Welcome to Knitify ("we", "us", "our"). Knitify is a mobile application for iOS and Android that generates knitting patterns from user-uploaded photographs. This Privacy Policy describes how we collect, use, disclose, retain, and protect your personal information when you use the Knitify application ("the App") and our website at knitify-app.com ("the Website").
By using the App or the Website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of the App and Website.
This policy is designed to comply with applicable data protection regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), the Children's Online Privacy Protection Act (COPPA), and the requirements of the Apple App Store and Google Play Store.
The data controller responsible for your personal data under the GDPR, the UK GDPR, and equivalent laws is:
We are not required to appoint a Data Protection Officer under GDPR Art. 37, because our processing activities do not meet the thresholds set out in that article (no large-scale processing of special categories, no large-scale systematic monitoring of data subjects). All privacy-related inquiries are handled directly by the controller at the address above.
The competent lead supervisory authority for the controller is the Polish Personal Data Protection Office — Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warsaw, Poland (uodo.gov.pl). EU residents may also lodge complaints with the supervisory authority in their EU Member State of residence.
Because the data controller is established in Poland (an EU/EEA Member State), Article 27 of the GDPR — which requires controllers established outside the EEA to designate a representative in the Union — does not apply. EU residents may exercise their rights directly with the controller above.
We collect the minimum amount of data necessary to provide and improve the App. The categories below describe what we collect and how:
users/{your-uid}/projects/{projectId}/source.jpg and .../pattern.png. They are stored encrypted at rest, are accessible only to you (enforced by Storage Security Rules), are never used for AI training, advertising, profiling, or any purpose other than re-displaying your projects across your devices, and are permanently deleted when you delete the project or your account. Pattern computation and PDF export themselves run entirely on your device — we do not perform any image analysis on our servers.setUserId, so events are not directly associated with your account; however, Firebase Analytics uses pseudonymous device-level identifiers (e.g. Firebase Installation ID, Instance ID, IDFV on iOS / Android ID on Android) which Apple and Google classify as identifiers that can be linked to a device. We never combine these identifiers with advertising IDs.unlockProjectAccess and claimFreeProjectAccess), which receive your authentication token and the project ID.We use your data strictly for the following purposes:
If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your personal data under the following legal bases:
| Processing activity | Legal basis |
|---|---|
| Account creation and project sync | Contractual necessity — required to deliver the service you requested |
| Subscription/purchase management | Contractual necessity |
| Crash reports and diagnostics | Legitimate interest — maintaining app stability and security |
| Anonymized analytics | Legitimate interest — understanding product usage to improve the service |
| Customer support | Contractual necessity / Legitimate interest |
| Legal compliance | Legal obligation |
You have the right to object to processing based on legitimate interest at any time by contacting us at support@knitify-app.com.
We do not sell, rent, or trade your personal data to any third party. We share data only with the following service providers, solely for the purposes described:
| Service provider | Data shared | Purpose | Privacy policy |
|---|---|---|---|
| Firebase Authentication (Google) | Email, display name, auth tokens | User sign-in and account management | Firebase Privacy |
| Firebase Firestore (Google) | Project metadata, profile data | Cloud sync of project data and user profile | Firebase Privacy |
| Firebase Storage (Google) | Source photos, generated pattern images, optional profile photo | Cloud sync of user-generated images across devices | Firebase Privacy |
| Firebase Cloud Functions (Google) | Authentication token, project ID | Server-side validation of in-app purchases and one-time free unlocks | Firebase Privacy |
| Firebase App Check & Remote Config (Google) | Pseudonymous device attestation token, app config keys | Abuse prevention and runtime feature flags | Firebase Privacy |
| Firebase Analytics (Google) | Pseudonymous usage events, Firebase Installation ID, IDFV / Android ID | Product analytics | Firebase Privacy |
| Firebase Crashlytics (Google) | Crash logs, device model, OS version, account user ID (when signed in) | Crash diagnosis and bug fixing | Firebase Privacy |
| RevenueCat | Anonymous user ID, entitlement status | Subscription and purchase management | RevenueCat Privacy |
| Apple App Store | Purchase transactions | In-app purchase processing (iOS) | Apple Privacy |
| Google Play | Purchase transactions | In-app purchase processing (Android) | Google Privacy |
All third-party service providers process data under their own privacy policies and are contractually required to handle your data in accordance with applicable data protection laws.
Knitify does not:
Because we do not engage in tracking as defined by Apple's App Tracking Transparency framework, the ATT permission prompt is not required by our App.
We do not engage in solely automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of GDPR Art. 22 or comparable laws. The image-to-pattern conversion performed by the App is a deterministic image-processing operation initiated by you and is not used to evaluate, score, or make decisions about you as a person.
For California residents, the categories of personal information (as defined in Cal. Civ. Code §1798.140) we have collected, used, or disclosed in the preceding 12 months are summarized below.
| Statutory category | Examples we collect | Disclosed to (service providers) |
|---|---|---|
| Identifiers | Email address, account user ID, Firebase Installation ID, IDFV / Android ID | Firebase, RevenueCat |
| Customer records (Cal. Civ. Code §1798.80(e)) | Display name, optional profile photo | Firebase |
| Commercial information | Subscription / entitlement status, purchase confirmation | RevenueCat, Apple App Store, Google Play |
| Internet or other electronic network activity | Pseudonymous in-app event data, screen views, session duration, crash logs | Firebase Analytics, Firebase Crashlytics |
| Visual information (user-generated) | Source photos and generated pattern images you create in the App | Firebase Storage (encrypted, accessible only to you) |
| Geolocation data | None | — |
| Sensory, biometric, professional, education, or inferences data | None | — |
| Sensitive Personal Information (Cal. Civ. Code §1798.140(ae)) | None | — |
We have not "sold" or "shared" personal information for cross-context behavioral advertising in the preceding 12 months and have no plans to do so. We do not use or disclose Sensitive Personal Information for purposes that would trigger the CPRA's right to limit use.
We retain your data only as long as necessary for the purposes described in this policy:
When data is no longer needed, it is permanently deleted or irreversibly anonymized. Where statutory retention obligations (e.g. tax, accounting, fraud-prevention) require us to keep specific records longer, we restrict processing of that data to those purposes only.
We implement industry-standard security measures to protect your data:
While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
Depending on your location, you may have the following rights regarding your personal data:
Send your request from the email address associated with your account to support@knitify-app.com, or submit it through the in-app deletion flow (Profile → Delete Account) where applicable. We will acknowledge your request without undue delay and respond:
Identity verification. To prevent unauthorized access to your data, we verify identity by sending a confirmation email to the address registered to your account and matching the request against the data we already hold (e.g. account user ID). For requests that do not originate from a registered account, we may require additional matching data points or — for sensitive requests — a signed declaration.
Authorized agents (CCPA/CPRA). California residents may use an authorized agent to submit a request, provided the agent furnishes a written, signed permission from you and we are able to verify your identity directly. We may deny a request from an agent that does not submit proof of authorization.
No discrimination / no retaliation. We will not deny services, charge different prices, or provide a different level of quality because you exercised a privacy right.
You can delete your account and all associated data at any time. Two channels are provided to satisfy both Apple's App Store Review Guideline 5.1.1(v) (in-app) and Google Play's account-deletion policy (publicly accessible web URL):
We process verified deletion requests within 30 days (and within statutory deadlines where shorter — e.g. 1 month under GDPR Art. 12(3)).
Upon account deletion:
Our service providers (Firebase/Google, RevenueCat) may process data in the United States or other countries outside your country of residence. These providers use appropriate safeguards for international data transfers, including:
By using the App, you acknowledge that your data may be transferred to and processed in countries where data protection laws may differ from those in your country of residence.
Knitify is a general-audience app and is not directed at children. We apply the strictest applicable digital age-of-consent rule in your jurisdiction:
If we become aware that we have inadvertently collected personal data from a child below the applicable threshold, we will take prompt steps to delete such data from our servers.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@knitify-app.com and we will delete the data within 48 hours of verification.
In compliance with Apple's App Store Review Guidelines and App Privacy ("nutrition label") requirements, below is a summary of the data we declare. All listed data is collected for the purpose of App Functionality and/or Analytics, never for Advertising or Tracking.
We do not use the App Tracking Transparency (ATT) framework because we do not track users across other apps or websites and do not share data with data brokers.
In compliance with Google Play's Data Safety section, we declare:
The Knitify website (knitify-app.com) is a static informational site. We do not set first-party cookies, tracking pixels, or third-party analytics scripts on the Website. No personal data is collected through the Website beyond what you voluntarily provide (e.g. sending a support email).
Third-party hosted assets. The Website uses Firebase Hosting (Google) to serve its content. As a result, your IP address and a basic User-Agent string are visible to Google as the hosting provider, in line with standard web-server logging.
Web fonts. The Website loads typefaces from Google Fonts (fonts.googleapis.com and fonts.gstatic.com). When your browser fetches these fonts, your IP address is briefly transmitted to Google for the sole purpose of font delivery. We rely on legitimate interest (GDPR Art. 6(1)(f)) — providing a consistent, accessible reading experience — for this transmission. No cookie is set by Google Fonts for this request, and the IP address is not used to track you across sites. If you prefer to avoid this transmission, you can use a browser that blocks third-party requests; the Website will fall back to a system font automatically.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
We encourage you to periodically review this page for the latest information on our privacy practices.
This Privacy Policy is governed by the laws of the Republic of Poland and the directly applicable law of the European Union, without prejudice to mandatory consumer-protection and data-protection rights granted to you by the laws of your country of residence — including, where applicable, the GDPR/UK GDPR, the CCPA/CPRA, the LGPD (Brazil), the PIPEDA (Canada), the APPs (Australia), and the PIPL (China). Nothing in this policy deprives you of any right that you have under the mandatory law of your country of habitual residence.
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
We aim to acknowledge all privacy-related inquiries promptly and respond within the deadlines set out under How to exercise your rights above (one month under GDPR/UK GDPR, 45 days under CCPA/CPRA). If you are not satisfied with our response, you have the right to lodge a complaint with your local data-protection authority — for example, the Polish UODO (uodo.gov.pl) as our lead authority, the Irish DPC (dataprotection.ie) for EU residents, the UK Information Commissioner's Office (ico.org.uk) for UK residents, or the California Privacy Protection Agency (cppa.ca.gov) for California residents.