Privacy Policy

Last Updated: 5/9/2025

1. Introduction: Our Commitment to Your Digital Well-being
   At Sentinel Labs ("we," "us," or "our"), we recognize that trust is the cornerstone of your relationship with Protect360 (the "App"). We treat privacy as an active design principle. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our mobile application for photo organization, duplicate detection, archiving, and related media management features ("Services"). By accessing the App, you consent to the practices described herein. If you disagree, please uninstall the App immediately.

We deliberately minimize data collection to what is strictly necessary for:

• Executing precise media scanning and duplicate detection;

• Preventing accidental loss of important user media;

• Continuously improving categorization and matching algorithms;

• Complying with global privacy regulations (GDPR, CCPA, PIPL).
  This policy applies exclusively to the App and does not cover third-party services linked within the App (e.g., cloud storage providers). For those, consult their respective privacy terms.

2. Information We Collect: Purpose-Driven Transparency
   We collect only what serves your photo management objectives, categorized as follows:

A. Data Processed During Photo Management Operations
(Never stored on our servers by default; processed locally on your device)

• Media Metadata: File paths (local), sizes, timestamps, format, EXIF metadata used for grouping.

• Library Indicators: Album structure, counts, and similarity scores produced by on-device analysis.

• Operation Results: Non-personal identifiers of suggested duplicates or clusters.
  Purpose: To identify duplicates and categorize media without accessing content itself. We do not upload photos or videos to our servers unless you explicitly enable a cloud backup feature.

B. Account-Related Information
(Collected only if you register for Premium Features)

• Basic Credentials: Email address (hashed via SHA-256) and encrypted password.

• Usage Analytics: Feature engagement frequency (e.g., “Duplicate Scan used 2x/week”).

• Device Attributes: iOS version, device model, and language settings (e.g., iOS17|iPhone15,2|en-US).
  Purpose: To synchronize preferences across devices and personalize user experience.

C. Automated Diagnostic Data
(Optional; disabled by default in Settings)

• Crash Reports: Stack traces with anonymized device identifiers.

• Performance Metrics: Operation duration and resource usage during media processing.
  Purpose: To resolve technical issues. You may opt out via Settings > Privacy > Diagnostics.

3. How We Use Information: Strict Functional Boundaries
   We never monetize your data through advertising or data brokerage. Usage is limited to:

• Executing on-device media analysis to suggest organization or archiving;

• Delivering scheduled organization tasks for Premium users;

• Fixing critical bugs affecting a meaningful proportion of users;

• Aggregating anonymized analytics to improve regional UX.
  Critical Safeguards:

• All media analysis occurs on-device by default; personal media do not leave your device without explicit opt-in.

• Premium account emails are salted and hashed before storage.

• Diagnostic data excludes IP addresses and precise geolocation unless you explicitly consent.

4. Data Sharing: The "Zero-Sale" Pledge
   We maintain a strict no-sale policy for user data. Limited sharing occurs only under these conditions:
   A. Trusted Technical Partners (Under strict data processing agreements)

• Firebase (Google): For anonymized crash analytics only.
  B. Legal Disclosures

• We may disclose information if required by law, to prevent imminent harm, or during corporate restructuring.
  C. Aggregated Research Data

• Anonymized datasets may be published in industry reports; no individual can be identified.
  We never share with ad networks or data brokers, nor with governments without legal compulsion except where required.

5. Data Retention: Automatic Expiration by Design
   We implement time-bound retention aligned with operational needs:

• Scan logs: Retention Period: 72 hours; Deletion Method: Automated server purge.

• Premium account data: Retention Period: Until account deletion; Deletion Method: Manual erasure upon request.

• Crash reports: Retention Period: 90 days; Anonymization after 30 days.

• Aggregated analytics: Retention Period: 2 years; Pseudonymization + quarterly review.
  Exceptions: Legal holds or anonymized datasets used for AI training (retained in non-attributable form).

6. Your Privacy Rights: Global Compliance Framework
   Depending on your jurisdiction, you may exercise these rights via help.protect360@gmail.com or App Settings > Privacy Center:
   A. Access & Correction

• View data collected during your last 30 days of usage.

• Correct inaccuracies in account information.
  B. Deletion Requests

• Standard: Delete account and associated data within 30 days.

• GDPR/CCPA: Immediate opt-out from non-essential processing (excludes legally mandated logs).
  C. Opt-Out Mechanisms

• Disable diagnostics: Settings > Privacy > Toggle "Share Diagnostics".

• Withdraw consent: Uninstall the App.
  Verification Process:

• We require identity confirmation (e.g., matching email + last 4 digits of recent payment method) to prevent fraudulent requests. Responses issued within:

  • 15 business days (standard requests)

  • 10 business days (GDPR/CCPA emergencies)

7. Children's Privacy: Strict Age Gates
   The App is not intended for users under 16. We:

• Implement age verification during Premium signup where required.

• Automatically block advanced library-analysis features for detected minor accounts.

• Retain zero data from users who fail age checks.
  If we discover unintended collection from children, we delete such data within 48 hours. Parents may request data deletion via ask.sortify@outlook.com with proof of guardianship.

8. Security Protocols: Defense-in-Depth Approach
   We deploy strong protections:
   A. Technical Safeguards

• Data in Transit: TLS 1.3 encryption for all communications.

• Data at Rest: AES-256 encryption for account databases.

• Access Controls: Role-based access and periodic audits.
  B. Organizational Measures

• Mandatory privacy training for engineers.

• Third-party penetration testing (conducted by an independent security firm).

• Breach notification within 72 hours per applicable regulations.
  Limitations:
  No system is 100% secure. We recommend avoiding jailbroken devices and using strong device passcodes.

9. International Data Transfers: Jurisdictional Compliance
   User data may transfer across borders due to global hosting or partner operations. We ensure compliance via:

• Standard Contractual Clauses for jurisdictions without adequacy decisions.

• Established safeguards; data never flows to jurisdictions lacking required protections unless legally compelled.

10. Policy Updates: Transparent Change Management
    We notify users of material changes through in‑App banners and email alerts to Premium subscribers. Versioned archives are maintained at https://sites.google.com/view/protect360-privacy. Significant changes to data collection or sharing will require explicit consent.

11. Do Not Track & App Tracking
    We honor Apple’s App Tracking Transparency (ATT) framework. Cross-app advertising identifiers are disabled by default. Granular ad preference controls are available in Settings > Ads. Note: Photo management features operate identically whether advertising is enabled or disabled.

12. Your Choices: Empowerment Through Settings
    You maintain control via:

• Real-time Permissions: Revoke photo library access anytime via iOS Settings.

• Data Portability: Export scan history as CSV via Settings > Data Export.

• Automated Deletion: Enable "Self-Destruct Mode" to auto-wipe logs after each analysis.
  We do not penalize users for exercising privacy rights.

13. Contact Information: Direct Accountability
    For privacy inquiries or requests:
    Email: help.protect360@gmail.com (response within 5 business days)
    Postal Mail: Sentinel Labs

14. Additional Disclosures by Region
    A. California Residents (CCPA)

• You have the right to know if we "sell" data → We do not sell data.

• Request deletion or opt-out via help.protect360@gmail.com.
  B. EU/EEA Users (GDPR)

• Legal basis for processing: Legitimate interests or contractual necessity, as applicable.

• Right to object to automated decision-making applies to some scan-result processes; contact us to exercise this right.

15. Policy Scope & Acknowledgement
    This policy covers only the Sortify mobile application and excludes web versions, third-party integrations, and hardware-level modifications. BY USING PROTECT360 YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY, UNDERSTAND ITS TERMS, AND CONSENT TO THE DESCRIBED DATA PRACTICES. FOR ANY CONCERNS, CONTACT hhttps://sites.google.com/view/protect360-privacy BEFORE PROCEEDING.