Legal

Data Safety

Google Play requires a detailed declaration of data collection, sharing, security, and deletion support. The declaration must match app behavior, SDK behavior, permissions, and the public privacy policy.

Version 1.1. Effective date: May 13, 2026. Last updated: May 13, 2026.

Common data categories reviewed

  • Name
  • Email address
  • Phone number
  • Location data
  • Photos or uploaded files
  • Contacts or address book data
  • Device or app identifiers
  • Crash logs and diagnostics
  • Analytics and usage data

Typical declaration questions

  • What user data is collected
  • Why it is collected
  • Whether it is shared with third parties
  • Whether data is encrypted in transit
  • Whether users can request deletion
  • Whether each data type is required or optional

For the production app, user data transmitted off-device is encrypted in transit using HTTPS and TLS.

Feature-conditional mobile data access

The standard sepia.live app is intended to support a send-first workflow for communications. It may access contacts, files, photos, or calendar data only when a user invokes those features and grants any required device permissions.

SMS compose is available in the standard app, but SMS inbox reading is not part of the standard Android build. If sepia.live offers a separate Android SMS-sync variant, that variant may request additional SMS-related permissions and may import message history only after explicit organizational enablement and device-level permission approval.

SDK warning

Even if the app does not collect certain categories directly, included SDKs may collect analytics, diagnostics, authentication data, payment data, or advertising identifiers.

Personal information warning

Names, email addresses, phone numbers, billing details, and similar personal information should not be sent into Google Analytics, Google Tag Manager, campaign parameters, page URLs, page titles, search terms, or event payloads.

Website versus app scope

This page is intended to support app and Google Play disclosures. Website-only tracking tools and browser measurement practices should be documented separately in the web privacy policy.

Retention and deletion context

Active account records may be retained for the life of the account. After cancellation or termination, workspace data is typically retained for up to 90 days for export, recovery, and controlled deletion workflows unless longer retention is required by law or for security, fraud-prevention, or accounting reasons.

Technical logs and diagnostics may be retained for up to 12 months. Encrypted backup copies may remain for up to 35 days before rotation completes.

Company and contact

This app data safety summary is published by Tangible Spin LLP (LLPIN: AAR-1171), operating sepia.live.

Registered office: D101 Abodh Valamrk, AC Post, Govindapura, Bangalore 560045, Karnataka, India.

Privacy questions can be sent to privacy@sepia.live. General support is available at support@sepia.live.

Related pages