Privacy Policy

How SKRAP collects, uses, and protects your information.

Effective: May 2, 2026 · Last Updated: May 2, 2026 · Jurisdiction: Ontario, Canada

At SKRAP, we believe being open about your data is part of being a good platform. This Privacy Policy describes how we collect, use, and protect information when you use our iOS app, our website at skrap.co, and your public profile page at skrap.co/@username (together, our "Services"). It supplements our Terms of Service, and all provisions of our Terms apply here.

SKRAP is built and operated by SKRAP, incorporated in Ontario, Canada. We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), applicable provincial privacy laws, US state consumer privacy laws, the EU and UK GDPR, and equivalent laws in other regions where our users are located.

Notice at Collection (California and similar U.S. state residents): For details about your additional rights and how to exercise them, see Section 9 — U.S. State Privacy Rights.

Data We Collect
How We Use Your Data
How We Share Your Data
How Long We Keep Your Data
How We Protect Your Data
Data Breach Notification
Your Choices
Children and Minors
U.S. State Privacy Rights
Canadian Privacy Rights (PIPEDA)
European Users (GDPR / UK GDPR)
International Data Transfers
Changes to This Policy
Contacting SKRAP

1. Data We Collect

Data you provide to us

Account data. Your email address, password, username, and date of birth (or self-attested age confirmation, depending on the sign-up flow). Your username becomes your permanent public URL at skrap.co/@username.

Profile data. Your profile photo and the optional short bio you add to your page.

Your Content. Everything you create on SKRAP — photos, cutouts, text, stickers, frames, link buttons, music widget references, page backgrounds, your cover card design, and edit history. We also store the parameters of your photo edits (brightness, contrast, filters, crops, etc.) so you can revisit and adjust them.

Music widget data. If you add a music widget to a section of your page, we store the song title, artist, and a clip reference. Full music integration is post-MVP and will be subject to additional licensing terms when launched.

Communications. Messages you send to support@skrap.co, legal@skrap.co, or privacy@skrap.co — including bug reports, feedback, and content reports.

Payment and transactional data. If you purchase a paid feature, we store your purchase history and a record of the transaction. Payments are processed by Apple, Google, or another third-party provider — we do not store full credit card numbers on our servers.

Data we collect from sign-in providers

Apple Sign-In. Your name and email address (or Apple's relay address) as permitted by Apple's API.

Google Sign-In. Your name, profile photo, and email. Our use of Google API data complies with the Google API Services User Data Policy, including its Limited Use requirements.

Data we collect automatically

Device data. Device type, operating system and version, unique device identifiers, IP address, push notification tokens, and notification preferences.

Approximate location. We derive a country and city-level location from your IP address. We do not collect precise GPS location.

Usage data. Screens you view, features you use (Page Builder, Cover Design, Archive, etc.), session duration, taps, scrolls, and which elements you interact with.

Log and performance data. Crash reports, error logs, and performance metrics used to maintain and improve the Services.

Content metadata. Timestamps and edit history associated with your scrapbook page and cover design.

Cookies and similar technologies. On skrap.co we use cookies for session management, security, and analytics. See Section 7 for details and your options.

Data we do not collect

We do not collect biometric identifiers, precise GPS location, contacts, microphone audio, or camera input outside the moments you actively use the camera or photo picker. SKRAP does not run interest-based advertising and does not load advertising trackers.

Sensitive personal information

We ask you not to submit sensitive personal information through our Services — for example, government identification numbers (SIN, SSN, passport, driver's licence), financial account numbers, precise health information, biometric data, racial or ethnic origin, religious beliefs, political opinions, sexual orientation, or trade union membership. If you choose to include this information in Your Content, you do so at your own risk and you consent to our processing it as part of your page.

2. How We Use Your Data

To deliver the Services: hosting your public page, running the Page Builder, Cover Design, Archive, version history, and all other features.
To improve the Services: monitoring performance, fixing bugs, and refining features based on aggregated usage patterns.
To process AI features: when you use the Cutout feature, we send your image to a trusted AI processor that removes the background. The image is used solely to generate your result and is not retained by the processor or by SKRAP after processing. We do not use Your Content to train our own or any third party's AI models.
For optional marketing: if you opt in, we may send occasional emails about new features. You can opt out at any time. We do not share your data with marketing or advertising networks.
For notifications: to alert you when someone hearts your page, when you receive a new follower, or when there is account activity that needs your attention.
For safety, compliance, and legal protection: to enforce our Terms, respond to lawful requests, comply with applicable law, and protect the rights and safety of our users and the public.

We do not sell your personal information and we do not currently share it for cross-context behavioural advertising. If this ever changes, we will notify you in advance, update this Policy, and provide an opt-out as required by law.

3. How We Share Your Data

We share your data only with the following categories of recipients:

Service providers. Trusted third parties that help us operate SKRAP — cloud hosting, database hosting, AI image processing, analytics, email delivery, crash reporting, and customer support. They are bound by confidentiality and data protection agreements and may use your data only on our behalf.
Sign-in providers. Apple and Google handle authentication under their own privacy policies.
Other users (public content only). Your username, profile photo, bio, scrapbook page, cover card, and the fact that you have or have not received hearts are visible to anyone on the internet. This is the nature of a public profile platform.
Legal authorities. Where required by Canadian, US, or other applicable law, court order, subpoena, or government authority, or where we believe in good faith that disclosure is necessary to protect user safety or the public.
Business transfers. In a merger, acquisition, financing, or sale of assets, your data may transfer to the relevant party. We will notify you before your data becomes subject to a different privacy policy.
With your consent. For any other purpose with your explicit prior consent.

4. How Long We Keep Your Data

We retain your data only as long as your account is active or as needed for the purposes described in this Policy, including legal obligations, fraud prevention, and dispute resolution.

How you can delete your data

You can delete your account at any time from the Settings screen in the app. Deletion is permanent and irreversible.

What happens after you delete your account

We will permanently delete your profile, scrapbook content, archive, design history, and personal data within 30 days of your deletion request. Where immediate deletion is not technically possible — for example, in encrypted backups — we will securely isolate your data from any further processing until the backup cycle expires (no longer than 90 days).

We may retain anonymised or aggregated data indefinitely for analytics. This data cannot be linked back to you.

What may remain

Even after your account is deleted, cached or archived versions of your public page may persist in third-party systems beyond our control — search engine caches, web archives like the Internet Archive, screenshots, or pages saved by other users. We cannot guarantee removal of content from those systems.

5. How We Protect Your Data

We take security seriously. Our safeguards include:

Encryption in transit. All traffic between the app, our website, and our servers uses HTTPS/TLS. We do not transmit data over plain HTTP.
Encryption at rest. User data stored on our servers is encrypted at rest by our cloud infrastructure providers.
Hashed passwords. Passwords are hashed using industry-standard algorithms (bcrypt or equivalent). We never store plain-text passwords.
Access controls. Access to user data is restricted to a limited number of authorised SKRAP personnel who need it to operate the Services, and is logged.
Vendor diligence. Service providers that handle your data are bound by data processing agreements and reviewed for appropriate security practices.

No system is perfectly secure. While we work hard to protect your data, we cannot guarantee absolute security and you provide your data to us at your own risk.

6. Data Breach Notification

In the event of a security breach that creates a real risk of significant harm to affected users, SKRAP will notify those users and the relevant authorities (including the Office of the Privacy Commissioner of Canada under PIPEDA and applicable US state regulators) without undue delay and in accordance with applicable law.

Notification will describe the nature of the breach, the personal information affected, the steps we are taking in response, and the steps you can take to protect yourself.

7. Your Choices

Access or update your information. Edit your profile photo, bio, username, and email at any time in Settings.
Opt out of marketing. Click "unsubscribe" in any marketing email, or contact privacy@skrap.co. You will continue to receive non-marketing service emails (security alerts, account changes, legal notices).
Disable push notifications. In your iOS device settings at any time.
Cookies. We use only essential and analytics cookies on skrap.co. You can block or delete cookies in your browser settings. We do not use advertising cookies.
Data requests. To request a copy, correction, or deletion of your personal information, contact privacy@skrap.co. We will verify your identity and respond within 30 days where possible. You may designate an authorised agent to make a request on your behalf, with appropriate verification.
Decline to provide information. You can choose not to provide certain data, but this may limit your ability to use some features.

8. Children and Minors

Our Services are intended for a general audience and are not directed at children under 13. If we learn that we have collected information from a child under 13 without verifiable parental or guardian consent, we will delete it promptly. Contact privacy@skrap.co if you believe a child under 13 has created an account.

Users between 13 and 17 may use SKRAP only with parental or guardian consent. By allowing a minor to use SKRAP, a parent or guardian agrees to this Policy on the minor's behalf.

California residents under 18 may request deletion of publicly posted content under California Business and Professions Code § 22581 by contacting privacy@skrap.co.

9. U.S. State Privacy Rights

This section provides additional disclosures to residents of US states with consumer privacy laws currently in effect, including California (CCPA / CPRA), Colorado (CPA), Connecticut (CTDPA), Delaware (DPDPA), Iowa (ICDPA), Maryland (MODPA), Minnesota (MCDPA), Montana (MTCDPA), Nebraska (NDPA), New Hampshire (NHDPA), New Jersey (NJDPA), Oregon (OCPA), Tennessee (TIPA), Texas (TDPSA), Utah (UCPA), Virginia (VCDPA), and other states with similar legislation.

Your rights

Right to know the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties we share it with.
Right to access a copy of the personal information we hold about you.
Right to correct inaccurate personal information.
Right to delete personal information we have collected, subject to legal exceptions.
Right to opt out of sale or sharing. We do not sell your personal information and we do not share it for cross-context behavioural advertising. No opt-out action is required at this time.
Right to non-discrimination. We will not discriminate against you for exercising any of these rights.
Right to appeal. If we decline your request, you may appeal by emailing privacy@skrap.co. We will respond within 60 days.

How to exercise your rights

Email privacy@skrap.co. We will verify your identity using your account credentials or other reasonable means and respond within 45 days (extendable by a further 45 days where necessary). You may designate an authorised agent in writing to make a request on your behalf.

10. Canadian Privacy Rights (PIPEDA)

SKRAP is incorporated in Ontario, Canada and complies with PIPEDA and applicable provincial privacy laws. Canadian users may:

Access the personal information we hold about you.
Request correction of inaccurate information.
Withdraw consent to collection, use, or disclosure (subject to legal or contractual restrictions — note this may limit your ability to use some features).
File a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

Contact privacy@skrap.co to exercise these rights.

11. European Users (GDPR / UK GDPR)

This section applies to users in the European Economic Area, the United Kingdom, and Switzerland.

Controller. SKRAP is the data controller for your personal data.

Legal bases. We process your data under the following legal bases: (a) performance of the contract between you and SKRAP (delivering the Services); (b) our legitimate interests in operating, improving, and securing the Services, where not overridden by your rights and freedoms; (c) compliance with our legal obligations; and (d) your consent, where you have given it (which you can withdraw at any time).

Your rights under GDPR / UK GDPR. Access, rectification, erasure, restriction of processing, data portability, the right to object to processing, and the right to lodge a complaint with your local supervisory authority. To exercise these rights, contact privacy@skrap.co.

12. International Data Transfers

SKRAP is operated from Canada. Our service providers are located in Canada, the United States, and other jurisdictions. By using SKRAP you consent to the transfer of your data to those jurisdictions, which may have different data protection laws than your own.

Where required, we rely on appropriate safeguards for international transfers — including the European Commission's Standard Contractual Clauses, the UK Addendum, or other lawful transfer mechanisms.

13. Changes to This Policy

If we make a material change to this Privacy Policy, we will notify you by email, by an in-app notification, or as otherwise permitted by law, at least 30 days before the change takes effect for existing users. Your continued use of the Services after the effective date of any updated Policy indicates your acceptance.

Non-material updates (typo corrections, formatting, clarifications) take effect on the date posted. We will keep an archive of past versions available on request.

14. Contacting SKRAP

Privacy and data requests: privacy@skrap.co

General support: support@skrap.co

Legal and DMCA: legal@skrap.co

Mailing address: SKRAP, 130 Queens Quay East, Unit 615, Toronto, Ontario, Canada