Privacy Policy

Personal Information

• Email address and username for account creation and authentication
• Profile information including display name, profile photos, and bio
• Precise location data (GPS coordinates) when you create or fulfill photo requests
• Photos and metadata you upload to fulfill requests
• Payment information (processed securely through RevenueCat and Apple/Google)
• Communication preferences and notification settings

Usage Information

• App usage patterns, feature interactions, and session duration
• Request creation and fulfillment history with timestamps
• Device information including model, operating system, and app version
• IP address, browser type, and general location data
• Crash reports and performance analytics
• User feedback, ratings, and support communications

Automatically Collected Information

• Log files and server records
• Cookies and similar tracking technologies
• Analytics data and user behavior metrics
• Security and fraud prevention data

Service Provision

• Provide and maintain the PhotoTask platform services
• Connect photo requesters with nearby community members using location data
• Process and display photos and requests on our platform
• Facilitate communication between users through our messaging system
• Process payments and manage subscription services

Communication and Notifications

• Send notifications about request updates and new opportunities
• Provide customer support and respond to inquiries
• Send important service updates and security alerts
• Send marketing communications (with your consent)

Platform Improvement and Security

• Analyze usage patterns to improve app functionality and user experience
• Conduct research and analytics to enhance our services
• Ensure platform security and prevent fraud, abuse, and illegal activities
• Monitor and enforce compliance with our Terms of Service
• Develop new features and services

Legal and Compliance

• Comply with applicable laws, regulations, and legal processes
• Respond to government requests and court orders
• Protect our rights, property, and safety, and that of our users
• Investigate and prevent security incidents and violations

Access and Control

• View and update your profile information through app settings
• Download your data through the app settings or by contacting us
• Delete your account and associated data using our data deletion form
• Control privacy settings and data sharing preferences
• Opt out of marketing communications at any time
• Request correction of inaccurate personal information

Data Deletion and Retention

You can request complete data deletion by using our data deletion formor contacting us directly. We will process your request within 30 days and confirm deletion.

Important: When you delete your account, your photos will remain on the platform but will be deanonymized (your personal information will be removed). This is necessary to maintain the integrity of fulfilled photo requests for other users.

We retain certain information for legitimate business purposes, legal compliance, and security reasons, including transaction records, security logs, and anonymized usage data for up to 7 years.

GDPR and CCPA Rights

If you are in the European Union or California, you have additional rights including the right to data portability, the right to restrict processing, the right to object to processing, and the right to withdraw consent. Contact us to exercise these rights.

Data Transfer Safeguards

Your information may be transferred to and processed in countries other than your own, including the United States, where our servers are located. We ensure appropriate safeguards are in place for international transfers:

• Standard Contractual Clauses (SCCs): We use EU-approved SCCs for transfers to third countries
• Adequacy Decisions: We rely on adequacy decisions where applicable
• Binding Corporate Rules: Internal data protection policies for intra-group transfers
• Certification Schemes: Participation in recognized privacy frameworks
• Technical Safeguards: Encryption and pseudonymization for data in transit and at rest

Third-Party Service Providers

We use the following service providers who may process your data internationally:

• Cloud Services: Cloud infrastructure and authentication (US, with SCCs)
• RevenueCat: Subscription management (US, with SCCs)
• Apple/Google: App store and payment processing (US, with SCCs)
• Analytics Providers: Usage analytics and crash reporting (US/EU, with SCCs)

Age Requirements

PhotoTask is not intended for children under 13 years of age in the United States, or under 16 years of age in the European Union and other jurisdictions with higher age requirements. We do not knowingly collect personal information from children under these age limits.

If you are under the required age, please do not use PhotoTask or provide any personal information to us.

Parental Rights

If we become aware that we have collected personal information from a child under the applicable age limit, we will take immediate steps to delete such information from our servers. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Verification Process

We may implement age verification measures and may request additional information to verify the age of users when necessary to comply with applicable laws.

Lawful Basis for Processing

Under the General Data Protection Regulation (GDPR), Maison du Code LLC processes your personal data based on the following legal grounds:

• Contract Performance (Article 6(1)(b)): Processing necessary to provide PhotoTask services and fulfill our contractual obligations to you
• Legitimate Interests (Article 6(1)(f)): Processing for platform security, fraud prevention, service improvement, and business operations
• Consent (Article 6(1)(a)): Marketing communications, optional analytics, and non-essential features
• Legal Obligation (Article 6(1)(c)): Compliance with applicable laws, tax requirements, and regulatory obligations
• Vital Interests (Article 6(1)(d)): Protection of your or others' vital interests in emergency situations

Special Categories of Data

We do not intentionally process special categories of personal data (sensitive data) as defined in GDPR Article 9. If any such data is inadvertently collected, we will process it only with your explicit consent or as required by law.

Data Protection Impact Assessment

We have conducted a Data Protection Impact Assessment (DPIA) for our high-risk processing activities, including location tracking and photo processing, to ensure compliance with GDPR requirements.

European Union (GDPR)

If you are in the EU, you have the following rights under GDPR:

• Right of Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Rights Related to Automated Decision-Making: Human review of automated decisions

California (CCPA/CPRA)

If you are a California resident, you have the following rights under CCPA and CPRA:

• Right to Know: Information about data collection and use
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of sale or sharing of personal information
• Right to Correct: Correct inaccurate personal information
• Right to Limit: Limit use of sensitive personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices

Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate, including but not limited to PIPEDA (Canada), Privacy Act (Australia), LGPD (Brazil), and other regional privacy regulations.

Data Protection Officer

Maison du Code LLC has appointed a Data Protection Officer (DPO) to oversee our data protection compliance. You can contact our DPO at: privacy@phototaskapp.com

Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority. For EU residents, you can find your supervisory authority at: https://edpb.europa.eu/about-edpb/board/members_en