Privacy Policy
Effective date: November 1st, 2025
Contact: dp@pinacoteca.app
This policy explains what we collect, why we collect it, and the choices you have. If you use the Pinacoteca iOS app or our website (together, the “Service”), you agree to this policy.
If you don’t agree, don’t use the Service.
1. What we collect
We collect the minimum needed to run the Service, fix bugs, and improve features.
a) You choose to give us
Account info (if accounts exist): name, email, password or sign‑in tokens.
Photos and content: photos, captions, and metadata you use with the Service.
Support messages and feedback: the info you send us when you ask for help or give suggestions.
b) From your device when you let us
Location data: precise or approximate device location to group and organize photos.
Photo library access: to read and organize photos and their metadata.
Diagnostics: crash logs, performance data, and device identifiers (e.g., model, OS version).
You control Location and Photos permissions in iOS Settings. Some features won’t work without them.
c) From partners and platforms
Transactions: limited purchase and subscription details from Apple (we don’t receive your full payment card number).
Sign‑in providers (if enabled): basic profile and email, subject to the provider’s settings.
How we use data
We use data to:
Provide the Service: organize photos, build collections, show your content, train algorithms keep your account working.
Maintain and improve: fix bugs, secure the Service, analyze usage, develop new features.
Communicate: send transactional messages (receipts, changes to terms), respond to support.
Comply with law: detect abuse, respond to legal requests, enforce our Terms.
We use aggregated and de‑identified data to analyze and improve our Service. We don’t try to re‑identify de‑identified data.
We do not sell personal information. We do not use personal data for cross‑context behavioral advertising.
Legal bases (EEA/UK only)
If you’re in the EEA/UK, we process your data under these bases:
Contract: to provide the Service you ask for.
Consent: for optional things like Location and Photos access and certain analytics. You can withdraw consent in iOS Settings or in‑app controls.
Legitimate interests: keeping the Service safe and useful (e.g., fraud prevention, product analytics).
Legal obligation: where the law requires it.
How your photos are handled
Your photos and related metadata are accessed only with your permission to power features like collections, search, and organization.
Depending on how features are built, processing may occur on device and/or on our servers. If server processing is used, it’s for the purposes in this policy and protected by access controls, encryption in transit, and contractual limits with our providers.
You can remove photos from the app at any time. If any copies were uploaded to our servers for processing or sync, they are deleted according to the timelines in Retention below.
We don’t use your photos to train third‑party advertising models.
5. Sharing
We share personal data only in these cases:
Service providers (processors): cloud hosting, storage, analytics, crash reporting, email delivery, and customer support tools. They process data under our instructions and can’t use it for their own purposes.
Payments and platforms: Apple handles in‑app purchases and may process your data under its own terms.
Legal and safety: to comply with law, respond to lawful requests, or protect rights, safety, and property.
Business transfers: if we’re involved in a merger, acquisition, or sale of assets, your data may transfer to the new owner subject to this policy.
We don’t “sell” or “share” personal information as those terms are defined by California law.
6. Cookies and website data
Our website may use essential cookies (to run the site) and analytics cookies (to understand usage). You can block cookies in your browser; parts of the site may not work correctly.
7. Your choices and controls
iOS permissions: change Location and Photos in Settings → Privacy & Security.
Account: you can delete your account and content in the app or by contacting us.
Marketing: if we ever send marketing emails, you can unsubscribe in the message.
Do Not Track / GPC: we don’t sell or share personal info; if your browser sends a Global Privacy Control signal, we treat it as an opt‑out for any future sale or share.
8. Data retention
We keep personal data only as long as needed for the purposes in this policy.
Account and content: kept until you delete them or your account, then removed from active systems within [X days] and from backups within [Y days].
Diagnostics and analytics: typically [12–24 months].
Transaction records: as required for tax, accounting, and legal compliance ([7 years] or as required by law).
Aggregated/de‑identified data: kept without a set limit.
9. Security
We use administrative, technical, and physical safeguards appropriate to the data we process, including encryption in transit, access controls, and vulnerability management. No method is perfect, and we can’t guarantee absolute security. You’re responsible for securing your device and app access.
10. International transfers
We store and process data in the United States and may use providers in other countries. Where required, we use Standard Contractual Clauses or other legal safeguards for transfers from the EEA/UK/Switzerland.
11. Your rights
EEA/UK/Switzerland
You can access, correct, delete, port, or restrict processing of your personal data, and object to processing based on legitimate interests. You can withdraw consent at any time. You also have the right to lodge a complaint with your local data protection authority.
U.S. (California, Colorado, Connecticut, Utah, Virginia)
You may have rights to access, delete, correct, opt out of certain processing, and obtain information about our data practices.
We do not sell or share personal information.
For sensitive personal information (e.g., precise geolocation), we use it only to provide the Service you requested, secure the Service, and for other permitted limited purposes.
If we deny a request, you can appeal by replying to our decision email with “Appeal.” If you’re in Virginia or Colorado and still unhappy, you can contact your Attorney General.
How to exercise rights: email dp@pinacoteca.app. We may ask for reasonable information to verify your identity. Authorized agents can submit requests where allowed by law.
12. Children
The Service isn’t for children under 13 (or the minimum age required by your country, which is 16 in many EEA countries). We don’t knowingly collect personal data from children. If you think a child gave us data, contact us and we’ll delete it.
13. Payment information
Purchases are processed by Apple. We don’t receive your full payment card details. Apple’s privacy practices apply to transactions through the App Store.
14. Automated decisions
We don’t use personal data to make automated decisions that produce legal or similarly significant effects about you.
15. Changes to this policy
We may update this policy. If we make material changes, we’ll post the new version and update the effective date. If changes materially affect your rights, we’ll provide additional notice in the app or on the site.
16. Contact
Questions or privacy requests: dp@pinacoteca.app
Data protection inquiries (EU/UK reps): dp@pinacoteca.app
17. California “Notice at Collection”
We collect the following categories of personal information for the purposes listed below and keep them for the periods in Data retention:
Category (Cal. Civ. Code §1798.140)
Examples
Source
Purpose
Disclosed to
Identifiers
name, email, device IDs
you, your device
provide Service, support, security
service providers
Customer records
limited subscription details
Apple, you
purchases, account
service providers, Apple
Commercial info
purchase history
Apple
receipts, support
service providers, Apple
Internet/electronic activity
app interactions, diagnostics
your device
security, debugging, analytics
service providers
Geolocation
precise location (with permission)
your device
organize photos, features
service providers
Audio/visual content
photos you choose to use
you
provide features you request
service providers
Inferences
basic feature usage insights
derived
improve and personalize features
service providers
Sensitive personal info
precise geolocation
your device
provide features you request; security
service providers
We do not sell personal information and do not share it for cross‑context behavioral advertising.