Privacy Policy

1. Introduction

MALCOMSON BROTHERS LIMITED ("we," "us," or "our") operates talgia (the "Service"), a camera, photo, template, recap, and sharing service available through our apps, websites, and related services at talgia.app. This Privacy Policy explains what we collect, why we collect it, how it is used, and the choices you have.

Where privacy law uses the concept of a data controller, MALCOMSON BROTHERS LIMITED is the controller for the personal information described in this policy, unless we say otherwise.

Our aim is simple: your photos should be used to provide the features you choose, not quietly repurposed in ways you would not expect. We do not sell your personal information, we do not "share" it for cross-context behavioural advertising as that term is used under California privacy law, and we do not use your photos to train AI models without your explicit permission.

2. Local Device Data vs Online Data

Some talgia features run locally on your device, while others require an online connection so that you can sync, share, collaborate, purchase, or recover access.

• Local-only camera work: Photos imported or taken in the camera, local rolls, local history, edits, filters, adjustments, local recaps, and local exports may be stored and processed on your device unless you choose a feature that uploads or shares them.
• Online features: Account login, subscriptions, shared rolls, shared camera invites, look codes, template contribution sessions, cloud-hosted collage/template media, analytics, moderation, and support require us to process and store some information.
• Sharing is a choice: If you create a share link, invite someone to a shared roll, upload to a collaborative template, or send a shared artifact, the content and related information may be stored by us and made available through that link or collaboration flow.

3. Information We Collect

3.1 Information You Provide

• Account information: Email address, name or display name, Sign in with Apple identifiers, web account linking codes, authentication session data, and settings connected to your account or app install.
• Photos, videos, and creative content: Photos you take, import, upload, edit, save, share, or add to templates, shared rolls, recaps, look codes, or other creative features.
• Camera and template choices: Presets, custom camera settings, stickers, backgrounds, adjustments, look codes, recap styles, template slot choices, and share destination choices.
• Shared roll information: Roll names, invite links, creator display names, replies, reports, removals, moderation decisions, and other collaboration metadata.
• Payments and purchases: Purchase history, subscription status, product identifiers, entitlement grants, restore-purchase events, transaction references, and payment-provider metadata. Payment card details are handled by Apple or Stripe and are not stored by us directly.
• Support and communications: Messages, reports, review requests, feedback, and information you send when contacting us.

3.2 Information Collected Automatically

• Device and app information: Device type, operating system, app version, install identifiers, browser type, IP address, approximate region, language, and diagnostics needed to operate and secure the Service.
• Usage and analytics data: Limited information about how the app is used, such as feature interactions, saves, shares, purchases, restores, feedback interactions, performance, and errors. We do not put raw photo or video content inside analytics events.
• Storage and moderation information: Details needed to manage uploaded or shared content, retention, deletion, reports, abuse prevention, and legal requests.
• Cookies and similar technologies: Session cookies, authentication tokens, anti-abuse checks, and analytics identifiers used by our websites.

4. How We Use Information

• To provide camera presets, photo editing, templates, recaps, and sharing tools
• To store and show the content you choose to save, sync, upload, or share
• To operate shared rolls, invites, replies, reports, and moderation workflows
• To create and apply look codes, share artifacts, and recap exports
• To authenticate users, link iOS installs to web accounts, and prevent account abuse
• To process purchases, manage subscriptions, restore purchases, and grant entitlements
• To provide support, troubleshoot bugs, and improve performance and reliability
• To understand which features help users complete and share creative work
• To detect fraud, spam, abuse, unsafe content, and security issues
• To comply with law, enforce our terms, and respond to valid legal requests

5. Legal Bases for Processing

Where GDPR or similar laws apply, we rely on the following legal bases:

• Contract: To provide the Service and paid features you request.
• Consent: Where you choose to upload, share, invite, receive marketing, or use optional features requiring consent.
• Legitimate interests: To improve the Service, keep it secure, prevent abuse, measure feature performance, and support users.
• Legal obligations: For tax, accounting, consumer protection, App Store, payment, safety, and legal compliance.

6. Sharing and Service Providers

We share information only as needed to provide, secure, improve, or legally operate the Service.

• Apple: Sign in with Apple, App Store purchases, restore purchases, and subscription status.
• Stripe: Web payments and billing where available.
• Hosting and storage providers: Infrastructure, databases, object storage, content delivery, backups, and logs.
• Email providers: Verification codes, account notices, support, and transactional emails.
• Security and anti-abuse providers: Tools such as Cloudflare Turnstile or equivalent checks to reduce spam and abuse.
• Analytics providers: Privacy-conscious product analytics and operational metrics where enabled.
• AI and media processing providers: Only where a feature requires external processing. We do not use your photos for model training without explicit permission.
• Other users you share with: If you create or join a shared roll, share a look code, invite link, recap, template, or artifact, recipients may see the content and metadata needed for that feature.

We may also disclose information if required by law, to protect rights and safety, to investigate abuse, or as part of a merger, acquisition, financing, restructuring, or sale of assets.

7. Photos, Videos, AI, and Creative Outputs

• Photos and videos you keep local remain on your device unless you choose an online or sharing feature.
• Uploaded media is used to provide the feature you selected, such as shared rolls, templates, recaps, support, or AI generation.
• Generated, edited, or exported content may be stored so you can access, download, share, report, or delete it.
• Public or unlisted links should be treated as shareable by anyone who receives the link.
• We may review or remove content that is reported, violates our policies, creates safety risk, or is required to be removed by law.
• We do not sell your photos and do not train AI models on your photos without explicit consent.

8. Retention and Deletion

We keep information only as long as needed for the purposes described in this policy, unless a longer period is required for legal, accounting, safety, fraud-prevention, or dispute reasons.

• Local device content: Remains on your device until you delete it or remove the app, subject to iOS backup and device settings.
• Shared rolls and uploaded collaboration media: Retained while needed for the shared feature and subject to product limits, deletion, moderation, and retention settings.
• Uploaded, generated, or saved online content: Retained while your account or shared link needs access unless you delete it or request deletion.
• Account data: Retained while your account is active and then deleted or anonymised after an account deletion request, except where we must keep limited records.
• Purchase and transaction records: Retained as required for tax, accounting, fraud prevention, payment disputes, App Store/Stripe reconciliation, and legal compliance.
• Analytics and logs: Retained for product, security, diagnostics, and abuse-prevention purposes, then deleted or aggregated according to our retention policies.
• Backups: Deleted on normal backup rotation schedules and not restored to active systems except for recovery, security, or legal reasons.

When you delete your account in the app or on the web, we remove account access and delete or anonymise associated account data, subject to records we may need to retain for billing, safety, fraud prevention, dispute resolution, or legal obligations.

9. Security

We use technical and organisational measures designed to protect information, including:

• Encryption in transit
• Access controls and role-based admin access
• Authentication protections, including Sign in with Apple and account-linking safeguards
• Monitoring for abuse, fraud, errors, and security issues
• Backups and recovery processes

No online service can guarantee perfect security, but we work to keep protections proportionate to the sensitivity of the data.

10. Your Rights and Choices

• Access, correct, export, or delete your personal data where applicable.
• Delete local app content from your device.
• Delete or remove content you control, where the app provides that control.
• Report shared roll content for review.
• Restore purchases through Apple where applicable.
• Opt out of marketing emails using unsubscribe links or by contacting us.
• Request account deletion from the app, web settings, or by contacting us.

European, UK, California, and other users may have additional rights under local laws, including access, deletion, correction, portability, objection, restriction, and the right to opt out of certain sales, sharing, or targeted advertising where those rights apply. You also have the right not to be discriminated against for exercising privacy rights. Contact us at hi@talgia.app to exercise these rights.

11. Children and Sensitive Content

The Service is not intended for children under 13, or under 16 where local law requires a higher age. Do not upload photos of minors or other people unless you have the rights and consent needed to do so. If you believe a child has provided personal information or unsafe content has been uploaded, contact us immediately.

12. International Transfers

Your information may be processed in countries other than where you live. Where required, we use safeguards such as adequacy decisions, Standard Contractual Clauses, contractual protections, and other lawful transfer mechanisms.

13. Cookies, Analytics, and Tracking

We use essential cookies and similar technologies for login, sessions, security, account linking, and checkout. We may also use privacy-conscious analytics to understand app and website usage, feature performance, and whether people are able to complete important actions. If we use advertising measurement or third-party tracking that requires consent under applicable law or platform rules, we will request consent where required.

14. Changes to This Policy

We may update this Privacy Policy as the Service changes. We will update the date above and, for material changes, provide additional notice where appropriate. Continued use of the Service after an update means the updated policy applies.

15. Contact and Complaints

For privacy questions, requests, or complaints, contact us at:

If you are in the UK or EEA and believe we have not handled your request properly, you may have the right to complain to your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO).