Privacy Policy — SyncGallery

Data Controller and EU Representative

Data Controller: Aliaksandr Kasabutski, contact: m-apps@m-apps.net.

EU Representative: not required, since the controller is located within an EU Member State (Poland). For GDPR inquiries, please contact the Data Controller.

This Privacy Policy describes how SyncGallery (package net.mapps.mgallery) processes personal data. We comply with the EU GDPR and applicable laws.

1. Summary

• The app is free to download. Ads and paid features may be enabled later.
• You may purchase a subscription and/or ad removal via Google Play Billing.
• Cloud sync (Microsoft OneDrive / Google Drive) is performed only with your consent after login.
• Optional AI-powered editing features (background blur, removal, replacement) process your photos locally on your device using on-device machine learning.

2. Data we process

2.1. Data you provide

• Login data handled by identity providers during OAuth; the app may store tokens only if necessary.
• Media files and metadata you view, organize, edit, or sync.
• Settings, preferences, subscription status, purchase receipts from Google Play.
• Cloud sync configuration: folder selections, sync rules, and sync preferences you create.

2.2. Data collected automatically

• Technical data: device model, OS version, language, country, advertising identifiers (if enabled), IP (shortened where possible), crash and performance logs.
• Anonymous installation identifier: a randomly generated ID unique to each app installation, used to measure app usage frequency and improve our services. This ID is not linked to your identity or advertising profile.
• Diagnostics: feature usage, stability, crash reports (via Firebase Crashlytics if enabled).

2.3. Data from third parties

• Purchase/subscription info from Google Play Billing (not full payment card data).
• Ad networks (Google AdMob) to show ads under their policies.
• Cloud providers (OneDrive / Google Drive) to perform your sync requests.

3. Purposes and legal bases

• App functionality — contract performance (Art. 6(1)(b) GDPR) and legitimate interests (Art. 6(1)(f)).
• Advertising/analytics (when enabled) — consent (Art. 6(1)(a)).
• Payments/subscriptions — contract performance (Art. 6(1)(b)).
• Security/fraud prevention — legitimate interests (Art. 6(1)(f)).

4. Advertising and analytics

• Google AdMob — ads (personalized with consent). More: policies.google.com/technologies/ads.
• Firebase (Analytics / Crashlytics) — aggregated analytics, crash reporting: firebase.google.com/support/privacy.

In the EU, consent is obtained via User Messaging Platform (UMP) before loading ads.

5. Cloud synchronization

SyncGallery allows you to synchronize photos and videos between folders on your device and cloud storage services (Google Drive, Microsoft OneDrive). Cloud sync is entirely optional and only activates after you explicitly log in and configure sync rules.

5.1. How cloud sync works

• You select a folder on your device and a folder in your cloud storage, then choose a sync mode (upload only, download only, or two-way sync).
• The app reads, uploads, downloads, and (if configured by you) deletes media files according to your sync rules.
• Sync may run in the background using a foreground service so you are always informed when it is active.

5.2. Folder sharing and invite links

When you share a synced folder with another person, the app generates an invite link that contains:

• Your display name (not your email address) — so the recipient can identify who sent the invitation.
• The cloud folder name and cloud provider (OneDrive or Google Drive).
• A sharing link to the cloud folder, which the recipient needs to access the shared content.

This information is embedded in the URL and may be visible in the recipient's browser history, messaging apps, and web server access logs. By sharing a folder, you consent to this disclosure. You can revoke sharing at any time through the app's sync rule settings.

5.3. Google Drive — data accessed

When you connect a Google account, the app requests access to your Google Drive via OAuth 2.0. The following data is accessed:

• File and folder metadata: names, sizes, modification dates, MIME types, folder hierarchy, checksums (MD5) — used to detect changes and avoid duplicate transfers.
• File contents: photo and video files are uploaded to or downloaded from Google Drive according to your sync rules.
• Account information: your Google email address and display name — used to identify the connected account within the app.
• Storage quota: total and used storage — displayed so you can manage your cloud space.
• Sharing permissions: if you choose to share a synced folder, the app manages sharing invitations on your behalf.

The app does not access Google Drive files outside the folders you select for synchronization. The app does not read or modify files belonging to other Google Workspace applications (Docs, Sheets, etc.).

5.4. Microsoft OneDrive — data accessed

When you connect a Microsoft account, the app uses the Microsoft Graph API via OAuth 2.0. The same categories of data as described above for Google Drive are accessed within OneDrive, limited to the folders you configure for sync.

5.5. Authentication and token storage

OAuth tokens are stored locally on your device. Tokens are cached in memory during app usage and refreshed automatically. Signing out from a cloud account within the app revokes and deletes all associated tokens. You may also revoke access at any time through your Google or Microsoft account security settings.

6. AI and machine learning features

SyncGallery offers optional AI-powered editing tools. These features are clearly labeled as beta and require your explicit action to use.

6.1. On-device processing

• Face detection (Google ML Kit) — detects faces in photos for portrait enhancement and face-aware background blur. All processing occurs on your device. No facial data is sent to any server.
• Subject segmentation (Google ML Kit) — separates foreground subjects from background for background removal and blur effects. Processed entirely on-device.

All AI-powered editing features run entirely on your device. No photos are sent to external AI services for editing purposes.

7. Device permissions

• Photos/media (READ_MEDIA_IMAGES, READ_MEDIA_VIDEO) — to display, organize, and edit your photos and videos within the gallery.
• All files access (MANAGE_EXTERNAL_STORAGE) — required for cloud synchronization. The app needs to read from and write to device folders you select for sync rules. Many media files are stored in non-standard locations (e.g., folders created by messaging apps, custom camera applications, or downloaded content) that are not accessible through Android's standard media APIs. This permission allows the app to synchronize any folder you choose. You grant this permission manually in system settings, and the app only accesses folders you explicitly configure.
• Media management (MANAGE_MEDIA) — allows the app to modify or delete media files during sync and editing operations without requiring individual confirmation for each file.
• Media location (ACCESS_MEDIA_LOCATION) — to read GPS coordinates embedded in photo EXIF data, used to display photo locations on a map.
• Internet/network — cloud sync, ads, billing, AI features.
• Foreground service — to keep sync operations running reliably when the app is in the background. A persistent notification is shown while sync is active.
• Notifications — to inform you about background sync progress and completion (optional).
• Boot completed — to resume scheduled sync tasks after device restart (optional).

8. Storage and retention

• OAuth tokens stored locally/encrypted; signing out revokes them.
• Logs/diagnostics retained max 180 days. Anonymous installation identifiers and associated usage data are retained for the same period.
• Billing records retained as required by law.
• Sync metadata (file mappings, session data) stored locally and deleted when you remove the corresponding sync rule or disconnect the cloud account.

9. Data sharing/transfers

The app communicates with our own servers (m-apps.net) for app configuration, localized content delivery, and anonymous usage analytics. It also communicates with the following third-party services:

• Google Drive / Microsoft OneDrive — your media files and metadata, as directed by your sync rules.
• Google Play Billing — subscription and purchase data.
• Google AdMob — device identifiers and ad interaction data (with consent).
• Firebase (Analytics, Crashlytics, Messaging) — aggregated analytics, crash reports, push notifications.

Cross-border transfers follow GDPR safeguards (e.g., SCCs). We do not sell your personal data.

10. Data deletion

You can delete your data in the following ways:

• Cloud accounts: disconnect your Google or Microsoft account within the app's settings. This deletes all locally stored tokens, sync mappings, and cached account data.
• Sync data: delete individual sync rules to remove all associated file mappings and session data from the device.
• App data: uninstalling the app removes all locally stored data (preferences, databases, cached files).
• Analytics/diagnostics: data collected by Firebase is retained for up to 180 days and then automatically deleted.
• Advertising data: you can reset your advertising identifier or opt out of personalized ads in your device settings.
• Request deletion: you may contact m-apps@m-apps.net to request erasure of any personal data we can identify as associated with you.

11. Your rights (GDPR)

• Access, rectification, erasure, restriction, portability, objection.
• Withdraw consent anytime (does not affect prior processing).
• Complain to EU supervisory authority (residence/work).

12. Children

The app is not directed to under-13s and does not knowingly collect their data.

13. Security

We apply organizational/technical measures (encryption in transit, access controls, monitoring). 100% security not guaranteed.

14. Google API Services User Data Policy

SyncGallery's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• The app only uses Google Drive data to provide and improve the cloud synchronization features you request.
• The app does not transfer Google Drive data to third parties, except as necessary to provide the sync functionality, comply with applicable laws, or as part of a merger, acquisition, or asset sale with prior notice.
• The app does not use Google Drive data for serving advertisements.
• The app does not allow humans to read your Google Drive data unless you provide affirmative consent, it is necessary for security purposes, or it is required to comply with applicable law.

15. Changes

New version effective upon posting at: https://m-apps.net/syncgallery/html/en/syncgallery_privacy.html. Major changes may be notified in-app.

16. Contact

Privacy contact: m-apps@m-apps.net.