Etch← Back to home

— LEGAL

Privacy Policy

Effective: April 2026

1. Overview

This policy describes what Etch (a product of Stalwart Crest, Inc.) collects when you use the iOS app and this website, why we collect it, who we share it with, and the rights you have over it. We don't sell your data. We don't run third-party analytics. We don't use your content to train AI.

2. Data Stored on Your Device

Etch stores drafts in progress, your settings, and a cache of media you've captured or viewed. This data lives only on your device and is cleared when you uninstall the app.

3. Data Stored on Our Servers

Bundle metadata in Postgres, photos in encrypted Supabase Storage, account record (email from Apple Sign-In).

4. Camera & Photo Library Access

We ask for camera access only when you initiate a capture, and photo library access only when you choose to attach an existing photo. Items captured inside the app receive a server-stamped timestamp at the moment of capture; items attached from the photo library are clearly marked as "Attached" with no timestamp claim.

5. Public Share Links

When you publish an Etch, the link makes its included media accessible to anyone who has the URL. When the link is opened, we log basic view metadata (timestamp, anonymized region at the city level, duration) so we can detect abuse and improve the product.

6. Tamper-Evident Hashes

Every published Etch has a cryptographic hash computed over the bundle contents. We store the hash so the viewer can detect tampering. The bundle's contents themselves are kept in encrypted storage and are never stored in plaintext outside that storage.

7. Third-Party Services

Apple Sign-In (auth), Supabase (database + storage), Cloudflare (CDN, analytics-free). What each receives, briefly:

  • Apple Sign-In. Authentication. Apple shares an email and a stable user ID with us.
  • Supabase. Postgres database and encrypted object storage.
  • Cloudflare. CDN and DNS for this website. We do not run Cloudflare Web Analytics.

8. Analytics & Tracking

None. We do not include third-party analytics scripts on this website or in the app. No Google Analytics, no Plausible, no Mixpanel, no Posthog. If we ever introduce product analytics in the app, we'll update this page first.

9. Data Deletion

You can delete any individual Etch from inside the app. To delete your entire account, email support@stalwartcrest.com from the address tied to your account. We process backend purges within 24 hours for media; soft-deleted metadata is fully erased within 30 days.

10. Your Rights

You have the right to:

  • Access the data we hold about you. Email us and we'll send a copy within 30 days.
  • Correct inaccurate information. You can update most account details in-app; for anything you can't edit yourself, email us.
  • Delete your account and all associated data, on the timeline described in §9.
  • Port your data. We'll provide a structured export of your Etches and account record on request.
  • Withdraw consent at any time by deleting your account. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Lodge a complaint with a data protection authority. EU and UK residents may complain to their local supervisory authority; California residents have rights under the CCPA, including the right not to be discriminated against for exercising any of the above.

We will never sell or rent your personal data to third parties.

11. Children's Privacy

Etch is intended for users 13 and older (or the local equivalent age of digital consent). We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, email us and we will delete it.

12. Changes to This Policy

We will update the effective date at the top of this page when we make changes. For material changes, we will also notify you in-app the next time you open Etch and (where required by law) by email.

13. Contact

Questions, requests, or anything else: support@stalwartcrest.com.

Data controller: Stalwart Crest, Inc., Delaware, USA.