Privacy Policy
Last updated: July 12, 2026
Fixative has no servers, no accounts, and no analytics. We do not collect, transmit, or store any of your data, because there is nowhere for it to go. Your library never leaves your device.
Data we collect
None. Fixative operates entirely on your device. There is no account to create, no email to provide, and no server that receives your information.
We do not use analytics SDKs, crash-reporting services tied to your identity, advertising identifiers, or any form of behavioral tracking.
Your media and encryption keys
Your photos and videos are encrypted on your device using XChaCha20-Poly1305 before they are written to storage. Encryption keys are generated and held in your device's Secure Enclave and never leave it in plaintext.
We cannot access, decrypt, or recover your library under any circumstances. Recovery is possible only through the Shamir shares that you generate and store yourself.
Sync between your devices
When you enable sync, encrypted data is transferred directly between your own devices over your local network, peer-to-peer. This traffic does not pass through any server operated by us or a third party.
App Store purchases
Purchases and subscriptions are handled entirely by Apple through the App Store. We never see your payment details. Apple's handling of that transaction is governed by Apple's own privacy policy.
Third parties
Because nothing leaves your device, we share nothing with third parties. There are no data processors, no sub-processors, and no partners with access to your content — there is no content for them to access.
Children's privacy
Fixative is not directed at children under 13. Since we collect no personal data from anyone, we collect none from children.
Changes to this policy
If we ever change how the app works in a way that affects your privacy, we will update this page and note the effective date. Given the architecture of the app, we do not anticipate material changes.