Privacy Policy

1) Data We Collect

• Account & Auth: Email, password hash, sign-in tokens, third-party auth IDs (Apple/Google), device IDs, session state.
• Profile: Display name, avatar, bio, optional links/location hints, visibility/block/report preferences.
• Tasks & Submissions: Task title/description/reward, geofence/expiry, submissions (photos/videos), captions, upload metadata, EXIF when retained, status and approvals/rework history.
• Location: Foreground coordinates and accuracy for discovery/eligibility/proof-of-presence; geo-eligibility heuristics; no background tracking unless explicitly enabled.
• Device & Usage: App/device type, OS, app version, IP-derived region, crash and performance telemetry, feature interactions, cached map/task state, offline queues.
• Social & Safety: Comments, reactions, reports, blocks, moderation decisions, audit trails for admin/mod actions.
• Notifications: Push tokens, notification preferences, delivery metadata; payloads minimized to identifiers.
• Subscriptions & Billing: Plan tier (Free/Pro), entitlement status, RevenueCat/App Store/Play receipts metadata; payment details processed by stores/RevenueCat.
• Support & Communications: Support tickets, emails, phone interactions, user feedback.
• Security & Fraud: Login events, rate-limit counters, reCAPTCHA signals, anomaly and anti-spoofing checks, limited IP/device signals.
• Optional Analytics/Marketing: Only with consent where required; limited usage metrics, campaign attribution where enabled.

2) How and Why We Use Data

3) Photo Content and Ownership

• By uploading or sending content, you grant PhotoTask a limited license to store, transmit between users, and process content as necessary for app functionality.
• Photos are transmitted privately between requesters and fulfillers only.
• We may retain photos to preserve task integrity, resolve disputes, and maintain safety records per our retention schedule.
• Fulfilled content may be deanonymized from deleted accounts to preserve task history.

4) Location, Media, and Real-Time Features

• Location: Requested just-in-time with clear purpose; used for eligibility, map pins, and task verification; precision minimized where possible; no background collection unless you enable it for a feature that requires it; you can revoke in device settings.
• Location Accuracy: Location data may not be accurate. You assume all risks related to navigating to or from task locations. Maison du Code LLC is not responsible for any harm arising from location inaccuracies.
• EXIF & Metadata: We strip or avoid storing EXIF unless needed for fraud review; retained metadata is access-controlled.
• Visibility & Matching: Tasks show by radius/time and eligibility; claimed tasks may be hidden; completed history is limited; anti-scraping and rate limits apply.
• Uploads: Client validation → secure upload to Storage → Firestore metadata → moderation and visibility rules before display.
• Offline & Cache: Short-lived cached tasks/map state; low-risk queued actions retried; sensitive data is minimized and cleared when no longer needed.

5) Sharing and Disclosure

We do not sell data and do not share for cross-context behavioral advertising.

• Other users: Public/limited profile elements, task details, submissions per task rules, and moderation outcomes that affect them.
• Processors: Firebase (auth, Firestore, Storage, functions, hosting, analytics), RevenueCat (subscriptions), Postmark (email), app stores, reCAPTCHA, CDN/logging providers. All bound by DPAs/SCCs as applicable.
• Moderation & Safety: Escalated content may be reviewed by trained moderators under confidentiality; CSAM/illegal content may be reported to authorities.
• Legal/Compliance: Lawful requests, safety emergencies, enforcing rights, corporate transactions with equivalent protections.

Authorized agents can submit requests with verification. We honor Global Privacy Control (GPC) where technically received for opt-out preferences.

6) Cookies, Analytics, and Tracking

• Mobile SDKs and limited analytics may record crashes, performance, and feature usage; marketing/attribution runs only with consent where required.
• Security tools (reCAPTCHA, rate limiting) process technical signals solely to prevent abuse.
• Notification payloads avoid sensitive content; details are fetched in-app under auth.

7) Retention Schedule

• Account & profile: Life of account + 30-day grace after confirmed deletion.
• Tasks & submissions: Life of task; fulfilled media retained as part of task history and may be deanonymized on account deletion; dispute evidence up to 12 months.
• Location snapshots: 30 days for eligibility/fraud review; aggregated or deleted thereafter; geofence accuracy logs up to 90 days.
• Security/audit logs: Admin/mod/audit trails and auth logs up to 24 months unless legally required longer.
• Transactions/billing: 7 years for tax/accounting.
• Support tickets: 24 months.
• Backups: Up to 90 days; deletions propagate on next backup cycle where feasible.
• Analytics: Aggregated or anonymized within 18 months.

8) Your Rights and Requests

• Access, portability, correction, deletion, restriction/objection (where available), withdraw consent, and appeal denials.
• Submit via in-app Privacy Center, privacy-rights, email, phone, or mail.
• Verification required; authorized agents must provide signed permission and ID where allowed.
• Response timelines: GDPR/UK GDPR within 30 days; CCPA/CPRA within 45 days (extension if permitted); PIPEDA within 30 days.
• Do Not Sell/Share and limit sensitive data: manage in app or via do-not-sell; we already do not sell/share.

9) Security

• Encryption in transit (TLS) and at rest; short-lived signed URLs for media; no public buckets.
• Firebase Security Rules with role/ownership checks; least-privilege admin/mod roles; audit logging of elevated actions.
• Rate limiting, anti-spoofing, MIME/type validation; planned malware scanning pipeline for uploads.
• Session integrity: token refresh, revocation on deletion/ban; App Check for abuse protection.
• Breach response playbook aligned to 72-hour notification where required.

10) Children and Minor Safety

• Not for children under 13 (US) or under 16 where required. We do not knowingly collect data from minors below these ages.
• We may gate access, request age attestation, and decline service if not eligible.
• Contact us to remove data for an ineligible minor.

11) International Transfers

Data may be processed in the US and other regions. Safeguards include SCCs, DPAs, and provider certifications (e.g., ISO 27001, SOC 2). Transfers rely on adequacy, SCCs, or equivalent where applicable.

12) Moderation, Safety, and Risk

• Tasks must not be dangerous, illegal, or violate platform policies; we may disable tasks, remove content, or ban accounts.
• Reporting, blocking, and appeals are available; reports route to a moderation queue with audit logs.
• Harassment, stalking, doxxing, and scraping are prohibited; location precision may be blurred/decayed.
• CSAM/illegal content escalated per law; repeat infringers are removed.

13) Subscriptions and Billing

• Billing handled by Apple/Google via RevenueCat; we store entitlement status, not full payment data.
• We verify receipts server-side where available and handle grace/billing issues per store rules.
• Cancellations must be done in the applicable app store; deleting your account does not cancel a store subscription.

14) Changes

We update this policy as practices or laws change. Material changes will be notified in-app and/or by email; continued use means acceptance. If you disagree, stop using the service and request deletion.

15) Additional Disclosures for Users in Japan

If you are located in Japan, your personal data will be transferred to and processed in the United States and other jurisdictions where our service providers operate.

• Foreign Third Party Provision: By using the App, you consent to the transfer of your personal data to the United States and other countries that may not have the same data protection laws as Japan.
• Safeguards: We ensure that our third-party service providers (including Google/Firebase, RevenueCat) implement appropriate security measures and contractual protections (such as standard contractual clauses) to protect your personal information in a manner equivalent to the standards required by the Act on the Protection of Personal Information (APPI).
• Your Rights: You may request information about these transfers or exercise your rights under the APPI by contacting our Privacy Contact/DPO.

NOTICE TO RESIDENTS OF JAPAN (APPI): We comply with the Act on the Protection of Personal Information (APPI). We will not provide your personal data to third parties specifically located outside of Japan without your prior consent, except where permitted by the APPI. We take appropriate measures to ensure the security of your personal data.

16) Notice to Residents of Brazil (LGPD)

If you are located in Brazil, you have specific rights under the Lei Geral de Proteção de Dados (LGPD), including:

• Confirmation: The right to confirm the existence of processing.
• Access: The right to access your data.
• Correction: The right to correct incomplete, inaccurate, or out-of-date data.
• Anonymization/Deletion: The right to request anonymization, blocking, or deletion of unnecessary or excessive data.
• Portability: The right to data portability.

To exercise these rights, please contact us at privacy@phototaskapp.com.

17) Grievance Officer (India & Philippines)

In accordance with the Information Technology Act, 2000 and Rules made thereunder, the contact details of the Grievance Officer are provided below:

Name: Privacy Officer
Email: privacy@phototaskapp.com
Address: 1401 21st St STE R, Sacramento, CA 95811-5221 US

If you have any questions, concerns, or grievances regarding the processing of your personal data or our Privacy Policy, please contact our Grievance Officer. We will acknowledge your complaint within 24 hours and dispose of it within 15 days.

18) Notice to Users in South Korea (PIPA)

In accordance with the Personal Information Protection Act (PIPA), we provide the following additional information for users in South Korea:

• Items of Personal Information Collected: (Reference Section 2 of this policy).
• Purpose of Collection & Use: (Reference Section 3 of this policy).
• Retention Period: We retain personal data for the duration of your account's existence or as required by law. (Reference Section 9 of this policy).
• Procedure for Destruction: Personal information is deleted immediately upon request via our automated "Delete Account" feature in the app settings, or after the retention period expires.
• Domestic Agent (Optional for Startup, but Recommended): If we do not have a local office, you may contact our Global Privacy Officer at privacy@phototaskapp.com.
• Rights of Users: You may exercise your rights to access, correction, deletion, and suspension of processing at any time via the "Privacy Center" in the app.

19) Contact