data. AppsFlyer automatically infers your region (country/city level) from your IP address when your device connects to their servers. This is a server-side analysis, not data we transmit. See Section 1.3 for details.

5.2 Data Protection Standards

Data protection laws in these countries may differ from those in your location. We ensure data transfers comply with the following standards:

5.3 For EU/European Economic Area (EEA) Users

If you are located in the EU/EEA:

5.4 For California Users (CCPA)

Under CCPA, we disclose to you that:

5.5 Your Rights and Choices

If you do not agree to have your data transferred to other countries:

6. Data Retention

6.5 Local Cache Storage Details

To improve app performance and user experience, we store the following local data on your device. This data is only saved on your device and is never uploaded to our servers.

6.5.1 Scan Cache

Files: scan_cache.json, scan_cache.sqlite

How to View or Delete Local Data:

7. Your Rights and Choices

We respect and protect your control over your personal data. Depending on your location and applicable privacy laws (including but not limited to GDPR, CCPA, PDPA), you may have the following rights:

7.1 General User Rights

1. Right to Access

You have the right to request a copy of the personal data we hold about you, including:

2. Right to Rectification

If you believe the data we hold about you is inaccurate or incomplete, you have the right to request correction.

3. Right to Erasure / Right to be Forgotten

You may request deletion of your personal data in the following circumstances:

Note: Some data may be retained due to legal obligations (e.g., tax records).

4. Right to Restriction of Processing

You can request that we temporarily limit our processing of your data when:

5. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

6. Right to Object

You have the right to object to our processing of your data based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.

7. Right to Withdraw Consent

If we process your data based on your consent, you have the right to withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).

7.2 How to Exercise Your Rights

To exercise any of the above rights, please contact us via:

📧 Email: maxcleaner_ios@support.enerkit.life

📝 Subject Line Format: "Privacy Rights Request - [Your Right Type]"

For example: "Privacy Rights Request - Data Access" or "Privacy Rights Request - Data Deletion"

📄 Your Request Should Include:

⏱️ Response Time: We will respond to your request within 30 days of receipt. If the situation is complex, we may extend to 60 days and will notify you in advance.

7.3 California Residents' Special Rights (CCPA/CPRA)

If you are a California resident, in addition to the above rights, you also have:

"Do Not Sell My Personal Information" Right:

We do NOT sell your personal information (have never sold, and will not sell).

Non-Discrimination Right:

We will not discriminate against you for exercising your CCPA rights (e.g., denying service, charging different prices, providing different quality of service).

7.4 EU/EEA Residents' Special Rights (GDPR)

If you are located in the EU/EEA, you also have:

7.5 In-App Controls

In addition to the above rights, you can directly control certain data collection in the app and iOS settings:

7.5.1 Opt-Out of Tracking

7.5.2 Photo Access Control

7.5.3 Clear Local Data

7.5.4 Gmail Access Control

8. Children's Privacy

8.1 Age Restrictions

Our service is not directed to children under the age of:

We do not knowingly collect, use, or disclose personal information from children below these age thresholds.

8.2 Parental Consent

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at maxcleaner_ios@support.enerkit.life. We will:

8.3 Parental Controls

We recommend parents take the following measures to protect their children:

8.4 No Targeted Advertising to Children

We do not serve targeted advertising to children or knowingly collect data for such purposes. Our app does not display in-app advertisements.

9. Google API Services — Limited Use Disclosure

MAX Cleaner's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In compliance with Google's Limited Use requirements, we confirm that:

  1. Limited Use: We only use Google user data (Gmail data) for providing and improving the Email Cleaner feature that the user has requested. We do not use this data for any other purpose.
  2. No Transfer: We do not transfer Google user data to third parties, except:
    • As necessary to provide or improve the Email Cleaner feature
    • To comply with applicable laws
    • As part of a merger, acquisition, or sale of assets (with prior user notice)
  3. No Use for Advertising: We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  4. No Human Reading: We do not allow humans to read Google user data, except:
    • With the user's affirmative agreement for specific messages
    • Where necessary for security purposes (e.g., investigating abuse)
    • To comply with applicable law

10. Changes to Privacy Policy

We may update this policy from time to time. Material changes will be notified via in-app notice. Continued use of the app constitutes acceptance of the updates.

11. Contact Us

If you have privacy questions, please contact: