Kith Photo Log - Privacy Protocol

The Local-First Philosophy

Kith Photo Log is built on a radical premise: your photographic data belongs to you and only you. Unlike conventional applications that synchronize your creative history to distant servers, we have architected a system where your data never leaves your device.

We physically cannot access your aperture settings, shutter speeds, ISO values, or scene notes because we designed our system to make such access technically impossible.

What Lives in Your Vault

When you use Kith Photo Log, the following data is generated and stored exclusively on your device's local storage:

Technical Metadata: Aperture values, shutter speeds, ISO ratings, focal lengths, and shooting modes you manually input
Visual References: Thumbnails or references to photos you associate with log entries (stored via local file pointers, not uploaded)
Scene Context: Your written notes about lighting conditions, location details, and creative intentions
Film Economy Records: Virtual film stock balances, consumption history, and store transaction logs
Application Preferences: Interface settings, search history, and organizational structures

⚠️ Critical: If you delete Kith Photo Log or lose your device without backup, this data is irretrievably lost. We maintain no copies, no shadows, no clouds.

The Absence of Collection

To be explicitly clear about what we do NOT collect:

We do not collect your name, email, or any personal identifiers
We do not track your geolocation or physical shooting locations
We do not analyze your photographic patterns or metadata for "improvement" purposes
We do not share data with third parties because we possess no data to share
We do not use analytics frameworks, tracking pixels, or behavioral monitoring tools
We do not build profiles of your photography habits or preferences

Your relationship with Kith Photo Log is anonymous by design. We recognize you only as a device ID generated locally, not as an identifiable individual.

Film Economy & Transaction Privacy

Our unique Film Economy system involves virtual goods transactions. Regarding these interactions:

Film stock balances are calculated and stored locally on your device
Purchase confirmations are validated through platform-specific stores (Apple App Store/Google Play) without transmitting your usage data
We receive only anonymized revenue share data from platform providers, containing no identifying information or usage patterns
Film consumption logs remain local and are used solely for your personal inventory management

Your Film Economy activity is as private as your actual film photography—visible only to you, in your own darkroom.

Technical Architecture & Security

While we prioritize privacy over convenience, we implement the following protective measures:

Local Encryption: Your data is encrypted using your device's native security frameworks (iOS Data Protection/Android File-Based Encryption)
No Network Transmission: The core logging functionality operates entirely offline; no API calls transmit your creative data
Sandboxed Storage: Application data is isolated from other applications through operating system sandboxing
Backup Sovereignty: You control whether to include Kith data in device-wide encrypted backups (iCloud/Google Drive) through your system settings

The Only Exceptions

There exist two limited scenarios where data leaves your device:

Crash Reports: If you explicitly opt-in, anonymized technical crash logs may be sent to improve stability. These contain no photographic metadata, no scene notes, no film balances—only code-level error information.
Store Validation: Platform-specific stores (Apple/Google) handle payment verification independently; we receive only transaction success/failure signals without user identification.

Data Destruction & Right to be Forgotten

You maintain absolute control over your data's existence:

Deleting a log entry within the app permanently removes it from local storage
Uninstalling the application erases all associated data from your device
We possess no "retention periods" because we retain nothing
There are no "deletion requests" to process because you are the sole administrator of your data

Your right to privacy is absolute and immediate. No waiting periods, no bureaucratic processes, no data lingering in our systems—because our systems never held your data.

Evolution of the Protocol

Should we ever introduce features requiring server interaction (such as optional cloud backup), we will:

Require explicit opt-in consent before any data transmission
Maintain local-first functionality as the default experience
Publish updated protocols with clear differentiation between local and transmitted data
Never retroactively change the privacy model for existing local data

This protocol will be versioned; significant changes will trigger in-app notifications and require acknowledgment.

Transparency & Verification

We invite scrutiny of our privacy claims:

Network monitoring tools can verify the absence of data transmission during normal usage
Our codebase architecture supports the local-only claims we make
Independent security audits are conducted periodically to verify these protocols
We publish transparency reports confirming zero data breach incidents (technically impossible given our architecture)