Cliché — Privacy Policy

Last updated: June 19, 2026 · Effective: June 19, 2026

Cliché is a live photo album you build with the friend right next to you. There is no public feed and no map. The photos in a moment are visible only to the people who were paired in that moment. The one place we differ from a "we collect nothing" policy: like most apps, we use a small set of analytics and attribution tools to understand how the app is used and which channels bring new people in. This page tells you exactly what that means.

The things we promise

  • No public feed. Your albums are not browsable by strangers. The only people who see a moment's photos are the friends who were paired in it.
  • No map, no location. Cliché never requests your GPS location and never broadcasts where you are. Bluetooth tells us "two phones are close", never where.
  • Photos stay between the people in the moment. A shared album is visible only to the friends paired during that session — never on a public surface, never to anyone else.
  • No ads in the app. Cliché shows you no advertising.
  • No AI training on your content. We do not use your photos, albums or messages to train AI models, ours or anyone else's.
  • No sale of your data. Ever.
  • Analytics & attribution, disclosed. We use Amplitude (product analytics) and Adjust (install attribution). Section 8 explains exactly what they receive and how to opt out.

1. Who is responsible

Disket France, the company behind Cliché.

The data controller for the personal information described in this policy is Disket France, a French simplified joint-stock company (société par actions simplifiée) with share capital of €1,000, registered with the Paris Trade and Companies Register (RCS Paris) under number 944 134 329, with registered office at 67 rue d'Aboukir, 75002 Paris, France. Disket France is the controller under the EU and UK General Data Protection Regulation. You can reach us at hello@disket.app.

2. The data model

Exactly the fields Cliché has, what each one is for, and who can see it.

This is everything Cliché stores about you. If a category isn't on this list, we don't have it.

Field What it is Visible to
Apple ID or Google account Used to sign you in (Sign in with Apple or Google). We receive an account identifier and, if you allow it, your email. You and us
Username Your unique handle — how friends recognise you. Cliché is username-first. Friends you pair with
Profile picture (optional) One image of your choosing. Friends you pair with
Pairing list The set of users you have paired with. You only
Moments (co-presence sessions) Bluetooth-detected sessions between you and the friend(s) you pair with. Stored as start time, participant identifiers, and a duration. The people in the moment
Shared photos Photos taken during a live session that are added to the moment's shared album and stored on our servers. See section 3. The people in the moment
Device + diagnostics Device model, OS version, app version, language, crash logs. Us, in aggregate
Usage analytics In-app events (e.g. screen opened, pairing started, photo shared) tied to a pseudonymous identifier, via Amplitude. See section 8. Us, in aggregate
Attribution data Install and basic event signals via Adjust, used to understand which channel a new user came from. See section 8. Us, in aggregate

3. How a moment and its album work

Bluetooth detects a friend nearby; you pair; the photos you take together fill a shared album live.

3.1 Bluetooth proximity & pairing

While Cliché is running (including in the background, if you have granted Bluetooth permission), your device advertises a rotating Cliché identifier and listens for the identifiers of others. When a friend is detected nearby, you can pair with them in one tap, which opens a time-boxed co-presence session (about 30 minutes). We store the participant identifiers, the start time and the session duration. We do not store the latitude, longitude, address, venue name or any other location data.

3.2 The live shared album

While you are in a live session with a paired friend, photos you take with the camera are automatically added to that session's shared album and uploaded to our servers, so both of you see the moment fill in instantly — without sending anything by hand. This auto-sync only happens (a) while a live session is active and (b) for photos taken during that session's time window; it requires full Photo Library access. Screenshots and photos taken outside a session are not included. The album is visible only to the friends paired in that moment.

4. What we never collect

A short list of things people often assume social apps collect. We don't.

5. How we use the data

To make Cliché work, keep it safe, measure it, and improve it.

6. Legal bases (EEA / UK users)

For each kind of processing, the legal basis we rely on.

7. What other Cliché users can see about you

Your profile, and the photos on the moments you were paired in. Nothing more.

  1. Your profile fields (username, optional profile picture), visible to users you pair with.
  2. The fact, time and duration of a moment you were paired in, visible to the people in that moment.
  3. The photos in a shared album, visible to the people paired in that moment.

That is the complete list. Your pairing list and your moments with other people are not exposed to any other user. There is no public feed and no friends-of-friends visibility.

8. Analytics, attribution & measurement

The honest part: the third-party tools we use to understand and grow the app, and how to opt out.

Like most apps, Cliché uses a small set of measurement tools. We use them in aggregate to understand how the product is used and works — never to build advertising profiles inside Cliché (there are no ads in the app).

You can turn off tracking at any time in iOS Settings → Privacy & Security → Tracking, and limit diagnostics sharing in iOS Settings.

9. The infrastructure we use

A small number of providers, each bound by a data-processing agreement.

Provider What they do Region
Supabase Hosts our database, authentication and photo storage. EU
Cloudflare Edge networking and DDoS protection. Global edge
Apple Inc. App Store distribution, push notifications (APNs), Sign in with Apple. USA / global
Amplitude Product analytics (aggregated in-app events). USA
Adjust Install attribution and conversion measurement. EU
Google LLC Sign in with Google and on-device ad conversion measurement. USA / global

If we ever add another provider that handles personal data, we will update this list before we start using them.

10. International transfers

Your core data is stored in the EU. Some measurement providers process limited data in the US under standard safeguards.

Disket France is a French company and your account data, moments and photos are stored in the European Union (Supabase, EU region). Transfers outside the EEA occur through some of the sub-processors listed in section 9 — Apple, Amplitude and Google process a limited amount of metadata in the United States, and Cloudflare's global edge may route traffic through the data centre nearest you. Each transfer is covered by the Standard Contractual Clauses approved by the European Commission, complemented by additional technical safeguards (encryption in transit and at rest, scoped access controls, least-privilege engineering).

11. Retention and deletion

We keep your data while your account is active. Delete the account, and the data goes with it.

We retain your account information, moments and photos for as long as your account is active. You can delete your account at any time from Settings → Log out / account options inside the app. When you do:

Friends you shared a moment with keep the photos they themselves took in that moment; the photos you contributed, your username and your profile photo are removed.

12. Security

Standard industry safeguards. Nothing is unbreakable.

We protect your data with transport encryption (TLS), encryption at rest, scoped access controls, audit logging, automated dependency scanning and least-privilege engineering practices. No system is perfectly secure, and you remain responsible for keeping your device and your Apple or Google account secure. If we ever suffer a data breach affecting your personal information, we will notify you and the competent supervisory authority within the deadlines required by applicable law.

13. Your rights

Access, correct, delete, port, object, complain.

Depending on where you live, you may have some or all of the following rights:

To exercise any of these rights, write to hello@disket.app. We will respond within one month (EEA/UK) or as required by your local law.

13.1 Notice to California residents

Under the California Consumer Privacy Act (CCPA), you have the right to know the categories of personal information we collect, the purposes for which we use it, the categories of third parties with whom we share it, and to request access, deletion and correction. We do not "sell" your personal information and we do not "share" it for cross-context behavioural advertising as those terms are defined under California law. You may exercise your CCPA rights by writing to hello@disket.app.

14. iOS permissions

Each permission Cliché asks for, and why.

Permission Why we ask for it What happens if you deny
Bluetooth Detect when a Cliché friend is right next to you, and run the pairing session. This is the core function. You can't pair or build shared albums.
Photos Add the photos you take during a live session to the shared album. Full access is needed to see photos taken just now. You can use the rest of Cliché; photos won't auto-share.
Notifications Tell you about pairing requests and when a friend adds a photo. You'll only see those events when you open the app.
Tracking (ATT) Allow attribution (Adjust) to measure which channel brought you to Cliché. Attribution runs in a privacy-preserving, non-tracking mode. Everything else works the same.

You can grant or revoke any of these at any time in iOS Settings.

15. Children

Cliché is for 17 and older.

Cliché is not directed to children under 17 and we do not knowingly collect personal information from anyone under that age. If we learn that we have inadvertently collected data from a child under 17, we will delete it without delay. Parents or guardians who believe their child has provided us with personal information can write to hello@disket.app.

16. Changes to this policy

If we change something material, we tell you in the app before it takes effect.

We may update this Privacy Policy from time to time. When we make a material change — such as adding a new provider that handles your data, or expanding what we collect — we will notify you inside the app at least fourteen days before the change takes effect. The "Last updated" date at the top of this page indicates when the current version was published.

17. Contact

One email for everything.

Disket France
67 rue d'Aboukir
75002 Paris, France
hello@disket.app