.i.s.o.
Privacy
a tour waitlist

1Who we are & our privacy philosophy

.i.s.o. (“.i.s.o.”, “iso”, the “app”, or the “Service”) is operated by Brandon Owen, an individual sole proprietor doing business as .i.s.o. (“Company”, “we”, “us”, “our”). We are the controller responsible for your information under this policy.

This policy explains how we collect, use, store, and protect your personal information when you use the .i.s.o. iOS app or visit isoapp.art. We built .i.s.o. around a core privacy promise: your data belongs to you. We do not sell your personal information, build behavioral profiles, serve you advertisements, or train artificial intelligence on your content. This policy applies globally to all users regardless of their country of residence, and we have designed our data practices to comply with or exceed major international privacy frameworks, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable laws. It does not cover third parties we link to, such as the Apple App Store.

2Information we collect

We collect only the minimum information necessary to operate the Service. We do not buy personal information about you from third parties, and we do not build advertising profiles. We do not collect biometric data, financial information, or information from your device's contacts, camera roll, or location services beyond what you explicitly share.

Information you give us

Account details
Your email address, chosen username, and password. Passwords are handled by our authentication provider (Cognito) and are stored only in hashed form — we never see or store your plain password. You may also choose an account category (for example, Creatives or Community).
Your content
The photographs you upload and anything you attach to them: titles, captions, tags (subject, medium, color), camera and lens details, and any notes. Also your profile (display name, bio, gear list, contact sheet), your collections, and your inspirations.
Photo metadata (EXIF)
Technical details embedded in your photographs, such as camera model, lens, and exposure settings, which power features like the histogram and gear filters.
Location — only if you add it
You may optionally tag a photograph with a location. You are never required to. When you do, the map shows it only as part of an aggregated heatmap of where work is gathering — never as a precise pin, and never tied to you publicly.
Support messages
If you write to support, we keep your message and our reply so we can help you.

Information we collect automatically

Activity in the app
Your heartbeats, focuses, inspirations, and saved collections, and how long photographs are viewed. View time is used only for your own analytics information — it is not sold or used for advertising or behavioral profiling. These counts are private to you.
Reports you file
If you report a photograph or a person, we keep the report and any note you add so a human can review it.
Device & technical data
Your device type, operating-system version, a push-notification token (so we can deliver notices you opt into), a privacy-preserving device token used only to enforce bans on devices that have been removed for serious violations, your IP address, and basic diagnostic information needed to keep the app stable.

3How we use information

We do not use your information for targeted advertising, behavioral marketing, sale to third parties, or any purpose not listed above. Any new use of your data will be disclosed to you in advance.

4What we never do

We make the following unconditional commitments regarding your personal data. These are not aspirational — they are enforceable obligations we hold ourselves to.

5Sharing & service providers

We share your information only in the following limited circumstances, and we keep our list of providers deliberately short. They process information only to provide their service to us, under their own privacy and security obligations and appropriate data-processing agreements:

Apple
Distributes the app through the App Store, processes your subscription through In-App Purchase, and delivers push notifications. Apple's handling of your payment is governed by Apple's own privacy policy.
Amazon Web Services (AWS)
Hosts the Service. This includes authentication (Cognito), the database, image storage, the content-delivery network, and transactional email (for example, verification and password-reset messages). Our infrastructure is located in the United States.

Beyond service providers, we may disclose information: (a) for legal compliance, when required by valid and legally binding process such as a court order, subpoena, or government request — and, where legally permitted, we will notify you before complying; (b) for safety, to prevent imminent harm to any person; and (c) in a business transfer, such as a merger, acquisition, or sale of substantially all assets, in which case your data may transfer to the successor entity, which will remain bound by this policy, and we will notify you.

6Your content & storage

Your User Content — photographs, artwork, and other media you upload — is stored on secure servers operated by our cloud-hosting providers. Your content is accessible within the app only to the members you allow to see it, in accordance with the app's privacy settings. It is not indexed by search engines, is not accessible via the Website, and is not reproduced, distributed, or shared outside the app.

You decide what you share. Your username, profile, and any work you publish can be seen by other members in the app; you can keep individual collections and photographs private, and choose whether your profile is discoverable. Location tags only ever appear as part of the aggregated heatmap, never as a precise location attributed to you. Blocked members cannot see you, and you cannot see them. You may delete your User Content at any time, and deleted content will be removed from our active servers within thirty (30) days, subject to any retention obligations required by law.

7Cookies & tracking technologies

The Website at isoapp.art uses only strictly necessary cookies required for the site to function (such as session and security cookies). We do not use tracking cookies, advertising cookies, or third-party analytics cookies on the Website, and the app itself does not use browser cookies.

We may use anonymized, aggregated app analytics to understand general usage patterns (such as which screens are most accessed), but these do not identify individual users and are not linked to your account. We do not use fingerprinting technologies, pixel trackers, or similar mechanisms. If we add any cookies or tracking technologies beyond what is described here, we will update this policy and, where required by law, obtain your consent.

8How long we keep it

We retain your personal information only for as long as necessary to provide the Service and fulfill the purposes outlined in this policy. We keep your information for as long as your account is active. When you delete your account, deletion begins a 30-day grace period during which you can sign back in to cancel. After the grace period, your account and its content are permanently deleted, and associated personal data is purged from our systems — including any moderation or safety records tied to your account. Usage logs and device data are retained for a maximum of twelve (12) months for security and service improvement before being deleted or anonymized.

Two narrow exceptions apply. First, routine encrypted backups cycle out on their own schedule. Second, where we are legally required to preserve material — most importantly, suspected child sexual abuse material, which United States law requires us to preserve and report — we will retain only what the law requires, separately from the rest of the Service, and never within any product feature.

9How we protect it

We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, and we design the app to be resilient:

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. In the event of a breach likely to affect your rights and freedoms, we will notify you and the applicable authorities as required by law.

10Children

.i.s.o. is not intended for children. You must be at least 16 years old to use the Service. We do not knowingly collect personal information from anyone under 16. If we learn that we have, we will delete it and close the account. If you are a parent or guardian and believe a child has provided us information, please contact us at help@isoapp.art. We comply with the Children's Online Privacy Protection Act (COPPA) and equivalent international regulations.

11Your rights — all users

Regardless of your jurisdiction, we extend the following rights to all users:

To exercise any of these rights, contact us at help@isoapp.art. We will verify your request through your account email and respond within thirty (30) days, or within the timeframe required by applicable law.

12EEA & UK users (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, the following additional provisions apply. Our legal bases for processing your personal data are: (a) performance of a contract (operating your account and delivering the Service); (b) legitimate interests (security, fraud prevention, and service improvement), where these are not overridden by your rights; and (c) legal obligation (compliance with applicable law). We do not rely on consent as a legal basis for core service functions.

We do not transfer your personal data to countries outside the EEA or UK without appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission. You have the right to object to processing, the right not to be subject to solely automated decisions, and the right to complain to your national Data Protection Authority (DPA), including the ICO in the United Kingdom.

13California users (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA): (a) the right to know what personal information we collect, use, disclose, and share; (b) the right to request deletion of your personal information, subject to applicable exceptions; (c) the right to request correction of inaccurate personal information; (d) the right to opt out of the sale or sharing of personal information — we do not sell or share your personal information as those terms are defined under California law, so there is nothing to opt out of; (e) the right to limit the use of sensitive personal information — we do not use sensitive personal information beyond what is necessary for the Service; and (f) the right to non-discrimination for exercising your privacy rights.

Requests may be submitted to help@isoapp.art, and we will verify your request through your account email before acting on it. We will respond within forty-five (45) days as required by law.

14International data transfers

.i.s.o. is based in the United States, and your information is stored and processed on servers in the United States. If you are accessing the Service from outside the United States, your personal data may be transferred to, stored, and processed there or in other countries where our service providers operate, where data-protection laws may differ from those in your country.

We ensure that such transfers are conducted with appropriate safeguards, including data-processing agreements that require providers to protect data to the standard of this policy. For users in the EEA and UK, we rely on Standard Contractual Clauses (SCCs) or other legally approved transfer mechanisms, and we periodically review the adequacy of protections in the countries where data is processed.

15Third-party integrations & links

The Website may contain links to third-party websites for informational purposes only. We are not responsible for the privacy practices of those third parties, and you should review their privacy policies independently.

Any third-party service provider engaged by us to support app operations is subject to a data-processing agreement that prohibits unauthorized use, processing, or disclosure of your personal data. We do not integrate third-party social login, advertising SDKs, behavioral-analytics platforms, or data-enrichment services into the app. If we ever add integrations that affect your personal data, we will disclose them here and, where required, seek your consent.

16Push notifications & communications

We may send push notifications to your device related to app activity, account security, or service updates, using a push-notification token. You may opt out of push notifications through your device's notification settings at any time. We do not send unsolicited marketing communications — any emails we send relate to your account (such as verification, password reset, or critical service notices) or are in direct response to your contact with us.

If we introduce any optional communications (such as a newsletter or product updates), we will obtain your explicit opt-in consent and provide a straightforward opt-out in every message. We will not use your email address for third-party marketing or share it with any marketing service.

17Account deletion & data erasure

You may delete your .i.s.o. account at any time through the app's Settings. Deletion begins a 30-day grace period during which you can sign back in to cancel. After the grace period: (a) your User Content is removed from our active servers; (b) your profile and account information are permanently deleted; (c) any content interactions (such as follows or saves) associated with your account are removed; and (d) your email address and identifiers are deleted from our active database.

Certain data may be retained in encrypted backup archives for a limited period (not exceeding ninety (90) days) before being permanently overwritten, and we may retain minimal data where required by law (such as records of legal disputes or regulatory inquiries, and material we are legally required to preserve). Following complete deletion, we will not be able to recover your account or content, and you acknowledge this is irreversible.

19Data-protection authorities

While .i.s.o. is a US-based service, we take global privacy obligations seriously. For users in jurisdictions that require a data-protection contact, inquiries may be directed to help@isoapp.art with the subject line “Data Protection Inquiry”. You have the right to lodge a complaint with your national data-protection authority: EEA users with their national DPA; UK users with the Information Commissioner's Office (ICO) at ico.org.uk; Australian users with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au; and Canadian users with the Office of the Privacy Commissioner of Canada at priv.gc.ca. We will cooperate with applicable supervisory authorities in the investigation and resolution of complaints.

20Changes to this policy

We may update this policy from time to time to reflect changes in our practices, legal requirements, or the app's functionality. When we make material changes, we will revise the “Last updated” date above and provide advance notice through the app or by email (if we have your contact address) at least fourteen (14) days before the changes take effect, except where we are required to make immediate changes to comply with the law. Continuing to use .i.s.o. after the effective date of the revised policy means you accept it. We will maintain an archive of prior versions available upon request.

21How to reach us

Questions about your privacy, or any request under this policy, can be sent to a real person. Please include “Privacy” in the subject line so we can route your inquiry appropriately:

Brandon Owen, operating .i.s.o.
Email: help@isoapp.art
Mailing address: [MAILING ADDRESS]

We will acknowledge receipt of all privacy-related inquiries promptly and provide a substantive response within thirty (30) days, or within the timeframe required by applicable law. This Privacy Policy is effective as of 1 June 2026. Nothing in it limits or excludes any rights you may have under applicable law that cannot be waived or excluded by contract.