1. Introduction
Xtend-AI, LLC ("we," "us," or "our") operates CLIQUE Pix, a private, event-based photo and video sharing mobile application (the "Service"). This Privacy Policy describes how we collect, use, store, and protect your personal information when you use CLIQUE Pix. By accessing or using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.
We are committed to protecting your privacy. CLIQUE Pix is designed with privacy at its core: there are no public feeds, no user directories, and no content discovery features. Your photos, videos, and messages are shared only with the people you choose, within the Cliques and Events you participate in.
2. Information We Collect
Account Information
When you create an account, we collect the email address or social sign-in credentials (such as Google or Apple) that you use to authenticate. We rely on third-party identity providers (Microsoft Entra External ID, Google, and Apple) to handle authentication. We do not store or have access to your password — Microsoft Entra External ID stores and validates it on our behalf. Your account is identified by a unique user ID generated by the identity provider, and we store only the information necessary to associate your account with your Cliques, Events, and content.
Profile Information
You may provide a display name that is visible to other members of your Cliques. This display name is the only profile information shared with other users. We do not require or collect your real name, date of birth, phone number, or physical address as part of the registration process.
Photos
When you upload a photo to CLIQUE Pix, the image is first compressed on your device before being transmitted to our servers. As part of this on-device processing, all EXIF metadata is stripped from the image, including GPS coordinates, device information, camera settings, and timestamps. This means that we never receive or store the location where a photo was taken, the device it was taken on, or any other embedded metadata. We store only the compressed image data necessary to display the photo to Clique members.
Videos
When you upload a video to CLIQUE Pix, the video file is transmitted in blocks directly from your device to secure cloud storage. Unlike photos, video files are uploaded without on-device metadata removal. The original video may contain embedded metadata from your device's camera application, such as device model, camera settings, or location data. We collect video metadata necessary to process and display the video, including filename, duration, file size, video and audio codec information, and whether the source was recorded in high dynamic range (HDR).
After upload, videos are processed by an automated transcoding pipeline that converts them to a standard streaming format for playback compatibility across devices. This processing generates new delivery files (streaming segments, a progressive download file, and a poster thumbnail image). The transcoded delivery files are newly generated and do not carry the original video's embedded metadata forward. The original video file is stored temporarily until the associated Event expires, at which point it is permanently deleted along with all delivery files.
Direct Messages
Within Events, you can send one-on-one direct messages to other Clique members. Message content is text only — CLIQUE Pix does not support attachments, images, or links in direct messages. Messages are stored in our database and delivered in real time via WebSocket connections when both participants are using the app. When a participant is not actively using the app, a push notification is sent to alert them of the new message. All direct messages are tied to the Event in which they were sent and are automatically and permanently deleted when the Event expires.
Clique and Event Data
We collect information about the Cliques you create or join, including Clique names, your membership status, and your role (owner or member). We also collect information about Events you create or participate in, including event names, duration settings, and participation records. This information is necessary to operate the core features of the Service.
Push Notification Tokens
If you enable push notifications, we collect your device's push notification token, which is issued by Firebase Cloud Messaging (FCM). This token is used solely to deliver notifications to your device, such as alerts when a new photo is added to an Event or when an Event is about to expire. We store push tokens associated with your account and remove them when you log out or uninstall the application.
Usage and Diagnostic Data
We collect anonymized usage data and diagnostic information to improve the performance and reliability of CLIQUE Pix. This may include information about app interactions (such as screens visited and features used), crash reports, device type, operating system version, and app version. This data is collected through Microsoft Application Insights and is used solely for the purposes of improving the Service, diagnosing technical issues, and understanding aggregate usage patterns. We do not use this data to identify individual users or to build user profiles for advertising purposes.
3. How We Handle Your Photos
Photos are at the center of the CLIQUE Pix experience, and we take their handling seriously. Here is exactly what happens to your photos at each stage:
On-device processing. Before any photo leaves your device, CLIQUE Pix compresses the image to reduce file size and strips all EXIF metadata. This includes GPS coordinates, device identifiers, camera settings, and timestamps embedded in the original image file. The photo that reaches our servers contains only the image pixels and nothing else.
Secure upload. Photos are uploaded directly from your device to secure cloud storage (Microsoft Azure Blob Storage) using short-lived, scoped authorization tokens. Each upload token is valid for only five minutes, grants write access to a single specific file path, and cannot be used to read, list, or delete any other data. The upload never passes through our application servers; it goes directly from your device to encrypted cloud storage.
Restricted visibility. Once uploaded, a photo is visible only to members of the Event's Clique. There are no public feeds, no discovery features, and no way for anyone outside the Clique to access the photo. When Clique members view photos, they receive short-lived, read-only authorization tokens scoped to individual images. These tokens expire quickly and cannot be reused or shared to grant persistent access.
Automatic cloud deletion. Every Event in CLIQUE Pix has a set duration: 3 days, 7 days, or 14 days. When the Event expires, all photos associated with that Event are automatically and permanently deleted from our cloud storage. This deletion is performed by an automated process that runs at regular intervals. Once deleted, the photos cannot be recovered from our servers.
Device-saved copies. If you choose to save a photo to your device before the Event expires, that copy lives on your device and is entirely under your control. Cloud deletion does not affect copies saved to your device. We have no access to or control over photos stored on your personal device.
No secondary use. We do not use your photos for advertising, marketing, training artificial intelligence or machine learning models, facial recognition, content analysis, or any purpose other than displaying them to the members of the relevant Clique for the duration of the Event. Your photos exist in our systems for one reason only: to be shared with the people you chose to share them with.
4. How We Handle Your Videos
Videos are a core part of the CLIQUE Pix experience, and we handle them with the same care as photos. Here is exactly what happens to your videos at each stage:
Secure upload. Videos are uploaded in blocks directly from your device to secure cloud storage (Microsoft Azure Blob Storage) using short-lived, scoped authorization tokens. Each block upload token is valid for only 30 minutes, grants write access to a single specific file path, and cannot be used to read, list, or delete any other data. The upload never passes through our application servers; it goes directly from your device to encrypted cloud storage. If your connection is interrupted during upload, CLIQUE Pix can resume from the last successfully uploaded block without restarting from the beginning.
No client-side metadata stripping. Unlike photos, video files are not processed on your device before upload. The original video file is uploaded as captured by your device. This means embedded metadata — such as device model, camera settings, or location data recorded by your device's camera application — may be present in the original file stored on our servers. However, the transcoded delivery files (used for playback) are newly generated and do not carry the original metadata forward. The original file is stored temporarily and automatically deleted when the Event expires.
Server-side processing. After upload, your video is processed by an automated transcoding pipeline running in an isolated compute environment. This processing converts the video to a standard format (H.264, maximum 1080p resolution) to ensure playback compatibility across all devices, generates a streaming package for efficient delivery, creates a progressive download file as a fallback, and extracts a poster thumbnail image. Videos recorded in HDR are normalized to standard dynamic range for consistent playback. No human has access to your video content during processing — the entire pipeline is automated.
Restricted visibility. Processed videos are visible only to members of the Event's Clique, exactly like photos. There are no public feeds, no discovery features, and no way for anyone outside the Clique to access the video.
Playback security. When you play a video, the streaming segments are delivered using short-lived authorization tokens that expire within 15 minutes. These tokens are generated on demand for each viewing session and cannot be reused or shared for persistent access.
Automatic cloud deletion. When the Event expires, ALL video assets are automatically and permanently deleted from our cloud storage: the original video file, all streaming segments, the progressive download file, and the poster thumbnail. This deletion is irreversible. Videos saved to your device before expiration are not affected.
No secondary use. We do not use your videos for advertising, marketing, training artificial intelligence or machine learning models, content analysis, or any purpose other than displaying them to the members of the relevant Clique for the duration of the Event.
5. How We Handle Your Direct Messages
CLIQUE Pix offers event-scoped, one-on-one direct messaging between Clique members. Here is how we handle your messages:
Text only. Direct messages in CLIQUE Pix are text only. You cannot send photos, videos, files, or links as attachments in direct messages.
Real-time delivery. When both you and the other participant are actively using the app, messages are delivered in real time via secure WebSocket connections. These connections are authenticated with short-lived tokens and encrypted in transit via TLS. When the other participant is not actively using the app, a push notification is sent to alert them of the new message.
Storage. Message content is stored in our database for the duration of the Event. Messages are associated with the Event in which they were sent and are not accessible outside the context of that Event.
Automatic deletion. All direct messages are automatically and permanently deleted when the associated Event expires. This follows the same lifecycle as photos and videos. Once deleted, messages cannot be recovered from our servers.
No secondary use. We do not use your direct message content for advertising, profiling, content analysis, or any purpose other than delivering messages between participants within the Event.
6. How We Use Your Information
We use the information we collect for the following purposes:
Provide and operate CLIQUE Pix. We use your account information to authenticate you, your profile information to identify you within Cliques, your Clique and Event data to manage group memberships and event participation, your photos and videos to display them in Event feeds to Clique members, and your direct messages to deliver them between participants. Without this information, the core functionality of the Service cannot operate.
Authenticate your identity. We use your email address or social sign-in credentials to verify your identity each time you log in. Authentication is handled by third-party identity providers, and we rely on tokens issued by these providers to confirm that you are who you claim to be.
Send push notifications. We use your push notification token to deliver timely alerts, including notifications when a new photo is added to an Event, when a video finishes processing and is ready to view, when you receive a direct message, and reminders when an Event is approaching expiration. You can disable push notifications at any time through your device settings.
Improve app performance and fix issues. We use anonymized usage and diagnostic data to identify performance bottlenecks, diagnose crashes, understand which features are most and least used, and prioritize improvements. This data is aggregated and is not used to identify or profile individual users.
Respond to customer support requests. If you contact us for support, we may use your account information and relevant usage data to investigate and resolve your issue.
Comply with legal obligations. We may use or retain information as necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
7. How We Share Your Information
We do not sell your personal information. Under no circumstances do we sell, rent, lease, or trade your personal information to third parties for their marketing or commercial purposes.
We do not share your information with advertisers. CLIQUE Pix does not contain advertising, and we do not provide any user information to advertising networks, data brokers, or ad-tech companies.
Service providers. We use a limited number of third-party service providers who process data on our behalf under strict contractual obligations. These providers are authorized to use your information only as necessary to perform services for us and are contractually prohibited from using it for their own purposes. Our current service providers include: Microsoft Azure, which provides cloud hosting, data storage, and authentication infrastructure; and Firebase Cloud Messaging (a Google service), which provides push notification delivery. These providers may have access to personal information only to the extent necessary to perform their specific functions and are obligated to maintain the confidentiality and security of that information.
Legal requirements. We may disclose your information if we believe in good faith that such disclosure is necessary to: comply with applicable law, regulation, legal process, or enforceable governmental request; enforce our Terms of Service, including investigation of potential violations; detect, prevent, or otherwise address fraud, security, or technical issues; or protect the rights, property, or personal safety of Xtend-AI, LLC, our users, or the public as required or permitted by law.
Business transfers. In the event that Xtend-AI, LLC is involved in a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. In such an event, we will provide notice before your personal information becomes subject to a different privacy policy.
8. Data Retention
Photos. Photos are automatically and permanently deleted from our cloud storage when the associated Event expires. Event durations are 3 days, 7 days, or 14 days from the time the Event is created. This deletion is irreversible. Photos saved to your device are not affected by this process.
Videos. When an Event expires, all video assets are automatically and permanently deleted from our cloud storage: the original video file, all streaming segments, the progressive download file, and the poster thumbnail. This deletion is irreversible. Videos saved to your device before expiration are not affected.
Direct messages. All direct messages are automatically and permanently deleted when the associated Event expires. Messages follow the same lifecycle as photos and videos. Once an Event expires, all messages from that Event are irrecoverable.
Orphaned uploads. If a photo upload is initiated but not completed within 10 minutes (for example, due to a network interruption), both the partially uploaded file and the associated pending record are automatically cleaned up by our systems. For video uploads, the cleanup window is 30 minutes to accommodate larger file sizes and slower connections. If video processing fails after upload, all associated files are cleaned up within one hour. These measures ensure that incomplete or abandoned data does not persist in our storage.
Account data. Your account information, profile data, Clique memberships, and Event participation records are retained for as long as your account remains active. If you request deletion of your account, we will delete your personal data within 30 days of your request, except where retention is required by law. Deletion of your account will remove your profile, Clique memberships, and any photos, videos, and direct messages you uploaded or sent that have not yet expired.
Security and diagnostic logs. Anonymized security logs and diagnostic data may be retained for 30 to 180 days for the purposes of security monitoring, incident investigation, and performance analysis. These logs do not contain photo content or direct personal identifiers.
9. Security
We implement reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include, but are not limited to:
Encryption in transit. All data transmitted between your device and our servers is encrypted using HTTPS (TLS 1.2 or higher). No unencrypted communication is accepted by our systems.
Secure cloud storage. Our cloud storage infrastructure is secured using managed identity and role-based access control (RBAC). We do not use shared storage account keys. Access to stored data is granted on a least-privilege basis, ensuring that each component of our system can access only the data it needs to perform its specific function.
Short-lived access tokens. Photo and video URLs provided to your device are short-lived and scoped to individual files. Photo tokens expire within minutes; video streaming tokens expire within 15 minutes. These tokens cannot be used to access other data. Photos and videos are never accessible via permanent or publicly accessible URLs.
Real-time messaging security. Direct message delivery uses WebSocket connections authenticated with short-lived tokens. All messages are encrypted in transit via TLS. The WebSocket infrastructure is provided by a managed Azure service with built-in security controls.
Secure token storage on device. Authentication tokens and refresh tokens on your device are stored in platform-native secure storage mechanisms (Keychain on iOS, Encrypted Shared Preferences on Android). Sensitive credentials are never stored in plain text or in non-secure storage locations.
Limitations. While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we apply reasonable safeguards consistent with industry practices and the sensitivity of the data we handle. If we become aware of a security breach that affects your personal information, we will notify you and relevant authorities as required by applicable law.
10. Your Rights and Choices
You have the following rights with respect to your personal information:
Access. You may request a copy of the personal information we hold about you. We will provide this information in a commonly used, machine-readable format within 30 days of your request.
Correction. If your personal information is inaccurate or incomplete, you may request that we correct or update it. You can update your display name directly within the app at any time.
Deletion. You may request that we delete your personal information. Upon receiving a deletion request, we will delete your account data, profile information, and any photos, videos, and direct messages associated with your account that have not yet expired, within 30 days. Please note that content that has already been automatically deleted due to Event expiration cannot be recovered.
Clique, photo, and video management. You can leave Cliques, delete your own photos, and delete your own videos at any time directly within the app. When you delete a photo or video, it is permanently removed from our cloud storage, including all associated files (thumbnails, streaming segments, and poster images).
Push notifications. You can disable push notifications at any time through your device's notification settings. Disabling push notifications will not affect the core functionality of the app, but you will no longer receive alerts about new photos, ready videos, direct messages, or expiring Events.
Exercising your rights. To exercise any of the rights described above, or if you have questions about your personal data, please contact us at support@xtend-ai.com. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request to protect against unauthorized access to your data.
11. Children's Privacy
CLIQUE Pix is not intended for use by children under the age of 13. We do not knowingly collect, solicit, or store personal information from children under 13 years of age, and our Terms of Service require that all users be at least 13 years old. If you are a parent or guardian and you believe that your child under the age of 13 has provided personal information to us through the Service, please contact us immediately at support@xtend-ai.com. Upon verification, we will promptly delete all personal information associated with the child's account from our systems.
If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take immediate steps to delete that information. We encourage parents and guardians to monitor their children's online activities and to help us enforce this policy by instructing their children to never provide personal information through the Service without their permission.
12. International Users
CLIQUE Pix is operated by Xtend-AI, LLC from the United States. If you access or use the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers maintain facilities. The data protection and privacy laws in these jurisdictions may differ from the laws in your country of residence.
By using CLIQUE Pix, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy. We will take reasonable steps to ensure that your information is treated securely and in accordance with this Privacy Policy regardless of where it is processed or stored.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will notify you by posting the updated policy on this page with a revised "Effective Date" at the top. For significant changes that materially affect how we handle your personal information, we may also provide notice through the CLIQUE Pix app or via email to the address associated with your account.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.
14. Subscriptions & Billing Data
CLIQUE Pix offers an auto-renewable subscription ($3.99/month or $39.99/year) after a 7-day free trial. We use RevenueCat as a subprocessor to manage subscription state. Payment is processed by Apple (App Store) or Google (Google Play); we never receive or store your payment card details. We store your subscription status (active/expired, plan, renewal date) linked to your account so we can unlock the app on your devices. You can request deletion of this data by deleting your account.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Xtend-AI, LLC
Email: support@xtend-ai.com
We will make every effort to respond to your inquiry within 30 days.