Pellica
Live on iOS · Android
Get the app
Get the app
LegalPrivacy policy · plain English · read in 4 minutesEffective April 2026
Home/Privacy

Privacy Policy.

◉ Effective · 1 April 2026·Version 3 · supersedes all previous

Pellica is designed to keep your data on your device. We don't sell it, don't share it for advertising, and don't run analytics on what you photograph. Cloud sync and crash reporting are opt-in. If you never sign in, we never receive anything about you. This page explains the details.

Who we are.

· Controller · contact · location

Pellica is built by Rollify SAS, a small company registered in Paris, France (SIRET 908 412 003 00017). We are the data controller for everything described here.

Email: [email protected] · Post: 12 rue de Bretagne, 75003 Paris.

What we collect.

· Categories · purpose · basis

We try to collect as little as possible. Here is the exhaustive list:

  • Email (if you sign in): for account access, sync, and billing. Never used for marketing unless you explicitly opt in.
  • Roll data (if you enable cloud sync): your rolls, frames, notes, scans. Encrypted end-to-end.
  • Crash reports (opt-in): a stack trace and device model when Pellica crashes. No personal content.
  • Payment records (Pro subscribers): handled by Apple. We see the transaction ID, never your card.
◉ What we do not collectLocation history, photos outside Pellica, contacts, advertising IDs, social accounts, behavioural tracking. There is no analytics SDK in the app.

What stays on your device.

· Default state · zero-signup

If you never sign in, everything stays local: rolls, frames, GPS stamps, scans, lab visits, light-meter readings. None of it leaves your phone. You can use Pellica forever without us ever seeing a byte of your shooting.

Cloud sync (opt-in).

· End-to-end encrypted · your key

If you enable cloud sync (Pellica Pro), your data is encrypted on your device before being uploaded to our servers in Frankfurt (AWS eu-central-1). We never hold the decryption key — only you do. If you lose your key and have no other device signed in, we cannot recover your data. That is the trade-off for real privacy.

Third-party services.

· Minimal · transparent
  • Apple / Google: app distribution, payments (App Store).
  • AWS Frankfurt: encrypted cloud sync storage only. They cannot read your data.
  • OpenWeather: weather stamps. We send a truncated GPS coordinate and get back weather. They never see your identity.
  • Sentry (opt-in): crash reports. EU-hosted.

We do not use Google Analytics, Facebook Pixel, Mixpanel, Segment, or any advertising SDK. Ever.

Your rights under GDPR & CCPA.

· Access · export · delete

You have the right to access, export, correct, and delete any data we hold about you. In the app: Settings → Account → Export data / Delete account. Or email [email protected]. We respond within 30 days (usually within 48 hours).

How long we keep things.

· Minimums · purging
  • Account data: for as long as your account exists. Delete the account, we delete it all within 30 days.
  • Crash reports: 90 days, then automatically purged.
  • Payment records: 10 years, because French tax law requires it. Sorry.

Minors.

· Age · consent

Pellica is not intended for children under 13. We don't knowingly collect data from anyone under 13. If you believe a child has created an account, email us and we'll delete it.

Changes to this policy.

· Notice · versioning

If we ever change this policy in a way that expands what we collect, we will email you, post a notice in the app, and give at least 30 days to review before it takes effect. Cosmetic and clarifying changes get a changelog entry at the bottom of this page.

How to reach us.

· Real human · no ticket system

Email [email protected]. Louis answers personally, usually within a day.