Privacy Policy

Pearla Camera App & Website

Effective Date: 20 Feb 2024 | Last Updated: 15 Mar 2026

1. Introduction

Welcome to Pearla, a professional camera application (the “App”) developed and operated by House of Mars (“we”, “us”, or “our”). We also operate an informational website (the “Website”) that provides information and educational resources about Pearla. Together, the App and Website are referred to as the “Services”.

Pearla is designed for professional photographers, cinematographers, and serious photography enthusiasts. It is a specialist tool with advanced features and a professional-grade interface.

This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Services. It has been prepared to comply with the UK General Data Protection Regulation (UK GDPR) as amended by the Data (Use and Access) Act 2025 (DUAA), the EU General Data Protection Regulation (EU GDPR), and other applicable privacy legislation in the jurisdictions where our users are located.

2. Data Controller

The data controller responsible for your personal data is:

House of Mars 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom Privacy Contact: support@houseofmars.io

We do not currently have a Data Protection Officer (DPO). If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at the email address above.

3. Information We Collect

We are committed to collecting only the personal data that is necessary for the purposes described in this policy. The following section describes the categories of personal data we collect and process in connection with the Services.

3.1 Information You Provide Directly

When you create an account on the Pearla App via Sign in with Apple, we receive the following personal data from Apple:

Your name (as provided by your Apple ID).
Your email address. If you choose Apple’s “Hide My Email” feature, we receive an anonymised relay address rather than your real email.

The Website is informational only and does not offer user registration or account creation.

3.2 Information Collected Automatically via the App

When you use the Pearla App, the following data is collected automatically through the App itself or through third-party tools integrated into the App:

Device identifier (a unique ID associated with your device).
IP address (we infer your country of residence from this; we do not use it for precise geolocation).
Device model (e.g., iPhone 16 Pro).
App Store language setting.
Limited usage and interaction data, such as whether you completed onboarding, and certain feature usage metrics (e.g., shutter count). These are collected through our analytics and messaging tools.
Purchase and subscription data, collected and processed through our subscription management providers in connection with in-app purchases and subscription management.

3.3 Crash Logs and Diagnostics

Crash logs and diagnostic data are collected by Apple through its standard crash reporting mechanisms and are made available to us via Xcode and App Store Connect. We do not operate a separate crash reporting service. Apple’s own privacy policy governs how Apple collects and handles this data before it reaches us.

3.4 Camera and Location Permissions

Pearla requests access to your device’s camera and, optionally, your precise GPS location. GPS access is used solely to allow you to embed location metadata (EXIF data) in your photos and videos. This location data is written to the file on your device and is not transmitted to our servers. Photos and videos captured using Pearla are stored locally on your device. We do not access, collect, upload, or store your photos, videos, or their location metadata on our servers unless a specific future feature requires it, in which case you will be clearly notified and asked for your consent before any upload occurs.

3.5 Information Collected via the Website

When you visit the Pearla Website, the following tracking technologies may be active:

Google Analytics — for understanding visitor traffic and usage patterns.
Meta Pixel — for measuring the effectiveness of advertising on Meta platforms.
Reddit Tracking Pixel — for measuring the effectiveness of advertising on Reddit.

These technologies may collect data such as your IP address, browser type, pages visited, and referring URL. The Meta Pixel and Reddit Tracking Pixel are advertising and targeting technologies that require your consent under the UK’s Privacy and Electronic Communications Regulations (PECR). We will not activate these cookies or similar technologies until you have given your consent through our cookie consent mechanism.

Certain cookies may qualify for narrow exceptions under PECR as amended by the DUAA, specifically where storage or access is used for the sole purpose of collecting statistical information to improve the Website, or for the sole purpose of adapting the Website’s appearance or functionality to your stated preferences. Where we rely on these exceptions, we will still provide you with clear information about the technologies in use and, where applicable, an easy way to opt out. For all other cookies and tracking technologies, we obtain your prior consent.

You can manage your cookie preferences through our cookie consent mechanism on the Website or through your browser settings.

4. How We Use Your Information

We process your personal data for the following purposes, on the following legal bases under Article 6 of the UK GDPR:

To provide and maintain our Services (account creation, authentication, subscription management, and core app functionality) — Legal basis: Performance of a contract with you.
To communicate with you about your account, software updates, and support enquiries — Legal basis: Performance of a contract.
To improve our Services by analysing aggregate usage patterns and product performance — Legal basis: Legitimate interest (our interest in understanding how our product is used so that we can improve it).
To diagnose and fix technical problems, including reviewing crash logs and resolving bugs — Legal basis: Legitimate interest (our interest in maintaining a stable, reliable service).
To measure advertising effectiveness on the Website using advertising measurement technologies — Legal basis: Consent (obtained via our cookie consent mechanism).
To comply with legal obligations, including responding to lawful requests from public authorities — Legal basis: Legal obligation.
To protect our rights and safety, enforce our Terms of Service, and prevent misuse of our Services — Legal basis: Legitimate interest (our interest in operating a safe and lawful service).

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Data Recipients and Third-Party Services

We do not sell, rent, or trade your personal data to third parties.

We share personal data only with the following categories of recipients:

Category of Data	Category of Recipient	Purpose
Account identifiers (name, email)	Cloud hosting and infrastructure providers	Secure storage and delivery of account data
Usage and interaction data, device info, IP	Product analytics and customer messaging providers	Product analytics, onboarding tracking, in-app communications
Purchase and subscription data	Subscription and payment management providers	Receipt validation, subscription status, fraud prevention
Crash logs and diagnostics	Platform providers (e.g., Apple via its standard crash reporting mechanisms)	Crash reporting and diagnostic analysis
Website analytics data (IP, pages, referrer)	Website analytics providers	Website traffic analysis and improvement
Website tracking data	Advertising measurement providers — with consent	Measuring the effectiveness of advertising campaigns

We may also share personal data with legal, regulatory, and professional advisers where required.

Depending on the service and legal context, these third parties may act as our data processors, as independent controllers, or as joint controllers. Where required by applicable law, we put in place appropriate contractual arrangements governing those roles, including data processing agreements where the third party processes personal data on our behalf.

We may also disclose your personal data if required to do so by law, regulation, or legal process, or if we believe in good faith that such disclosure is necessary to comply with a legal obligation, protect our rights or property, prevent fraud, or ensure the safety of our users or the public.

In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such change and ensure that the receiving party is bound by privacy obligations at least as protective as those set out in this Privacy Policy.

6. International Data Transfers

House of Mars is based in the United Kingdom. Some of our service providers are based outside the UK and the European Economic Area (EEA), including in the United States. As a result, your personal data may be transferred to, stored, and processed in countries that may not offer the same level of data protection as the UK or EEA.

When we make such transfers, we ensure appropriate safeguards are in place:

For UK restricted transfers: We rely on UK adequacy regulations, the International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses, as appropriate.
For EU restricted transfers: We rely on EU adequacy decisions or the EU Standard Contractual Clauses (SCCs) approved by the European Commission.

Where required, we carry out transfer risk assessments to evaluate the level of protection afforded in the destination country and implement supplementary measures where necessary.

You may request a copy of the relevant transfer safeguards by contacting us at support@houseofmars.io.

7. Children’s Privacy

Pearla is a professional-grade camera application designed for and marketed to adult photographers, cinematographers, and serious enthusiasts. It is not directed at, designed for, or marketed to children. The App’s advanced feature set, professional interface, and steep learning curve mean that its user base consists overwhelmingly of adults.

We have assessed our Services in light of the UK ICO’s Children’s Code (Age Appropriate Design Code) and the children’s higher protection matters provisions introduced by the DUAA. Based on Pearla’s professional purpose, specialist interface, target audience of adult professionals and serious enthusiasts, steep learning curve, and absence of child-directed content or design features, our current assessment is that Pearla is not likely to be accessed by children as a substantive user group. We have documented this assessment in accordance with ICO guidance and keep it under review.

Under the US Children’s Online Privacy Protection Act (COPPA), Pearla qualifies as a general audience service not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take prompt steps to delete that information.

Under the EU GDPR, we do not knowingly process personal data of children below the applicable age of digital consent without appropriate parental authorisation. Given our professional target audience, we do not anticipate this situation arising in the ordinary course of our operations.

If you are a parent or guardian and believe that your child has created an account on Pearla, please contact us at support@houseofmars.io and we will promptly delete the account and any associated personal data.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to comply with legal, regulatory, accounting, or reporting obligations:

Account data (name, email): Retained for the duration of your account and deleted within 30 days of account deletion, unless retention is required by law.
Device and usage data (device ID, IP-derived country, device model, usage events): Retained for up to 12 months for analytical and product improvement purposes, then anonymised or deleted.
Subscription and transaction data: Retained for as long as necessary to administer subscriptions, respond to queries and disputes, comply with tax and accounting requirements, and meet legal obligations.
Cookie and tracking data (Website): Retained in accordance with the lifespan specified for each cookie or tracking technology. Details are provided in our cookie consent mechanism on the Website.

When personal data is no longer required, we will securely delete or anonymise it using industry-standard measures.

9. Your Rights

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal data.

Right of Access: You may request a copy of the personal data we hold about you.
Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
Right to Erasure: You may request that we delete your personal data, subject to certain legal exceptions.
Right to Restriction of Processing: You may request that we restrict the processing of your personal data in certain circumstances.
Right to Data Portability: Where technically feasible and applicable, you may request that we provide your personal data in a structured, commonly used, and machine-readable format.
Right to Object: You may object to the processing of your personal data where we rely on legitimate interests as our legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to Withdraw Consent: Where processing is based on your consent (e.g., advertising cookies on the Website), you may withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
Right to Complain: Under the DUAA, you have the right to lodge a data protection complaint directly with us. We will acknowledge your complaint within 30 days and take appropriate steps to address it without undue delay. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk, or with your local EU supervisory authority.

9.2 Rights Under Other Applicable Laws

If you are located in a jurisdiction with additional data protection rights (such as US state privacy laws), those rights apply to you as required by the relevant legislation. If you believe you have a right under your local law that is not listed above, please contact us and we will respond in accordance with our legal obligations.

9.3 How to Exercise Your Rights

To exercise any of the rights described above, please contact us at support@houseofmars.io. We will respond to your request within one month (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

10. Account Deletion

You may delete your Pearla account at any time from within the App. Upon deletion, we will remove your personal data from our active systems within 30 days. Certain data may be retained for a limited period in our backup systems and will be permanently deleted in accordance with our data retention schedule. Data that we are legally required to retain (e.g., for tax, legal, or regulatory compliance) will be retained for the applicable statutory period and then securely deleted.

11. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit (TLS/SSL) and at rest.
Access controls and authentication mechanisms to limit access to personal data to authorised personnel only.
Regular security assessments and monitoring.
Secure development practices in our engineering processes.
Incident response procedures for handling data breaches.

While we take reasonable steps to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to continuously improving our security practices.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (the ICO or the applicable EU data protection authority) within 72 hours of becoming aware of the breach, as required by the UK GDPR and EU GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay.

13. Third-Party Links

Our Services may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our Website and/or within the App, and by updating the “Last Updated” date at the top of this document. Where required by applicable law (for example, where we wish to process your data for a new purpose that requires consent), we will obtain your consent before making those changes.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

House of Mars 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom Email: support@houseofmars.io

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

Information Commissioner’s Office Website: ico.org.uk Helpline: 0303 123 1113