PickThePic logoPickThePic
‹ Back

Privacy Policy

Last Updated: March 23, 2026

PickThePic (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use our website and services. By using PickThePic, you consent to these practices. If you do not agree, please do not use the Site. We operate from India and you can reach our privacy contact below.

1. Information We Collect

a) Information You Provide

  • Account Information: Name, email address, password, and optional profile details when creating an account.
  • Studio & Client Details: Studio names, client names, client email addresses, and optional phone numbers added to shoots or share links.
  • Uploaded Content: Photos, comments, filenames, shoot titles, selections, and related metadata uploaded by photographers or clients.
  • Business & Billing Information: Plan selection, billing contact details, and payment confirmation information (processed securely by trusted third-party payment providers).
  • Support & Feedback: Information shared when contacting support, submitting feedback, or participating in surveys.

b) Information Collected Automatically

  • Usage Data: Device information, browser type, operating system, IP address, page views, and timestamps.
  • IP Addresses: Logged for fraud prevention, security enforcement, and legal compliance.
  • Cookies: Used to maintain secure login sessions and remember preferences, including your selected appearance mode and primary color theme. Cookie controls are available in your browser settings.
  • Performance & Diagnostics Logs: Technical logs, error events, and crash reports used to maintain stability, reliability, and detect misuse.
  • Marketing Interaction Analytics: Limited first-party events on marketing and product flows, such as page and section views, CTA interactions, conversion entries, shoot creation milestones, client gallery open/submit milestones, and checkout status events. Event payloads may include page path, referrer path, browser user agent, plan identifiers, and a temporary session identifier stored in browser session storage.
  • Authentication & Abuse Prevention Logs:Limited login attempt records (email, success/failure reason, and IP when available) to protect accounts and prevent fraud.

c) Linked Third-Party Accounts

  • Google Drive / Dropbox: We store limited metadata such as folder IDs or file links necessary to manage photo uploads and retrieval.
  • OAuth Tokens: Secure OAuth and refresh tokens are stored to enable features you explicitly activate (uploading, listing, organizing folders).
  • We do not access unrelated files in your cloud storage. Only folders you authorize are used.

2. How We Use Your Information

  • Create and manage user accounts.
  • Enable collaboration between photographers and clients.
  • Upload, preview, select, and deliver photos.
  • Generate optimized previews (2K images, thumbnails, watermarked proofs).
  • Process payments, enforce plan limits, and manage subscriptions.
  • Detect abuse, spam, or fraud.
  • Provide customer support and troubleshooting.
  • Send transactional emails and service notifications.
  • Measure marketing and product workflow performance (for example, landing-to-signup conversion, client completion timing, and checkout reliability) using limited first-party analytics events.
  • Comply with legal obligations and enforce platform policies.

You may opt out of non-essential communications at any time.

3. Legal Bases for Processing (EEA/UK)

If you are located in the European Economic Area or the United Kingdom, we process your information under the following legal bases:

  • Contract: To provide the services you request and honor our agreements with you.
  • Consent: For specific optional features such as connecting external storage or receiving marketing emails.
  • Legitimate Interests: To maintain and improve our platform, prevent abuse, and protect the security of our users.
  • Legal Obligations: To comply with applicable laws, regulations, and court orders.

Depending on your location, additional local privacy rights may apply (for example, rights under UK/EEA, California, or other applicable state or national privacy laws).

4. Cookies and Analytics

  • We use cookies to maintain secure login sessions and remember user preferences.
  • This includes first-party functional cookies for theme-preference and color-theme, which store your selected appearance mode and primary color so PickThePic can render your chosen theme on first load.
  • These preference cookies are used only for requested interface settings, are not used for advertising or cross-site tracking, and may remain on your device for up to 1 year unless you clear them earlier.
  • We do not use analytics or marketing cookies. For basic first-party measurement, we record limited analytics events such as marketing page/section/CTA interactions, conversion-entry events, and product workflow events (shoot creation, gallery opens, selections, submissions, and checkout status). We use browser session storage (not cookies) for a temporary session identifier.
  • We do not sell personal data or run third-party advertising trackers/pixels on the platform.
  • Disabling cookies may affect login persistence and security. Disabling browser storage may reduce analytics continuity across a browsing session.

5. Payments and Billing

  • Payments and subscriptions are processed by Razorpay. We receive order IDs, subscription IDs, payment IDs, signatures, plan selections, and billing contact details needed for billing and fraud prevention. Sensitive payment information (card or UPI details) is handled directly by Razorpay and never stored by PickThePic.
  • Purchase history (plans, credits, add-ons) is recorded to honor entitlements and billing records.

6. Storage, Processing, and Access to Photos

  • Photos uploaded to PickThePic are stored securely through third-party providers such as Supabase or your connected Google Drive or Dropbox account, depending on your setup.
  • Preview images, thumbnails, and watermarked proofs may be generated and stored to optimize viewing performance. If you use Google Drive or Dropbox, 2K previews are stored in Supabase while originals remain in your linked storage. In Supabase-only mode, we store resized 2K versions.
  • We never share, sell, or publicly display user images without explicit written consent.
  • PickThePic does not use your images for AI training, external datasets, or algorithmic analysis without explicit consent.
  • If you connect Google Drive, we adhere to the Google API Services User Data Policy, including the Limited Use requirements. Access is restricted to the folders you authorize and is used solely to store and retrieve your photos for PickThePic features. Dropbox access tokens are used only to manage the folders/paths you connect for uploads and downloads.
  • Basic asset metadata (file name, size, width/height, storage paths, and share links) is stored to render galleries, selections, and downloads.

Internal Access

  • Technical support and troubleshooting
  • Content moderation or policy enforcement
  • Investigating misuse or illegal content

7. Browser-Local Tools (/tools)

  • PickThePic provides browser-based tools (such as format conversion, renaming, compression, resizing, metadata cleaning, and watermark editing) that are designed to run locally on your device.
  • Files selected in these tools and generated outputs are processed in your browser and are not uploaded to PickThePic servers unless you separately use an upload feature elsewhere on the platform.
  • These tools may use temporary in-memory processing, browser canvas operations, and object URLs to generate previews and downloads.
  • Metadata cleaning through browser re-export removes common metadata fields, but may not remove every hidden, proprietary, or format-specific field. You should verify files before external sharing when sensitive data is involved.
  • Processing performance and limits depend on your browser, device resources, and file sizes.

8. Data Sharing and Third Parties

  • Service Providers: We share only the information necessary for vendors assisting with hosting, storage, email delivery, analytics, and payments — all bound by confidentiality and data-protection obligations (e.g., Supabase for hosting/auth, Google Drive/Dropbox for storage you connect, Resend for email, and Razorpay for payments).
  • Legal Requirements: We may disclose information if required by law, court order, or to protect user safety or our platform integrity.
  • Business Changes: In case of a merger, sale, or reorganization, your data may transfer under equivalent privacy safeguards.
  • No Advertising Sales: We do not sell personal data or allow advertising use.

9. Data Retention and Link Expiry

  • We retain personal and uploaded data only as long as necessary to provide our services, maintain business records, or comply with legal obligations.
  • Galleries, shoots, and client links may expire automatically after a defined period depending on your plan (Free 15 days, Plus 30 days, Pro 60 days) with a 2-day grace period before archival. A shoot extension add-on can add +30 days within that window.
  • You can request deletion of your data at any time by contacting us directly. We aim to process deletion requests promptly unless retention is required by law.
  • Deleted accounts are permanently removed within 30 days, including uploaded previews and metadata. Backups may persist for a limited time before being overwritten.
  • Limited technical logs are retained for a shorter period to monitor reliability and security, including login attempts used for fraud prevention.
  • First-party analytics event records are retained for service measurement, auditability, and abuse monitoring, then deleted or aggregated on a rolling basis where reasonably practical.
  • When a shoot is fulfilled or reaches expiry + grace, Supabase previews/thumbnails may be deleted as part of archiving; selection data is retained to support re-exports, and originals remain in your linked Google Drive or Dropbox unless you delete them there.

10. Your Rights and Choices

  • Access, update, or delete your account and photos.
  • Request data export or correction of inaccurate data.
  • Where applicable by law, request restriction of processing, object to certain processing, or request portability of personal data you provided to us.
  • Withdraw linked third-party access (e.g., Google Drive) at any time from your account settings.
  • Opt out of non-essential marketing emails.
  • California residents (where applicable) may request to know, correct, or delete personal information and receive equal service without discrimination for exercising privacy rights. PickThePic does not sell personal information or share it for cross-context behavioral advertising.
  • Use our contact page to exercise these rights. We may need to verify your identity before fulfilling requests.

11. Data Security

  • Encrypted connections (HTTPS), secure access controls, and logged internal access help protect your data.
  • Only authorized personnel can access sensitive systems or content, and all access is logged and periodically reviewed.
  • No system is 100% secure, but we take reasonable measures to protect your data. You share content at your own discretion.

12. International Data Transfers

If you access PickThePic from outside India, your information may be processed in other countries that may not have equivalent data protection laws. We ensure reasonable safeguards for such transfers.

13. Children's Privacy

PickThePic is not directed to individuals under the age of 16. If you believe a minor has provided personal information, please contact us so we can remove it.

14. Updates to this Policy

We may revise this Privacy Policy periodically to reflect new features, technologies, or legal requirements. The “Last Updated” date above indicates the latest version. Continued use of PickThePic after updates means you accept the revised policy.

15. Contact Us

For questions about privacy, data usage, or this policy, contact us through our contact page.