Privacy Policy

Effective May 21, 2026 · Last updated May 21, 2026

Filmly is a shared-event camera app. This Privacy Policy describes what information we collect when you use the Filmly mobile app, the Filmly web app (filmly.us), and the Filmly App Clip, and how we use, share, and protect it. Operator: Cheng ([email protected]).

1. Information we collect

1.1 Camera and photos

When you grant camera access, Filmly captures the photos and short videos you take during an event. Captures are stored on the device (offline queue) and then uploaded to our event-photo storage (Cloudflare R2, see §3) so the event host and other invited guests can view them at reveal time.

1.2 Account data (hosts only)

Event hosts may sign in with an email magic link. We store the email address you provide, the time of sign-in, and the events you create. We do not store passwords.

1.3 Guest identifier

Guests are identified by a random, opaque UUID generated locally on the device the first time the app is opened. The UUID is stored on your device and sent with photo uploads so the host knows the photo belongs to a participant of their event. It is not tied to your name, email, phone, or any third-party identifier.

1.4 Event metadata

When a host creates an event we store its name, short code, start / end timestamps (UTC), IANA timezone, participant cap, reveal time, and the host’s preferred film stock.

1.5 Push notification tokens

If you opt in to notifications, we store the Expo push token issued by Apple (APNs) or Google (FCM) scoped to the event you joined so we can notify you when reveal time arrives. Tokens are dropped when you revoke notification permission.

1.6 Purchase records

In-app purchases are processed by Apple App Store or Google Play and reconciled through RevenueCat. We receive a pseudonymous subscription-status webhook from RevenueCat; we do not receive your full payment card or store financial details.

1.7 Device + diagnostic data

OS version, app version, device model, locale, and crash reports are collected via Expo’s standard tooling. This data does not identify you personally.

2. How we use it

• Run the event: route captures to the right album, gate visibility until reveal time.
• Send the reveal push notification (if you opted in).
• Enable host moderation (hide / delete photos before reveal).
• Generate the AI Reel highlight movie from your event’s photos.
• Detect and prevent abuse, debug crashes, improve product quality.
• Comply with legal obligations (tax reporting on purchases, lawful requests).

We do not use your captures or event metadata to train machine-learning models that are not specific to your own event.

3. Third parties we use

• Supabase (US) — Postgres database + magic-link email auth + edge functions.
• Cloudflare R2 + Workers + Pages (global) — Photo / video storage and content delivery.
• Apple / Google push services — Delivery of reveal notifications.
• Expo (EAS) — Mobile build pipeline + push token relay.
• RevenueCat (US) — In-app purchase reconciliation.
• Fly.io (global) — AI Reel rendering machine pool.

Each processor has its own privacy policy. We share with them only the minimum data needed to operate the corresponding feature.

4. Retention

• Event photos / videos: kept while the event exists. Hosts can delete individual photos or the entire event at any time, which deletes the underlying R2 objects within 30 days.
• Host account: kept until you delete your account from Settings → Delete account.
• Guest UUID: lives only on your device; cleared when you uninstall the app or sign out.
• Push tokens: deleted when you revoke notifications or 90 days after the event ends.
• Diagnostic logs: 30 days.

5. Your rights

Depending on your jurisdiction (including GDPR for the EEA, UK GDPR, CCPA / CPRA for California, and similar laws elsewhere) you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object to processing. To exercise any of these rights, email [email protected]. Hosts can self-serve account deletion via Settings → Delete account.

6. Children

Filmly is rated 4+ on the App Store and is not directed at children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

7. International transfers

Your data may be processed in the United States (Supabase, RevenueCat) and other regions where our infrastructure providers operate. Where required, we rely on Standard Contractual Clauses or equivalent mechanisms.

8. Security

Photos in transit use HTTPS / TLS. R2 storage objects are private and accessed only via short-lived (5-minute) signed URLs scoped to the guest’s event. Host accounts are protected by passwordless magic-link authentication. We use row-level security on our database so guests can only see photos from events they joined, and only after reveal time.

9. Changes

We will post material changes to this policy on this page and update the effective date. Continued use after the change constitutes acceptance.

10. Contact

Email [email protected] with any privacy or data-protection question.