Privacy Policy
Effective: May 2026
Brollr ("we", "us") respects your privacy. Brollr is two surfaces — the iOS app and the brollr.app website. They collect different things. Skip to the section that applies to you.
The Brollr iOS App
Videos & Photos
Accessed via the iOS Photos framework for import. Videos are processed entirely on-device for trimming, export, and metadata extraction. When you tap "Generate" for AI keywording, compressed video frames are sent to a third-party AI service for analysis.
Device Location
Optional. When enabled, GPS coordinates are embedded in video metadata for stock footage context (e.g., "shot in Dubrovnik"). Location is never sent to our servers.
FTP Credentials
Your BlackBox FTP username and password are stored in the iOS Keychain (hardware-encrypted). They are used solely to upload files to portal.blackbox.global and are never transmitted elsewhere.
Device Attestation
Apple App Attest is used to verify the app's authenticity when communicating with our backend. Attestation tokens are stored server-side (Cloudflare Workers KV) to prevent replay attacks.
Subscription Data
Managed entirely by Apple via StoreKit 2. We receive entitlement status (active/expired) but never see payment details.
What the iOS App Does Not Collect
- No analytics or tracking SDKs in the app
- No advertising identifiers
- No third-party trackers in the app
The Brollr Website (brollr.app)
What we collect
- Page views and engagement events:
PageView,ViewContent,Lead(App Store button clicks), screenshot lightbox opens, scroll depth. - These events are sent to Meta (Facebook) via Meta Pixel for ad measurement and retargeting.
- IP address — used by Meta for matching; not stored by us.
- A first-party
brollr_consentcookie storing your choice (granted or declined). Expires after 6 months.
How we use it
To measure how Facebook ads convert to App Store visits, and to build retargeting audiences for our own ads.
Your choices
- Visitors in the EU, UK, EEA, or Switzerland: nothing fires until you tap "Accept" on the cookie banner. If you tap "Decline" or close the banner, no data is sent.
- Outside those regions: Meta Pixel fires by default. You can opt out anytime via the "Cookie settings" link in the brollr.app footer.
- EU/UK visitors who accepted earlier can revoke via the same link on brollr.app.
Third party
Meta Platforms, Inc. is the recipient of the events listed above. See Meta's data policy.
Third-Party Services
- AI Analysis Service — Compressed video frames are sent to a third-party AI service for analysis (keywording, titles, descriptions). The service provider's privacy policy applies to data processed by their API. No video data is retained by our backend after processing. (iOS app only.)
- BlackBox Global FTP — Videos are uploaded to BlackBox's FTP server at your request. BlackBox's own terms and privacy policy govern data after upload. (iOS app only.)
- Apple App Store / StoreKit — Subscription purchases and management are handled by Apple. (iOS app only.)
- Meta (Facebook) — See "The Brollr Website" section above. (Website only.)
Data Retention
- All app data (videos, metadata, thumbnails) is stored on-device in the app sandbox.
- Deleting the app removes all local data.
- FTP credentials are removed from Keychain when the app is deleted.
- Server-side attestation records are automatically purged.
- The website's
brollr_consentcookie expires after 6 months.
Your Rights
- Delete all app data by removing the app.
- Revoke Photos or Location access in iOS Settings at any time.
- Withdraw consent for the website pixel via the "Cookie settings" link in the brollr.app footer.
- Contact us: yesplease.boats@gmail.com.
Changes to This Policy
Updates will be posted on this page with a revised effective date.