Privacy Policy of PicDiary

Introduction

With this privacy policy, we inform you about the types of personal data (hereinafter referred to as "data") we process, for what purposes, and to what extent in the context of providing our application PicDiary.

The terms used are not gender-specific.

Effective Date: May 14, 2025

Data Controller

Benedikt Kehl-Waas
Ybbsstraße 20/46
1020 Vienna - Austria
Email: benedikt@picdiary.app

Our Commitment

Your satisfaction and well-being are our top priorities. Given that PicDiary handles highly personal and sensitive data, protecting your information is crucial to us. We appreciate the trust you place in us by providing your data for processing and commit to respecting your rights and privacy. Our principles include:

• Data protection is paramount, especially for personal and sensitive information.
• Your personal data (photos, texts, etc.) are initially stored exclusively on your device.
• If you create and use an account, your data will be encrypted and stored on a server in Germany for backup and synchronization purposes only, and will not be shared with third parties.
• If you delete your account, all associated data will be deleted from the server.
• If you delete the app, all your data will be deleted from your device.

Overview of Processing

This overview summarizes the types of data processed, the purposes of their processing, and the categories of affected persons.

Types of Data Processed

• Inventory data (e.g., names, addresses).
• Contact data (e.g., email addresses, phone numbers).
• Content data (e.g., photos, texts).
• Usage data (e.g., websites visited, interest in content, access times).
• Meta, communication, and procedural data (e.g., IP addresses).

Categories of Affected Persons

• Communication partners.
• Users.

Purposes of Processing

• Provision of contractual services and customer support.
• Handling contact requests and communication.
• Implementing security measures.
• Measuring reach and user interaction.
• Tracking and analysis for service improvement.
• Managing and responding to inquiries.
• Collecting feedback.
• Creating user profiles with related information.
• Maintaining our information technology infrastructure.

Legal Bases for Processing

We process personal data based on the following legal bases of the GDPR:

• Consent (Art. 6 para. 1 lit. a GDPR): The data subject has given their consent to the processing of their personal data for one or more specific purposes.
• Contract performance and pre-contractual inquiries (Art. 6 para. 1 lit. b GDPR): Processing is necessary for the performance of a contract or for pre-contractual measures.
• Legitimate interests (Art. 6 para. 1 lit. f GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless overridden by the data subject's interests or fundamental rights and freedoms.

In addition to GDPR, national data protection regulations in Austria, such as the Data Protection Act (DSG), apply. These include specific provisions on rights to information, correction, or deletion, and data transfer to third countries.

Security Measures

We implement technical and organizational measures to ensure data protection, including controlling access to data, maintaining data integrity and availability, and implementing privacy-friendly default settings.

Transfer and Disclosure of Data

We transfer data only within the scope of legal requirements and contractual obligations, particularly adhering to GDPR when processing data in third countries.

In-App Purchases

We collect and process personal data necessary for in-app purchases, including inventory and contact data. Payment data is handled securely and in compliance with applicable laws, often involving third-party payment service providers with their own privacy policies.

Data Retention and Deletion

Data is retained only as long as necessary for the outlined purposes or as required by law. We specify retention periods and ensure timely deletion once these periods expire.

Children's Privacy

Our app is not intended for children under 13. We do not knowingly collect personal data from children under 13. If we become aware of such data collection, we will delete the information immediately. Parents or guardians should contact us if they believe their child has provided us with personal data.

Your Rights

• Right to confirmation.
• Right to information.
• Right to correction.
• Right to deletion (right to be forgotten).
• Right to restriction of processing.
• Right to data portability.
• Right to complain to a supervisory authority.

To exercise these rights, contact us using the details provided above. We may require identity verification before processing requests.

Third-Party Services

We may employ third-party companies and individuals due to the following reasons:

• To facilitate our service;
• To provide the service on our behalf;
• To perform service-related services; or
• To assist us in analyzing how our service is used.

These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

App Analytics

We use Matomo, an open-source analytics platform, to monitor and analyze the use of our app. Matomo is self-hosted on our own servers in Germany, and all data is stored securely and in compliance with the GDPR. No personal data is shared with third parties. For more information about Matomo, please visit: https://matomo.org/privacy-policy/

Google Crashlytics

We use Google Crashlytics to monitor and report application crashes. This helps us improve the stability and performance of our app. For more information on Google's privacy practices, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy

Google Firestore and Google Storage

If you create an account,your data will be stored in Google Firestore and Google Storage. This allows us to back up and synchronize your data. For more information on Google's privacy practices, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy

Deepgram and OpenAI ChatGPT

This app uses Deepgram for speech-to-text conversion and OpenAI's ChatGPT for generating and structuring the transcribtion to journal entries. When you use the "Voice Recording" feature, your spoken input is processed by Deepgram to convert it into text, and then by OpenAI to create structured diary entries.

• Deepgram processes your speech input securely and confidentially. For more information, please visit their https://deepgram.com/data-security
• OpenAI processes the converted text to generate your diary entry. For more information, please visit their https://openai.com/policies/row-privacy-policy/

These services are used solely to enhance your experience with our app and to generate the content you request. They do not store or use your data beyond the completion of these tasks.

EmailJS

We use EmailJS to send user feedback. This service helps us manage and respond to your feedback effectively. For more information on EmailJS's privacy practices, please visit the EmailJS Privacy Policy web page: https://www.emailjs.com/legal/privacy-policy/

International Data Transfers

Your data may be processed outside your jurisdiction, including in countries with different data protection standards. We take appropriate measures to ensure data protection according to this policy and applicable law.

Changes and Updates to the Privacy Policy

We may modify this privacy policy to reflect legal changes or updates to our services and data processing practices. Significant changes will be communicated directly or via the app.

Contacting Us

For inquiries or support requests, providing your name and contact details (email or phone number) is necessary. This information is used solely to address your request. If you have any questions about these Terms and Conditions, You can contact us by email:benedikt@picdiary.app