← Back

Privacy Policy

Effective Date: April 29, 2026 · Last Updated: May 9, 2026 (revised to disclose AppsFlyer as mobile measurement / ad attribution provider and IDFA collection upon user consent)

This Privacy Policy describes how Anas Hafidi ("we," "us," or "our") handles information in connection with the Scrub mobile application (the "App"). By installing or using the App, you agree to the practices described here. If you do not agree, please do not use the App.

1. Summary

We built Scrub to be a private, on-device photo editor. We do not require you to create an account, we do not collect your photos, and we do not sell your data.

The only personal information that may leave your device is what is strictly necessary to (a) process subscription purchases through Apple or Google, and (b) keep the App working reliably. Details are below.

2. Information We Do Not Collect

• We do not collect your photos. Photos you select or edit in the App are processed entirely on your device and are never uploaded to us or any third party by the App.
• We do not collect your name, email, phone number, address, or contacts.
• We do not require account registration.
• We do not use tracking cookies. We do not use any third-party advertising identifier (such as Apple's IDFA) to deliver targeted advertising or to share data with advertisers, ad networks, or data brokers. We do not engage in cross-app or cross-website behavioral advertising. The App may use the IDFA, only if you grant permission via Apple's App Tracking Transparency prompt, solely to measure the performance of our own ad campaigns (see Section 3(d)).

3. Information We (or Our Service Providers) Receive

To operate the App, the following limited categories of information may be processed:

a) Purchase and Subscription Information

When you purchase a subscription, the transaction is handled by Apple (App Store) or Google (Google Play). We use RevenueCat, Inc. as our subscription management provider to validate receipts and manage entitlements. This processing involves:

• A randomly generated, non-identifying user ID
• Your subscription status, plan type, purchase date, renewal date, and currency/country of the store
• Device platform and App version

We do not receive your full payment card details, billing address, or Apple/Google account email through this process.

b) Diagnostic, Crash, and Usage Information

The App uses PostHog as our analytics and error-tracking provider to help us identify bugs and understand how the App is used at an aggregate level. The information processed includes:

• A randomly generated, non-identifying user ID
• Crash reports and uncaught exceptions, including stack traces and the App version
• Device model, operating system version, App version, and language/region
• Anonymous product-usage events (for example: app opened, paywall shown, subscription purchased) and the timestamps of those events

We do not use session replay, screen recording, or any feature that captures the contents of your screen, your photos, or your edits. PostHog is configured for analytics and error tracking only.

c) Information You Voluntarily Provide

If you contact us for support (for example, by email), we will receive the information you choose to send us (such as your email address and the contents of your message). We use it only to respond to your inquiry.

d) Ad Attribution and Campaign Measurement

We use AppsFlyer, Inc. as our mobile measurement partner ("MMP") to understand which of our own marketing campaigns drive installs and subscriptions to the App. This is so we know whether the money we spend on advertising the App is working — not to advertise to you or build a profile about you.

The information processed for this purpose includes:

• A randomly generated AppsFlyer ID
• Device model, operating system version, and IP address (used at install time to attribute the install and then discarded for attribution purposes)
• Conversion events that the App fires (for example: registration completed, paywall shown, free trial started, subscription purchased), including the price, currency, and product identifier of subscription events
• The Apple Identifier for Advertisers (IDFA), only if you tap "Allow" on the App Tracking Transparency prompt iOS displays on first launch. If you tap "Ask App Not to Track," no IDFA is collected and attribution falls back to Apple's privacy-preserving SKAdNetwork framework, which provides only aggregated, non-identifying campaign reports.

We do not use AppsFlyer to deliver advertising to you, to build behavioral profiles, or to share your information with advertisers or data brokers. We use it only for first-party measurement of our own campaigns.

4. How We Use Information

We use the limited information described above only to:

• Provide, maintain, and improve the App
• Process and validate subscription purchases and restore prior purchases
• Detect, prevent, and address technical issues, fraud, or abuse
• Comply with legal obligations

We do not sell or rent your personal information. We do not use your information for targeted advertising.

5. Photos and On-Device Processing

All photo editing operations performed by the App — including object removal, background removal, masking, and image export — take place entirely on your device. Your photos do not leave your device as part of normal App functionality.

The App requires permission to access your photo library so that you can select photos to edit and save edited photos back to your device. You can revoke this permission at any time in your device settings.

6. Third-Party Services

We use the following third-party service providers. Each operates under its own privacy policy:

Provider	Purpose	Privacy Policy
Apple, Inc.	App distribution, in-app purchases (iOS)	apple.com/legal/privacy
Google LLC	App distribution, in-app purchases (Android)	policies.google.com/privacy
RevenueCat, Inc.	Subscription receipt validation and entitlement management	revenuecat.com/privacy
PostHog, Inc.	Product analytics and error/crash tracking (no session replay)	posthog.com/privacy
AppsFlyer, Inc.	Mobile measurement and ad campaign attribution (with IDFA only on user consent)	appsflyer.com/legal/services-privacy-policy/

We do not share your information with any other third parties except as required by law (see Section 9).

7. Data Retention

• Photos: Not retained by us at any time.
• Subscription records: Retained by our subscription provider for as long as your subscription is active and for a reasonable period thereafter as required by tax, accounting, and audit obligations.
• Diagnostic, crash, and usage data: Retained by our analytics provider for a limited period (typically up to 12 months) and only as long as necessary for the purposes described in Section 4.
• Support correspondence: Retained only as long as needed to handle your inquiry.

8. Security

We implement reasonable technical and organizational measures to protect information processed in connection with the App, including HTTPS for all network communication and on-device processing of your photos. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Legal Disclosures

We may disclose information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

10. Children's Privacy

The App is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

11. Your Rights

Depending on where you live, you may have rights under applicable law (such as the EU/UK GDPR or the California Consumer Privacy Act), including the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Delete your information
• Object to or restrict certain processing
• Data portability
• Opt out of "sale" or "sharing" of personal information (we do not sell or share personal information for advertising)
• Lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at contact@7afidi.com. We will respond within the timeframes required by applicable law.

California Residents (CCPA/CPRA)

We do not sell personal information as that term is defined under the CCPA/CPRA. We do not "share" personal information for cross-context behavioral advertising. We do use AppsFlyer to measure the effectiveness of our own marketing campaigns; under California law this is a service provider relationship, not a "sale" or "share." The categories of information we process are described in Section 3.

EEA / UK Residents (GDPR)

Our legal bases for processing are: (i) performance of a contract (to provide the App and process your subscription); (ii) our legitimate interests (to maintain App security and improve stability); and (iii) compliance with legal obligations.

12. International Transfers

Information may be processed in countries other than your country of residence, including the United States. Where required by law, we use appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top will reflect the most recent revision. Material changes will be communicated through the App or by other reasonable means before they take effect.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Anas Hafidi
Email: contact@7afidi.com
Location: Morocco