Privacy Policy
Arum Communications Corp. ("we", "us", "our") built the Crop Image app ("the Service") as a free, ad-supported application with an optional paid premium upgrade. This page informs you of our policies regarding the collection, use, and disclosure of personal information when you use the Service, and the choices you have associated with that information.
By using the Service, you agree to the collection and use of information in accordance with this policy. We will not use or share your information with anyone except as described in this Privacy Policy.
1. Information We Process
1.1 Information processed only on your device
The Service lets you crop, rotate, straighten, and batch-process photos, take a new photo with your camera to crop, and apply filters and effects. To do this, the app reads:
- The photos you select from your gallery, or the photo you capture with the camera, so they can be displayed and edited
- File metadata (file name, file path, file size, modification date) of the images you choose to edit
- The MediaStore content URIs needed to load the images you pick and to save the cropped or edited output back to your device
This information stays on your device. The cropping, rotation, straightening, and filter/effect processing all happen locally on your device. We do not upload your photos, file names, file paths, thumbnails, or edited results to any server operated by us. Cropped and edited images are saved to your device's gallery (photo storage) and remain under your control.
1.2 Permissions used
| Permission | Purpose |
|---|---|
CAMERA |
Capture a new photo so you can crop and edit it. Used only when you choose the camera option. |
READ_MEDIA_IMAGES (Android 13+) |
Read photos from device storage so you can select images to crop and edit. |
READ_EXTERNAL_STORAGE (Android 12 and below) |
Same purpose as above on older Android versions. |
WRITE_EXTERNAL_STORAGE (Android 12 and below) |
Required to save your cropped and edited images to device storage on legacy Android versions. |
POST_NOTIFICATIONS (Android 13+) |
Display notifications, such as update or informational messages delivered via push. |
1.3 Information collected by third-party services
The app uses third-party services that may collect information used to identify you or your device. These services may collect data such as device identifiers (Android Advertising ID), IP address, device model, operating system version, app version, language, country, crash logs, push notification tokens, and aggregated usage events. Please review each provider's privacy policy linked in Section 4 below.
1.4 Subscription and purchase information
If you purchase a premium upgrade, the transaction is processed by Google Play Billing and managed through RevenueCat. We do not receive or store your full payment instrument (e.g., credit card number). We receive an anonymous subscriber ID, purchase tokens, entitlement status, and purchase metadata such as country and product ID, in order to grant and validate your premium entitlement (for example, to remove ads for premium users).
2. How We Use Information
- To provide the core cropping, rotating, straightening, batch processing, and filter/effect functionality (locally on your device).
- To deliver advertising, including non-personalized ads where required by law or by your consent choice.
- To send notifications relevant to the app where you have allowed them.
- To measure app performance, diagnose crashes, and improve stability.
- To validate and manage premium purchases.
- To comply with legal obligations.
3. Legal Basis (EEA/UK Users)
Where the GDPR or UK GDPR applies, we rely on (a) your consent for advertising, analytics, and crash reporting that involve personal data, collected through Google's Consent Management Platform (CMP) shown on first launch; (b) the performance of a contract for purchase processing; and (c) our legitimate interests in operating and securing the Service. You can change your consent at any time from the in-app privacy settings.
4. Third-Party Service Providers and Their Privacy Policies
We use the following third-party services. Each link below leads to that provider's privacy policy and, where applicable, its description of the data it collects and how it is used.
- Google Play Services — Google Privacy Policy
- Google AdMob (advertising) — How AdMob uses information, How Google uses data from partner apps
- Google User Messaging Platform (UMP / CMP) (GDPR consent) — About the Google UMP SDK
- Google Analytics for Firebase — Firebase Analytics privacy and security, Data deletion
- Firebase Crashlytics (crash reporting) — Firebase Privacy and Security
- Firebase Cloud Messaging (push notifications) — Firebase Privacy and Security
- PhotoEditor SDK (PESDK) by img.ly (on-device photo editing) — img.ly Privacy Policy
- Google Play Billing (in-app purchase processing) — Google Privacy Policy
- RevenueCat (purchase management) — RevenueCat Privacy Policy, Data Processing Addendum
5. Advertising and Your Choices
Ads are served by Google AdMob and may use the Android Advertising ID to deliver, measure, and limit the frequency of ads. You can opt out of personalized advertising at any time:
- On Android: open Settings → Google → Ads and toggle "Delete advertising ID" or "Opt out of Ads Personalization".
- For EEA, UK, or Swiss users, you may withdraw or change your advertising consent through the in-app privacy options, which re-displays the Google CMP consent form.
- Purchasing the premium upgrade removes ads from the app.
- Learn more: Advertising ID, Google Ad Settings.
6. Push Notifications
The app uses Firebase Cloud Messaging to deliver push notifications. To do this, a unique device registration token is generated and processed by Google. You can disable notifications at any time from your device's system settings for the app, and on Android 13 and above you may decline the notification permission when prompted.
7. Log Data
When the app crashes or encounters an error, third-party tools (Firebase Crashlytics) may collect diagnostic data including device IP, device model, operating system version, app configuration at the time of the error, and the time and date of the event. This information is used solely to diagnose and resolve issues.
8. Cookies
The Service does not itself use cookies. However, third-party SDKs embedded in the app may use cookie-equivalent identifiers (such as advertising IDs) to provide their services.
9. Data Retention
- Photos are processed transiently for editing and are not retained by us; cropped and edited images you save are stored in your own device gallery and remain under your control.
- Temporary working files created during editing are kept only in the app's cache and are removed when the cache is cleared or when you uninstall the app.
- Purchase records are retained by RevenueCat and Google Play Billing for as long as required to maintain your entitlement and for legal/accounting purposes.
- Crash, analytics, and push notification data are retained according to each provider's standard retention periods.
10. Your Rights
Depending on your jurisdiction (EEA, UK, California, etc.), you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing. To exercise these rights, contact us at the email below. You also have the right to lodge a complaint with your local data protection authority.
11. Security
We take reasonable steps to protect the limited information processed through the Service. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee its absolute security.
12. Links to Other Sites
The Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. These external sites are not operated by us. We strongly advise you to review the privacy policy of any site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
13. Children's Privacy
The Service is not directed to children under the age of 13, and we do not knowingly collect personally identifiable information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it from our records. If you are a parent or guardian and you believe your child has provided us with personal information, please contact us so that we can take the necessary action.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective date" at the top.
15. Contact Us
If you have any questions or suggestions about this Privacy Policy, please contact us at developer@arumarum.com.
