Privacy Policy

1 Overview

Piclivo ("we", "us", "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our Service.

If you have questions or concerns about this policy or our practices, please contact our Data Protection Officer at dpo@piclivo.com.

2 Data We Collect

Information You Provide Directly

• Account data: Name, email address, password (hashed), profile photo, and subscription plan when you register.
• Payment information: Billing address and payment method details, processed securely through our payment provider. We do not store full card numbers.
• Photos and media: Images and files you upload to projects and cloud folders.
• Portfolio content: Text, images, and information you add to your Piclivo portfolio website.
• Communications: Messages you send us via email, support tickets, or feedback forms.

Information Collected Automatically

• Usage data: Pages visited, features used, buttons clicked, upload counts, and download counts.
• Device & browser data: IP address, browser type, operating system, device type, and screen resolution.
• Log data: Timestamps, error reports, and access logs for security and debugging purposes.
• Cookies: Session and preference cookies as described in Section 7.

Information from Guests (Non-registered Users)

When guests access a public gallery link, we collect minimal information: the IP address (for security), the selfie they upload for face detection (processed in real-time — see Section 8), and basic usage data.

3 How We Use Your Data

We use the information we collect to:

• Create and manage your account and deliver the Service.
• Process subscription payments and send billing notifications.
• Perform AI face detection matching when guests upload selfies.
• Generate activity analytics visible in your dashboard.
• Send transactional emails (password reset, billing receipts, service updates).
• Provide customer support and respond to your enquiries.
• Detect, investigate, and prevent fraudulent or unauthorised activity.
• Improve the Service through aggregated, anonymised usage analytics.
• Comply with legal obligations.

4 Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process your data under the following legal bases:

• Contract performance: Processing necessary to provide the Service you signed up for (account management, photo storage, face detection).
• Legitimate interests: Security monitoring, fraud prevention, service improvement through aggregated analytics.
• Legal obligation: Compliance with applicable laws and regulations.
• Consent: Marketing communications and optional data processing features, where you have given explicit consent and can withdraw at any time.

5 Data Storage & Security

Storage Infrastructure

Your photos and data are stored on encrypted cloud infrastructure with ISO 27001-certified data centres. All data is replicated across multiple geographic regions to ensure reliability and availability.

Security Measures

• AES-256 encryption at rest for all stored files.
• TLS 1.3 encryption for all data transmitted between your device and our servers.
• Role-based access controls: only authorised Piclivo engineers can access infrastructure, and only when required for support or maintenance.
• Regular penetration testing and vulnerability assessments by independent security firms.
• Multi-factor authentication (MFA) available for all user accounts.

Data Breach Response

In the event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours of becoming aware of the breach, as required by applicable law.

6 Sharing of Information

We do not sell, rent, or trade your personal information. We may share data with:

• Service providers: Trusted third parties who help operate the Service (cloud infrastructure, payment processing, email delivery), bound by confidentiality agreements.
• Business transfers: In connection with a merger, acquisition, or sale of assets, where your data may be transferred as a business asset. We will notify you before your data is transferred and subject to a different privacy policy.
• Legal requirements: When required to do so by law, court order, or governmental authority.
• Protection of rights: To enforce our Terms of Service or protect the rights, property, or safety of Piclivo, our users, or others.

7 Cookies & Tracking

Types of Cookies We Use

• Essential cookies: Required for the Service to function (session management, authentication, security). Cannot be disabled.
• Preference cookies: Store your settings such as dark/light theme preference.
• Analytics cookies: Help us understand how users interact with the Service using anonymised, aggregated data. You can opt out.

Managing Cookies

You can control and delete cookies through your browser settings. Note that disabling essential cookies may affect the functionality of the Service. For analytics cookies, you can opt out via our Cookie Settings panel accessible from the footer.

We do not use third-party advertising cookies or cross-site tracking technologies.

8 AI & Biometric Data

Piclivo's AI Face Detection feature processes facial images submitted by guests. We handle this data with heightened care:

• Real-time processing only: Selfies uploaded for face detection are processed in real-time to generate a mathematical facial signature. The original selfie image is deleted from our servers immediately after processing (within seconds).
• No long-term biometric storage: Facial signatures used for matching are session-specific and are not stored permanently after the matching process completes.
• No cross-account identification: Facial data from one project cannot be used to identify individuals across other users' projects.
• Transparency to guests: Public gallery pages include a clear notice explaining that selfies are used solely for photo matching and are not retained.
• Consent framework: By uploading a selfie on a public gallery, guests provide implicit consent for real-time face matching. Account holders are responsible for ensuring their public gallery pages communicate this use clearly.

9 Data Retention

We retain your data for as long as your account is active or as needed to provide the Service:

• Photos and project files: Retained for the duration of your subscription plus 30 days after account closure, during which you may export your data.
• Account information: Retained until you delete your account. Some data may be retained for up to 7 years for legal, tax, and accounting purposes.
• Guest selfies: Deleted within seconds of processing (see Section 8).
• Usage logs: Retained for up to 12 months for security and performance analysis, then anonymised.
• Support communications: Retained for 3 years for quality assurance and dispute resolution.

10 Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure ("Right to be forgotten"): Request deletion of your data, subject to legal retention obligations.
• Portability: Receive your data in a machine-readable format to transfer to another service.
• Restriction: Request that we limit how we process your data in certain circumstances.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

11 International Data Transfers

Piclivo operates globally and your data may be processed in countries other than your own. When we transfer personal data outside the EEA or UK, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Adequacy decisions where applicable.
• Binding corporate rules with our service providers.

By using the Service, you acknowledge that your data may be transferred to and processed in countries with data protection laws that may differ from your own.

12 Children's Privacy

The Service is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children.

If you believe a child has provided us with personal information without parental consent, please contact us at privacy@piclivo.com and we will promptly delete such information.

Account holders uploading photos of minors to Piclivo are responsible for obtaining appropriate parental or guardian consent before making such photos accessible via public links.

13 Third-Party Links

The Service may contain links to third-party websites, services, or social platforms. This Privacy Policy does not apply to those third parties. We encourage you to read the privacy policies of any external sites you visit.

Piclivo is not responsible for the privacy practices or content of third-party websites linked from or to our Service.

14 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by:

• Sending an email to the address registered on your account.
• Displaying a prominent notice within the Service.

The updated date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically.

15 Contact & DPO

For any privacy-related questions, data subject requests, or concerns: