BFBULKFLICK

Privacy Policy

Last updated: May 14, 2026

1. Who I am

I'm a solo developer. I built BulkFlick because I kept hitting the same frustration — Flickr's web interface just isn't built for managing a library of thousands of photos. So I made a desktop app that is.

This page explains what data touches my servers, what stays on your machine, and why. No lawyer boilerplate padded out to seem more impressive — just a straight explanation of how things actually work.

2. Connecting to Flickr

BulkFlick never asks for your Flickr password. It uses OAuth 1.0a — the same authentication handshake Flickr uses for all third-party apps. Here's the flow:

When you click "Connect to Flickr", the app opens your default browser to Flickr's own login page. You sign in there, on Flickr's servers. I never see that happen. Flickr then asks if you want to grant BulkFlick access to your account. If you say yes, Flickr sends a short-lived token back to the app.

The app exchanges that for an OAuth access token, which gets stored encrypted on your local device only. It never gets sent to my servers. All Flickr API calls — browsing albums, fetching download URLs, uploading photos — go straight from your computer to Flickr's API. My backend is not in that loop at all.

You can revoke access anytime from Flickr's authorized apps page or just sign out from inside BulkFlick.

3. What stays on your machine

Several things are stored locally and never leave your computer:

  • Your Flickr OAuth token — encrypted, kept so you don't have to re-authorize every launch.
  • Your license key — if you're on a paid plan, the key is cached locally so you don't need to paste it in each time.
  • Preferences — download folder, photo quality setting, light/dark theme choice. Purely local.
  • Download history — a log of albums and photos you've downloaded, so the app can show you what's already on your disk. This doesn't go anywhere.

4. What my server knows about you

The server side of BulkFlick exists for two things: running the license system and enforcing the free plan's download limits. That's it. Here's what that requires in practice:

If you buy a Pro plan, I store your email, the plan you bought, your license key, and which device it's currently activated on. The device is identified by a random ID that gets generated the first time you launch the app — it's not your serial number or anything personally identifiable, just a UUID I use to know "key X is in use on device Y."

For free plan users, I keep a daily download count per device. Just a number — I have no idea which photos or albums you're looking at. Those counts get wiped after 90 days.

If you send a support message, I store your name, email, and message. I keep that until the issue is resolved, plus about a year for context if you follow up. No account is needed to use the free tier.

5. Payments go through Stripe

I use Stripe for all payments. I never see your card number, CVV, or bank details — Stripe handles all of that. After a successful payment, Stripe tells me: which plan you bought, the amount, the date, and a Stripe customer ID. That's what I use to issue and manage your license. Stripe's own privacy policy is at stripe.com/privacy.

6. What I don't do with your data

A few things worth being explicit about:

I don't sell or share your data with anyone. No ad networks, no data brokers, none of that. Your email goes only to: license delivery, payment receipts, and if I ever need to send a critical service notice (like a security issue). That's the complete list.

The website uses Google Tag Manager for basic visit counting. No advertising pixels, no cross-site tracking. The GTM setup is analytics-only — page views and that's about it.

7. The session cookie

If you log in to your account on bulkflick.com to manage a license or check purchase history, the site sets one session cookie to keep you signed in. It's marked Secure and SameSite=Lax. No tracking cookies, no ad cookies. If you never log in, no persistent cookie is set.

8. How long I keep things

Account and license records stick around while your account is active and for up to 3 years after, mostly for dispute resolution and to handle "I lost my key" requests. Free plan download counts are purged after 90 days. You can ask me to delete your data earlier — just email me.

9. Your data, your call

Want to see what I have on you, correct something, or have it deleted? Email support@bulkflick.com with "Privacy request" in the subject. I'll get back to you within 30 days. EU and UK residents also have the right to complain to their local data protection authority if they think I've handled something wrong.

10. Updates to this policy

If something significant changes, I'll email you and put an in-app notice up at least two weeks before it kicks in. Small wording fixes might go up without a notice — the "Last updated" date at the top will tell you when this page last changed.

11. Questions

Something unclear? Email support@bulkflick.com. It's just me on the other end — you'll get a real answer.

Terms of ServiceFAQSupport← Back to home