Privacy Policy

Last updated: April 30, 2026

Overview

Siftly is a photo management app that uses on-device AI to help you decide which photos to back up to Google Photos. We are committed to being transparent about how the app works and what data it touches.

What Siftly does

  • Reads photos stored on your device to classify them by category using on-device machine learning (ML Kit)
  • Connects to your Google Photos account to sync photos you choose to back up
  • Stores your sync preferences locally on your device

Data we collect

On-device data

All photo analysis happens entirely on your device. Your photos are never uploaded to any Siftly server — we do not operate one. Classification results and sync preferences are stored locally in the app's private storage.

Google account

When you connect Google Photos, Siftly requests permission to read and upload photos on your behalf via the Google Photos API. We only use this permission to carry out actions you explicitly request within the app. Your Google credentials are managed by Google and are never stored or transmitted by Siftly. Siftly receives only short-lived OAuth access tokens scoped to the Google Photos permissions you grant; these tokens are held in the Android system's encrypted credential storage and are revoked the moment you remove access in your Google Account.

Crash reporting

Siftly uses Firebase Crashlytics, a service provided by Google, to collect crash reports so we can diagnose and fix stability issues. Crash reports include technical information such as your device model, operating system version, a Firebase-generated installation identifier, approximate region derived from your IP address, and the stack trace of the crash. Crash reports do not include your photos. Crash reporting is enabled only in release builds of the app. You can review Google's privacy practices at firebase.google.com.

How we protect your data

Siftly is built privacy-first, and the following safeguards apply to every category of data described above.

On-device processing

Photo analysis runs entirely on your device using on-device machine learning. Image bytes are never sent to a Siftly server (we do not operate one) or to any third-party analysis service. Only the resulting category label is stored locally; the image itself leaves the device only when you explicitly back it up to your own Google Photos library.

Encryption in transit

All network traffic between Siftly and Google's servers is encrypted with TLS (HTTPS). This applies to OAuth sign-in, Google Photos API uploads, and Firebase Crashlytics submissions. Siftly does not transmit data to any other destination.

Encryption at rest

Local app data — classification results, sync preferences, and OAuth tokens — is written to Siftly's app-private storage directory, which is sandboxed by the Android operating system and accessible only to Siftly. On Android 10 and later, this storage sits inside the device's encrypted user data partition, so the data is protected by the same file-based encryption that protects the rest of your device.

OAuth and credential handling

Sign-in is delegated to Google's Credential Manager and Google Identity Services. Siftly never sees your Google password. The OAuth tokens Siftly does receive are held in the Android system's encrypted credential storage, are scoped to only the Google Photos permissions you have granted, and can be revoked at any time at myaccount.google.com/permissions.

Limited Use of Google user data

Siftly's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, data obtained via Google APIs is used only to provide and improve user-facing features within Siftly, is not transferred to others except as necessary to provide those features, is not used for advertising, and is not read by humans except (a) with your explicit consent, (b) where necessary for security purposes such as investigating abuse, or (c) to comply with applicable law.

Principle of least privilege

Siftly requests only the OAuth scopes and Android runtime permissions required for the features you use. The classification pipeline does not require network access for image data, and Siftly never asks for permissions it does not use.

No central data store

Siftly does not operate a backend. There is no Siftly-controlled database that could be breached, because none exists — your data lives on your device and, for photos you choose to back up, in your own Google Photos library.

Data we do not collect

  • We do not collect your name, email address, or any personal information beyond what Google provides for authentication
  • We do not sell, rent, or share your data with third parties
  • We do not have access to your photos outside of what is needed to perform sync actions you initiate
  • We do not store any data on external servers

Third-party services

Siftly integrates with the following third-party services:

  • Google Photos API — to read and upload your photos. Subject to Google's Privacy Policy.
  • Firebase Crashlytics (Google) — for crash reporting. Subject to Google's Privacy Policy.

Data retention

All local data (preferences, classification results) is deleted when you uninstall the app. Siftly does not retain any data after uninstallation.

Account and data deletion

Siftly does not maintain its own user accounts and does not store any data on its own servers. To remove all data associated with your use of Siftly:

1. Revoke Siftly's access to your Google account at myaccount.google.com/permissions. This stops Siftly from reading or uploading to your Google Photos library and removes the OAuth grant. 2. Uninstall Siftly from your device. This deletes all local data Siftly stores: photo classification results, user corrections, and sync preferences. There is no remote copy to delete because Siftly does not operate a backend. 3. Photos previously backed up to Google Photos remain in your own Google Photos library and are managed entirely by you through Google Photos. Siftly cannot delete them on your behalf.

If you have questions about deletion, you can reach us through the Siftly app listing on Google Play.

Your rights

You may revoke Siftly's access to your Google Photos account at any time via your Google Account permissions page. You may also delete all local app data by uninstalling Siftly.

Children's privacy

Siftly is intended for users aged 18 and older. We do not knowingly collect data from children under 13.

Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy, you can reach us through the Siftly app listing on Google Play.