Privacy Policy

Last updated: May 17, 2026

Picture Music is built around one promise: your photos stay on your device. Always. This page explains what that means in practice — what we collect, what we do not collect, and which third parties we work with.

i.What Happens to Your Photos

When you pick a photo from your library to compose a memory song:

• The photo is read using Apple’s Vision framework, locally on your device. Vision identifies objects, scenes, and dominant tones.
• The local result is condensed into a short text prompt — a few words describing the mood, palette, and scene.
• Only that text prompt is sent over the network to our AI music composition service (see Section iv).
• The image itself is never uploaded, never transmitted, and never stored on any server we control or interact with.
• When you export a memory as a video, the photo and the song are stitched together on your device using AVFoundation. The video file lives in your local Photos library; we never see it.

ii.Photo Library Access

Picture Music asks for permission to access your Photo Library so that you can pick photos to turn into memory songs. You can choose:

• Selected Photos only — recommended. You hand-pick which photos the app can see.
• Full Access — convenient if you want to browse your whole library inside the app.
• None — the app still works for online music search and playback, but memory composition is unavailable.

You can change this at any time in iOS Settings › Privacy & Security › Photos › Picture Music.

iii.What We Store on Your Device

All of the following data is stored locally on your device. None of it is transmitted to a server we run, because we don’t run user-data servers.

Memory Library

Each memory you create (photo reference, composed song, timestamp, prompt text, optional title) is stored in Apple’s local SwiftData store inside the app’s sandbox. References to photos are stored as PHAsset identifiers — not as copies of the image.

Subscription & Quota

Your subscription status, daily generation and download counters, and weekly/monthly quota state are stored locally using UserDefaults. Subscription entitlements are verified on-device through Apple StoreKit 2 and are tied to your Apple ID, not to any identifier we assign you. We do not generate user IDs, account IDs, or persistent anonymous identifiers.

Cache & Downloads

Downloaded audio files, cached online streams, and exported memory videos are stored in your device’s app sandbox. Uninstalling the app removes all of it.

iv.What Leaves Your Device

AI Music Composition Service

We use a third-party AI music composition service to compose your memory songs. For each memory you create, we send:

• A short text prompt describing the scene (generated on your device).
• Optional lyrics text, if you provide any.
• Style and duration parameters.

We do not send the photo. We do not send any identifier for you. The service provider’s own privacy practices apply to the prompt text that is processed on their infrastructure.

Online Music Search (Optional Feature)

Picture Music includes an optional online music browser that queries publicly available music sources. Your search queries and playback requests are sent to those sources over HTTPS. No search history is stored on any server we control.

Advertising (Free Plan)

Free users see ads served by Google AdMob (app-open, interstitial, and rewarded video). AdMob may collect device information and advertising identifiers; see Google’s Privacy Policy. Personalized advertising is only enabled after you grant App Tracking Transparency (ATT) permission; otherwise, non-personalized ads are shown. Subscribers do not see ads, and no advertising data is collected for them beyond what AdMob may collect for its anti-fraud systems.

Analytics & Crash Reporting

We use Firebase Analytics and Firebase Crashlytics (provided by Google) to keep the app stable and to understand which features are used. This includes:

• Crash reports — device model, OS version, stack traces. No personal content.
• Anonymous usage events — e.g. memory compose attempts, playback actions, feature taps.
• Performance metrics — app launch time, generation latency.

This data is not linked to your real-world identity. See Firebase’s Privacy Information.

Remote Configuration

On launch, the app fetches a small JSON configuration file from our Cloudflare Worker to learn quota defaults and feature flags. This request sends only a static access token — no user data, no device identifier.

v.What We Do Not Collect

• We do not upload, copy, or look at your photos.
• We do not require account registration, name, email, or phone number.
• We do not operate a backend server that stores user data.
• We do not access your contacts, microphone, or location.
• We do not track your music listening history on any server we control.
• We do not assign you a persistent identifier that we use to recognize you across sessions.

vi.Third-Party Services Summary

• Apple StoreKit 2 — subscription purchases and entitlement verification. Apple’s Privacy Policy.
• Apple Vision framework — runs entirely on your device. No network.
• Third-party AI music composition service — runs the composition model. Receives a text prompt only. We do not name the provider here as the provider may change over time without affecting how your data is handled.
• Google AdMob — displays ads to Free users. Google’s Privacy Policy.
• Firebase Analytics & Crashlytics — anonymous usage and crash data. Firebase Privacy Information.
• Cloudflare Workers — hosts the remote configuration JSON and the music-source script. No user data is sent.

vii.Data Security

All app-local data lives inside the iOS app sandbox, protected by the system’s standard data protection. Network communications with third-party services use HTTPS / TLS. Because we do not operate a backend server for user data, there is no central data store for an attacker to compromise on our side.

viii.Data Deletion & Your Rights

Since every piece of data Picture Music collects about you lives on your device, uninstalling the app permanently deletes it. We retain no user data on servers we control, because we do not operate such servers for user data.

If you wish to reset your library or quotas without uninstalling, you can clear the app’s storage in iOS Settings, or use the in-app Reset all data option in Settings.

For data held by third parties (Apple, Google, and our AI music composition service provider), please consult their respective privacy policies and account controls.

ix.Children’s Privacy

Picture Music is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has used the app, you can delete all locally stored data by uninstalling.

x.International Users

Picture Music is available worldwide. Because user data lives on your device, no international data transfer of user data takes place on our side. Third-party services we rely on (Apple, Google, our AI music composition service provider, Cloudflare) operate globally and follow their own data residency and transfer practices.

xi.Changes to This Policy

We may update this policy from time to time. Material changes will be reflected in the Last updated date at the top of this page and surfaced in-app where appropriate. If the changes materially affect what we collect or how we use data, we will give reasonable notice before they take effect.