Privacy Policy

Effective Date: March 24, 2026 · Last Updated: March 24, 2026 · App Version: 1.0.0

1. Introduction

Supload (“we,” “us,” “our”) is a camera app for work, developed by Supload LLC, a Pennsylvania limited liability company. Supload replaces the three-app juggle — Camera, Photos, Google Drive — with a single workflow: capture, organize into groups, and upload directly to your cloud storage.

This Privacy Policy explains how we collect, use, store, share, and protect your information when you use the Supload mobile application (“the App”) and the Supload customer portal and website (“the Portal”).

Our core privacy principle: Your photos and videos go directly from your device to your own cloud storage account (Google Drive, Dropbox). We never store, access, or process your media files on our servers.

By creating a Supload account, you agree to the practices described in this policy. If you do not agree, do not create an account or use the App.

2. Privacy at a Glance

What do you collect?

Account info only: email, display name, user ID

What don’t you collect?

Your photos, videos, ad identifiers, browsing history, contacts, health data, financial data

Where do my photos go?

Directly from your device to YOUR cloud storage — never our servers

Third-party trackers?

None. Zero third-party analytics or advertising SDKs

Analytics?

Optional, anonymous, first-party only, auto-deleted after 28 days

How do I delete everything?

Profile > Account > Delete Account — permanent, immediate, anytime

3. Information We Collect

3.1 Account Information

When you sign in, we collect the following from your authentication provider (Google, Apple, or your organization’s SSO):

Email address

Authentication, account identification, profile display — from Auth provider

Display name

Profile display within the app — from Auth provider

User ID

Unique account identifier, Supabase UUID — generated at sign-up

Installation ID

Per-device identifier for session management — generated on first launch

Terms acceptance record

ToS version and timestamp of acceptance — recorded at account creation

3.2 Photos and Videos

Supload captures photos and videos using your device’s camera (up to 4K, with zoom 0.5x–10x, night mode, self-timer, tap-to-focus, exposure control, and multiple aspect ratios). These files are:

• Stored locally on your device in the app sandbox as temporary groups until you upload or delete them
• Uploaded directly to your linked cloud storage (Google Drive or Dropbox) when you initiate an upload — runs in the background with checkpoint-based resume
• Deleted from your device once safely uploaded to cloud storage (local files are removed after confirmed upload)
• Never transmitted to, stored on, or processed by Supload’s servers

We do not access, view, analyze, scan, or use your photos or videos for any purpose other than facilitating their upload to your chosen cloud storage provider.

3.3 Location Data (Optional — You Control This)

If you enable “Content Location” in the App’s settings, Supload embeds GPS coordinates in photo metadata (EXIF data). This data shows capture locations on the in-app map — useful for job sites, inspections, and field documentation. It never leaves the photo file itself — it is not transmitted to Supload’s servers or included in analytics. The App requests whenInUse location authorization only (never always). When you disable it, new captures immediately stop including location data.

3.4 Usage Analytics (Opt-In Only — You Control This)

We collect anonymous, aggregated usage analytics to improve the App. These include feature usage patterns, app performance metrics, and error rates.

Analytics are off by default. You must opt in to share analytics data. You can change this at any time in Profile > Privacy > “Share usage analytics.”

How we protect your analytics data when you opt in:

• First-party only. Analytics go exclusively to our own backend (Supabase). We never share them with third-party analytics services.
• PII-stripped before storage. Every analytics event passes through a sanitization filter that blocks 25+ PII key patterns (email, display name, GPS coordinates, IP address, device identifiers, file paths, folder paths, group names, tokens, secrets) and scans all string values for email patterns, redacting matches automatically.
• Consent is checked before every event. If you have not opted in, no analytics events are sent. No restart required.
• Short-lived. Auto-purged after 28 days (pg_cron, 03:10 UTC).

We do not use any third-party analytics SDKs.

3.5 Crash Reports

Crash reports include error type and stack trace, app version and build number, device model and iOS version, and error context (non-PII only). Production builds do not log PII. Crash reports are stored for up to 90 days (auto-purged via pg_cron, 03:50 UTC). On account deletion, local crash log files are also deleted from your device.

3.6 Age Category Information (Where Required by Law)

When App Store Accountability Acts take effect in applicable states (Utah May 6, 2026; Louisiana July 1, 2026; California January 1, 2027), Apple may provide us with an age category signal and parental consent status for users in those states. If and when we receive such signals, we will use them solely to comply with applicable state law. We will not store age category data in our database or use it for any other purpose.

3.7 Customer Portal and Website

The Supload customer portal (for managing subscriptions, user allocation, and billing) and marketing website are hosted on Cloudflare Pages. Cloudflare processes your IP address transiently for routing and security. We do not use Cloudflare analytics, advertising, or tracking features. We do not place tracking cookies on the portal or website.

3.8 Device and Technical Information

We access certain device capabilities for core functionality: camera and microphone (capture), available disk space (storage check), file timestamps (media management), and app preferences (stored in UserDefaults, which contains no PII).

3.9 Information We Do NOT Collect

We do not collect:

• Advertising identifiers (IDFA)
• Browsing history
• Contacts
• Health or fitness data
• Financial or payment card information (Apple and Stripe handle payments — we never see your card number)
• Biometric data
• Call logs or SMS messages
• Data from other apps

4. How We Use Your Information

Email and Name

Authentication, profile display — Legal basis: Contract performance

User ID and Installation ID

Account management, session handling — Legal basis: Contract performance

Terms acceptance record

Version tracking, compliance — Legal basis: Legitimate interest

Photos/Videos

Local staging and upload to your cloud — Legal basis: Contract performance

Location (optional)

Photo metadata, in-app map — Legal basis: Consent

Usage Analytics (optional)

App improvement — Legal basis: Legitimate interest / Consent

Crash Reports

Bug fixing, stability — Legal basis: Legitimate interest

Age Category (where required)

State law compliance — Legal basis: Legal obligation

Device Info

Core functionality — Legal basis: Contract performance

We do not use your information for advertising, profiling, automated decision-making, selling to third parties, training machine learning models, or cross-app tracking.

We conduct data protection assessments as required by applicable law.

5. Third-Party Services and Subprocessors

A complete list of subprocessors is published at sup-load.com/subprocessors.

5.1 Cloud Storage Providers

Google Drive

Photo/video upload destination. Data shared: Your media files (directly from your device to your Google account).

Dropbox

Photo/video upload destination. Data shared: Your media files (directly from your device to your Dropbox account).

We request only the minimum permissions necessary (folder listing and file upload). We do not read, download, modify, or delete your existing cloud files. OneDrive support is planned for a future release.

5.2 Authentication Providers

Google Sign-In, Sign in with Apple, and Organization SSO.

5.3 Payment Processing

Apple (App Store) handles subscription billing for individual users. We receive subscription status only — no payment card details.

Stripe handles direct billing for business/enterprise accounts. We receive subscription status and billing email — never full card numbers.

5.4 Backend and Infrastructure

Supabase (hosted on AWS US West) — authentication, crash reporting, analytics, session management.

Cloudflare Pages — customer portal and website hosting.

5.5 SDK Privacy Manifests

All third-party SDKs have verified Apple Privacy Manifests (PrivacyInfo.xcprivacy): GoogleSignIn-iOS, supabase-swift, SwiftyDropbox, MSAL (future OneDrive), KeychainAccess. No other SDKs are included. We update this list before adding new SDKs.

6. Data Storage and Security

6.1 On Your Device

Auth tokens

iOS Keychain (kSecAttrAccessibleWhenUnlockedThisDeviceOnly) — Hardware-encrypted

App preferences

UserDefaults (no PII) — Sandboxed

Photos/videos

App Documents directory (temporary — deleted after upload) — Sandboxed, iOS Data Protection

6.2 On Our Backend (Supabase / AWS US West)

Account info

Row Level Security (RLS), encrypted at rest — Retention: Until account deletion

Usage analytics

RLS, PII-stripped, encrypted at rest — Retention: 28 days (auto-purged daily)

Crash reports

RLS, encrypted at rest — Retention: 90 days (auto-purged daily)

Session tokens

Encrypted, Supabase Auth managed — Retention: Session duration

Row Level Security: Every table has RLS enabled. The iOS app uses only the Supabase anon key (not service_role), so RLS cannot be bypassed from the client.

6.3 Security Measures

• All network communication uses HTTPS/TLS (ATS fully enabled, no exceptions)
• Auth tokens in iOS Keychain with hardware encryption
• PII sanitization on all analytics (25+ blocked keys, email regex scrubbing)
• No secrets in source code or Info.plist — build-time injection only
• Production builds do not log PII

7. Data Retention and Deletion

7.1 Retention Schedule

Account info

Until account deletion — Cascades to all tables

Terms acceptance record

Until account deletion — Cascades

Usage analytics

28 days — Auto-purge (pg_cron, 03:10 UTC)

Crash reports

90 days — Auto-purge (pg_cron, 03:50 UTC)

Local photos/videos

Until uploaded or manually deleted — Auto-deleted after confirmed upload; manual deletion in-app

Cloud uploads

Managed by you — Via your cloud provider

Auth tokens

Session duration — Cleared on sign-out or deletion

Age category signals

Not persisted — Not stored

Local crash logs

Until account deletion — Deleted from Documents/CrashLogs/

No personal data is retained indefinitely.

7.2 Account Deletion

Profile > Account > Delete Account (double confirmation).

Server-side: Edge Function cascades deletion to all tables — analytics, crash reports, upload history, group metadata, session records. Zero rows remain.

Device-side: All files from Documents and Caches cleared, all app-specific UserDefaults keys removed, all Keychain items deleted, local crash logs deleted.

Not affected: Files already in your cloud storage. You manage those directly.

8. Your Privacy Rights

8.1 All Users

• See your data. Photos are in your cloud. Account info is in your profile.
• Delete everything. Profile > Account > Delete Account.
• Turn on/off analytics. Profile > Privacy > “Share usage analytics.” Immediate.
• Control location. Profile > Privacy > “Content location.” Immediate.
• Unlink cloud services. Profile > Cloud Services.

8.2 United States Residents

If you live in a state with a comprehensive privacy law — including California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia — you have rights to access, delete, correct, and port your data, and to opt out of sale or targeted advertising.

We do not sell your personal data. We do not process it for targeted advertising. There is no sale or sharing to opt out of.

Universal Opt-Out Mechanisms. We recognize Global Privacy Control (GPC) and similar opt-out preference signals as valid requests to opt out of sale or sharing. Because we do not sell or share personal data for targeted advertising, there is no sale or sharing to opt out of — regardless of whether you use GPC.

For CCPA/CPRA: Categories collected are identifiers, internet activity (optional analytics), geolocation (optional), and audio/visual information (on your device and cloud only). We do not sell personal information or share it for cross-context behavioral advertising.

8.3 European Economic Area — GDPR

Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), right to object (Art. 21), and withdrawal of consent through App settings.

Data Controller

Supload LLC, 127 Pembroke CT, Exton, PA 19341

Privacy Contact

[email protected]

Legal Bases

Contract performance; Consent; Legitimate interest; Legal obligation.

8.4 Canadian Residents — PIPEDA

Access, correction, and consent withdrawal. Contact [email protected].

8.5 Exercising Your Rights

Contact [email protected]. Response within 30 days. No fee.

9. Tracking and Advertising

Supload does not track you across other apps or websites. No IDFA, no ads, no ad networks, no data brokers, no third-party cross-app analytics, no cross-context behavioral advertising, no device fingerprinting, no SKAdNetwork. NSPrivacyTracking = false. No ATT prompt because there is no tracking.

10. Children’s Privacy

Supload requires an email account and authentication. We do not knowingly collect information from children under 13 (or 16 in the EEA).

When App Store Accountability Acts take effect in applicable states (Utah May 6, 2026; Louisiana July 1, 2026; California January 1, 2027), if we receive an age signal indicating a user is under 13, we will restrict account creation or require parental consent per COPPA. If a user is identified as under 18, we will apply age-appropriate restrictions per applicable state law.

Per the updated COPPA Rule (compliance deadline April 22, 2026): no targeted advertising, no third-party disclosure of children’s data for advertising, written data retention policy (Section 7), appropriate security measures (Section 6), PII sanitization on all analytics.

Contact [email protected] if your child created an account without your consent.

11. Enterprise and Organization Accounts

Your administrator may manage cloud policies, require SSO, and access aggregated analytics (not individual photos). Organizations own the organizational data (group structures, team configurations, aggregated analytics). Individual users’ photos remain their own — uploaded to their personal cloud storage, not accessible to administrators through the App.

12. On-Device Processing and AI Features

All processing happens on your device: capture (AVFoundation), encoding, thumbnail generation, night mode, red-eye reduction, caching. No media leaves your device except to your cloud storage.

Future on-device intelligence features (scene detection, OCR, document scanning) will use Apple’s Core ML and Vision frameworks exclusively, process entirely on-device, never train on your content, and be disclosed before release.

13. International Data Transfers

Account info, crash reports, and analytics are stored on Supabase (AWS US West). For EEA users, transfers use Standard Contractual Clauses and Supabase’s data processing agreements. Photos and videos transfer directly to your cloud provider.

14. Data Breach Notification

• We notify affected users within 72 hours (GDPR) or as soon as practicable.
• We notify the PA Attorney General (via online portal) if 500+ PA residents are affected.
• We notify consumer reporting agencies if 500+ individuals are affected.
• We provide breach details and remedial actions.

Supload does not collect SSNs, driver’s license numbers, government IDs, or bank account numbers. If a breach involves data requiring credit monitoring under state law (such as PA BIPNA), we provide 12 months of complimentary monitoring.

15. Law Enforcement Requests

We comply with legally valid requests only where we reasonably believe we are legally required. Our policy is to notify affected users before disclosure unless prohibited by law. Contact [email protected].

16. Marketing Communications

You may opt out of marketing at any time via unsubscribe link or by contacting us. We process opt-outs within 10 business days. We never send marketing to users who have not opted in or who have opted out.

17. Changes to This Policy

Material changes: we update the “Last Updated” date, provide in-app notification at least 30 days before changes take effect, and note what changed in the Version History.

18. App Store Privacy Label

Data Used to Track You

None

Data Linked to You

Email, Name, User ID, Photos/Videos, Precise Location (optional)

Data Not Linked to You

Product Interaction (optional analytics)

19. Contact

• Privacy: [email protected]
• General: [email protected]
• Legal / Law Enforcement: [email protected]
• Website: https://sup-load.com/support
• Mail: Supload LLC, 127 Pembroke CT, Exton, PA 19341, United States

Version History

Version 1.0.0 — March 24, 2026 — Initial version