Effective date: April 10, 2026
Introduction
What the app does. Media Den is a privacy-oriented photo and video vault for iPhone. It requires users to bring their own storage (S3, iCloud iDrive, or Google Drive). There is no default Media Den cloud configuration, and your files never leave your device except to be stored on your configured storage backend. The app allows you to configure client-side encryption, ensuring your files are encrypted before landing on your chosen storage backend. Media Den allows you to organize photos in folders, browse your files, remove your files, or share your files using the builtin iOS share feature. A six-digit PIN is required—you create it when you first use the app, and the vault stays locked until you enter it (subject to the app’s lock and lockout rules). The app also attempts to strip certain types of metadata from your files to help protect your privacy, such as GPS location.
Who we are and where your copies live. The app is distributed as Media Den. We do not operate a dedicated “Media Den” cloud that stores your vault. You choose where synchronized copies of your vault data are stored: your own Amazon S3 bucket, a Google Drive folder you authorize, or iCloud Drive tied to your Apple ID. Processing needed to use those services happens on your device and on the infrastructure of the provider you select.
Information the app processes
The list below groups items in terms similar to Apple’s data types for the App Store privacy questionnaire. What actually leaves your device depends on your actions and settings (e.g. whether you configure a backend, enable encryption, or import/share media).
| Category (App Store–style) | What it covers in Media Den | Where it typically exists |
|---|---|---|
| Photos or Videos | Photos, videos, and Live Photo components you import, capture, encrypt/decrypt, upload, download, cache, export, or share. | On device; copies in your S3 bucket, Google Drive, or iCloud Drive per your configuration. |
| Audio | Audio recorded when you capture video in the app. | Same as photos/videos. |
| Other User Content | Folder names and folder structure (and related manifest data used to organize the vault). If you use encryption, folder metadata may be encrypted before upload. | On device; copies on your configured backend. |
| User ID (if you declare it in App Store Connect) | Identifiers you use with third-party services (e.g. Google account during OAuth sign-in for Drive; AWS or Apple account context for API calls). Media Den does not require a separate “Media Den account.” | Handled by Google, AWS, and/or Apple under their policies when you use those backends. |
On your device (not sent to us): The app stores sensitive configuration in the Apple Keychain (for example, storage credentials, encryption key material, and PIN verification data). It keeps a local LRU cache of decrypted originals for performance (default cap described in app settings; cache is cleared when encryption keys or backend configuration change in the app).
Photo metadata: When the “Strip photo metadata on import” setting is on (default), the app strips much EXIF/XMP from photos on import (e.g. GPS, device model, timestamps), while preserving what is needed for features such as Live Photo pairing. Video metadata stripping is not implemented yet; video files may still contain embedded metadata until a future update addresses that.
Sharing: When you use the share sheet, you choose the destination. Recipients receive ordinary (unencrypted) files suitable for the target app—the app warns you of this before sharing.
How we use information
We use the information described above only to provide app functionality and security: syncing your vault with storage you configured, encryption you opt into, PIN lock, thumbnails, import/export, and similar features.
We do not:
- Scan in any way, your files, other than as is required to understand the type of file the application is working with, or for the purpose of generating thumbnails for use within the application
- Have any access to your files
- Have any access to your configuration information
- Use tracking or telemetry in the application
- “Track” you as Apple defines it for App Store labels (e.g. linking your data from this app with third-party data for ads or sharing with data brokers). The app’s privacy manifest sets tracking to off
- Send your data to any AI or machine-learning service, whether ours or a third party’s
- Have server(s) that receive any requests from the Media Den application
Third-party services and infrastructure
When you enable a backend, your vault data and credentials are processed by that provider’s systems, not by a Media Den–operated media server. You should read their privacy policies:
- Amazon Web Services (S3): AWS Privacy Notice
- Google (Google sign-in and Google Drive API): Google Privacy Policy
- Apple (iCloud Drive, Photo Library access, Keychain, Camera, Microphone): Apple Privacy Policy
Signing in to Google uses an OAuth flow (e.g. Google’s authorization pages). Information you submit there is governed by Google’s policies.
Because your data flows directly from your device to your own accounts with these providers—not through any Media Den server—the protection of that data is governed by your relationship and agreements with those providers.
The app may include libraries (such as the AWS SDK for Swift) to implement S3 support; they communicate with your configured AWS endpoints as part of normal app operation.
Retention and deletion
Media Den does not operate servers and does not retain any copy of your data. All data exists either on your device or in your own cloud storage accounts.
Your storage: Data in your S3 bucket, Google Drive folder, or iCloud Drive remains until you delete it using the app or the provider’s tools. You are responsible for managing these systems independent of Media Den, and of any charges that may be incurred from your use of those storage backends.
Your device: Uninstalling the app removes its app data from the device; Keychain items may be removed according to Apple’s rules for that app. Clearing or changing backend or encryption settings in the app follows the behaviors described in the app and project documentation (including local cache hygiene).
Children
Media Den is not directed at children under 13. If you are a parent or guardian and believe your child has provided personal information in a way that concerns you, contact us using the information below.
International users and regional privacy rights
Where your files are stored and processed depends on your cloud provider, account, and region settings. By using those services through the app, you understand that data may be processed in countries where those providers operate.
European Economic Area (GDPR)
Our role. Media Den does not collect, receive, access, or store your personal data on any server or infrastructure we operate. For the purposes of the EU General Data Protection Regulation (GDPR), we are not a data controller or data processor with respect to your vault contents. You are the data controller of your own media. Each cloud provider you choose to use (AWS, Google, or Apple) acts as a data processor under the terms of your own agreement with that provider.
Legal basis for on-device processing. The app performs processing on your device — importing, generating thumbnails, encrypting, and syncing to your chosen backend. The legal basis for this processing is legitimate interest under GDPR Art. 6(1)(f): providing the app functionality you requested. No personal data is transmitted to us as a result of this processing.
Your rights under the GDPR. The GDPR grants you the following rights with respect to your personal data:
- Access — the right to obtain a copy of your personal data
- Rectification — the right to correct inaccurate data
- Erasure — the right to have your data deleted
- Restriction of processing — the right to limit how your data is used
- Data portability — the right to receive your data in a portable format
- Objection — the right to object to processing of your data
Because we do not hold any of your personal data, these rights cannot be exercised against us in a meaningful way. You exercise these rights directly — by managing data on your device (including deleting local app data or uninstalling the app) or through your cloud provider's tools and policies. See "Your rights and choices" below for the specific controls available to you within the app. You may also contact us at greystoneappdev@gmail.com with any privacy-related inquiry.
Cross-border data transfers. We do not transfer personal data across borders because we do not receive personal data. Any cross-border transfer that occurs is between your device and the cloud provider you selected, and is governed by that provider's terms and data processing agreements.
EU representative. We have determined that appointment of an EU representative under GDPR Art. 27 is not required, as the limited on-device processing the app performs is occasional, does not involve large-scale processing of special category data, and is unlikely to result in a risk to the rights and freedoms of data subjects.
Your rights and choices
You control your data. Within the app you can:
- Choose whether to connect S3, Google Drive, or iCloud Drive, and what folder or prefix to use.
- Enable or disable client-side encryption and manage your encryption passphrase.
- Manage your six-digit PIN and other security settings (the PIN is required to use the vault).
- Toggle photo metadata stripping on import (see limits above for video).
- Import, export, delete, and share only what you intend; sharing sends unencrypted copies to the destination you pick.
You also have the right to:
- Delete all local app data by uninstalling Media Den from your device.
- Delete cloud data using the app's delete function or your storage provider's own tools.
- Revoke third-party access at any time—for example, revoke Google Drive authorization in your Google account settings or remove your S3 credentials from the app.
- Contact us at greystoneappdev@gmail.com with any privacy-related request, including requests about your data.
Because Media Den does not operate servers, there is no Media Den-held copy of your data for us to act on. Your data lives on your device and in cloud accounts you control.
If you are in the European Economic Area, see "International users and regional privacy rights" for additional information about your rights under the GDPR.
Changes to this policy
We may update this policy when the app’s practices change. The effective date at the top will be revised accordingly.
Contact
Contact us at greystoneappdev@gmail.com with support requests.