# Anfiltro Privacy Policy
**Effective Date: Right after its deployment**
**Last Updated: 8 October 2025**
Anfiltro Ltd. ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application, Anfiltro (the "App"). The App is a social networking platform that utilises end-to-end encryption and Apple services to ensure secure communication.
By downloading, accessing, or using the App, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the App.
This Privacy Policy is drafted in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We may update this policy from time to time, and any changes will be posted here with an updated effective date.
## 1. Information We Collect
We collect information to provide, improve, and secure the App's features. The types of information we collect include:
### a. Personal Information You Provide
- **Account Information**: When you sign in using Sign in with Apple, we collect your Apple ID user identifier, full name (if provided), and email address (if shared).
- **Profile Information**: Optional details such as username, bio, and profile picture.
- **Content and Communications**: Encrypted posts, comments, direct messages (DMs), and notifications. All content is encrypted using post-quantum cryptography (ML-KEM) and AES before storage.
- **Media**: Photos or videos uploaded to posts, stored as encrypted assets.
### b. Automatically Collected Information
- **Device and Usage Data**: Device ID, IP address, operating system (iOS 26+), app version, timestamps, and interaction data (e.g., views, likes).
- **Security Data**: App Attest assertions, cryptographic keys (stored securely in Keychain), and pre-keys for forward secrecy.
- **CloudKit Data**: We use Apple's CloudKit for storage. Data is synchronised via iCloud, including encrypted records in public and private databases.
We do not collect sensitive personal data (e.g., health, racial origin) unless explicitly provided in user content, which remains encrypted.
## 2. How We Use Your Information
We use your information for the following purposes:
- **To Provide the App's Services**: Authenticate users via Sign in with Apple, store and retrieve encrypted content, manage notifications, and facilitate social interactions (e.g., follows, likes, DMs).
- **Security and Integrity**: Implement encryption, key rotation, App Attest for device integrity, and fraud detection. We utilise Secure Enclave and Keychain for key storage.
- **Improvement and Analytics**: Anonymised usage data to enhance app performance and features. No third-party analytics tools are used; all processing occurs via Apple services.
- **Compliance and Legal Obligations**: Respond to legal requests or protect rights, as required by law.
We do not use your data for targeted advertising or profiling.
## 3. Data Sharing and Disclosure
We prioritise privacy and do not sell your data. Sharing occurs only in limited circumstances:
- **With Apple Services**: Data is stored in CloudKit (iCloud), which is managed by Apple. Apple may access metadata for service provision but not encrypted content.
- **Service Providers**: Limited to Apple for iCloud, Authentication Services, and Push Notifications. No third-party providers are involved.
- **Legal Requirements**: If required by law, court order, or to prevent harm (e.g., abuse reports).
- **Mergers or Acquisitions**: In the event of a business transfer, your data may be shared with the acquiring entity, subject to equivalent protections.
We do not share unencrypted data with any third parties.
## 4. Data Storage and Security
- **Storage**: Data is stored in Apple's iCloud servers, compliant with UK GDPR. Encrypted content uses post-quantum cryptography, AES-GCM, and device-specific keys.
- **Security Measures**:
- End-to-end encryption for all user content.
- Secure Keychain for keys and tokens.
- App Attest to verify device integrity.
- Key transparency logs and pre-keys for forward secrecy.
- File protection and temporary data sweeping.
- **Retention**: Data is retained as long as your account is active or necessary for services. You can request deletion at any time.
Despite these measures, no system is infallible. We cannot guarantee absolute security but commit to robust protections.
## 5. Your Rights and Choices
Under UK GDPR and applicable laws, you have rights regarding your data:
- **Access and Correction**: Request a copy of your data or correct inaccuracies.
- **Deletion**: Request erasure of your data (subject to legal obligations).
- **Objection and Restriction**: Object to processing or restrict it.
- **Portability**: Receive your data in a portable format.
- **Withdraw Consent**: Where processing relies on consent.
To exercise these rights, contact us at [jshan@anfiltro.com]. We respond within one month, extendable if complex.
You can also manage settings in the App (e.g., delete posts, rotate keys) or revoke iCloud access via Apple ID settings.
## 6. Children's Privacy
The App is not intended for children under 13 (or 16 in some jurisdictions). We do not knowingly collect data from children. If we discover such data, we delete it immediately. Parents/guardians should contact us if concerned.
## 7. International Transfers
Data may be transferred to servers outside the UK (e.g., Apple's US servers). We rely on Apple's adequacy measures and standard contractual clauses for compliance with UK GDPR.
## 8. Changes to This Privacy Policy
We may update this policy to reflect changes in practices or laws. Updates will be posted here with a revised date. Continued use of the App constitutes acceptance. For significant changes, we notify via the App or email.
## 9. Contact Us
For questions or concerns about this Privacy Policy, contact: jshan@anfiltro.com
If unsatisfied, you can complain to jshan@anfiltro.com
---
Copyright © 2025 anfiltro - All Rights Reserved.