PicFixPicFix

GDPR Compliance

Effective date: March 14, 2026

INTRODUCTION

This GDPR Compliance page explains your rights under the General Data Protection Regulation (GDPR) and how PicFix processes and protects your personal data.

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights regarding your personal data under GDPR.

DATA CONTROLLER

PicFix is the data controller responsible for your personal data.

For data protection inquiries, contact us at:

  • Email: hello@photocameraapp.com

LEGAL BASIS FOR PROCESSING

We process your personal data under the following legal bases:

  • Contract Performance → To provide the PicFix service you signed up for
  • Consent → When you explicitly agree to certain data processing (e.g., analytics)
  • Legitimate Interest → To improve our service, prevent fraud, and ensure security
  • Legal Obligation → To comply with applicable laws and regulations

DATA WE COLLECT

Personal Information

  • Email address → For account management and authentication
  • User UUID → Unique identifier for your account
  • Device anchor ID → To link your device to your account

Content Data

  • Photos you select for editing → Images you upload for AI editing
  • Edited photos → AI-generated edit results
  • Job history → Record of your editing requests

Usage Data

  • Credit usage → Number of credits used and remaining
  • Feature usage → Which tools and features you interact with
  • Device information → Device model, OS version, app version
  • Feedback submissions → Including optional screenshots

Technical Data

  • Analytics events → Tracked via PostHog for service improvement
  • Purchase data → Managed through RevenueCat
  • Push notification tokens → For Apple Push Notification service (if enabled)

HOW WE USE YOUR DATA

We use your personal data to:

  • Provide the core service → Process your photos and apply AI edits
  • Manage your account → Authenticate you and save your preferences
  • Process payments → Handle credit pack purchases securely
  • Improve our service → Analyze usage patterns and fix bugs
  • Send notifications → Notify you about edit completion (if enabled)
  • Provide support → Respond to your inquiries and feedback
  • Ensure security → Prevent fraud and abuse

Important: We do NOT use your photos to train AI models or for any purpose beyond applying your requested edits.

THIRD-PARTY PROCESSORS

We work with the following third-party processors:

  • Supabase (Database & Storage) → Stores your account data and images
  • RevenueCat (Payment Management) → Processes credit pack purchases
  • PostHog (Analytics) → Tracks anonymized usage data
  • Google Gemini AI (Image Processing) → Processes images to apply AI edits
  • Apple Inc. (Authentication & Notifications) → Handles sign-in and push notifications

All processors are carefully selected and bound by data processing agreements that comply with GDPR requirements.

DATA RETENTION

  • Photos: Stored while your account is active. Deleted when you remove an edit or delete your account.
  • Account data: Retained until you delete your account
  • Usage logs: Retained for up to 90 days for debugging and analytics
  • Billing logs: Credit ledger and purchase events retained as required by law

When you delete your account, all associated data is permanently deleted through cascade deletion, except for audit logs required for legal compliance.

YOUR GDPR RIGHTS

Under GDPR, you have the following rights:

Right to Access

You have the right to request a copy of all personal data we hold about you. Contact hello@photocameraapp.com to request your data.

Right to Rectification

You have the right to correct inaccurate or incomplete personal data. You can update most information in your account settings, or contact us for assistance.

Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data. You can delete your account directly in the app (Settings → Delete Account), or contact us at hello@photocameraapp.com.

Right to Restrict Processing

You have the right to request that we restrict processing of your personal data in certain circumstances, such as while we verify the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. Contact hello@photocameraapp.com to request data export.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests. You can opt out of analytics by contacting us.

Rights Related to Automated Decision-Making

While we use AI to edit your photos, this does not constitute automated decision-making that produces legal or similarly significant effects. You maintain full control over which edits to keep or discard.

Right to Withdraw Consent

Where we process your data based on consent, you can withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with GDPR requirements.

HOW TO EXERCISE YOUR RIGHTS

To exercise any of your GDPR rights, please contact us at:

  • Email: hello@photocameraapp.com
  • Subject line: "GDPR Request: [Your Right]"

We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

DATA SECURITY MEASURES

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption → Data encrypted in transit (TLS) and at rest
  • Row Level Security (RLS) → Database access restricted by user authentication
  • JWT Authentication → Secure token-based authentication
  • Access Controls → Strict internal access policies
  • Regular Security Audits → Ongoing monitoring and testing
  • Automatic Deletion → Photos deleted per retention policy
  • Secure Infrastructure → Hosted on secure cloud providers with GDPR compliance

CROSS-BORDER DATA TRANSFERS

Your personal data may be transferred to and processed in countries outside the EEA, including:

  • United States → Where our service providers (Supabase, Google, PostHog) operate
  • Other regions → As required for service delivery

All cross-border transfers are protected by:

  • Standard Contractual Clauses → EU-approved data transfer mechanisms
  • Adequacy Decisions → Where applicable
  • Data Processing Agreements → With all processors

CHILDREN'S PRIVACY

PicFix is not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

UPDATES TO THIS POLICY

We may update this GDPR Compliance page from time to time. We will notify you of significant changes through:

  • In-app notifications
  • Email (if you have an account)
  • Updating the "Effective date" at the top of this page

Continued use of PicFix after changes constitutes acceptance of the updated policy.

CONTACT FOR DATA PROTECTION INQUIRIES

For any questions about GDPR compliance or data protection:

Email: hello@photocameraapp.com

Subject: "GDPR Inquiry"

We are committed to protecting your privacy and ensuring compliance with GDPR. If you have concerns about how we handle your data, please reach out.