Privacy Policy

Last updated: June 6, 2026

Language versions: 日本語 | 中文

1. Overview

This Privacy Policy explains how Hash Camera collects, uses, stores, discloses, and deletes information in connection with the Hash Camera mobile application, website, and related server services. Hash Camera is designed to create timestamp-enhanced photo evidence records and to verify those records through QR codes and server records.

By using Hash Camera, you acknowledge that photos and related evidence metadata may be transmitted to and stored on Hash Camera servers when you create a server evidence record.

2. Information We Process

When you create an evidence record, Hash Camera may process the photo you capture, capture time, server receipt time, evidence ID, photo hash, signed QR code metadata, device model identifier, membership or plan status, retention period, optional Bitcoin blockchain anchor height and hash, upload usage, and related technical records required to operate the service.

Hash Camera transmits the device model identifier only, such as an iPhone model identifier. Hash Camera does not transmit the user-customized device name.

When you verify a photo or QR code, Hash Camera processes the QR content, signed payload, evidence ID, or other verification information required to locate and compare the corresponding server record.

For authentication, abuse prevention, and rate limiting, Hash Camera may process email addresses, keyed hashes of email addresses, encrypted email records, Apple account identifiers, names and email addresses provided by Apple when available, session tokens, IP-derived rate-limit identifiers, complaint or report identifiers, administrator action records, and related timestamps.

For purchases and subscriptions, Hash Camera may process Apple in-app purchase product IDs, transaction IDs, original transaction IDs, signed transaction information, subscription status, purchase dates, expiration dates, revocation dates, and related plan records.

For website and server operation, Hash Camera and its infrastructure providers may process standard technical information such as IP address, request URL, request time, user agent, error logs, security events, and diagnostic records.

3. Photos and Evidence Records

Photos used to create evidence records are uploaded to Hash Camera servers and stored in Cloudflare R2. The app may also save a QR-marked copy to your device photo library if you grant the necessary device permission. Hash Camera does not delete, modify, or manage photos stored in your device photo library.

Server evidence records are used to verify whether a Hash Camera record exists, compare the server-stored photo and metadata, and return verification results. Verification results are informational and should be reviewed together with the server-stored image and other relevant evidence.

4. Account Sign-In and Purchases

If you use Sign in with Apple, the app sends the Apple identity token to the Hash Camera API for server-side verification before a Hash Camera session is issued. Hash Camera may process the Apple user identifier and profile information provided by Apple.

If you use email sign-in, Hash Camera uses your email address to send one-time verification codes. On Hash Camera servers, email addresses are stored in encrypted form and are looked up using a keyed hash. Authentication sessions are stored as server-side session records.

If paid plans or in-app purchases are enabled, payment processing, billing, refunds, and subscription management are handled by Apple through the App Store. Hash Camera receives purchase and subscription status information from Apple only as needed to provide paid features, determine upload limits, storage limits, and retention periods.

5. Local Device Data

The app stores local history, thumbnails, settings, and related app data on your device. You may clear local app data from the Settings screen. Clearing local data does not delete photos already saved to your device photo library and does not delete server evidence records unless you separately request deletion of those server records.

6. How We Use Information

Hash Camera uses information to provide evidence capture, upload, QR generation, QR verification, server record lookup, account authentication, upload quota enforcement, retention enforcement, abuse prevention, complaint deletion, content safety review, account restriction, service maintenance, security monitoring, and customer support.

Hash Camera does not use your information for third-party advertising tracking, cross-app tracking, behavioral advertising, or sale of personal information.

Hash Camera does not currently include third-party advertising SDKs or third-party analytics SDKs. If this changes, this policy and the App Store privacy disclosures will be updated before the new data use is enabled.

7. Retention

Evidence retention depends on the plan that applies at the time of upload. Current retention periods are 7 days for Free, 180 days for Pro, and 3 years for Business, unless a different period is stated in the app, App Store listing, or other published plan terms.

Hash Camera runs server-side scheduled cleanup to delete expired server evidence photos and related server records. Cleanup is performed by the server infrastructure and does not require the app to be opened on a user's device.

Authentication records, rate-limit records, safety reports, admin action logs, and operational records may be retained for as long as reasonably necessary to provide the service, prevent abuse, comply with legal obligations, resolve disputes, and enforce the Terms of Service.

8. User Deletion Controls

You may delete server-stored evidence records from the app history detail screen. Deleting a server evidence record removes the server-stored evidence photo and related server record. It does not delete photos already saved to your device photo library and does not reverse monthly upload usage.

You may delete your account from the app Settings screen. Account deletion removes your account, active sessions, server-stored evidence photos, related server records, and monthly usage records from Hash Camera servers. It does not delete photos already saved to your device photo library. Hash Camera may retain limited records where reasonably necessary for fraud prevention, legal compliance, dispute resolution, security, or enforcement of the Terms of Service.

9. Complaints, Reports, and Safety Removal

If a Hash Camera evidence record is verified in the app, the verification result screen may provide a complaint button. When the complaint button is confirmed, Hash Camera deletes the server-stored evidence photo and related server record immediately, without manual review. This action does not delete any photo from a user's device photo library and does not reverse monthly upload usage.

Hash Camera may maintain a safety report record that includes the evidence ID, reported account ID, reporter account ID if signed in, IP-derived rate-limit identifier, reason, status, admin notes, and related timestamps.

Hash Camera may delete server-stored photos and related records, restrict verification, suspend sessions, or block accounts without prior notice if content is found or reasonably suspected to involve infringement, secretly recorded or non-consensual imagery, privacy violations, violent or graphic content, child safety risks, sexual exploitation, fraud, forged evidence, impersonation, scams, illegal activity, or other misuse of the service.

10. Service Providers and Infrastructure

Hash Camera uses service providers and infrastructure vendors to operate the service. They process information only for service operation, hosting, storage, delivery, authentication, security, payment, and operational purposes.

Hash Camera does not share personal information with third-party advertising platforms or third-party analytics platforms. Hash Camera may disclose information if required by law, to protect users or the service, to enforce the Terms of Service, or in connection with a business transfer such as a merger, acquisition, or asset sale.

11. Security

Hash Camera uses technical and organizational measures intended to protect information, including HTTPS transport, server-side authentication, encrypted email storage, keyed hashes for email lookup, server-signed QR payloads, access controls, and rate limiting. No method of transmission or storage is completely secure, and Hash Camera cannot guarantee absolute security.

12. International Processing

Hash Camera and its service providers may process and store information in countries or regions other than where you reside. Data protection laws in those locations may differ from those in your jurisdiction.

13. European Union, EEA, and UK Users

If you are in the European Union, European Economic Area, or United Kingdom, you may have rights under data protection laws such as the GDPR, including rights to access, correct, delete, restrict, object to processing, request portability of your personal data, and withdraw consent where processing is based on consent.

The legal bases for processing may include providing the service you request, performing a contract with you, complying with legal obligations, protecting legitimate interests such as security and abuse prevention, and consent where required. To exercise privacy rights, contact [email protected].

14. California Users

If you are a California resident, you may have rights under the CCPA/CPRA, including rights to know, access, correct, delete, and limit certain uses of personal information, and the right not to be discriminated against for exercising privacy rights.

Hash Camera does not sell personal information and does not share personal information for cross-context behavioral advertising. To make a California privacy request, contact [email protected].

15. Children and Sensitive Content

Hash Camera is not directed to children under 13 and is not intended for use in the App Store Kids Category. Users must not use Hash Camera to upload child sexual abuse material, sexual exploitation content, secretly recorded imagery, or other illegal or harmful content. Such content may be removed and may result in account restrictions or other action where appropriate.

If you believe a child has provided personal information to Hash Camera or that a server evidence record involves child safety risk, contact [email protected] so we can review and take appropriate action.

16. Your Choices and Requests

You may use in-app controls to delete server evidence records, delete your account, clear local app data, and manage device permissions. Account deletion removes your Hash Camera server account data, but it does not cancel Apple subscriptions. If you purchased an auto-renewable subscription, you must manage or cancel it in iOS Settings > Apple ID > Subscriptions; Apple billing may continue until canceled through Apple. You may also contact Hash Camera to request access, correction, deletion, or other privacy assistance.

Privacy contact: [email protected].

17. Changes to This Policy

Hash Camera may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised "Last updated" date. Material changes may also be communicated through the app or website where appropriate.