Skip to content
Sign InGet Started

Privacy Policy

Last updated: January 2026

1. Introduction

This Privacy Policy explains how Picalyze ("we", "us", "our") collects, uses, and protects your personal data when you use our AI-powered photo intelligence platform. We are committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection laws.

2. Data Controller

Picalyze

Jonas Rohde

[Street Address]

[Postal Code] [City]

Germany

Email: privacy@picalyze.com

3. Data We Collect and Process

We collect and process the following categories of personal data:

Data CategoryPurposeLegal BasisRetention
Account Data
Name, email, password (hashed)		Account creation and authenticationContract performance (Art. 6(1)(b))Account lifetime + 30 days
Photos
Uploaded images		AI-powered photo analysisContract performance (Art. 6(1)(b))User-controlled deletion
EXIF Metadata
Camera settings, GPS (if present)		Photo analysis and statisticsContract performance (Art. 6(1)(b))Deleted with photos
Usage Analytics
Feature usage, session data		Service improvementLegitimate interest (Art. 6(1)(f))26 months
Payment Data
Billing info (via Stripe)		Subscription billingContract performance (Art. 6(1)(b))10 years (German tax law)

4. How We Use Your Data

  • Service Delivery: To provide AI-powered photo analysis, EXIF extraction, and photography insights
  • Account Management: To create and manage your account, authenticate you, and process your requests
  • Billing: To process payments and manage subscriptions through our payment processor (Stripe)
  • Communication: To send service-related emails (account verification, password reset, important updates)
  • Improvement: To analyze usage patterns and improve our services (anonymized/aggregated where possible)

5. Data Sharing and Recipients

We share your data only with the following categories of recipients:

  • Cloud Infrastructure: Vercel (hosting), Neon (database) - EU/US with Standard Contractual Clauses
  • Payment Processing: Stripe - for secure payment handling (PCI-DSS compliant)
  • AI Analysis: OpenAI - for photo analysis (see their privacy policy)
  • Error Monitoring: Sentry - for debugging and error tracking
  • Legal Requirements: Authorities when required by law

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • EU-US Data Privacy Framework certification (where applicable)
  • Additional technical and organizational measures to protect your data

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access

Request a copy of your personal data (Art. 15)

Right to Rectification

Correct inaccurate or incomplete data (Art. 16)

Right to Erasure

Request deletion of your data (Art. 17)

Right to Restriction

Limit how we process your data (Art. 18)

Right to Portability

Receive your data in a portable format (Art. 20)

Right to Object

Object to processing based on legitimate interest (Art. 21)

To exercise your rights, please contact us at privacy@picalyze.com or use the data export and deletion features in your account settings.

8. Cookies and Tracking

We use essential cookies for authentication and session management. For detailed information about our cookie practices, please see our Cookie Policy (coming soon).

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption in transit (TLS 1.3) and at rest
  • Secure password hashing (bcrypt)
  • Regular security audits and updates
  • Access controls and authentication
  • Monitoring and logging for security incidents

10. Automated Decision-Making

Our AI-powered photo analysis uses automated processing to generate insights about your photographs (composition, style, technical quality). This processing:

  • Does not produce legal or similarly significant effects
  • Is part of the service you explicitly request
  • Can be reviewed and disputed by contacting our support team

11. Children's Privacy

Picalyze is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Right to Lodge a Complaint

If you believe we have not handled your data properly, you have the right to lodge a complaint with a supervisory authority. In Germany, you can contact your state data protection authority (Landesdatenschutzbeauftragter) or the Federal Commissioner for Data Protection (BfDI).

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our website. The "Last updated" date at the top indicates when this policy was last revised.

14. Contact Us

For any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@picalyze.com

Or visit our Impressum for full contact details.