Privacy Policy

This Privacy Policy explains how QuickBits OÜ ("QuickBits", "we", "us", or "our") collects, uses, shares, and protects personal data when you use Silk, our photo editor for iPhone (the "App"), and the website at getsilk.app (the "Site"). Together the App and Site are the "Service".

We are based in Tallinn, Estonia, and we act as the data controller for the personal data described here. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Estonian law.

If you do not agree with this Policy, please do not use the Service.

The short version

• We collect the minimum we need to run Silk: an account, your subscription status, the photos and edits you choose to sync, and basic diagnostics to keep the App stable.
• We do not sell your personal data. We do not show ads, and we do not use third-party advertising trackers.
• Your photographs are never used to train AI, and they are never sold or shared for marketing.
• You can use most of the App on-device. Cloud sync ("Vault") is optional.
• You can access, export, or delete your data at any time.

The sections below give the full detail.

Who we are

• Controller: QuickBits OÜ, a private limited company registered in Estonia.
• Address: Telliskivi, Tallinn, Estonia.
• Contact for privacy matters: hello@getsilk.app

We have not appointed a statutory Data Protection Officer, as we are not required to. The contact above reaches the team responsible for data protection.

Information we collect

Account information

When you create an account you sign in with Sign in with Apple or Sign in with Google. Depending on the provider and your choices, we receive:

• your name (or the name you choose to share);
• your email address (which may be a private relay address if you use Apple's "Hide My Email"); and
• a unique account identifier.

We use a hosted authentication and database provider (Supabase) to store this account record.

Your photos, edits, and presets ("content")

Silk is a photo editor, so the App works with your images.

• On-device editing. When you import or capture a photo and edit it, that processing happens on your device. If you do not enable cloud sync, your originals and edits stay on your device.
• Vault (cloud sync) — optional. If you enable Vault, the App uploads the photos you choose to keep, together with their edit settings (filters, adjustments, masks, crops, and similar parameters), thumbnails, and custom presets, to our cloud storage so your library follows you across devices and can be restored. This content is tied to your account identifier.
• We do not scan the content of your photos for advertising, profiling, or AI training.

Subscription and transaction information

Silk offers an auto-renewable subscription, purchased through the Apple App Store. We use a subscription-management provider (RevenueCat) to verify and manage entitlements. In connection with a purchase we receive:

• your subscription status and entitlement (active, expired, in trial, etc.);
• transaction and receipt identifiers from Apple; and
• an app-specific user identifier.

Payment is handled entirely by Apple. We do not receive or store your payment card number or full billing details.

Device and diagnostic information

To keep the App stable we use an error- and performance-monitoring provider (Sentry). When the App is run in production it may send us diagnostic data, such as:

• crash reports and error logs;
• performance traces (a small sample of sessions);
• device model, operating-system version, and App version; and
• technical context around an error.

We use this only to find and fix bugs and to keep the App performant.

Support communications

If you email us, we receive your message, your email address, and anything you choose to include, and we keep it so we can help you and maintain a record of the request.

Information we do not collect

We do not run third-party advertising SDKs, we do not build advertising profiles, and we do not collect your contacts, precise location, or browsing activity across other apps and websites.

How we use your information, and our legal bases

We process personal data for the following purposes and on the following GDPR legal bases:

• To provide the App and your account — creating and authenticating your account, syncing your Vault, and saving your presets. Legal basis: performance of our contract with you (Art. 6(1)(b)).
• To provide and manage subscriptions — verifying entitlements and restoring purchases. Legal basis: performance of our contract with you (Art. 6(1)(b)); compliance with tax and accounting obligations (Art. 6(1)(c)).
• To keep the Service secure, stable, and free of abuse — diagnostics, crash analysis, fraud and abuse prevention. Legal basis: our legitimate interests in a secure, working product (Art. 6(1)(f)).
• To respond to your requests — support and correspondence. Legal basis: our legitimate interests and/or performance of our contract.
• To access your camera or photo library — only when you ask the App to. Legal basis: your consent, given through the iOS permission prompts (Art. 6(1)(a)).

Where we rely on legitimate interests, we have balanced those interests against your rights and limited the processing accordingly. Where we rely on consent, you may withdraw it at any time (see Your rights).

Device permissions

Silk asks for the following iOS permissions, only when relevant, and you can change them at any time in iOS Settings → Silk:

• Camera — to capture photos inside the App.
• Photo Library — to import photos to edit and to save your exports.

If you decline a permission, the related feature will be unavailable, but the rest of the App continues to work.

Sharing your information — our processors

We do not sell your personal data and we do not share it for anyone's advertising. We share data only with service providers ("processors") that help us run Silk, each bound by a data-processing agreement and permitted to use the data only on our instructions:

• Apple — App Store payments, subscriptions, and Sign in with Apple.
• Google — Sign in with Google, if you choose that option.
• Supabase — hosted authentication, database, and Vault storage.
• RevenueCat — subscription and entitlement management.
• Sentry — crash and performance diagnostics.

We may also disclose personal data if required by law, to comply with legal process, to enforce our Terms, or to protect the rights, safety, and property of our users, the public, or QuickBits. If QuickBits is involved in a merger, acquisition, or asset sale, your data may be transferred, and we will notify you before it becomes subject to a different privacy policy.

International transfers

Some of our processors operate outside the European Economic Area (for example, in the United States). Where personal data is transferred outside the EEA, we rely on appropriate safeguards under GDPR, such as the European Commission's Standard Contractual Clauses or an adequacy decision. You can ask us for more information about these safeguards using the contact details above.

How long we keep your data

• Account and content — for as long as your account is active. If you delete your account, we delete your account record and Vault content from our live systems, and they are purged from routine backups within 30 days.
• Subscription and transaction records — retained for as long as required by tax and accounting law (typically up to 7 years), then deleted.
• Diagnostics — retained on a rolling basis (typically up to 90 days) and then deleted or aggregated.
• Support emails — retained for as long as needed to handle your request and a reasonable period afterwards.

How we protect your data

We use technical and organisational measures appropriate to the risk, including:

• Encryption in transit — all data moving between the App and our servers is protected with TLS.
• Encryption at rest — account data and Vault content are encrypted at rest by our hosting provider.
• Access controls — Vault content is isolated per account using row-level security, so one user cannot access another's content, and staff access is limited and logged.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your data and to notify you and the relevant authority of a personal-data breach where the law requires.

A note on "end-to-end encryption." Vault content is encrypted in transit and at rest and is protected by per-account access controls. It is not end-to-end (zero-knowledge) encrypted, which means our hosting provider stores the data in a form that could, in principle, be accessed to operate and support the Service. We never access your photographs except as needed to run the Service or as required by law.

Your rights

Under the GDPR you have the right to:

• access the personal data we hold about you;
• rectify inaccurate or incomplete data;
• erase your data ("right to be forgotten");
• restrict or object to certain processing;
• data portability — receive your data in a portable format;
• withdraw consent at any time, without affecting prior processing; and
• lodge a complaint with a supervisory authority.

You can delete your account and content from within the App (Settings → Account → Delete Account), or exercise any of these rights by emailing hello@getsilk.app. We will respond within one month, as required by law. We will not discriminate against you for exercising your rights.

If you are in the EU/EEA and believe we have not handled your data lawfully, you may complain to your local supervisory authority. In Estonia this is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) — aki.ee.

Children

Silk is not directed to children. We do not knowingly collect personal data from children under 16 (or the lower age of digital consent where local law permits). If you believe a child has provided us personal data, contact us and we will delete it.

Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the "last updated" date and, where appropriate, notify you in the App or by email. Your continued use of the Service after an update means you accept the revised Policy.

Contact

Questions about this Policy or your personal data?

QuickBits OÜ · Tallinn, Estonia · hello@getsilk.app