PickThePic logoPickThePic
‹ Back

Privacy Policy

Last Updated: February 17, 2026

PickThePic (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use our website and services. By using PickThePic, you consent to these practices. If you do not agree, please do not use the Site. We operate from India and you can reach our privacy contact below.

1. Information We Collect

a) Information You Provide

  • Account Information: Name, email address, password, and optional profile details when creating an account.
  • Studio & Client Details: Studio names, client names, client email addresses, and optional phone numbers added to shoots or share links.
  • Uploaded Content: Photos, comments, filenames, shoot titles, selections, and related metadata uploaded by photographers or clients.
  • Business & Billing Information: Plan selection, billing contact details, and payment confirmation information (processed securely by trusted third-party payment providers).
  • Support & Feedback: Information shared when contacting support, submitting feedback, or participating in surveys.

b) Information Collected Automatically

  • Usage Data: Device information, browser type, operating system, IP address, page views, and timestamps.
  • IP Addresses: Logged for fraud prevention, security enforcement, and legal compliance.
  • Cookies: Used to maintain secure login sessions and remember preferences. Cookie controls are available in your browser settings.
  • Performance & Diagnostics Logs: Technical logs, error events, and crash reports used to maintain stability, reliability, and detect misuse.
  • Marketing Interaction Analytics: Limited first-party events on public marketing pages, such as CTA clicks, page path, referrer, browser user agent, and a temporary session identifier stored in browser session storage.
  • Authentication & Abuse Prevention Logs:Limited login attempt records (email, success/failure reason, and IP when available) to protect accounts and prevent fraud.

c) Linked Third-Party Accounts

  • Google Drive / Dropbox: We store limited metadata such as folder IDs or file links necessary to manage photo uploads and retrieval.
  • OAuth Tokens: Secure OAuth and refresh tokens are stored to enable features you explicitly activate (uploading, listing, organizing folders).
  • We do not access unrelated files in your cloud storage. Only folders you authorize are used.

2. How We Use Your Information

  • Create and manage user accounts.
  • Enable collaboration between photographers and clients.
  • Upload, preview, select, and deliver photos.
  • Generate optimized previews (2K images, thumbnails, watermarked proofs).
  • Process payments, enforce plan limits, and manage subscriptions.
  • Detect abuse, spam, or fraud.
  • Provide customer support and troubleshooting.
  • Send transactional emails and service notifications.
  • Measure marketing page CTA performance and improve funnel usability using limited first-party analytics events.
  • Comply with legal obligations and enforce platform policies.

You may opt out of non-essential communications at any time.

3. Legal Bases for Processing (EEA/UK)

If you are located in the European Economic Area or the United Kingdom, we process your information under the following legal bases:

  • Contract: To provide the services you request and honor our agreements with you.
  • Consent: For specific optional features such as connecting external storage or receiving marketing emails.
  • Legitimate Interests: To maintain and improve our platform, prevent abuse, and protect the security of our users.
  • Legal Obligations: To comply with applicable laws, regulations, and court orders.

4. Cookies and Analytics

  • We use cookies to maintain secure login sessions and remember user preferences.
  • We do not use analytics or marketing cookies. For basic first-party funnel measurement, we record limited marketing CTA click events and use browser session storage (not cookies) for a temporary session identifier.
  • We do not sell personal data or run third-party advertising trackers/pixels on the platform.
  • Disabling cookies may affect login persistence and security. Disabling browser storage may reduce analytics continuity across a browsing session.

5. Payments and Billing

  • Payments and subscriptions are processed by Razorpay. We receive order IDs, subscription IDs, payment IDs, signatures, plan selections, and billing contact details needed for billing and fraud prevention. Sensitive payment information (card or UPI details) is handled directly by Razorpay and never stored by PickThePic.
  • Purchase history (plans, credits, add-ons) is recorded to honor entitlements and billing records.

6. Storage, Processing, and Access to Photos

  • Photos uploaded to PickThePic are stored securely through third-party providers such as Supabase or your connected Google Drive or Dropbox account, depending on your setup.
  • Preview images, thumbnails, and watermarked proofs may be generated and stored to optimize viewing performance. If you use Google Drive or Dropbox, 2K previews are stored in Supabase while originals remain in your linked storage. In Supabase-only mode, we store resized 2K versions.
  • We never share, sell, or publicly display user images without explicit written consent.
  • PickThePic does not use your images for AI training, external datasets, or algorithmic analysis without explicit consent.
  • If you connect Google Drive, we adhere to the Google API Services User Data Policy, including the Limited Use requirements. Access is restricted to the folders you authorize and is used solely to store and retrieve your photos for PickThePic features. Dropbox access tokens are used only to manage the folders/paths you connect for uploads and downloads.
  • Basic asset metadata (file name, size, width/height, storage paths, and share links) is stored to render galleries, selections, and downloads.

Internal Access

  • Technical support and troubleshooting
  • Content moderation or policy enforcement
  • Investigating misuse or illegal content

7. Data Sharing and Third Parties

  • Service Providers: We share only the information necessary for vendors assisting with hosting, storage, email delivery, analytics, and payments — all bound by confidentiality and data-protection obligations (e.g., Supabase for hosting/auth, Google Drive/Dropbox for storage you connect, Resend for email, and Razorpay for payments).
  • Legal Requirements: We may disclose information if required by law, court order, or to protect user safety or our platform integrity.
  • Business Changes: In case of a merger, sale, or reorganization, your data may transfer under equivalent privacy safeguards.
  • No Advertising Sales: We do not sell personal data or allow advertising use.

8. Data Retention and Link Expiry

  • We retain personal and uploaded data only as long as necessary to provide our services, maintain business records, or comply with legal obligations.
  • Galleries, shoots, and client links may expire automatically after a defined period depending on your plan (Free 15 days, Plus 30 days, Pro 60 days) with a 2-day grace period before archival. A shoot extension add-on can add +30 days within that window.
  • You can request deletion of your data at any time by contacting us directly. We aim to process deletion requests promptly unless retention is required by law.
  • Deleted accounts are permanently removed within 30 days, including uploaded previews and metadata. Backups may persist for a limited time before being overwritten.
  • Limited technical logs are retained for a shorter period to monitor reliability and security, including login attempts used for fraud prevention.
  • When a shoot is fulfilled or reaches expiry + grace, Supabase previews/thumbnails may be deleted as part of archiving; selection data is retained to support re-exports, and originals remain in your linked Google Drive or Dropbox unless you delete them there.

9. Your Rights and Choices

  • Access, update, or delete your account and photos.
  • Request data export or correction of inaccurate data.
  • Withdraw linked third-party access (e.g., Google Drive) at any time from your account settings.
  • Opt out of non-essential marketing emails.
  • Contact us at our privacy team to exercise these rights. We may need to verify your identity before fulfilling requests.

10. Data Security

  • Encrypted connections (HTTPS), secure access controls, and logged internal access help protect your data.
  • Only authorized personnel can access sensitive systems or content, and all access is logged and periodically reviewed.
  • No system is 100% secure, but we take reasonable measures to protect your data. You share content at your own discretion.

11. International Data Transfers

If you access PickThePic from outside India, your information may be processed in other countries that may not have equivalent data protection laws. We ensure reasonable safeguards for such transfers.

12. Children's Privacy

PickThePic is not directed to individuals under the age of 16. If you believe a minor has provided personal information, please contact us so we can remove it.

13. Updates to this Policy

We may revise this Privacy Policy periodically to reflect new features, technologies, or legal requirements. The “Last Updated” date above indicates the latest version. Continued use of PickThePic after updates means you accept the revised policy.

14. Contact Us

For questions about privacy, data usage, or this policy, contact us at our support team.