Lapse Privacy Policy

Last updated: September 10, 2025

This Privacy Notice for Lapse describes how and why we might access, collect, store, use, and/or share your personal information when you use our services. Reading this Privacy Notice will help you understand your privacy rights and choices.

1. Data Controller

Fortis AI GmbH acts as a controller for non-local data processing (subscriptions and advertising). Media processing occurs exclusively on-device without transmission.

The majority of data processing in Lapse happens locally on your device. We only collect minimal data for subscription management and advertising (for non-paid users).

Availability. Lapse is currently not offered in the United Kingdom. If you are located in the UK, please do not use the app.

You can contact us regarding any privacy matter:

2. What Data We Collect

Lapse is designed with privacy by design principles. Most processing happens locally on your device, with minimal external data collection for subscription and advertising services.

Sensitive Information: We do not intentionally process special-category data or perform biometric identification. If such content appears within your photos, it is processed only on-device and is never transmitted.

2.1 Local Data Processing

Lapse accesses and processes the following data locally on your device:

• Photo Library Access: To analyze and organize your photos and videos
• Media Metadata: Creation dates, location data (if available), file sizes, and technical properties
• Viewing History: Local records of which media you've viewed to improve recommendations
• User Preferences: Settings and customizations stored locally on your device
• Local Usage Analytics: Basic app performance metrics (e.g., feature usage patterns, crash prevention data) stored locally for feed curation improvements only

Important: This local data is never transmitted to our servers or any third parties. All processing remains on your device. Note: Basic app performance and crash data may be collected by Apple's built-in analytics, but this does not include your media content or analysis results.

2.2 Subscription Data Collection

For subscription management through Apple's StoreKit framework, we collect:

• Subscription Status: Whether you have an active subscription (processed through Apple)
• Purchase Information: Transaction receipts and validation data handled by Apple's servers
• Subscription Verification: We receive limited information from Apple to verify your subscription status. We do not directly identify you.

Apple StoreKit Integration: All payment processing, subscription management, and billing is handled entirely by Apple. We receive only the minimum necessary information to verify subscription status and provide premium features.

2.3 Advertising Data (Non-Paid Users Only)

For users without an active subscription, we integrate with Google AdMob to display native advertisements:

• Device Information: Device type, OS version, app version for ad compatibility
• Advertising Identifier: Apple's Identifier for Advertisers (IDFA) if you have not opted out
• Ad Interaction Data: Whether ads are viewed, clicked, or dismissed
• General Location: Approximate location (country/region level) for relevant ad targeting

AdMob Data Processing: This data is processed by Google AdMob according to their privacy policies. You can opt out of personalized advertising through iOS Settings → Privacy & Security → Apple Advertising.

2.4 Data We Do NOT Collect

Lapse does not:

• Create user accounts or collect personal identifiers beyond subscription status
• Access your contacts, calendar, or other personal data
• Track your precise location or use location services
• Transmit your photos, videos, or photo analysis data to external servers
• Monitor user sessions or track individual user behavior across sessions
• Collect or store payment information (handled entirely by Apple)

2.5 App Store Analytics

App Store Metrics: Apple may provide basic app performance metrics (such as download counts, crash rates) through the App Store platform. These metrics are:

• Provided directly by Apple, not collected by us
• Aggregated and anonymized by Apple
• These metrics originate exclusively from Apple, are aggregated/anonymized and are not linked to individual users
• Subject to Apple's own privacy policies

3. Legal Basis for Data Processing

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases:

• Consent (Art. 6(1)(a) GDPR): For photo access and analysis (iOS permission, withdraw anytime in Settings). In the EEA and Switzerland, we show advertising only after your consent via a TCF-compatible consent banner (Google UMP). You can withdraw consent any time in Settings → Privacy in the app.
• Contractual Necessity (Art. 6(1)(b) GDPR): For subscription management and premium feature delivery
• Legitimate Interests (Art. 6(1)(f) GDPR): For non-ad core functions only.

You have the right to object to processing based on legitimate interests.

ePrivacy device access. Accessing device identifiers (e.g., IDFA) for advertising requires your consent under EU ePrivacy rules (IAB TCF Purpose 1). We request this in the consent dialog; if you decline, we show non-personalized ads.

4. Purpose of Data Processing

We process data for the following purposes:

• Media Organization: Analyzing and categorizing your photos and videos (local processing)
• Content Discovery: Helping you rediscover forgotten or buried media (local processing)
• Smart Curation: Creating personalized collections and recommendations (local processing)
• Subscription Management: Verifying subscription status and providing premium features
• Advertising: Displaying relevant advertisements to non-paid users
• App Performance: Optimizing app functionality and user experience

Personalization/Profiling: Lapse creates on-device personalized suggestions. This is 'profiling' under GDPR, but it has no legal or similarly significant effects and never leaves your device. AdMob may perform advertising profiling according to their privacy policies.

5. Data Sharing with Third Parties

We share minimal data with the following third parties:

5.1 Apple Inc. (Subscription Services)

For subscription management through StoreKit:

• Subscription verification and validation data
• Purchase transaction information
• App Store account identifiers

This data sharing is necessary for providing subscription services and is governed by Apple's privacy policies.

5.2 Google LLC (AdMob - Non-Paid Users Only)

For displaying advertisements to users without active subscriptions:

• Device and app information for ad serving
• Advertising identifiers (if not opted out)
• Ad interaction and performance data
• General location information for ad relevance

This data sharing is governed by Google's AdMob privacy policies and your regional choices. Google may act as an independent controller for advertising under the TCF framework; we surface Google's vendor purposes in our CMP. You can opt out of personalized advertising through device settings.

5.3 Data We Do NOT Share

We explicitly do not share:

• Your photos, videos, or any media content
• Photo analysis results or metadata
• Viewing history or user preferences
• Precise location data
• Personal contact information

6. Data Retention

• Local App Data: Stored locally on your device until you delete the app
• Subscription Data: Retained as long as necessary for subscription management and Apple's requirements
• Advertising Data: Retained according to Google AdMob's data retention policies
• App Analytics: Apple-provided aggregated metrics are not stored by us and remain subject to Apple's retention policies
• Consent Records (IAB TCF/UMP): We retain your consent choices for up to 13 months, after which we will re-ask.
• Ad Event Logs: Retained by Google according to its policies; we do not extend retention beyond that.

When you delete the Lapse app, all local data is automatically removed from your device. Note: App preferences may be included in device backups if you have iCloud Backup enabled; these backups are stored in your personal iCloud account under Apple's control. Subscription and advertising data retention is governed by Apple and Google's respective policies.

7. Your Rights

As a resident of the European Union or EEA, you have the following rights under the GDPR:

• Access: Request information about data we process about you
• Rectification: Correct inaccurate data or modify preferences within the app
• Erasure: Delete the app to remove local data; request deletion of subscription data
• Portability: Your original media remains in your Photos app
• Objection: Object to advertising data processing; revoke photo access permissions
• Restriction: Limit how we process your data
• Withdraw Consent: Revoke permissions at any time through iOS Settings

Manage consent anytime. You can review or withdraw your consent at any time in the app under Settings → Privacy Options.

To exercise your rights regarding subscription or advertising data, contact us at developer@lammer.ai.

8. Subscription Services

Lapse offers premium features through subscription services managed entirely by Apple's StoreKit framework:

8.1 Subscription Management

• Payment Processing: All payments are processed by Apple through the App Store
• Subscription Plans: Available subscription tiers and pricing are displayed in the app
• Auto-Renewal: Subscriptions automatically renew unless cancelled
• Cancellation: Manage or cancel subscriptions through App Store Settings

8.2 Premium Features

Paid subscribers receive:

• Ad-free experience (no AdMob advertising)
• Enhanced photo organization features
• Advanced curation algorithms
• Accelerated workflows without advertising interruptions

9. Advertising (Non-Paid Users)

Users without active subscriptions will see native advertisements powered by Google AdMob:

Native ads disclosure. All native ads are clearly labeled “Ad” and display the AdChoices icon as required. We never present ads as editorial content.

9.1 Ad Types

• Native Ads: Integrated into the app interface
• Banner Ads: Displayed at designated areas within the app
• Interstitial Ads: Full-screen ads at natural transition points. We avoid interrupting core flows with interstitial ads.

9.2 Consent & Regions

In the EEA and Switzerland, we use a Google-certified CMP (Google UMP) following IAB TCF 2.2. The banner covers Purpose 1 (store and/or access information on a device) and the relevant advertising and measurement purposes. You can withdraw consent any time in Settings → Privacy (this opens the UMP privacy options form).

9.3 Minors

For users under 16 in the EEA/CH, we apply Google's "Under Age of Consent in Europe" treatment (TFUA) and do not request personalized ads.

9.4 Apple ATT

The consent sequence follows this order: First, we request UMP consent for personalized advertising. Only if you choose personalized ads, we then request App Tracking Transparency (ATT) permission on iOS. If you deny ATT permission, we serve non-personalized ads.

9.5 Provider Roles

We use Google AdMob for ad delivery and measurement. Google may act as an independent controller for certain processing; see Google's privacy & frameworks pages and ads settings.

9.6 Ad Personalization Controls

Control advertising preferences through:

• In-App Settings: Privacy → Manage Consent (UMP)
• iOS Tracking: Privacy & Security → Tracking (ATT permission)
• Google Ad Settings: Visit adssettings.google.com
• Subscription: Upgrade to premium to remove all advertising

10. Photo Library Permissions

Lapse requires access to your photo library to function. We use iOS's built-in permission system:

10.1 Permission Types

• Full Library Access: Allows analysis of your entire photo collection
• Selected Photos: Limits access to photos you specifically choose
• No Access: App functionality is severely limited

10.2 Managing Photo Access

iOS Settings:

• Settings → Privacy & Security → Photos → Lapse
• Choose your preferred access level
• Change permissions at any time

11. Data Security

We implement the following security measures:

• Local Processing: Photo data remains on your device, eliminating transmission risks
• iOS Security: Leverages Apple's built-in security features and sandboxing
• Encrypted Transmission: All external communications use HTTPS/TLS encryption
• Minimal Data Collection: Only collect data necessary for subscription and advertising services
• Third-Party Security: Apple and Google implement industry-standard security measures
• Regular Updates: We provide security updates through the App Store

11.1 Device Backups (iCloud or iTunes)

This app does not use iCloud sync for photos or personal data. App preferences and settings may be included in device backups. If you enable iCloud Backup on your device, iOS may include this app's settings in your encrypted device backups. Those backups are stored in your personal iCloud account under Apple's control and are not accessible to us.

12. Privacy for Minors

Age. In the EEA/CH, you must be at least the digital age of consent applicable in your country (between 13 and 16), or have verifiable parental consent, to use Lapse. In Austria, this age is 14. In the United States, the app is designed for users 13+ (COPPA).

Ad treatment for minors (EEA/CH). Regardless of the above, we do not request personalized ads for users under 16 and apply TFUA.

We take additional precautions for younger users:

• Parental consent requirements for subscription purchases under 18
• Limited data collection for all users
• No social features or external communications
• Compliance with COPPA and applicable children's privacy laws

13. International Data Transfers

International data transfers. Where data is transferred to the United States, we rely on the EU-US Data Privacy Framework (DPF) where the recipient is certified (e.g., Google LLC), and otherwise on Standard Contractual Clauses (SCCs) with supplementary measures as required.

• Apple Inc. (US): Subscription data transferred under Apple's adequacy decisions and standard contractual clauses
• Google LLC (US): Advertising data transferred under EU-US Data Privacy Framework (DPF) certification
• Your Photos: Never transferred outside your device

Google (AdMob). Privacy & transfers (including EU–US DPF): policies.google.com/privacy · DPF certification. EU User Consent / UMP: EU User Consent Policy · Google UMP SDK.

Apple (StoreKit). Subscription management & refunds (“Report a Problem”): reportaproblem.apple.com.

We provide non-personalized ads where required and honor any consent choices you make.

14. Changes to This Privacy Policy

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated date. If we make material changes to this Privacy Notice, we will notify you via the app (e.g., a banner or update screen) or through the App Store release notes.

15. Contact

For any privacy-related questions or concerns:

16. Right to Complain

You have the right to file a complaint with your local data protection authority.

17. Additional Disclosures for California Residents (CCPA/CPRA)

While Fortis AI GmbH is established in Austria, we recognize the California Consumer Privacy Act. California residents should note:

• Personal Information Collection: We collect limited personal information for subscription and advertising purposes
• Categories Collected: Device identifiers, subscription status, advertising data, app usage analytics
• No Sale of Personal Information: We do not sell personal information
• Third-Party Sharing: Limited sharing with Apple (subscriptions) and Google (advertising) as described above
• Your Rights: Right to know, delete, correct, and opt-out of certain data processing
• Sharing for cross-context behavioral advertising: If we engage in "sharing" (personalized advertising), you may opt out via Do Not Sell or Share My Personal Information in the app (Settings → Privacy). We also honor Global Privacy Control (GPC). Non-personalized ads remain available.

To exercise CCPA rights, contact us at developer@lammer.ai.

18. Definitions

"Personal Information / Personal Data" means any information that relates to an identified or identifiable individual as defined in Art 4 (1) GDPR and §1798.140 CCPA.

"Processing" means any operation performed on personal data, whether or not by automated means (Art 4 (2) GDPR).

"Local Processing" refers to data processing that occurs entirely on the user's device without transmission to external servers.

"Third-Party Services" refers to Apple StoreKit for subscription management and Google AdMob for advertising services.