Privacy Policy

Last updated: May 16, 2026

This privacy policy applies to the Photobooth Event Camera application ("App") developed by Charles Hartmann and the associated landing page at chartmann1590.github.io/android-photobooth.

1. Data We Collect

The App is designed with privacy in mind. We collect the absolute minimum amount of data required for the app to function. All data listed below is stored locally on your device unless you explicitly configure a cloud service:

Photos, videos, and GIFs you capture. Media is stored locally on your device only. It is never sent to any server unless you explicitly configure and initiate an upload.
App settings. Configuration such as event name, template selection, camera preferences, watermark settings, capture mode, and optional server credentials are stored locally using Android DataStore.
Encrypted credentials. API tokens (Immich), SMTP passwords, and SMS gateway passwords are encrypted at rest using AES256 via Android EncryptedSharedPreferences. Usernames, server URLs, email addresses, and other non-password settings are stored in standard DataStore without encryption.
Local database records. The App stores metadata for each capture in a local Room database, including: event name, capture timestamp, local file path, uploaded URL (if any), template ID, and media type (photo or video).
Usage quota data. The App tracks daily photo counts, ad-earned photo credits, and unlimited purchase status locally for quota management. This data never leaves your device.
Consent preference. Your analytics consent choice is stored locally.

We do not collect personal information or device identifiers by default. If you consent to analytics on first launch, Firebase and Google AdMob may collect anonymized data (see Sections 3 and 4).

2. Optional Cloud Services

The App supports optional integrations that may transmit data over the internet. These are disabled by default and only activated when you configure them:

Immich Server Upload. If configured, photos, videos, and GIFs may be uploaded to your own self-hosted Immich server. The upload includes the file, its filename, a device identifier (android-photobooth), file creation and modification timestamps, and (for videos) duration. If album sync is enabled, uploads are added to the specified album. We do not have access to your server or uploaded content. Your API token is encrypted at rest.
Anonymous Image Hosting. When no Immich server is configured, the App defaults to uploading photos, videos, and GIFs to third-party anonymous hosts (storage.to and catbox.moe) to generate shareable links and QR codes. These services are public — anyone with the link can view the uploaded content. Uploads include the file and its filename (which may contain your event name and timestamp). There is no deletion mechanism for anonymously uploaded content through the App or these services. Their respective privacy policies apply.
SMS Gateway. If configured, phone numbers and photo/video links may be sent to a third-party SMS gateway provider (including a cloud server option) for the purpose of sharing media via text message. The gateway URL, username, and password are stored locally (password encrypted). Their privacy policy applies to data they process.
SMTP Email. If configured, recipient email addresses, subject, body text, and photo/video/GIF attachments are sent through your own SMTP server. Your SMTP credentials are stored locally (password encrypted). We do not have access to your email server or its logs.
QR Codes. When media is uploaded, a QR code is generated locally on your device encoding the upload URL. Anyone who scans the QR code can access the uploaded content. QR code generation uses the ZXing library and does not transmit data externally.

3. Firebase Analytics, Crashlytics & Performance

The App uses Google Firebase to collect anonymous usage statistics, crash reports, and performance data. This helps us improve app stability and user experience. Firebase services used include:

Firebase Analytics — Collects anonymized usage events (e.g., screen views, feature usage) to understand how the app is used.
Firebase Crashlytics — Collects crash logs and stack traces to help us diagnose and fix bugs.
Firebase Performance Monitoring — Collects app startup time, network request latency, and other performance metrics.

Data collected may include:

Device model and OS version
App version
Crash logs and stack traces
Anonymized usage events and performance traces
Approximate location (country/region level, not precise)

On first launch, the App presents a consent dialog where you can choose to enable or disable analytics and crash reporting. Note: Crashlytics is fully controlled by your consent choice. Firebase Analytics and Performance Monitoring may continue to collect limited anonymized data regardless of your consent selection. No personally identifiable information is collected through Firebase. You can change your consent preference at any time through the App's settings screen. Firebase data is processed according to Google's Privacy Policy and Crashlytics Terms.

4. Advertising (Google AdMob)

The App uses Google AdMob to display rewarded video ads. Ads are entirely optional — you choose to watch an ad in exchange for additional photo captures (15 extra captures per ad, up to 60 per day). We do not serve banner, interstitial, or other non-optional ads.

The Google Mobile Ads SDK initializes when the App starts. During initialization and when ads are loaded or displayed, Google AdMob may collect certain device data, including:

Device model and OS version
Advertising ID (a resettable device identifier)
IP address (for approximate location)
App version

This data collection occurs regardless of whether you choose to watch an ad. Google may use this data to serve personalized or non-personalized ads. You can limit ad personalization by resetting your advertising ID in your device settings under Settings > Google > Ads, or by opting out of interest-based ads. The App's ad serving is configured to comply with COPPA and Google's families policy. For more information, see AdMob's privacy information and Google's Privacy Policy.

5. In-App Purchases (Google Play Billing)

The App offers an optional one-time in-app purchase ("Unlimited Photos") through Google Play Billing. Payment processing is handled entirely by Google. We receive a transaction confirmation but do not collect or store your payment card details. The purchase status is stored locally on your device for quota management. Google's purchase data is subject to the Google Payments Privacy Notice.

6. Video & Audio Capture

The App can record short video clips (up to 8 seconds) that include audio. Audio recording requires the microphone permission and only activates when you explicitly enable video capture mode and start recording. Videos are stored locally and can be uploaded, shared via QR code, or synced to Immich if configured. Videos cannot be printed, sent via email, sent via SMS, or shared through the Android share sheet.

7. Website / Landing Page

The GitHub Pages landing page is a static website hosted on GitHub Pages. It does not use cookies, tracking scripts, analytics, or any third-party tracking. An embedded YouTube iframe loads content from YouTube's domain, which is subject to Google/YouTube's Privacy Policy. No personal data is collected by the landing page itself.

8. Permissions

The App requests the following Android permissions:

Camera — Required to capture photos and video.
Microphone (RECORD_AUDIO) — Required for video capture with audio. Only used when video mode is enabled.
Internet — Required for optional cloud upload, SMS, email features, and ad serving.
Network State (ACCESS_NETWORK_STATE) — Required to check network connectivity before attempting uploads.
Storage / Media — The following permissions are used to save and read media files:
- READ_EXTERNAL_STORAGE (Android 12 and below) — Read photos from local storage.
- WRITE_EXTERNAL_STORAGE (Android 9 and below) — Save photos to local storage.
- READ_MEDIA_IMAGES (Android 13+) — Read image files.
- READ_MEDIA_VIDEO (Android 13+) — Read video files.
Billing — Required for optional in-app purchases through Google Play.

No permission is requested beyond what is strictly necessary for app functionality. The App enforces HTTPS for network connections via a network security configuration that blocks cleartext (HTTP) traffic.

9. Third-Party Libraries & Services

The App uses the following third-party libraries and services that may process data:

Google Firebase (Analytics, Crashlytics, Performance Monitoring) — See Section 3.
Google AdMob — See Section 4.
Google Play Billing — See Section 5.
CameraX (Google) — Camera capture library. Processes camera input locally. No data transmitted.
OkHttp (Square) — HTTP client for network requests to your configured servers. No independent data collection.
JavaMail (Oracle/GlassFish) — Email library for SMTP delivery to your configured server. No independent data collection.
ZXing — QR code generation library. Operates entirely locally. No data transmitted.
Coil — Image loading library. Loads images from local storage only. No independent data collection.

10. Data Retention & Deletion

Local photos, videos, and GIFs are stored on your device until you delete them through the App's gallery or uninstall the App. Uninstalling the App deletes all app-specific files.
Local database records (capture metadata, uploaded URLs) are stored in the App's Room database until the App is uninstalled.
Uploaded content is subject to the data retention policy of your configured server or hosting service. Content uploaded to anonymous hosts (storage.to, catbox.moe) cannot be deleted through the App and may persist indefinitely on those services.
SMS/Email data is processed by the respective third-party services and subject to their retention policies.
Firebase data is retained according to Google's data retention policies.
Usage quota data and settings are stored locally until the App is uninstalled.

11. Children's Privacy

The App is not directed at children under 13. We do not knowingly collect personal information from children. The App's ad serving is configured to comply with COPPA and Google's families policy.

12. Third-Party Links

The App and landing page may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties.

13. Security

We take reasonable measures to protect data stored on your device:

Encrypted credentials: API keys, SMTP passwords, and SMS gateway passwords are encrypted at rest using AES256 via Android EncryptedSharedPreferences (hardware-backed keystore).
Network security: The App enforces HTTPS for all network connections via a network security configuration that blocks cleartext (HTTP) traffic.
No cloud backup: App data is excluded from Android cloud backup via android:allowBackup="false".

Limitations: Usernames, server URLs, email addresses, and other non-password settings are stored in standard Android DataStore without encryption. No method of electronic storage is 100% secure.

14. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the App after changes constitutes acceptance of the updated policy.

15. Contact

If you have questions about this privacy policy or your data, please open an issue on the GitHub repository.

16. Effective Date

This privacy policy is effective as of May 16, 2026.