Privacy Policy
Last updated: March 17, 2026
1. Data Controller
Pellica is an independent app published from France. For any question about your personal data:
- Email: contact@pellica.app
- Country: France
2. Data Collected
We collect only what is necessary for the app to function:
Account data
Email address, display name, avatar, authentication method (email, Google, or Apple). Collected when you create an account.
App data
Film rolls, shots, exposure settings, gear, projects, inventory, recipes, memo templates, calibration data. Stored locally on your device first, then synced to your private account.
Location (optional)
GPS coordinates, only when you explicitly enable location tagging for a shot or when browsing the Film Lab Map.
Usage analytics
Anonymous events, session data, device type. Used to understand how the app is used and to improve it. No personally identifiable information is included.
Crash reports
Stack traces, device information, breadcrumbs. Sent automatically when the app crashes, to help us fix bugs.
Purchase data
Subscription status, purchase history. Managed by RevenueCat via Apple’s App Store. We never see your payment card details.
User-generated content
Lab reviews and reports submitted to the Film Lab Map. This content may be visible to other users.
Voice memos
Audio is processed on-device using Apple’s Speech Recognition framework. No audio is transmitted to our servers or any third party.
Photos
Scans you import from your photo library are stored locally and synced to your private account on Supabase. We do not access your photo library without your explicit permission.
3. How We Use Your Data
Your data is used exclusively to:
- Provide the service: sync your rolls, shots, settings, and gear across your devices
- Send push notifications you opted into (new features, important updates)
- Improve the app based on anonymous, aggregated usage patterns
- Fix bugs and monitor app stability via crash reports
- Process your subscription through Apple’s App Store
We do not sell your data. We do not display ads. We do not build advertising profiles.
4. Third-Party Services
Pellica uses the following third-party services to operate. Each receives only the data necessary for its function.
| Service | Data shared | Purpose | Servers |
|---|---|---|---|
| Supabase | Account data, app data, auth tokens | Backend, database, authentication | EU (Frankfurt) |
| Firebase Analytics | Device info, app events, session data | Usage analytics | US (Google) |
| Firebase Cloud Messaging | Device push token | Push notifications | US (Google) |
| PostHog | Device info, app events, sessions | Product analytics | EU (Frankfurt) |
| Sentry | Crash data, stack traces, device info | Error tracking & stability | US |
| RevenueCat | Device ID, purchase history, subscription status | Subscription management | US |
| Google Sign-In | Google account email, display name, profile photo | Authentication (Google Sign-In) | US (Google) |
| Apple Sign-In | Apple ID email (relay or real), name | Authentication (Apple Sign-In) | US (Apple) |
| Crisp | Email address, support messages | Customer support chat | EU |
5. Data Storage & Security
All data in transit is encrypted with TLS. Data at rest is encrypted on Supabase servers (EU region, Frankfurt) and locally on your device using Hive encryption. Row-Level Security (RLS) ensures each user can only access their own data. We do not store your Apple or Google authentication passwords.
6. Data Retention
- Account and app data: retained as long as your account is active.
- Analytics data: automatically deleted after 12 months (PostHog) and 14 months (Firebase).
- Crash reports: automatically deleted after 90 days (Sentry default).
When you delete your account (Settings → Delete Account), all your data is permanently removed from our servers. This action is immediate and irreversible.
7. Your Rights (GDPR)
Under GDPR (and French data protection law), you have the right to:
- Access — request a copy of your personal data (Article 15)
- Rectification — correct inaccurate data directly in the app, or contact us (Article 16)
- Erasure — delete your account via Settings → Delete Account, or contact us (Article 17)
- Portability — request an export of your data in a machine-readable format (Article 20)
- Object — oppose processing based on legitimate interest (Article 21)
- Withdraw consent — at any time, without affecting the lawfulness of prior processing
To exercise any of these rights, email contact@pellica.app. We will respond within 30 days.
You also have the right to file a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés), the French data protection authority: www.cnil.fr
8. Cookies & Tracking
The Pellica mobile app does not use cookies. The app does not collect the IDFA (Apple’s Advertising Identifier) and does not display ads. The pellica.app website uses a single analytics cookie (PostHog) which you can decline via the cookie consent banner.
9. Children’s Privacy
Pellica is not intended for children under 13. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us at contact@pellica.app and we will delete it promptly.
10. Changes to This Policy
We may update this policy to reflect changes in our practices or legal obligations. The date at the top of this page indicates when it was last updated. We will notify users of significant changes via an in-app notice.
11. Contact
For any question about your data or this policy, email us at contact@pellica.app