Last updated: March 29, 2026
1. Overview
Picly (“we”, “us”, or “our”) provides a Software-as-a-Service (SaaS) platform that allows registered users (“Account Holders”) to collect photo submissions from third parties (“Uploaders”) through shareable upload links (the “Service”).
This Privacy Policy explains how we collect, use, store, and protect information when you use the Service at picly.net.
By using the Service, you agree to the practices described in this Privacy Policy.
2. Plain-English Summary
- We collect only the data needed to operate Picly
- We do not sell personal data
- Uploaded files are private by default
- Account Holders control uploaded content
- Uploaders are not required to provide personal information
- You can delete your data at any time
3. Roles and Responsibilities
- Account Holders create accounts and manage projects
- Uploaders submit files through links and do not create accounts
Data Roles
- Account Holders are the data controllers of uploaded content
- Picly acts as a data processor on behalf of Account Holders
Account Holders are responsible for ensuring they have appropriate rights, permissions, and consent to collect and use uploaded content.
Uploaders submit content at the direction of Account Holders. Picly does not control the content submitted and is not responsible for its legality or accuracy.
4. Information We Collect
4.1 Information from Account Holders
When you create an account, we collect basic information necessary to operate the Service, including:
- Name
- Organization or business name
- Email address
- Password (stored securely as a hash)
- Subscription and billing status
- Storage usage and activity
We may also collect:
- IP address
- Browser and device information
- Login activity and timestamps
4.2 Billing Information
Payments are processed by third-party providers such as Stripe.
We do not store credit card numbers.
Stripe may collect information such as:
- Name
- Billing address
- Payment details
- Transaction history
Stripe’s privacy policy governs payment data.
4.3 Information from Uploaders
Uploaders do not create accounts.
When files are submitted, we may collect:
- Uploaded files (photos and content)
- Optional text descriptions
- IP address
- Browser and device information
- Date and time of upload
Uploaders are not required to provide personal identifying information.
This information is used only to operate the Service and prevent abuse.
4.4 Uploaded Files
- Files are stored in secure cloud object storage
- Files are private by default
- Files are accessible only to the Account Holder or via secure access methods (such as authenticated access or signed URLs)
We do not:
- Sell uploaded files
- Use files for advertising
- Analyze files for marketing purposes
4.5 Google Drive Integration
If enabled, we use Google OAuth to allow file transfers.
We may store:
- OAuth access tokens
- OAuth refresh tokens
- Google account identifier
These are used only to:
- Upload files to Google Drive
- Access folders if permission is granted
Tokens are securely stored and deleted when:
- The integration is disconnected
- The account is deleted
4.6 Email Communications
We may send Account Holders emails related to:
- Account activity
- Upload notifications
- Billing and subscription status
- Storage usage
- System alerts
Uploaders do not receive emails from Picly.
4.7 Cookies and Session Data
We use cookies and similar technologies to:
- Maintain login sessions
- Ensure security
- Improve performance
We do not use cookies for advertising or cross-site tracking.
You may disable cookies, but some features of the Service may not function properly.
4.8 Security and Abuse Prevention
To protect the Service, we may collect:
- IP addresses
- User agent strings
- Request logs
- CAPTCHA verification results
This information is used to prevent abuse, detect fraud, and maintain system security.
5. How We Use Information
We use collected information to:
- Provide and operate the Service
- Process billing and subscriptions
- Store and deliver uploaded files
- Send notifications
- Enforce usage limits
- Detect and prevent abuse
- Maintain system security and reliability
We do not use personal data for targeted advertising.
6. Legal Basis for Processing (Where Applicable)
Where required by applicable law, we process personal data based on:
- Contractual necessity (to provide the Service)
- Legitimate interests (security, abuse prevention, service improvement)
- Legal obligations
7. Data Storage and Transfers
Data may be stored and processed in the United States or other regions where our service providers operate.
If you access the Service from outside the United States, your data may be transferred internationally.
8. Data Retention
We retain data only as long as necessary to operate the Service.
- Active accounts: Data is retained while the account is active
- Deleted files: Permanently removed and may not be recoverable
- Cancelled accounts: Deleted within approximately 30–60 days after cancellation or non-payment
- Temporary files (e.g., ZIP downloads): Automatically deleted after a short period
- Backups: May retain data for a limited time before permanent deletion
9. Sharing of Information
We do not sell personal data.
We may share information only with:
Service Providers (Subprocessors)
- Payment processors (e.g., Stripe)
- Cloud hosting and storage providers
- Email delivery providers
- Security and infrastructure providers
These providers process data only to provide services on our behalf.
Legal Requirements
We may disclose information if required to:
- Comply with legal obligations
- Protect rights and safety
- Prevent fraud or abuse
10. Security
We implement reasonable safeguards, including:
- HTTPS encryption
- Secure password hashing
- Access controls
- Private object storage
- Signed URLs for file access
- Rate limiting and abuse protection
While we take reasonable steps to protect data, no system can be guaranteed to be completely secure.
11. Data Breach Notification
In the event of a data breach affecting personal data, we will take reasonable steps to notify affected users in accordance with applicable laws.
12. Your Rights
Depending on your location, you may have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your data
- Request a copy of your data (data portability)
- Object to or restrict certain processing
You can also:
- Update your account information
- Delete files
- Cancel your subscription
- Request account deletion
Some data may remain in backups for a limited time.
13. Children’s Privacy
The Service is not intended for children under 13.
We do not knowingly collect personal information from children. If such data is discovered, it may be deleted.
14. Business Transfers
If Picly is involved in a merger, acquisition, or asset sale, user data may be transferred as part of that transaction.
15. Changes to This Policy
We may update this Privacy Policy from time to time.
The updated version will be posted on the website with a revised “Last updated” date.
Continued use of the Service constitutes acceptance of the updated policy.
16. Contact
If you have questions about this Privacy Policy, contact:
Email: [email protected]