Introduction
What the app does. Media Den is a privacy-oriented photo and video vault for iPhone. It requires users to bring their own storage (S3, iCloud iDrive, or Google Drive). There is no default Media Den cloud configuration, and your files never leave your device except to be stored on your configured storage backend. The app allows you to configure client-side encryption, ensuring your files are encrypted before landing on your chosen storage backend. Media Den allows you to organize photos in folders, browse your files, remove your files, or share your files using the builtin iOS share feature. A six-digit PIN is required—you create it when you first use the app, and the vault stays locked until you enter it (subject to the app’s lock and lockout rules). The app also attempts to strip certain types of metadata from your files to help protect your privacy, such as GPS location.
Who we are and where your copies live. The app is distributed as Media Den. We do not operate a dedicated “Media Den” cloud that stores your vault. You choose where synchronized copies of your vault data are stored: your own Amazon S3 bucket, a Google Drive folder you authorize, or iCloud Drive tied to your Apple ID. Processing needed to use those services happens on your device and on the infrastructure of the provider you select.
Information the app processes
The list below groups items in terms similar to Apple’s data types for the App Store privacy questionnaire. What actually leaves your device depends on your actions and settings (e.g. whether you configure a backend, enable encryption, or import/share media).
| Category (App Store–style) | What it covers in Media Den | Where it typically exists |
|---|---|---|
| Photos or Videos | Photos, videos, and Live Photo components you import, capture, encrypt/decrypt, upload, download, cache, export, or share. | On device; copies in your S3 bucket, Google Drive, or iCloud Drive per your configuration. |
| Audio | Audio recorded when you capture video in the app. | Same as photos/videos. |
| Other User Content | Folder names and folder structure (and related manifest data used to organize the vault). If you use encryption, folder metadata may be encrypted before upload. | On device; copies on your configured backend. |
| User ID (if you declare it in App Store Connect) | Identifiers you use with third-party services (e.g. Google account during OAuth sign-in for Drive; AWS or Apple account context for API calls). Media Den does not require a separate “Media Den account.” | Handled by Google, AWS, and/or Apple under their policies when you use those backends. |
On your device (not sent to us): The app stores sensitive configuration in the Apple Keychain (for example, storage credentials, encryption key material, and PIN verification data). It keeps a local LRU cache of decrypted originals for performance (default cap described in app settings; cache is cleared when encryption keys or backend configuration change in the app).
Photo metadata: When the “Strip photo metadata on import” setting is on (default), the app strips much EXIF/XMP from photos on import (e.g. GPS, device model, timestamps), while preserving what is needed for features such as Live Photo pairing. Video metadata stripping is not implemented yet; video files may still contain embedded metadata until a future update addresses that.
Sharing: When you use the share sheet, you choose the destination. Recipients receive ordinary (unencrypted) files suitable for the target app—the app warns you of this before sharing.
How we use information
We use the information described above only to provide app functionality and security: syncing your vault with storage you configured, encryption you opt into, PIN lock, thumbnails, import/export, and similar features.
We do not:
- Scan in any way, your files, other than as is required to understand the type of file the application is working with, or for the purpose of generating thumbnails for use within the application
- Have any access to your files
- Have any access to your configuration information
- Use tracking or telemetry in the application
- “Track” you as Apple defines it for App Store labels (e.g. linking your data from this app with third-party data for ads or sharing with data brokers). The app’s privacy manifest sets tracking to off
- Have server(s) that receive any requests from the Media Den application
Third-party services and infrastructure
When you enable a backend, your vault data and credentials are processed by that provider’s systems, not by a Media Den–operated media server. You should read their privacy policies:
- Amazon Web Services (S3): AWS Privacy Notice
- Google (Google sign-in and Google Drive API): Google Privacy Policy
- Apple (iCloud Drive, Photo Library access, Keychain, Camera, Microphone): Apple Privacy Policy
Signing in to Google uses an OAuth flow (e.g. Google’s authorization pages). Information you submit there is governed by Google’s policies.
The app may include libraries (such as the AWS SDK for Swift) to implement S3 support; they communicate with your configured AWS endpoints as part of normal app operation.
Retention and deletion
Your storage: Data in your S3 bucket, Google Drive folder, or iCloud Drive remains until you delete it using the app or the provider’s tools. You are responsible for managing these systems independent of Media Den, and of any charges that may be incurred from your use of those storage backends.
Your device: Uninstalling the app removes its app data from the device; Keychain items may be removed according to Apple’s rules for that app. Clearing or changing backend or encryption settings in the app follows the behaviors described in the app and project documentation (including local cache hygiene).
Children
Media Den is not directed at children under 13. If you are a parent or guardian and believe your child has provided personal information in a way that concerns you, contact us using the information below.
International users
Where your files are stored and processed depends on your cloud provider, account, and region settings. By using those services through the app, you understand that data may be processed in countries where those providers operate.
Your choices
- Choose whether to connect S3, Google Drive, or iCloud Drive, and what folder or prefix to use.
- Enable or disable client-side encryption and manage your encryption passphrase.
- Manage your six-digit PIN and other security settings (the PIN is required to use the vault).
- Toggle photo metadata stripping on import (see limits above for video).
- Import, export, delete, and share only what you intend; sharing sends unencrypted copies to the destination you pick.
Changes to this policy
We may update this policy when the app’s practices change. The Effective date at the top will be revised. If you distribute the app on the App Store, keep your App Store Connect privacy answers consistent with this document and with the app’s actual behavior.
Contact
Contact us at greystoneappdev@gmail.com with support requests.