Security Policy

Last updated: May 26, 2026

This Security Policy describes how Skyly approaches app security and how to report a concern.

Security approach

Skyly is designed to keep app permissions focused on the features users choose to use. The app does not require a Skyly account and does not ask for passwords, contact lists, precise location, or payment card details.

Photo permissions

Skyly uses Android media permissions and platform media access options so users can choose photos to edit. On supported Android versions, users may grant access to selected photos instead of the full library. Edited images are saved only when the user chooses to export them.

Payments

Pro subscriptions are processed by Google Play Billing. Skyly does not receive or store payment card numbers. The app receives subscription status from Google Play so it can unlock Pro filters.

Advertising and consent

Skyly may use Google AdMob and Google's User Messaging Platform. Consent and privacy choices are handled through Google's supported consent flows where required.

Third-party services

Skyly relies on Google Play Billing, Google AdMob, and Google's User Messaging Platform for subscriptions, ads, and privacy choices. Third-party services are governed by their own security and privacy practices.

Responsible disclosure

If you believe you have found a security issue in Skyly, email skyly.app@gmail.com with a clear description, affected app version, device model and Android version if relevant, and steps to reproduce. Please do not publicly disclose a vulnerability before we have had a reasonable opportunity to investigate and address it.

Scope

This policy applies to the Skyly Android app and this Skyly website. Third-party services are governed by their own security, privacy, and license terms.

Updates

We may update this Security Policy as Skyly changes. The updated version will be posted on this page with a new last updated date.