Privacy Policy
In plain words: we handle intimate photos and personal data for long-distance couples. We take that seriously. This policy explains exactly what we collect, why, who processes it, and what control you have.
1. Who we are
Controller: Evert Smit
Wydaeckerring 53, 8047 Zürich, Switzerland
Email: privacy@stillnear.photos
Still Near is operated under Swiss law. We are the data controller for all processing described below.
2. What we collect and why
| Data | Purpose | Legal basis | Retention |
|---|---|---|---|
| Phone number | Account identity, OTP login | Contract performance | Until account deletion + 30-day grace |
| Date of birth | 18+ age verification (immutable once set) | Legal obligation (adult-only service) | Until account deletion + 30-day grace |
| Photos | Core service — displaying shared moments | Contract performance | Until deleted by you, room breakup, or account deletion |
| Contact email (optional) | Billing notifications, account recovery | Consent / contract | Until removed by you or account deletion |
| Payment data | Subscription billing | Contract performance | Processed by Mollie; we store only subscription status |
| Device pairing tokens | Linking display frames to your room | Contract performance | Until display revoked or account deletion |
| Passkey public key | Passwordless login (WebAuthn) | Contract performance | Until account deletion |
| Timezone / clock data | Synchronized display between desks | Contract performance | Not stored server-side; computed at display time |
| Audit logs (metadata only) | Security, abuse prevention | Legitimate interest | 90 days |
3. How photos are protected
Your photos are encrypted server-side with AES-256-GCM before storage. EXIF metadata (GPS, timestamps, device IDs) is stripped client-side before upload. Photos are stored in Cloudflare R2 in the EU region.
Honest limitation: this is encryption at rest, not end-to-end encryption. The server can decrypt photos to serve them to your paired displays. We cannot claim that operator access is cryptographically impossible — but access is restricted, audited, and minimized. End-to-end encryption is planned for a future version.
4. Who processes your data
| Processor | Country | Purpose | Transfer basis |
|---|---|---|---|
| Cloudflare, Inc. | US (storage in EU) | Hosting, Workers, KV, R2 blob storage | DPA + Standard Contractual Clauses |
| Twilio, Inc. | US | SMS OTP delivery and verification | DPA + Standard Contractual Clauses |
| Mollie B.V. | Netherlands | Payment processing (subscriptions, gifts) | EU-based; DPA in place |
We do not sell, rent, or share your data with advertisers or any other third parties.
5. International transfers
Photo blobs are stored in Cloudflare R2 in the EU (Eastern Europe region). Worker compute runs on Cloudflare's global edge but processes data transiently. Phone number verification is processed by Twilio in the US.
For all US-based processors, transfers are covered by Standard Contractual Clauses (SCCs) and Data Processing Addendums (DPAs). Server-side encryption provides supplementary technical measures per Schrems II guidance.
6. Your rights
Under GDPR (and Swiss FADP), you have the right to:
- Access — request a copy of all data we hold about you
- Export — download your data in a portable format (available in Account settings)
- Rectification — correct inaccurate data (phone number change, email update)
- Erasure — delete your account and all associated data (available in Account settings; 30-day grace period, then permanent)
- Restriction — request we limit processing
- Portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interest
- Withdraw consent — where processing is consent-based (e.g. optional email)
To exercise any right, email hello@stillnear.photos. We respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority. For Switzerland: FDPIC. For the EU: your local data protection authority.
7. Data retention and deletion
- Account deletion: 30-day grace period (you can reverse it), then permanent erasure of all account data, photos, and room membership.
- Photos: deleted immediately when you remove them; permanently purged from storage.
- Room breakup: all room photos are deleted; both members' room data is cleared.
- Audit logs: retained 90 days for security, then purged.
- Payment records: Mollie retains payment data per their legal obligations; we store only subscription status.
8. Cookies and local storage
Still Near does not use tracking cookies or advertising pixels. We use:
- Session token — stored in application memory (not localStorage or cookies); cleared on logout.
- Service worker cache — caches the app shell and recently viewed photos for offline access.
- IndexedDB — stores the offline photo queue (pending uploads when you're offline).
No analytics cookies. No third-party trackers. No retargeting.
9. Age restriction
Still Near is for adults only (18+). We verify age at signup and do not knowingly collect data from anyone under 18. If we discover an underage account, it will be deleted and associated content removed.
10. Security measures
- AES-256-GCM encryption at rest for all photos
- EXIF stripping before upload (GPS, device info removed)
- HMAC-signed, time-limited URLs for image access
- Constant-time secret comparison (no timing attacks)
- Rate limiting on all authentication endpoints
- TLS in transit (HSTS preloaded)
- No public image URLs — all access requires valid authentication
11. Automated decision-making
We do not use automated decision-making or profiling that produces legal or similarly significant effects.
12. Changes to this policy
We'll notify you of material changes via the app (and email, if you've provided one) before they take effect. The "effective date" below is updated with each revision.
Effective: 2026-12-02 · Last updated: 2026-12-02