Privacy Policy

1. Overview

Picly is a Software-as-a-Service (SaaS) platform that allows registered users ("Account Holders") to collect photo submissions from third parties ("Uploaders") through shareable upload links.

• Account Holders create accounts.
• Uploaders do not create accounts.

We collect only the information necessary to operate the Service.

• We do not sell personal data.
• We do not use uploaded content for advertising.
• We do not require Uploaders to provide identifying information.

2. Information We Collect

2.1 Information from Account Holders

When you create an account, we collect:

• Name
• Organization / business name
• Email address
• Password (stored as a secure hash)
• Subscription plan information
• Storage usage information

We may also collect:

• IP address
• Browser / device information
• Login activity
• Billing status

2.2 Billing Information

Payments are processed by Stripe. We do not store credit card numbers.

Stripe may collect:

• Name
• Billing address
• Payment card details
• Transaction history

Stripe's privacy policy applies to payment data.

2.3 Information from Uploaders

Uploaders do not create accounts.

When files are submitted through an upload link, we may collect:

• Uploaded photos
• Description text entered by the uploader
• IP address
• Browser / device information
• Date and time of upload

Uploaders are not required to provide name, email, or contact information.

This information is used only to operate the Service and prevent abuse.

2.4 Uploaded Files

Uploaded files are stored in cloud object storage. Files are private by default and only accessible to the Account Holder.

We do not:

• Sell uploaded files
• Use files for advertising
• Analyze files for marketing purposes

Files remain stored until deleted by the Account Holder or removed according to our retention policy.

2.5 Google Drive Integration

If you connect Google Drive, we use Google OAuth to allow file transfer.

We may store:

• OAuth access token
• OAuth refresh token
• Google account identifier

These tokens are stored securely and used only to:

• Browse folders (if permission granted)
• Upload files to Google Drive

We do not access files in Google Drive except those needed for transfers.

You can disconnect Google Drive at any time.

Tokens are deleted when disconnected or when the account is deleted.

2.6 Email Communications

We may send email to Account Holders for:

• Account notifications
• Upload alerts
• Storage warnings
• Billing notices
• Trial reminders
• Overage notices
• Account deletion warnings

Uploaders do not receive email from Picly.

2.7 Cookies and Session Data

We use cookies and similar technologies to:

• Keep users logged in
• Maintain sessions
• Protect against abuse
• Improve performance

Cookies are not used for advertising.

You may disable cookies, but some features may not work.

2.8 Security and Abuse Prevention Data

To protect the Service, we may collect:

• IP addresses
• User agent strings
• Request logs
• CAPTCHA verification results

We use this information to:

• Prevent spam
• Prevent automated uploads
• Investigate abuse
• Protect accounts

This information is not shown publicly.

3. How We Use Information

We use collected information to:

• Provide the Service
• Process billing
• Store uploaded files
• Allow downloads and transfers
• Send notifications
• Enforce limits and plans
• Detect abuse
• Maintain security
• Improve reliability

We do not use personal data for targeted advertising.

4. Data Storage

Data may be stored on servers located in the United States or other regions used by our cloud providers.

We use cloud providers for:

• Hosting
• Object storage
• Email delivery
• Billing
• Security services

These providers may process data on our behalf.

5. Data Retention

We retain data only as long as needed to operate the Service.

Active accounts

Data is kept while the account is active.

Deleted files

Deleted files may be permanently removed and cannot be recovered.

Cancelled accounts

Accounts and associated files may be deleted after a grace period following cancellation or non-payment.

Temporary files

ZIP downloads and temporary files may be automatically deleted.

Google tokens

OAuth tokens are deleted when disconnected or when the account is deleted.

6. Sharing of Information

We do not sell personal information.

We may share information only with:

• Payment processors (Stripe)
• Cloud hosting providers
• Storage providers
• Email providers
• Security providers
• Legal authorities if required by law

These providers are allowed to use data only to provide their services.

7. Security

We use reasonable security measures, including:

• HTTPS encryption
• Password hashing
• Access controls
• Signed file URLs
• Private object storage
• Rate limiting
• CAPTCHA protection

No system is completely secure.

Use the Service at your own risk.

8. Children's Privacy

The Service is not intended for children under 13.

We do not knowingly collect personal information from children.

If we become aware that such data has been collected, it may be deleted.

9. Your Rights

You may:

• Update your account information
• Delete files
• Cancel your subscription
• Request account deletion

When an account is deleted, data may be permanently removed.

Some data may remain in backups for a limited time.

10. Changes to This Policy

We may update this Privacy Policy. The updated version will be posted on the website.

Continued use of the Service means you accept the changes.

11. Contact

Questions about this Privacy Policy may be sent to: