Last updated: June 7, 2026
Deletutu is developed by Tututech Ltd. If you have any questions about this Privacy Policy, you can contact us at tututech.ltd@gmail.com.
The following never leaves your device under any circumstances:
CLLocationManager)IDFA) and the AppTrackingTransparency prompt are never usedAll photo analysis happens on-device using Apple's PhotoKit — the app reads native photo metadata (media type, screenshot/selfie/favorite flags, file size) to build its cleanup categories. No machine-learning models are bundled and no embeddings are computed.
To improve the app and measure where new users come from, we collect a small amount of anonymous, aggregated information. We deliberately avoid anything that can identify you personally.
Sign-in is optional — you can use every feature of Deletutu without signing in. If you choose to sign in to earn the swipe bonus, we request the following scopes from your chosen provider:
name, email (only on first sign-in, per Apple's design)openid email profilepublic_profile, email
What the app actually keeps on your device (in iOS UserDefaults
under the key deletutu.profile.v1):
user identifier or Google's sub)Your email address is requested by the OAuth scope but is not persisted by the app. We do not maintain a server-side user database. There is no Deletutu account that lives outside your device — the OAuth identity is local-only.
We use Google Firebase Analytics to understand how the app is used in aggregate. The complete list of events the app sends:
sign_in_started — parameter: method (one of: apple, google, facebook)sign_in_completed — parameter: methodsign_in_failed — parameters: method, reason (error code or sanitized error message)bonus_swipes_granted — parameters: amount, source (e.g., signin_apple)
Firebase Analytics also receives a Firebase-generated install ID
(app_instance_id) which is per-install and not linked to your name,
Apple ID, Google account, or any other personal identifier. It cannot be used
to identify you across other apps.
When the app crashes, we receive an automated crash report to help us fix bugs. A crash report includes:
sub) bound via Crashlytics setUserID — used only to group multiple crashes from the same installauth_provider custom key (apple, google, facebook, or none)Crash reports never include your photos, filenames, photo library contents, or any text you entered in the app.
On first launch, the app makes one network request to
https://api-adservices.apple.com/api/v1/ with Apple's
AAAttribution token, to learn whether this install came from
an Apple Search Ads campaign. The response is privacy-preserving and contains:
campaign ID, ad group ID, keyword ID, creative set ID, country/region, and
conversion type. No user identifier is attached to this request.
The attribution metadata is then stored as Firebase Analytics user properties
for the same install.
If we ever want to add anything beyond what is listed in this section, we will update this page and the "Last updated" date before turning it on. We won't add a new data destination quietly.
Deletutu requests access to your device's photo library to function. This access is used exclusively and entirely on your device to:
Your photos are read and analyzed locally using Apple's PhotoKit frameworks. No photo bitmap, thumbnail, or derived embedding ever leaves your device.
You can revoke photo library access at any time in Settings → Privacy & Security → Photos → Deletutu.
When you delete a photo using Deletutu, it is moved to the iOS Photos Recently Deleted album. Photos remain there for 30 days and can be recovered before permanent deletion. This behavior is controlled entirely by iOS — Deletutu does not bypass it.
This is the complete list of third-party SDKs and services embedded in or contacted by the iOS app:
Info.plist for compatibility with ad networks. No user-identifying data is sent.Deletutu is rated 4+ on the App Store and is suitable for all ages. The information described in §3 is collected the same way regardless of age, and none of it identifies the user personally. We do not knowingly target children, and we do not knowingly collect personal information from anyone under 13.
The on-device data described in §2 stays on your device for as long as you keep the app installed. Deleting the app removes all of it.
Firebase Analytics and Crashlytics data is retained according to Google's Firebase data retention policies. You can reset your Firebase install ID at any time by uninstalling and reinstalling the app.
All network requests use HTTPS. The app does not allow arbitrary HTTP loads.
You have the right to access, correct, or delete your data. Because the app does not maintain a server-side user account:
app_instance_id (found in Profile → About → Diagnostics), and we will request deletion from Firebase within 30 days.See also our dedicated data deletion request page.
If we update this Privacy Policy, we will update the "Last updated" date at the top of this page before the change takes effect in the app. For material changes (new data destinations, new types of collection), we will surface an in-app notice. Continued use of the app after a material change constitutes acceptance of the updated policy.
Our marketing website at deletutu.com is separate from the app and uses the following:
G-8HJLTBQ3ZG) — aggregated visitor traffic (pages viewed, country, device type, referral source). IP addresses are anonymized.974675768694335) — conversion tracking for our Meta Ads campaigns. Standard events: PageView, Lead (when you click "Get on App Store").If you join our waitlist on the website, the name, email, and optional phone number you submit are stored on our database (hosted by Supabase, EU region — Frankfurt) solely to notify you when the app launches. To request deletion of your waitlist record at any time, email tututech.ltd@gmail.com with the subject "Delete my waitlist entry" from the email you signed up with.
Questions about this Privacy Policy? We're happy to help:
📧 tututech.ltd@gmail.com