— The fine print
Privacy Policy
Effective 1 June 2026 · Last updated 4 June 2026
.i.s.o. is a small, paid, invitation-only home for photographers. It is built around a core promise: your data belongs to you. We do not sell it, build behavioral profiles, serve you ads, or train artificial intelligence on your content. This policy explains, plainly, what we collect and what we will never do with it.
In plain words
We collect only what the app needs to work: your account details, the photographs and notes you choose to share, and a little usage data to run the feed and keep the community safe. We do not sell your data, share it with brokers, show you ads, or use your photographs to train any AI model — ever. You can delete your account, and your data, from inside the app.
This box is a summary for convenience. The sections below are the policy that actually governs.
1Who we are & our privacy philosophy
.i.s.o. (“.i.s.o.”, “iso”, the “app”, or the “Service”) is operated by Brandon Owen, an individual sole proprietor doing business as .i.s.o. (“Company”, “we”, “us”, “our”). We are the controller responsible for your information under this policy.
This policy explains how we collect, use, store, and protect your personal information when you use the .i.s.o. iOS app or visit isoapp.art. We built .i.s.o. around a core privacy promise: your data belongs to you. We do not sell your personal information, build behavioral profiles, serve you advertisements, or train artificial intelligence on your content. This policy applies globally to all users regardless of their country of residence, and we have designed our data practices to comply with or exceed major international privacy frameworks, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable laws. It does not cover third parties we link to, such as the Apple App Store.
2Information we collect
We collect only the minimum information necessary to operate the Service. We do not buy personal information about you from third parties, and we do not build advertising profiles. We do not collect biometric data, financial information, or information from your device's contacts, camera roll, or location services beyond what you explicitly share.
Information you give us
- Account details
- Your email address, chosen username, and password. Passwords are handled by our authentication provider (Cognito) and are stored only in hashed form — we never see or store your plain password. You may also choose an account category (for example, Creatives or Community).
- Your content
- The photographs you upload and anything you attach to them: titles, captions, tags (subject, medium, color), camera and lens details, and any notes. Also your profile (display name, bio, gear list, contact sheet), your collections, and your inspirations.
- Photo metadata (EXIF)
- Technical details embedded in your photographs, such as camera model, lens, and exposure settings, which power features like the histogram and gear filters.
- Location — only if you add it
- You may optionally tag a photograph with a location. You are never required to. When you do, the map shows it only as part of an aggregated heatmap of where work is gathering — never as a precise pin, and never tied to you publicly.
- Support messages
- If you write to support, we keep your message and our reply so we can help you.
Information we collect automatically
- Activity in the app
- Your heartbeats, focuses, inspirations, and saved collections, and how long photographs are viewed. View time is used only for your own analytics information — it is not sold or used for advertising or behavioral profiling. These counts are private to you.
- Reports you file
- If you report a photograph or a person, we keep the report and any note you add so a human can review it.
- Device & technical data
- Your device type, operating-system version, a push-notification token (so we can deliver notices you opt into), a privacy-preserving device token used only to enforce bans on devices that have been removed for serious violations, your IP address, and basic diagnostic information needed to keep the app stable.
3How we use information
- To create and secure your account, authenticate your identity, and sign you in.
- To store, process, and display your photographs and profile, and to deliver images quickly through a content-delivery network.
- To run the feeds, the map heatmap, search, and filters. Ordering is based on simple signals such as recency — there is no behavioral advertising model behind it.
- To keep the community safe: reviewing reports, removing content that breaks the rules, and enforcing suspensions and device bans.
- To send you essential service notices you have opted into (not marketing), and to respond to your support requests.
- To process your subscription. Payment is handled by Apple — see Sharing & service providers.
- To comply with applicable legal obligations and protect the rights and safety of our users and the public.
We do not use your information for targeted advertising, behavioral marketing, sale to third parties, or any purpose not listed above. Any new use of your data will be disclosed to you in advance.
4What we never do
We make the following unconditional commitments regarding your personal data. These are not aspirational — they are enforceable obligations we hold ourselves to.
- We never sell, rent, or trade your personal information or User Content, and we never share it with data brokers or marketing platforms.
- We never use your photographs or other content to train, test, evaluate, or improve any general-purpose, generative, or commercial artificial-intelligence or machine-learning model, our own or anyone else's. The sole exception is our own safety and content-moderation systems, which we may improve using material already flagged for review — solely to detect illegal content and abuse, never to build advertising, recommendation, or generative models.
- We never show you advertising, and we do not embed third-party advertising or analytics trackers in the app.
- We never track your activity across other websites, apps, or services, and we never build individual behavioral profiles or interest graphs.
- We never publish your photographs or make them browsable outside the app. In-app screenshots are blocked, and there is no external sharing, public link, or web gallery for your work.
- We do not use automated decision-making that produces legal or similarly significant effects on you without human review.
5Sharing & service providers
We share your information only in the following limited circumstances, and we keep our list of providers deliberately short. They process information only to provide their service to us, under their own privacy and security obligations and appropriate data-processing agreements:
- Apple
- Distributes the app through the App Store, processes your subscription through In-App Purchase, and delivers push notifications. Apple's handling of your payment is governed by Apple's own privacy policy.
- Amazon Web Services (AWS)
- Hosts the Service. This includes authentication (Cognito), the database, image storage, the content-delivery network, and transactional email (for example, verification and password-reset messages). Our infrastructure is located in the United States.
Beyond service providers, we may disclose information: (a) for legal compliance, when required by valid and legally binding process such as a court order, subpoena, or government request — and, where legally permitted, we will notify you before complying; (b) for safety, to prevent imminent harm to any person; and (c) in a business transfer, such as a merger, acquisition, or sale of substantially all assets, in which case your data may transfer to the successor entity, which will remain bound by this policy, and we will notify you.
6Your content & storage
Your User Content — photographs, artwork, and other media you upload — is stored on secure servers operated by our cloud-hosting providers. Your content is accessible within the app only to the members you allow to see it, in accordance with the app's privacy settings. It is not indexed by search engines, is not accessible via the Website, and is not reproduced, distributed, or shared outside the app.
You decide what you share. Your username, profile, and any work you publish can be seen by other members in the app; you can keep individual collections and photographs private, and choose whether your profile is discoverable. Location tags only ever appear as part of the aggregated heatmap, never as a precise location attributed to you. Blocked members cannot see you, and you cannot see them. You may delete your User Content at any time, and deleted content will be removed from our active servers within thirty (30) days, subject to any retention obligations required by law.
8How long we keep it
We retain your personal information only for as long as necessary to provide the Service and fulfill the purposes outlined in this policy. We keep your information for as long as your account is active. When you delete your account, deletion begins a 30-day grace period during which you can sign back in to cancel. After the grace period, your account and its content are permanently deleted, and associated personal data is purged from our systems — including any moderation or safety records tied to your account. Usage logs and device data are retained for a maximum of twelve (12) months for security and service improvement before being deleted or anonymized.
Two narrow exceptions apply. First, routine encrypted backups cycle out on their own schedule. Second, where we are legally required to preserve material — most importantly, suspected child sexual abuse material, which United States law requires us to preserve and report — we will retain only what the law requires, separately from the rest of the Service, and never within any product feature.
9How we protect it
We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, and we design the app to be resilient:
- All traffic is encrypted in transit using TLS (Transport Layer Security), with certificate pinning to resist interception.
- Sensitive data cached on your device is encrypted with AES-GCM, and authentication tokens are stored in the iOS Keychain. Sensitive data is encrypted at rest.
- Access controls limit access to personal data on a strict need-to-know basis, and content is stored on access-controlled infrastructure served only to authenticated members through the app.
- We carry out security assessments and maintain incident-response procedures.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. In the event of a breach likely to affect your rights and freedoms, we will notify you and the applicable authorities as required by law.
10Children
.i.s.o. is not intended for children. You must be at least 16 years old to use the Service. We do not knowingly collect personal information from anyone under 16. If we learn that we have, we will delete it and close the account. If you are a parent or guardian and believe a child has provided us information, please contact us at help@isoapp.art. We comply with the Children's Online Privacy Protection Act (COPPA) and equivalent international regulations.
11Your rights — all users
Regardless of your jurisdiction, we extend the following rights to all users:
- Access. You may request a copy of the personal data we hold about you, and you can view and edit your profile, content, and account details at any time inside the app.
- Correction. You may request correction of inaccurate or incomplete personal data.
- Deletion. You may request deletion of your personal data, subject to limited legal retention obligations. You can delete your account, and your data, from Settings — see Account deletion & data erasure.
- Data portability. You may request a machine-readable copy of your personal data where technically feasible.
- Withdraw consent & object. Where processing is based on consent you may withdraw it at any time, and you may object to certain processing.
- Complain. You may lodge a complaint with your applicable data-protection authority.
To exercise any of these rights, contact us at help@isoapp.art. We will verify your request through your account email and respond within thirty (30) days, or within the timeframe required by applicable law.
12EEA & UK users (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, the following additional provisions apply. Our legal bases for processing your personal data are: (a) performance of a contract (operating your account and delivering the Service); (b) legitimate interests (security, fraud prevention, and service improvement), where these are not overridden by your rights; and (c) legal obligation (compliance with applicable law). We do not rely on consent as a legal basis for core service functions.
We do not transfer your personal data to countries outside the EEA or UK without appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission. You have the right to object to processing, the right not to be subject to solely automated decisions, and the right to complain to your national Data Protection Authority (DPA), including the ICO in the United Kingdom.
13California users (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA): (a) the right to know what personal information we collect, use, disclose, and share; (b) the right to request deletion of your personal information, subject to applicable exceptions; (c) the right to request correction of inaccurate personal information; (d) the right to opt out of the sale or sharing of personal information — we do not sell or share your personal information as those terms are defined under California law, so there is nothing to opt out of; (e) the right to limit the use of sensitive personal information — we do not use sensitive personal information beyond what is necessary for the Service; and (f) the right to non-discrimination for exercising your privacy rights.
Requests may be submitted to help@isoapp.art, and we will verify your request through your account email before acting on it. We will respond within forty-five (45) days as required by law.
14International data transfers
.i.s.o. is based in the United States, and your information is stored and processed on servers in the United States. If you are accessing the Service from outside the United States, your personal data may be transferred to, stored, and processed there or in other countries where our service providers operate, where data-protection laws may differ from those in your country.
We ensure that such transfers are conducted with appropriate safeguards, including data-processing agreements that require providers to protect data to the standard of this policy. For users in the EEA and UK, we rely on Standard Contractual Clauses (SCCs) or other legally approved transfer mechanisms, and we periodically review the adequacy of protections in the countries where data is processed.
15Third-party integrations & links
The Website may contain links to third-party websites for informational purposes only. We are not responsible for the privacy practices of those third parties, and you should review their privacy policies independently.
Any third-party service provider engaged by us to support app operations is subject to a data-processing agreement that prohibits unauthorized use, processing, or disclosure of your personal data. We do not integrate third-party social login, advertising SDKs, behavioral-analytics platforms, or data-enrichment services into the app. If we ever add integrations that affect your personal data, we will disclose them here and, where required, seek your consent.
16Push notifications & communications
We may send push notifications to your device related to app activity, account security, or service updates, using a push-notification token. You may opt out of push notifications through your device's notification settings at any time. We do not send unsolicited marketing communications — any emails we send relate to your account (such as verification, password reset, or critical service notices) or are in direct response to your contact with us.
If we introduce any optional communications (such as a newsletter or product updates), we will obtain your explicit opt-in consent and provide a straightforward opt-out in every message. We will not use your email address for third-party marketing or share it with any marketing service.
17Account deletion & data erasure
You may delete your .i.s.o. account at any time through the app's Settings. Deletion begins a 30-day grace period during which you can sign back in to cancel. After the grace period: (a) your User Content is removed from our active servers; (b) your profile and account information are permanently deleted; (c) any content interactions (such as follows or saves) associated with your account are removed; and (d) your email address and identifiers are deleted from our active database.
Certain data may be retained in encrypted backup archives for a limited period (not exceeding ninety (90) days) before being permanently overwritten, and we may retain minimal data where required by law (such as records of legal disputes or regulatory inquiries, and material we are legally required to preserve). Following complete deletion, we will not be able to recover your account or content, and you acknowledge this is irreversible.
18Legal disclosures & safety
We may disclose information when we believe in good faith that it is necessary to comply with the law or valid legal process, to enforce our Terms & Conditions, to detect or prevent fraud or abuse, or to protect the rights, property, or safety of our members or the public.
As required by United States federal law (18 U.S.C. § 2258A), we report suspected child sexual abuse material to the National Center for Missing & Exploited Children (NCMEC), and we cooperate with law enforcement.
20Changes to this policy
We may update this policy from time to time to reflect changes in our practices, legal requirements, or the app's functionality. When we make material changes, we will revise the “Last updated” date above and provide advance notice through the app or by email (if we have your contact address) at least fourteen (14) days before the changes take effect, except where we are required to make immediate changes to comply with the law. Continuing to use .i.s.o. after the effective date of the revised policy means you accept it. We will maintain an archive of prior versions available upon request.
21How to reach us
Questions about your privacy, or any request under this policy, can be sent to a real person. Please include “Privacy” in the subject line so we can route your inquiry appropriately:
Brandon Owen, operating .i.s.o.
Email: help@isoapp.art
Mailing address: [MAILING ADDRESS]
We will acknowledge receipt of all privacy-related inquiries promptly and provide a substantive response within thirty (30) days, or within the timeframe required by applicable law. This Privacy Policy is effective as of 1 June 2026. Nothing in it limits or excludes any rights you may have under applicable law that cannot be waived or excluded by contract.