KRYPTOTHEA

Private, Secure Photo Album Viewer


Login / Register

Privacy Policy

Last Updated: November 17, 2025

Web App (Photographers)

What we collect

• Account data: Email address and name (only if you create an account).

• Billing data: We use Stripe and PayPal to process payments. We receive only confirmation of the service plan purchased and subscription dates. We do not store or access payment methods, card numbers, or full billing addresses.

• Usage logs (non-personal): Browser type, browser version, operating system, and approximate location (city/state derived from IP — the IP address itself is not stored).

• Album activity: For each album you create, we log album name, creation date, download count (1, 2, 3…), download dates/times, deletion date, and album size.

No client-identifying information is stored.

What we do NOT collect

• Your original photos are compiled into an encrypted album and stored on AWS S3 only long enough for encryption process to complet, then they are deleted.

• We never see the contents of your encrypted albums.

• No IP addresses are retained beyond the session.

Data retention

Account data: Kept for 45 days after account closure to allow reactivation. After 45 days, permanently deleted.

• Usage & album logs: Retained for operational and billing purposes only; not tied to individuals after account deletion.

• Billing records: Handled entirely by Stripe/PayPal per their retention policies.

Mobile App (Clients)

What we collect

• Absolutely nothing from inside the app.

• We do not know if the app is opened, if an album is viewed, or any user activity.

• The only data collected is standard App Store / Google Play metadata at download (device type, OS version, city/state from store — we have no control over this).

What we do NOT collect

• No telemetry, crash reports, analytics, or tracking of any kind.

• No access to your photos, contacts, location, or camera roll.

• Encrypted albums remain fully inside the app’s secure container; we cannot open them even if we wanted to.

General

Security All data in transit uses TLS 1.3. Encrypted albums use end-to-end AES-256 encryption; keys are derived client-side and never touch our servers.

Third parties • Stripe & PayPal: Payment processing (see their privacy policies at stripe.com/privacy and paypal.com/privacy). • AWS S3 (US region): Temporary encrypted album storage. • No third-party SDKs, analytics, or tracking libraries are used.

Children’s privacy (COPPA) Kryptothea is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn such data has been collected, it will be deleted immediately.

Your rights You have the right to access, correct, or delete your personal data. Email privacy@kryptothea.com with your request. We will respond within 30 days.

Data Protection Officer (DPO) privacy@kryptothea.com

Changes We will notify registered users by email at least 30 days before any material changes take effect.

Contact privacy@kryptothea.com