This Privacy Policy explains how Leaves, operated by Dávid Šály (a sole proprietor based in Slovakia — "Leaves", "we", "us"), collects, uses, shares, and protects your personal data when you use the Leaves mobile application and the website at leavesphotojournal.com (together, the "Service").
"Personal data" (also "personal information") means any information relating to an identified or identifiable individual. Dávid Šály is the data controller responsible for your personal data; contact details are in the final section.
We collect the following, either directly from you, automatically from your device, or from third parties who help us run the Service:
| Data | Source | Why we collect it |
|---|---|---|
| Email address | From you (sign-up) | Account creation, sign-in, and recovery |
| Name | From you (sign-up) | Identify your account and personalise the app |
| Photos, and the titles, notes, tags, and dates you add to memories | From you (uploads) | Provide the journal and photobook features |
| Location of an entry — both any place name you type and the GPS coordinates embedded in a photo's EXIF metadata (which we may reverse-geocode into a place name) | From you / automatically from the photo | Show where a memory happened on the entry and in photobooks |
| Country preference | From you | Estimate shipping cost in a photobook quote |
| Device push-notification token | Automatically (with your permission) | Send order-status and account notifications |
| Subscription status | From RevenueCat / Apple | Determine access to paid features |
| Service diagnostics — error and event logs generated when you use the app (these server-side logs may include your account identifier) | Automatically | Diagnose problems, maintain security, and improve Leaves |
We do not collect your device contacts, your phone number, continuous, background, or precise real-time device location, advertising identifiers, social-media profile data, or your web-browsing history. Payment card details are never collected or stored by us — payments are handled by the processors named in section 4.
We do not intentionally collect or process "special categories" of data under the GDPR (such as data revealing health, ethnicity, religion, or sexual orientation), and we do not use your content to infer such characteristics. Because you choose what to upload, your photos and notes may incidentally contain such information, or precise location. We process that content only to provide the Service to you and for no other purpose. Please avoid uploading content you are not comfortable storing with us.
Under the GDPR we rely on the following legal bases:
| Processing activity | Legal basis |
|---|---|
| Creating your account and providing the journal, collection, and photobook features | Performance of a contract |
| Processing and fulfilling a photobook order | Performance of a contract |
| Sending push notifications | Your consent (which you can withdraw at any time in your device settings) |
| Maintaining security and diagnosing/improving the Service (diagnostics) | Our legitimate interests — balanced against your rights, using only the minimum data needed |
| Keeping order and tax records | Compliance with a legal obligation |
We share personal data only with the service providers needed to operate Leaves. We do not sell your personal data, and we do not "share" it for cross-context behavioural advertising — ever.
| Provider | Category / role | Purpose & data shared |
|---|---|---|
| Google (Firebase / Google Cloud) — privacy | Service provider (processor) | Authentication, database, file storage, push delivery: email, account data, photos, memories |
| RevenueCat — privacy | Service provider (processor) | Subscription management: account ID, subscription state |
| Apple — privacy | Payment processor (subscriptions) | In-app subscription payments, handled directly by Apple via your Apple ID |
| Peecho B.V. — privacy | Independent controller (print & fulfilment) | Photobook printing and shipping. When you order, you transact with Peecho, who acts as a separate controller and collects your shipping address and payment data directly at its checkout. We send Peecho the photobook PDF. |
| Resend — privacy | Service provider (processor) | Transactional/service emails (order confirmation, shipping and order-issue updates, photobook-expiry and subscription reminders): email address, order metadata |
These providers may engage their own sub-processors. We send only service/transactional emails — we do not send marketing emails.
Your data is stored on Google Cloud servers in the United States. Some providers above (Google, RevenueCat, Resend) may also process data in the United States. Where personal data is transferred outside the EEA, we rely on appropriate safeguards — the Standard Contractual Clauses approved by the European Commission and/or the EU-US Data Privacy Framework — as implemented in our providers' data-processing agreements. You can ask us for more information about these safeguards using the details below.
We only keep personal data for as long as necessary for the purposes described above, and we minimise what we hold. Specific rules:
Depending on where you live, you may have the right to (i) access the personal data we hold about you, (ii) correct inaccurate data, (iii) request deletion, (iv) restrict or object to processing, and (v) data portability. To exercise any of these, email hello@leavesphotojournal.com. We may need to verify your identity before acting. We respond within 30 days (GDPR) or 45 days (CCPA).
EU/EEA users also have the right to lodge a complaint with a supervisory authority — in Slovakia, the Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov Slovenskej republiky), or your local authority.
If you are a California resident, you have additional rights under the CCPA (as amended by the CPRA). In the preceding 12 months we have collected the following categories of personal information:
| CCPA category | Examples in Leaves |
|---|---|
| Identifiers | Email address, name, account identifier, device push token |
| Customer records | Name (shipping address is collected by Peecho at checkout, not by us) |
| Commercial information | Subscription status, photobook order records |
| Geolocation data | Place names and photo-EXIF coordinates attached to your memories |
| Visual information | Photos you upload |
| Internet / network activity | Limited server-side diagnostic and error logs |
We do not collect government identifiers, financial-account numbers, biometric information, or professional/education information.
The only potentially "sensitive personal information" we hold is precise geolocation that may be present in a photo's EXIF data. You can limit this by removing location data from a photo before uploading, or by contacting us. We do not use sensitive personal information to infer characteristics.
As a California resident you have the right to:
We do not sell or share your personal information (including for cross-context behavioural advertising), so there is nothing to opt out of.
To exercise your rights, email hello@leavesphotojournal.com. We may need to verify your identity before processing the request. We respond within 45 days (CCPA).
The Leaves website (leavesphotojournal.com) sets no cookies and uses no analytics or advertising trackers, so there is no cookie-consent banner to accept — nothing is stored on your device when you browse it (the only third-party resource loaded is a web font). Within the app, we use only the storage strictly necessary to keep you signed in (authentication and session tokens held on your device), and no advertising identifiers or cross-app tracking.
Because we do not track users across websites and do not sell or share personal information, "Do Not Track" and Global Privacy Control browser signals have no data to act on; we honour them to the extent they are applicable.
We apply appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS/TLS) and encryption at rest on Google Cloud, restricted and least-privilege access to systems, and authentication safeguards. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security, but we work to protect your data and to address any incident promptly.
We do not use automated decision-making or profiling that produces legal or similarly significant effects on you. (Photobook page layouts are generated automatically, but this is a design feature and has no legal or similarly significant effect.)
Leaves is not directed to children, and we do not knowingly collect personal data from children under 13 (or under the higher minimum age set by local law, which is 16 in some EU countries, including Slovakia). This aligns with the U.S. Children's Online Privacy Protection Act (COPPA). If you believe a child has provided us personal data, contact us and we will delete it.
We may update this Privacy Policy from time to time. Material changes will be communicated in the app or by email at least 30 days before they take effect, and we will update the "Last updated" date above. We will also post the updated policy at leavesphotojournal.com/privacy.
Data controller: Dávid Šály (sole proprietor), Slovakia
Email: hello@leavesphotojournal.com
For postal correspondence or details of our international-transfer safeguards, contact us by email and we will provide them.