Privacy Policy

Effective date: 10 July 2026

This Privacy Policy explains how CLOUDCONCUR LTD ("CloudConcur", "we", "us" or "our") collects, uses, shares and protects personal data when you use the CloudTether website, apps (for iOS, iPadOS, macOS and Android) and related services (the "Service"). CLOUDCONCUR LTD is the data controller for personal data processed in connection with the Service.

1. Who we are

CLOUDCONCUR LTD is a company registered in England and Wales, trading as CloudTether. References to "CloudTether" in this policy refer to the Service operated by CLOUDCONCUR LTD. You can contact us about privacy matters at privacy@cloudtether.app.

2. Information we collect

We collect the following categories of personal data:

  • Account data: name, email address, password hash, workspace name, role and team membership.
  • Billing data: plan, billing email, country, VAT/tax identifiers, payment status and transaction history. Card details are processed by our payment provider and never stored on our servers.
  • Content data: photographs, image previews, EXIF metadata, file names and capture timestamps uploaded through the Service.
  • Destination credentials: OAuth tokens, access keys or connection details for third-party storage services (e.g. Google Drive, Dropbox, S3) that you choose to connect.
  • Device and connection data: camera model, device model (phone, tablet or computer), operating system, app version, connection method and approximate location derived from IP address.
  • Usage data: session events, transfer logs, error reports, feature interactions, masked session replays (see section 5) and diagnostic information.
  • Communications: support requests and correspondence with us.

2a. Camera connections (USB and Wi-Fi)

The CloudTether apps for iOS, iPadOS, macOS and Android connect to your camera over USB (using the operating system's external accessory or USB host APIs), over a local Wi-Fi network (including camera-hosted Wi-Fi access points and shared local networks), or by receiving images the camera sends through its own built-in FTP/upload feature, for the sole purpose of retrieving photographs and associated metadata as they are captured. The app may also request local network, Bluetooth, storage, photo library, background processing and notification permissions where needed to discover the camera, maintain the transfer session and continue uploading while the app is in the background.

We do not access, read or transmit any files on the connected camera other than the images and metadata generated by the current shooting session and any items you explicitly select. No data is transmitted to your camera. Pairing data, device identifiers and connection logs are stored locally on your device and, in anonymised or aggregated form, in our diagnostic logs to help us maintain compatibility and troubleshoot issues.

2b. How we handle your photographs

Photographs and their metadata (including EXIF data such as capture time, camera settings and, where embedded by your camera, GPS coordinates) are transferred from your camera to your device and then, depending on the delivery mode you choose, either uploaded to our cloud storage so that they can be queued for delivery to the cloud destinations you have configured, or — in local (save-to-device) mode — saved directly to your device's photo library without being stored on our servers. We process your photographs solely to:

  • Transmit them to the destinations you have connected.
  • Generate technical artefacts required to operate the Service, such as thumbnails, previews and share-link galleries that you explicitly create.
  • Display them to you and to collaborators or recipients you have authorised within your workspace or via share links.
  • Record transfer status, retries and errors for support and audit purposes.

We do not use your photographs to train machine-learning models, do not sell them, and do not share them with third parties except the destinations and sub-processors required to deliver the Service. Originals and previews are retained according to the retention period of your plan and may be deleted earlier on request.

2c. Cloud destinations and OAuth

When you connect a third-party destination (for example Google Drive, Google Photos, Dropbox, OneDrive, Box, SmugMug, Flickr, Frame.io, Lightroom, ShootProof, Slack, WhatsApp, Amazon S3, a WebDAV server or an FTP/SFTP server), CloudTether initiates an authorisation flow — typically OAuth 2.0 — through which you grant CloudTether scoped permission to upload files to that destination on your behalf. We:

  • Request only the minimum scopes needed to create folders and upload the photographs you send through the Service.
  • Store the resulting access tokens, refresh tokens and connection metadata (such as account email, account ID and selected folder) encrypted at rest in our backend so we can perform uploads on your behalf, including from background workers.
  • Use those tokens only to upload, list, organise and (where you instruct us) remove the photographs and folders created through CloudTether.
  • Allow you to disconnect a destination at any time from within the Service; on disconnect we revoke the token where the provider supports it and delete the stored credentials.

Once a photograph is delivered to a destination, it is stored in your third-party account and is governed by the destination provider's own terms and privacy policy. CloudTether is not responsible for how those providers process or retain your content after delivery.

2d. Google user data and Limited Use

CloudTether's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect Google Drive or Google Photos, we request only app-scoped permissions (Google Drive drive.file and the Google Photos app-created-data scopes). This means CloudTether can only see and manage the files and albums it creates on your behalf — it cannot access, read, list or download the rest of your Google Drive or Google Photos library. Specifically:

  • We access Google user data solely to provide and improve these user-facing features — creating folders and uploading the photographs you send to Google Drive, and creating albums and uploading photographs to Google Photos.
  • We do not use Google user data for advertising, and we do not sell it.
  • We do not transfer Google user data to others except as necessary to provide or improve these features, to comply with applicable law, or as part of a merger or acquisition (with continued protection under this policy).
  • We do not allow humans to read your Google user data unless: you give explicit consent for specific data; it is necessary for security purposes (such as investigating abuse); required to comply with applicable law; or the data is aggregated and anonymised for internal operations.

3. How we use your data

We process personal data to:

  • Provide, operate, maintain and improve the Service.
  • Authenticate users and secure accounts and workspaces.
  • Transfer your content to the cloud destinations you have configured.
  • Process payments, manage subscriptions and issue invoices.
  • Provide customer support and respond to enquiries.
  • Send service-related notices, security alerts and (where you have opted in) marketing communications.
  • Detect, prevent and investigate fraud, abuse, and security incidents.
  • Comply with legal obligations and enforce our Terms and Conditions.

4. Legal bases

Where the UK GDPR or EU GDPR applies, we rely on the following legal bases: performance of a contract with you; our legitimate interests in operating and improving the Service and securing our systems; compliance with legal obligations; and consent, where required (for example, for certain marketing or cookies). You may withdraw consent at any time.

5. Sharing your data

We share personal data only with:

  • Sub-processors that help us run the Service — including cloud hosting, database and email delivery providers; Sentry for error monitoring and product diagnostics, which may capture masked in-app session replays (recordings of app screens with text and images obscured); and OneSignal for push notifications — all bound by contractual data protection obligations.
  • App Store and Google Play for processing in-app subscriptions, tax calculation and fraud prevention, and RevenueCat for receipt validation and subscription state.
  • Cloud destinations you connect — content and metadata is sent to those destinations under your control and is then subject to their privacy practices.
  • Authorities or third parties where required by law, court order, or to protect our rights, users or the public.
  • Successors in connection with a merger, acquisition, financing or sale of assets, subject to appropriate safeguards.

We do not sell personal data.

6. International transfers

We may transfer personal data to countries outside the UK and EEA. Where we do so, we use appropriate safeguards such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or rely on adequacy decisions.

7. Retention

We retain personal data only for as long as needed to provide the Service, comply with legal obligations, resolve disputes and enforce our agreements. Content data is retained according to the retention period of your plan, after which it is deleted or anonymised. Account and billing records may be retained for up to seven years to meet tax and accounting requirements.

8. Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict or object to the processing of your personal data, to data portability, and to withdraw consent. You may also lodge a complaint with a supervisory authority — in the UK, the Information Commissioner's Office (ICO). To exercise these rights, contact us at privacy@cloudtether.app.

9. Security

We use industry-standard technical and organisational measures to protect personal data, including encryption in transit, access controls, audit logging and least-privilege principles. No system can be guaranteed completely secure; please use a strong, unique password and notify us promptly of any suspected compromise.

10. Cookies

We use a small number of strictly necessary cookies to operate the Service (for example, authentication and session management) and may use analytics cookies to understand how the Service is used. You can manage cookies through your browser settings.

11. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can remove it.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified through the Service or by email. The "Effective date" above indicates when the latest version took effect.

13. Contact

CLOUDCONCUR LTD (trading as CloudTether)
Email: privacy@cloudtether.app