Legal

App Privacy Policy

This policy applies to the sepia.live app and related mobile service operations.

Version 1.3. Effective date: May 13, 2026. Last updated: May 26, 2026.

Controller and Contact

Tangible Spin LLP (LLPIN: AAR-1171), operating sepia.live.

Registered office: D101 Abodh Valamrk, AC Post, Govindapura, Bangalore 560045, Karnataka, India.

Privacy: privacy@sepia.live · Legal: legal@sepia.live · Support: support@sepia.live

Information the app may process

  • Account and sign-in information
  • Traveler, trip, itinerary record, estimate, and workflow records entered by users
  • Contact information entered into the app
  • Uploaded files, images, or documents if those features are used
  • Device or app identifiers needed for authentication, reliability, or security
  • Technical diagnostics, crash data, and service logs needed for reliability and security

Feature-conditional device access

The standard sepia.live app is intended to support a send-first workflow for traveler communications. It may access contacts, files, photos, or calendar data only when a user invokes those features and grants any required device permissions.

The standard app supports SMS compose but does not read SMS inbox or device message history. If sepia.live offers a separate Android SMS-sync variant, that variant may request additional SMS-related permissions and may import message history only after explicit organizational enablement and device-level permission approval.

How information is used

  • To provide app functionality and save business records
  • To support authentication, account access, and security controls
  • To maintain app performance, reliability, and abuse prevention
  • To investigate operational issues and improve service quality
  • To process uploaded uploaded photos, trip notes, documents, and similar content at the customer's direction

Travel data ownership and uploaded content

Customers retain ownership of the business data they submit to the app, including traveler details, trip information, booking history, uploaded uploaded photos, notes, and documents.

sepia.live receives only the limited rights needed to host, store, transmit, back up, secure, and otherwise process that content to operate the service, provide support, and comply with law.

SDKs and service providers

Information may be processed by service providers used to host, secure, authenticate, analyze, or operate the app. Included SDKs may collect diagnostics, authentication data, crash information, device identifiers, or other data needed for the service to function.

Google Play declarations, the Data Safety form, and this public policy should match the exact SDKs, permissions, infrastructure, and third-party services present in the production build.

Website-only server request logging, infrastructure logs, and any website-specific browser storage practices are covered by the web privacy policy and are not described here as app data practices.

Security

sepia.live uses reasonable administrative, technical, and organizational safeguards to protect information. User data transmitted between the app, related production services, and service providers is encrypted in transit using standard secure transport protections such as HTTPS and TLS.

Deletion and user rights

Deletion, export, or access workflows should follow the actual capabilities provided by the production service. Requests relating to access, correction, or deletion can be sent to privacy@sepia.live.

Retention and operational records

App and service data may be retained for product operation, support, security, abuse prevention, legal compliance, and legitimate business recordkeeping.

Active account records may be retained for the life of the account. After cancellation or termination, workspace data is typically retained for up to 90 days for export, recovery, and controlled deletion workflows unless longer retention is required by law or for security, fraud-prevention, or accounting reasons.

Technical logs and diagnostics may be retained for up to 12 months. Encrypted backup copies may remain for up to 35 days before rotation completes.

International processing

App data may be processed by infrastructure or service providers operating in more than one country. Where this occurs, sepia.live intends to use reasonable safeguards appropriate to the service architecture and provider relationship.

Contact

For privacy or data handling questions related to the app, contact privacy@sepia.live.

Related pages