Do I need to disclose React Native Image Picker in my privacy policy?

Yes. React Native Image Picker accesses sensitive device data including photos, videos, and associated metadata. Under GDPR and CCPA, you must disclose any technology that collects or processes personal data, including media files and their metadata. You should explain what data is collected, why, and how users can control permissions.

What specific data does React Native Image Picker collect?

React Native Image Picker collects the photos and videos that users explicitly select, along with their EXIF metadata. EXIF data can include sensitive information such as GPS coordinates, device model, timestamp, and camera settings. Only data from user-selected media is collected—the library does not scan or access the entire photo library without user action.

Does React Native Image Picker require a cookie consent banner?

No. React Native Image Picker does not use cookies. However, accessing the photo library or camera on iOS and Android requires explicit user permission through native operating system dialogs. These permissions are distinct from cookie consent and are managed by the device OS, not your consent banner.

Who processes data collected by React Native Image Picker and where is it transferred?

React Native Image Picker is self-hosted open-source software with no third-party data processors. Selected media and metadata remain on the user's device and are only transferred to your servers if your application explicitly uploads them. You are responsible for determining how selected media is processed, stored, and shared downstream.

Media

Privacy policy clauses for React Native Image Picker

React Native Image Picker is a mobile library that enables users to select photos and videos from their device's media library or capture new content using the device camera. Websites and apps use it to streamline media uploads and reduce friction in user workflows.

Scan my site free →Copy sample clause ↓

Free scan · No signup · Results in 60 seconds

What data React Native Image Picker collects

Your privacy policy must disclose each of the following data types when you use React Native Image Picker.

Selected photos and videos

Image metadata (EXIF)

When does React Native Image Picker trigger privacy obligations?

React Native Image Picker triggers privacy obligations the moment you integrate it into your mobile app and users access the photo library or camera. The library itself does not transmit data to third-party servers—image selection and metadata extraction occur on-device—but this does not eliminate compliance requirements.

Data flow that triggers obligations:

When a user selects an image or video, React Native Image Picker extracts and makes available EXIF metadata, which frequently includes GPS coordinates, camera model, timestamp, and orientation data. Your app code then decides what to do with this data: store it, send it to your backend, or discard it. The moment you retain or transmit this metadata, GDPR Article 4(1) classifies it as personal data (particularly GPS coordinates, which are location data under GDPR Article 4(13)).

First concrete step:

Before launching, audit exactly which metadata your app extracts and retains. If you keep EXIF data—or pass images to a cloud service, analytics tool, or backup system—you must:

1. Add a specific disclosure in your privacy policy naming React Native Image Picker and explaining metadata collection

Common compliance pitfalls

Confusing OS permissions with legal consent

React Native Image Picker automatically triggers native OS permission dialogs (iOS photo library access, Android camera and storage permissions). Many teams assume these system prompts satisfy privacy law consent requirements. They do not. iOS and Android permission dialogs are technical gatekeepers, not legal consent disclosures under GDPR Article 7 or CCPA Section 1798.100. You must layer a separate, explicit in-app consent flow that describes *why* you need photo access, what metadata you extract, and how long you retain it. Failure to do this can result in regulatory findings that consent was not freely given or properly informed, leading to fines up to €20 million or 4% of global revenue under GDPR.

Accidentally transmitting EXIF data without disclosure

React Native Image Picker extracts full EXIF metadata by default in many implementations. If your app sends selected images to a cloud storage service (AWS S3, Firebase Storage, Cloudinary, etc.) without stripping EXIF data, you are transmitting GPS coordinates and other sensitive metadata. Teams often overlook this because the image *file* is clearly being sent, but the metadata feels invisible. GPS data is location data under GDPR and may trigger heightened security and breach notification obligations. Regulatory audits frequently flag this: "Did you disclose that GPS coordinates are extracted and transmitted?" If the answer is no, you face non-compliance findings and potential enforcement action.

Missing Data Processing Agreements with backend services

If your backend, CDN, or image storage provider receives photos or EXIF data selected via React Native Image Picker, that service is a data processor under GDPR Article 28. You must have a written DPA in place before data flows. Many indie teams skip this because they assume SaaS terms cover it—they rarely do. Absence of a DPA is a standalone GDPR violation (Article 28(3)) even if data handling itself is otherwise lawful, and regulators specifically audit for this when investigating media-handling apps.

Privacy policy clauses for React Native Image Picker

What data React Native Image Picker collects

When does React Native Image Picker trigger privacy obligations?

Common compliance pitfalls

Confusing OS permissions with legal consent

Accidentally transmitting EXIF data without disclosure

Missing Data Processing Agreements with backend services

Legal note

Sample privacy policy clause

What regulators look for

Frequently asked questions

Do I need to disclose React Native Image Picker in my privacy policy?

What specific data does React Native Image Picker collect?

Does React Native Image Picker require a cookie consent banner?

Who processes data collected by React Native Image Picker and where is it transferred?

Don't ship without Bandit.