MAX Cleaner Privacy Policy
Effective Date: June 29, 2025
Developer: EnerKit Pte. Ltd.
"Photos and Videos Never Leave Your Device. Emails Are Processed Securely."
Your privacy is our top priority. We strictly isolate personal content from usage data.
🛡️ Core Commitment: Strict Data Isolation
We understand your concern: "Will my private photos or emails be seen by Facebook or other third parties?"
The answer is: NEVER. We have built a technical firewall to completely isolate your personal content from analytics data:
| Data Type |
Processed Locally? |
Accessible by Third Parties? |
| 📸 Your Photos & Videos |
✅ YES 100% processed locally |
❌ NEVER Blocked by technical design |
| 📍 Photo Metadata (GPS/Time) |
✅ YES Used locally for sorting only |
❌ NEVER Not collected or shared |
📊 Usage Statistics (Clicks, Purchase events) |
Processed Locally |
✅ Limited Access Shared for App Analytics |
| 🆔 Advertising ID (IDFA) |
N/A |
✅ Optional Collected only with your permission |
📧 Your Gmail Data (Email content, sender info) |
✅ YES Processed on-device only |
❌ NEVER Not transmitted to our servers |
0. Scope and Key Definitions
This Privacy Policy applies to the MAX Cleaner mobile application for iPhone devices running iOS.
Key Terms:
- "We" / "Developer" = EnerKit Pte. Ltd.
- "App" / "MAX Cleaner" = This iPhone app (local processing only)
- "You" / "User" = The person who installs and uses this App
- "Local Data" = Cache and settings stored on your device only (never uploaded)
- "Gmail Data" = Email messages, sender information, subscription metadata, and filter settings accessed through Google Gmail API
Scope Limitation: This policy does not cover third-party services or activities you initiate outside the App (e.g., manual sharing, backups).
1. Information We Collect (and Do Not Collect)
1.1 Photo Library Access (Purely Local)
Purpose Statement: This App requires access to your photo library to implement core functionality.
We scan the following types of media files (locally only):
- Similar Photos: Visually similar photos
- Blurry Photos: Photos with low clarity
- Video Files: Especially large videos
- Screenshots: Device screenshots
- Live Photos: Dynamic photos
Technical Safeguards:
- Our local code (Swift) scans albums directly on your iPhone.
- Third-party SDKs (Facebook, AppsFlyer) have NO permission to access your PHAsset (Photo Library) objects.
- No photos, videos, or thumbnails are ever uploaded to any server.
1.1.1 About Similar Photo Recognition Technology (pHash)
This App uses "Perceptual Hash" (pHash) technology to identify similar photos:
- Algorithm Principle: pHash is a one-way digital fingerprint algorithm that converts photos into 144-bit digital fingerprints for similarity comparison.
- Security Guarantee: This algorithm is irreversible and cannot restore the original photo from pHash.
- Storage Location: pHash is only stored in local SQLite database and cache files.
1.1.2 Basic Properties We Read (Local Use Only)
This App reads the following basic properties via iOS Photos framework (PHAsset API), strictly for classification and sorting, never uploaded:
- Creation Date (Creation Date) - Used for time sorting and date filtering
- Resolution (Pixel Width/Height) - Used to calculate storage space usage
- File Type (Media Type) - To distinguish photos from videos
- Media Subtypes (Media Subtypes) - To identify screenshots, panoramas, Live Photos, etc.
- Duration (Duration) - For videos only, to display duration
1.1.3 Sensitive Information We Explicitly Do NOT Read
This App explicitly commits NOT to read or store the following sensitive photo metadata (EXIF information):
- GPS Geographic Location Information (photo location metadata may be read as part of asset properties on-device but is never uploaded, shared, or displayed to any party)
- Shooting Parameters (ISO, shutter speed, etc.)
- Face Recognition Data (does not access PHFace related APIs)
- User Annotations (titles, descriptions, keywords)
1.2 Usage Data and Local Storage
1.2.1 Local Statistics (Not Uploaded)
To display your cleaning achievements, we store the following data locally on your device:
- Cleaning History: Records of the last 100 cleaning operations (date, count, space freed).
- Lifetime Achievements: Statistics on total space freed.
This data is stored only in local UserDefaults and is cleared when you delete the app.
1.2.2 Analytics Data (Uploaded)
To improve app performance and optimize marketing, we collect the following non-personal data:
- Device Information: Model, OS version, language, time zone.
- App Events: Launch, feature usage (e.g., "cleaned 5 photos").
- Purchase History: Subscription status, transaction timestamp (for account status validation).
- Attribution Data: How you found our app (e.g., via which ad channel).
1.3 Location Information
Important: We do not directly collect your precise location or access your GPS data.
However, our third-party analytics providers (AppsFlyer, Facebook SDK) may infer your coarse location (Country/City level) based on your IP address. This is a standard feature of these SDKs, used for the following purposes:
Collection Purposes:
- Understanding app usage and popularity across different regions
- Optimizing geographic targeting of marketing campaigns to provide more relevant promotions
- Analyzing regional differences in app performance to improve localization
- Detecting and preventing fraudulent activities
Technical Details:
- Location information is derived from IP address resolution, not GPS positioning
- Accuracy is limited to city level (e.g., "Singapore, Singapore" or "San Francisco, USA")
- This data is not linked to your photos or personally identifiable information
- We do not store or process location data ourselves; it is only processed by third-party SDKs
Your Control:
- You can limit IDFA collection by disabling ATT tracking (iOS Settings > Privacy & Security > Tracking)
- Even if you decline ATT, SDKs may still perform anonymous region-level analysis based on IP address, but cannot link data to your device ID
- The core functionality of the app (photo cleaning) does not depend on location data at all
1.4 Information We Explicitly Do NOT Collect
Except for the necessary analytics data mentioned above, we do not collect:
- Your name, phone number, email (unless you contact support or connect your Google account for the Email Cleaner feature)
- Your address book contacts
- Your precise geographic location (GPS)
- Your photo and video content
- Your email content on our servers (Gmail data stays between your device and Google)
- Your microphone recordings
1.5 Third-Party Services and SDKs
We use trusted third-party service providers to assist with analytics, attribution, and functionality:
- AppsFlyer: For mobile attribution and marketing analytics.
- Facebook SDK (Meta): For measuring ad performance.
- Google Firebase: For app analytics, performance monitoring, and crash reporting.
- Google Sign-In SDK & Gmail API: For authenticating your Google account and providing the Email Cleaner feature. These Google services process data according to Google's Privacy Policy.
- OpenCV: An open-source computer vision library used entirely on-device for photo similarity and blur detection. No data is sent to any server.
- Google Favicon Service: Used to fetch publicly available website icons for email sender avatars. Only the sender's domain name is sent to Google; no personal data or email content is transmitted.
Important: Third-party analytics SDKs (AppsFlyer, Facebook) do NOT have access to your Gmail data. Gmail data is only communicated between your device and Google's servers via the Gmail API.
1.5.1 Camera & Microphone Access
The App declares camera and microphone permissions in its configuration. These are used exclusively for attaching photos or video recordings when you submit feedback through our in-app support form (powered by Zendesk). We do not proactively activate your camera or microphone at any other time.
1.5.2 Local Notifications
The App may send local push notifications (not server-pushed) to remind you about cleaning schedules, subscription status, or feature tips. These notifications are generated and scheduled entirely on your device. No notification content or interaction data is sent to our servers. You can disable notifications at any time via iOS Settings > Notifications > MAX Cleaner.
1.5.3 Crash Reporting (Firebase Crashlytics)
To diagnose app crashes and improve stability, we use Firebase Crashlytics which collects:
- Crash stack traces and device state at the time of crash
- Device model, OS version, available memory
- An anonymous user identifier (CUID) to correlate multiple crashes from the same device
Crashlytics does NOT collect or have access to your photos, videos, or email data.
1.6 Cookies and Similar Technologies
As a native iOS app, we do not use traditional web Cookies. However, our third-party SDKs may use similar technologies:
- IDFV (Identifier for Vendor): Automatically generated by iOS, used for app analytics. Resets when all apps from the same vendor are deleted.
- IDFA (Identifier for Advertisers): Requires your ATT authorization. Used for ad attribution and measurement.
- Local Storage: UserDefaults and file cache to store app preferences and scan results.
Your Control:
- ATT Permission: Control IDFA access via iOS Settings > Privacy & Security > Tracking
- Reset Advertising Identifier: iOS Settings > Privacy & Security > Apple Advertising > Reset Advertising Identifier
- Clear Local Data: Uninstall the app or use in-app "Clear Cache" feature
- Revoke Gmail Access: Sign out from the Email Cleaner or revoke access at Google Account Permissions
1.7 Gmail Data Access (Email Cleaner Feature)
Google API Services User Data Policy Compliance: MAX Cleaner's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
1.7.1 What Gmail Data We Access
When you voluntarily connect your Google account via "Sign in with Google," we request access to the following Gmail data through Google OAuth 2.0:
| OAuth Scope |
Data Accessed |
Purpose |
| gmail.readonly |
Email message headers (sender, subject, date), message metadata |
Identify subscription emails and categorize junk mail |
| gmail.modify |
Ability to modify email labels, archive, and delete messages |
Unsubscribe from unwanted senders, delete junk mail, archive emails |
| gmail.settings.basic |
Email filter/forwarding settings |
Create filters to block future emails from unsubscribed senders |
| userinfo.email |
Your Gmail address |
Display your connected account |
| userinfo.profile |
Your name and profile photo |
Display your account identity in the app |
1.7.2 How We Process Gmail Data
Local Processing Only: All Gmail data is processed entirely on your device. Email content is fetched directly from Google's servers to your device via the Gmail API, processed locally, and displayed in the app. We do NOT relay, store, or cache your email data on any server operated by us.
- Email content (message body, attachments) is fetched and rendered locally on your device.
- Sender analysis (identifying subscription sources, counting emails per sender) is performed on-device.
- Unsubscribe actions are executed directly via the Gmail API from your device to Google's servers.
- Filter creation is submitted directly to Gmail's settings API from your device.
- No email data is ever transmitted to our servers or any third-party server other than Google's own Gmail API endpoints.
1.7.3 How We Use Gmail Data
We use your Gmail data exclusively for the following purposes:
- Displaying email senders and subscription sources in the app's Email Cleaner interface
- Identifying and categorizing unwanted subscriptions and junk mail
- Performing unsubscribe operations on your behalf (when you explicitly request it)
- Deleting junk mail or bulk emails (when you explicitly confirm deletion)
- Creating Gmail filters to block future emails from unsubscribed senders
We do NOT use Gmail data for:
- ❌ Advertising, ad targeting, or serving ads based on email content
- ❌ Market research, user profiling, or data mining
- ❌ Training machine learning models or AI systems
- ❌ Selling, renting, or sharing with any third party
- ❌ Any purpose unrelated to the Email Cleaner feature described above
1.7.4 Gmail Data Storage and Retention
- On-device cache: Minimal metadata (sender names, email counts) may be cached locally on your device for performance. This cache is cleared when you sign out of your Google account in the app or uninstall the app.
- No server-side storage: We do not store, log, or retain any of your Gmail data on our servers.
- Google's retention: Your emails remain on Google's servers per your Google Account settings. Our app does not affect Google's data retention policies.
1.7.5 Gmail Data Sharing
We do NOT share, transfer, or disclose your Gmail data to any third party.
- NOT accessible by any third-party SDK integrated in our app (AppsFlyer, Facebook SDK, Firebase)
- NOT transmitted to our servers or any intermediary
- NOT used for any purpose other than providing the Email Cleaner feature directly to you
- NOT transferred to any other application or service
1.7.6 Revoking Gmail Access
You can disconnect your Google account at any time:
- In-app: Use the "Sign Out" option in the Email Cleaner section
- Via Google: Visit Google Account Permissions and remove MAX Cleaner's access
Upon disconnection:
- All locally cached Gmail data is immediately deleted from your device
- The app can no longer access your Gmail account
- Your emails on Google's servers are unaffected
2. How We Use Information
We use information solely for the following purposes:
- Core Functionality (Local): To organize and clean your photo album and email inbox.
- App Improvement: To analyze crash rates and feature popularity.
- Marketing Effectiveness: To understand the effectiveness of promotion channels.
2.1 Automated Suggestions and Decision-Making
The app uses algorithms to automatically detect similar/blurry photos and suggest cleaning, and to identify subscription emails and junk mail. These decisions are made entirely on your device, and all actions (deletion, unsubscription) require your manual confirmation.
Important Clarification (GDPR Compliance):
Our app uses algorithm-based suggestions but does NOT engage in automated decision-making as defined by GDPR Article 22. Specifically:
- No Legal Effects: Our suggestions do not produce legal effects or similarly significantly affect you
- No Profiling: We do not create user profiles for advertising targeting or discriminatory analysis
- No Automatic Execution: All deletion and unsubscribe actions require your explicit manual confirmation
- Full User Control: You can override, ignore, or customize any suggestion at any time
What Our Algorithm Does:
- Analyzes photo visual similarity using perceptual hash (pHash)
- Evaluates photo clarity/sharpness for blur detection
- Identifies media types (screenshots, Live Photos, videos)
- Calculates storage space impact
- Identifies subscription email senders and categorizes junk mail based on email metadata
What It Does NOT Do:
- Make decisions based on sensitive personal characteristics (race, religion, health, etc.)
- Affect your access to services, employment, or credit
- Profile you for discriminatory purposes
- Share analysis results with third parties
- Read or analyze email content for advertising or marketing purposes
3. Data Sharing
We take your privacy seriously. This section details who we share data with and why.
3.1 We Do Not Sell Your Personal Information
Important Statement:
- We have never, do not, and will never sell your personal information
- We do not disclose your personal information to third parties for monetary or other valuable consideration
- This applies under the broad definition of "sale" per CCPA and other privacy laws
- We do not sell, share, or transfer your Gmail data to any third party for any reason
3.2 Who We Share Data With (and Why)
3.2.1 Service Providers (Contractually Bound)
We share limited usage data (not photo content) with the following service providers who are contractually obligated to protect your data:
| Service Provider |
Data Types Shared |
Purpose |
Data Control |
| AppsFlyer |
Device ID, IDFA (optional), App Events, Region Info (IP-derived)* |
Marketing Attribution Analysis |
Data Processing Agreement (DPA) |
| Meta/Facebook |
Advertising ID, Purchase Events, App Install Events |
Ad Effectiveness Measurement |
Standard Data Processing Terms |
| Apple (StoreKit) |
Apple ID (hashed), Subscription Transactions |
In-App Purchase Processing |
Apple Privacy Policy |
| Google Firebase |
Device Info, Crash Logs (with anonymous user ID), Performance Data, App Events |
App Analytics, Crash Reporting, Performance Monitoring |
Google Privacy Policy |
| Google Gmail API |
OAuth tokens (device-to-Google only) |
Email Cleaner feature — all data stays between your device and Google |
Google API Services User Data Policy |
| BytePower (Caspian) |
Device ID (CUID), IDFV, IDFA (if granted), AppsFlyer ID, ATT status, country code, IAP receipts |
Purchase receipt validation & custom event analytics |
Data Processing Agreement (DPA) |
| Zendesk |
User-written feedback text, app diagnostics (device info, subscription status) |
Customer support ticket processing |
Zendesk Privacy Policy |
| TestSolution (Autopilot) |
Device ID (CUID), experiment group assignment, feature usage events |
A/B testing to improve user experience |
Data Processing Agreement (DPA) |
*Note on Region Info: We do not collect or upload location data. AppsFlyer automatically infers your region from your IP address when connecting to their servers (server-side analysis). See Section 1.3 for details.
3.2.2 Legal Requirements (Passive Sharing)
We may be compelled to disclose your information in the following circumstances:
- Legal Process: Responding to subpoenas, court orders, search warrants, or other legal processes
- Government Requests: Complying with applicable laws, regulations, or government requests
- Rights Protection: Protecting our or users' rights, property, or safety
3.2.3 Business Transfers (Rare Event)
If a merger, acquisition, or bankruptcy occurs, your information may be transferred. We will provide at least 30 days' advance notice.
3.3 What We Do NOT Share
Absolutely NOT Shared:
- ❌ Your photos and videos (processed locally, never uploaded)
- ❌ GPS location information from photos
- ❌ Which specific photos you deleted
- ❌ Your email messages, email content, or email metadata
- ❌ Your Gmail sender information or subscription data
- ❌ Your email addresses or contact information obtained from Gmail
4. Data Security
Protecting your data is our top priority. We have implemented multi-layered technical and organizational measures to prevent unauthorized access, use, disclosure, alteration, or destruction of your information.
4.1 Technical Security Measures
Core Architecture Security:
- Photo Isolation Design: Your photos and videos never leave your device. Our code processes your photo library directly on your iPhone, and third-party SDKs are technically prevented (via code isolation and permission restrictions) from accessing PHAsset (Photo Library API) objects.
- Email Isolation Design: Your Gmail data is communicated exclusively between your device and Google's servers via encrypted HTTPS connections. Third-party analytics SDKs integrated in our app cannot access Gmail API responses or cached email data.
- Zero-Upload Architecture: There is no photo/video upload or email data upload functionality in the app's code. Even in the event of a data breach, your personal content would not be affected.
- Transmission Encryption: All network communications with our service providers use HTTPS (TLS 1.2+) encryption protocols to prevent data interception during transmission.
- Local Storage Protection:
- Local cache files (scan_cache.json, scan_cache.sqlite) contain only metadata (photo IDs, file sizes), not photo content
- These files use iOS Data Protection mechanism, encrypted when device is locked
- All cache files are marked as excluded from iCloud backup to prevent cloud leakage
- Memory Security: Photo processing occurs in memory and is immediately released after completion, leaving no traces.
- Principle of Least Privilege: The app only requests the minimum permissions necessary for core functionality (photo library access, optional ATT tracking).
4.2 Organizational Security Measures
- Third-Party SDK Vetting: We only integrate industry-recognized, security-audited SDKs (AppsFlyer, Meta).
- Regular Security Assessments: We regularly review our code and privacy practices to ensure compliance with the latest security standards.
- Developer Training: Our development team receives training on privacy and security best practices.
- Data Minimization: We only collect and process data necessary to deliver functionality.
4.3 Third-Party Service Provider Security
Our service providers (AppsFlyer, Meta) commit to:
- Complying with industry-standard security certifications (e.g., ISO 27001, SOC 2)
- Implementing data encryption, access controls, and regular security audits
- Protecting your data and complying with privacy regulations per contractual obligations
4.4 Security Limitations & Disclaimers
Important Notice:
While we implement reasonable security measures, please understand that:
- No method of internet transmission or electronic storage is 100% secure
- We cannot guarantee absolute security, but we commit to our best efforts to protect your data
- If you discover any security vulnerabilities, please contact us immediately (Email: maxcleaner_ios@support.enerkit.life)
4.5 Your Security Responsibilities
Please also take measures to protect yourself:
- Keep your iOS system and app updated to the latest version
- Use strong passwords to protect your Apple ID and device
- Enable biometric lock (Face ID/Touch ID) on your device
- Do not jailbreak your device, as this weakens iOS security protections
4.6 Data Breach Response
If a security incident affecting your personal data occurs, we will:
- Immediately take measures to contain and remediate the breach
- Notify you within 72 hours (if legally required)
- Notify relevant regulatory authorities as required by law
- Provide guidance on steps you can take to protect yourself
Note: Due to our local-only processing architecture (see Section 4.1), your photos and Gmail data would not be affected in a breach event.
5. International Data Transfers
MAX Cleaner is developed and operated by EnerKit Pte. Ltd., a company registered in Singapore. However, the third-party service providers we use may operate servers and process data in other countries.
5.1 Data Transfer Destinations
Your usage data (not photo content) may be transferred to the following regions:
| Service Provider |
Data Processing Locations |
Data Types |
| AppsFlyer |
United States, EU (Ireland, Germany) |
Device ID, App Events, Region Info (IP-derived)* |
| Meta/Facebook SDK |
United States, Ireland (EU Data Center) |
Advertising ID, App Events, Purchase Data |
| Apple (StoreKit) |
Based on your Apple ID region |
Subscription Info, Transaction Records |
*Note on Region Info: We do not collect or upload location data. AppsFlyer automatically infers your region (country/city level) from your IP address when your device connects to their servers. This is a server-side analysis, not data we transmit. See Section 1.3 for details.
5.2 Data Protection Standards
Data protection laws in these countries may differ from those in your location. We ensure data transfers comply with the following standards:
- Standard Contractual Clauses (SCCs): Our service providers commit to EU Commission-approved Standard Contractual Clauses, ensuring an appropriate level of data protection.
- EU-U.S. Data Privacy Framework (DPF): AppsFlyer and Meta participate in and are certified under the DPF, providing safeguards for transatlantic data transfers.
- APEC Cross-Border Privacy Rules (CBPR): As an Asia-Pacific company, we commit to the APEC CBPR system.
5.3 For EU/European Economic Area (EEA) Users
If you are located in the EU/EEA:
- Your data transfers to the U.S. are based on Standard Contractual Clauses (SCCs) and our service providers' data protection commitments
- You have the right to request a copy of the applicable data transfer mechanisms (Contact: maxcleaner_ios@support.enerkit.life)
- The European Commission recognizes certain countries (such as Singapore) as providing adequate data protection
5.4 For California Users (CCPA)
Under CCPA, we disclose to you that:
- Your personal information may be transferred outside the United States for processing
- We do not sell your personal information (including cross-border sharing)
- You have the right to opt out of certain data sharing (via ATT permission controls)
5.5 Your Rights and Choices
If you do not agree to have your data transferred to other countries:
- You can decline ATT tracking permission, which will significantly reduce data transfers
- You may choose not to use the app, though this means you cannot enjoy our services
- The app's core functionality (photo scanning and cleaning) runs entirely locally and does not involve data transfers
6. Data Retention
- Photos/Videos: Forever retained on your device; we do not retain them.
- Gmail Data: Not retained by us. Cached on-device only while your Google account is connected; deleted immediately upon sign-out or app uninstallation.
- Local Cache: Retained on device until you delete the app or clear cache.
- Analytics Data: Retained by third-party providers according to their policies (typically anonymized after 24 months).
6.5 Local Cache Storage Details
To improve app performance and user experience, we store the following local data on your device. This data is only saved on your device and is never uploaded to our servers.
6.5.1 Scan Cache
Files: scan_cache.json, scan_cache.sqlite
- Purpose: Save your last scan results to avoid re-scanning your entire photo library each time you open the app
- Contents:
- Photo and video unique identifiers (localIdentifier)
- File size, format, creation date, and other metadata
- Perceptual hash values (for similar photo detection)
- Blur scores, duplicate flags, and other analysis results
- Does NOT contain: Actual photo/video content, thumbnails, GPS locations
- Retention Period: Permanently saved until you:
- Manually clear cache in app settings
- Uninstall the app
- Or reset your iOS device
- Size: Typically 1-10 MB (depending on photo library size)
- Security:
- Encrypted using iOS Data Protection mechanism (inaccessible when device is locked)
- Marked as excluded from iCloud backup (ensures no cloud leakage)
- Other apps cannot access (iOS sandbox mechanism)
How to View or Delete Local Data:
- View Storage Size: iOS Settings > General > iPhone Storage > MAX Cleaner
- Clear Cache: In-app "Settings" > "Clear Cache" (retains settings)
- Complete Deletion: Uninstall the app (deletes all local data)
7. Your Rights and Choices
We respect and protect your control over your personal data. Depending on your location and applicable privacy laws (including but not limited to GDPR, CCPA, PDPA), you may have the following rights:
7.1 General User Rights
1. Right to Access
You have the right to request a copy of the personal data we hold about you, including:
- The categories of data we collect
- The purposes and legal basis for collection
- The recipients (third-party service providers)
- Data retention periods
- Data sources
2. Right to Rectification
If you believe the data we hold about you is inaccurate or incomplete, you have the right to request correction.
3. Right to Erasure / Right to be Forgotten
You may request deletion of your personal data in the following circumstances:
- The data is no longer necessary for the purpose it was collected
- You withdraw consent and there is no other legal basis
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
- Legal compliance requires deletion
Note: Some data may be retained due to legal obligations (e.g., tax records).
4. Right to Restriction of Processing
You can request that we temporarily limit our processing of your data when:
- You contest the accuracy of the data (during our verification)
- Processing is unlawful, but you do not want the data erased
- We no longer need the data, but you require it for legal claims
5. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
6. Right to Object
You have the right to object to our processing of your data based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
7. Right to Withdraw Consent
If we process your data based on your consent, you have the right to withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).
7.2 How to Exercise Your Rights
To exercise any of the above rights, please contact us via:
📧 Email: maxcleaner_ios@support.enerkit.life
📝 Subject Line Format: "Privacy Rights Request - [Your Right Type]"
For example: "Privacy Rights Request - Data Access" or "Privacy Rights Request - Data Deletion"
📄 Your Request Should Include:
- Your full name
- Your Apple ID email (for identity verification)
- The specific right you wish to exercise
- Any information that helps us locate your data
⏱️ Response Time: We will respond to your request within 30 days of receipt. If the situation is complex, we may extend to 60 days and will notify you in advance.
7.3 California Residents' Special Rights (CCPA/CPRA)
If you are a California resident, in addition to the above rights, you also have:
"Do Not Sell My Personal Information" Right:
We do NOT sell your personal information (have never sold, and will not sell).
Non-Discrimination Right:
We will not discriminate against you for exercising your CCPA rights (e.g., denying service, charging different prices, providing different quality of service).
7.4 EU/EEA Residents' Special Rights (GDPR)
If you are located in the EU/EEA, you also have:
- Right to Lodge a Complaint: If you believe we have violated GDPR, you have the right to lodge a complaint with your national data protection authority.
- Right to Object to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing. (Note: MAX Cleaner does not engage in such automated decision-making)
7.5 In-App Controls
In addition to the above rights, you can directly control certain data collection in the app and iOS settings:
7.5.1 Opt-Out of Tracking
- iOS Tracking Control: Go to Settings > Privacy & Security > Tracking and toggle off for MAX Cleaner
- Effect: This prevents us from accessing your IDFA, limiting ad attribution
- Impact: Does not affect core app functionality (photo cleaning)
7.5.2 Photo Access Control
- Permission Management: Go to Settings > MAX Cleaner > Photos, you can choose:
- "None": App cannot access photos (core functionality unavailable)
- "Selected Photos": Only allows access to photos you choose
- "All Photos": Allows full access (recommended for all features)
7.5.3 Clear Local Data
- Method 1: Uninstall the app (will delete all local cache and settings)
- Method 2: In the app's "Settings" page, tap "Clear Cache"
- Note: Photos themselves will not be deleted, only scan cache
7.5.4 Gmail Access Control
- Sign Out: Disconnect your Google account from the Email Cleaner at any time within the app
- Revoke via Google: Remove MAX Cleaner's access at Google Account Permissions
- Effect: Email Cleaner feature becomes unavailable; all cached email data is deleted from your device
- Impact: Photo cleaning features continue to work normally
8. Children's Privacy
8.1 Age Restrictions
Our service is not directed to children under the age of:
- 13 years old (in the United States and most countries, per COPPA)
- 16 years old (in the European Union/EEA, per GDPR)
We do not knowingly collect, use, or disclose personal information from children below these age thresholds.
8.2 Parental Consent
If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at maxcleaner_ios@support.enerkit.life. We will:
- Verify the claim and the child's age
- Delete the child's information from our systems within 30 days
- Cease any data collection related to that child
8.3 Parental Controls
We recommend parents take the following measures to protect their children:
- Screen Time: Use iOS "Screen Time" features to restrict app usage by age
- App Restrictions: Enable "Ask to Buy" in Family Sharing to prevent unauthorized purchases
- Photo Access: Review and limit photo library access permissions
- Supervision: Monitor children's device usage and discuss online safety
8.4 No Targeted Advertising to Children
We do not serve targeted advertising to children or knowingly collect data for such purposes. Our app does not display in-app advertisements.
9. Google API Services — Limited Use Disclosure
MAX Cleaner's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
In compliance with Google's Limited Use requirements, we confirm that:
- Limited Use: We only use Google user data (Gmail data) for providing and improving the Email Cleaner feature that the user has requested. We do not use this data for any other purpose.
- No Transfer: We do not transfer Google user data to third parties, except:
- As necessary to provide or improve the Email Cleaner feature
- To comply with applicable laws
- As part of a merger, acquisition, or sale of assets (with prior user notice)
- No Use for Advertising: We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
- No Human Reading: We do not allow humans to read Google user data, except:
- With the user's affirmative agreement for specific messages
- Where necessary for security purposes (e.g., investigating abuse)
- To comply with applicable law
10. Changes to Privacy Policy
We may update this policy from time to time. Material changes will be notified via in-app notice. Continued use of the app constitutes acceptance of the updates.
11. Contact Us
If you have privacy questions, please contact: