PASSPORT PHOTO MAKER

Privacy Policy.

Effective: June 2, 2026

The short version. Your photo is captured, cropped, framed to your country's spec, and checked for compliance entirely on your phone. The image never reaches our servers and is never uploaded anywhere. There is no account to create, no email collected, no advertising, and no tracking SDKs. The only thing our backend ever stores about you is a single anonymous "first opened on" timestamp used to manage your purchase.

1. Who we are

Passport Photo Maker is a mobile app published by CodeEnsis Ltd. ("we", "our", "us"). This policy explains exactly what the app does and does not collect, and the rights you have.

2. Your photos never leave your device

Every step that touches your image happens locally on your phone:

The live camera preview and the framing guide run on-device.
Face detection and landmark measurement use your phone's built-in vision frameworks (Apple Vision on iOS, Google ML Kit on Android). These run offline, on the device.
Cropping, sizing to the country specification, and the compliance checks all run in the app.

Your original photo and the processed result are stored only in the app's private storage on your device, plus anywhere you deliberately send them (saving to your photo library, the system share sheet, or printing). We never receive them. When you uninstall the app, they are removed with it — there is nothing on a server for us to delete, because we never had it.

3. What our backend stores

On first launch the app signs in anonymously through Firebase Authentication. This creates a random, opaque user identifier. It is not linked to your name, email, phone number, or any contact detail — we never ask for those, and no sign-up screen exists.

Against that anonymous identifier we store a single value in Google Firestore: a server timestamp of when the app was first opened. We use it only to anchor your purchase and entitlement to a stable date. No photo, no measurement, no personal information is ever written to this record.

4. Purchases

Passport Photo Maker is a one-time purchase. Payment is handled entirely by the Apple App Store or Google Play under their own terms; we never see or store your card details. Purchase validation and restore are processed through RevenueCat, which receives a purchase receipt and the anonymous identifier described above so your entitlement can be restored on your device. RevenueCat's privacy practices are described at revenuecat.com/privacy.

5. Crash diagnostics

If the app crashes, Firebase Crashlytics records a diagnostic report — the stack trace, device model, and OS version — so we can fix the fault. These reports contain no photo, no face data, and no personal information. Google's processing is described in the Firebase Privacy and Security documentation.

6. What Passport Photo Maker does not do

No upload of your photo, ever, to us or any third party.
No account, real name, email, phone number, or password.
No advertising and no advertising identifiers.
No analytics or tracking SDKs that profile you.
No access to your contacts, location, or microphone.
No selling or sharing of personal data — there is none to sell.

7. Permissions the app asks for

Camera — to show the live framing preview and capture your photo. Frames are processed on-device and are not recorded or transmitted.
Photo library — only when you choose to import an existing photo, or when you save a finished photo. The app does not browse or read your library otherwise.

You can grant or revoke either permission at any time in your device's system settings.

8. Network access

The app connects to the network only for the limited backend functions above (anonymous sign-in, the install-timestamp record, purchase validation, and crash reports) and to load these legal pages. The app includes an on-device network audit that reports, in Settings, how many bytes left the device during your last session — for your photo flow that figure is zero.

9. Children

Passport Photo Maker is a general-purpose utility and is not directed at children under 13. We do not knowingly collect data from children.

10. Your rights

Because there is no account and your photos never reach our servers, exercising your rights is simple:

Access / deletion of photos: they live on your device and are fully under your control; uninstalling the app removes them.
The anonymous record: if you would like us to delete the anonymous identifier and its install timestamp, write to [email protected]. Because the record holds no personal information, we may ask you to provide the identifier from within the app so we can locate it.

11. Data retention

On-device data is retained until you delete it or uninstall the app. The anonymous install-timestamp record is retained while the app remains installed and for a reasonable period afterward to support purchase restoration; crash reports are retained per Firebase's standard retention.

12. Changes to this policy

We may update this policy as the app evolves. Material changes will be reflected here with an updated "Effective" date above. Continuing to use the app after a change means you accept the updated policy.

13. Contact

Questions or requests about this policy: [email protected]. A human reads every message.