Privacy Policy

1. Information We Collect

We collect information that you provide directly to us, information that is automatically collected when you use our Services, and information from third-party sources, as described below.

1.1 Information You Provide to Us

• Account Information: When you create an account, we collect your name, email address, profile image (if provided), and authentication credentials. If you sign in using a third-party authentication service (such as Google, Apple, or Facebook), we may receive your name, email address, and profile information from that service.
• User Content: We collect the photos, images, metadata (such as EXIF data), captions, folder names, album titles, and other content you upload, store, or share through PhotoCab.
• Communication Information: When you contact us for support, report a problem, or communicate with us in any way, we collect your contact information and the content of your communications, including any attachments.
• Payment Information: If you purchase a paid subscription, our third-party payment processors collect your payment information (such as credit card details). We do not store your full payment card information on our servers. We may receive transaction information, such as billing address and payment status.
• Preferences and Settings: We collect your preferences, settings, and configurations within the Services, such as language preferences, notification settings, and sharing preferences.

1.2 Information Automatically Collected

• Device Information: We collect information about your device, including device type, operating system, device identifiers (such as device ID, advertising ID), mobile carrier, and hardware information.
• Usage Information: We collect information about how you use PhotoCab, including features you access, actions you take, time spent on the Services, pages viewed, and interactions with content.
• Log Information: We automatically collect log information when you use our Services, including IP address, browser type and version, language settings, access times, dates and times of your requests, referring URLs, and error logs.
• Location Information: With your permission, we may collect your device's location information. You can disable location services through your device settings.
• Cookies and Similar Technologies: We use cookies, web beacons, pixel tags, and similar technologies to collect information about your interactions with our Services. For more information, see Section 8 (Cookies and Tracking Technologies).

1.3 Information from Third Parties

• Authentication Providers: If you sign in using a third-party authentication service, we receive information from that service as described above.
• Analytics Providers: We may receive aggregated analytics data from third-party analytics services to help us understand how our Services are used.
• Payment Processors: We receive transaction and billing information from our payment processors.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To Provide and Operate the Services: We use your information to create and manage your account, authenticate your identity, process your requests, store and display your content, enable sharing features, and provide customer support.
• To Improve and Develop Our Services: We analyze usage patterns and feedback to understand how our Services are used, identify issues, develop new features, and improve performance, reliability, and user experience.
• To Communicate with You: We use your contact information to send you service-related communications (such as account notifications, security alerts, and updates), respond to your inquiries, and provide customer support. We may also send you marketing communications if you have consented to receive them (you can opt out at any time).
• To Ensure Security and Prevent Fraud: We use your information to detect, prevent, and investigate security threats, fraud, abuse, and other illegal activities, and to protect the rights, property, and safety of PhotoCab, our users, and others.
• To Comply with Legal Obligations: We use your information to comply with applicable laws, regulations, legal processes, and government requests, and to enforce our Terms of Service and other policies.
• To Process Payments: If you have a paid subscription, we use your payment information to process transactions, manage subscriptions, and handle refunds.
• For Business Purposes: We may use aggregated, anonymized data for business analytics, research, and reporting purposes.

Legal Basis for Processing (EU Users): If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data based on the following legal bases:

• Consent: When you have given us consent to process your personal data for specific purposes (e.g., marketing communications).
• Contract Performance: To perform our contract with you (e.g., providing the Services you requested).
• Legal Obligation: To comply with our legal obligations (e.g., tax reporting, responding to legal requests).
• Legitimate Interests: To pursue our legitimate business interests (e.g., improving our Services, preventing fraud), provided that your interests and fundamental rights do not override those interests.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as when you choose to share content with specific users or through shareable links.

3.2 Service Providers

We share your information with trusted third-party service providers who perform services on our behalf, including:

• Cloud Storage Providers: To store your photos and other content securely in the cloud.
• Hosting and Infrastructure Providers: To host our Services and maintain our infrastructure.
• Payment Processors: To process payments for paid subscriptions.
• Analytics Providers: To help us understand how our Services are used and improve them.
• Customer Support Providers: To provide customer support services.
• Email Service Providers: To send you communications.

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or government request, or if we believe disclosure is necessary to:

• Comply with applicable laws, regulations, or legal processes;
• Respond to valid requests from law enforcement or government authorities;
• Enforce our Terms of Service or other policies;
• Protect the rights, property, or safety of PhotoCab, our users, or others;
• Detect, prevent, or address fraud, security, or technical issues.

3.4 Business Transfers

If PhotoCab is involved in a merger, acquisition, sale of assets, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

3.5 Aggregated or Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, analytics, or other purposes.

4. Data Retention

We retain your personal information for as long as necessary to provide the Services, fulfill the purposes described in this Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. The retention period depends on the type of information and the purpose for which it was collected:

• Account Information: We retain your account information (email, username, profile data) for as long as your account is active. If you delete your account, we will delete or anonymize your account information within 30 days, except for data that must be retained for legal or compliance reasons (see below).
• User Content (Photos and Images): We retain your photos and other content for as long as your account is active or until you delete them. If you delete specific photos, they are removed from active systems immediately. If you delete your account, all your photos will be deleted from active systems within 30 days. However, photos may persist in backup systems for up to 90 days after deletion (see Backup Retention below).
• Backup Retention: For disaster recovery and business continuity purposes, deleted data (including photos and account information) may remain in our encrypted backup systems for up to 90 days after deletion from active systems. After 90 days, backups containing your deleted data are permanently destroyed. During this backup retention period, we will not restore or make accessible any data you have deleted unless required by law or court order.
• Log Information: We retain log information (IP addresses, access logs, error logs) for 12-24 months for security monitoring, debugging, and analytics purposes. Logs containing your personal identifiers are deleted or anonymized after this period.
• Transaction and Payment Records: Transaction records, invoices, and subscription history are retained for 7 years to comply with tax and accounting regulations in the UK and other jurisdictions.
• Legal and Compliance Holds: We may retain certain information for longer periods if required by:
  • Applicable laws or regulations (e.g., tax laws, anti-money laundering laws);
  • Legal processes (e.g., court orders, subpoenas, litigation holds);
  • Investigations into violations of our Terms of Service;
  • Fraud prevention and security purposes (up to 2 years).
• Anonymized Data: After the retention periods above, we may retain anonymized or aggregated data that cannot reasonably be used to identify you. This anonymized data may be used indefinitely for analytics, research, and service improvement purposes.

Account Deletion Timeline Summary

When you delete your PhotoCab account:

• Immediate: Your account is deactivated and content becomes inaccessible to you and others;
• Within 30 days: Account data and photos are deleted from active/production systems;
• Within 90 days: Data is permanently deleted from all backup systems;
• Exceptions: Transaction records retained for 7 years for legal compliance; data subject to legal holds retained as required.

Important: Once data is deleted from our systems, it cannot be recovered. If you wish to retain copies of your photos, please download them before deleting your account. We are not responsible for any data loss resulting from account deletion.

After the retention periods expire, we will securely delete or anonymize your information using industry-standard data destruction methods, except where we are legally required to retain it.

5. Data Security

We implement appropriate technical, administrative, and physical safeguards to protect your personal information against unauthorized access, disclosure, alteration, destruction, or loss. These measures include:

• Encryption of data in transit (using TLS/SSL) and at rest;
• Access controls and authentication mechanisms to restrict access to personal information to authorized personnel only;
• Regular security assessments and vulnerability testing;
• Secure data centers and infrastructure;
• Employee training on data protection and security practices;
• Incident response procedures to address security breaches.

However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.

If we become aware of a security breach that may affect your personal information, we will notify you and relevant authorities as required by applicable law.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. We will honor your rights to the extent required by applicable law.

6.1 Access and Portability

You have the right to access the personal information we hold about you and to receive a copy of your data in a structured, commonly used, and machine-readable format. You can access much of your information through the PhotoCab app, or you can request a copy by contacting us.

6.2 Correction

You have the right to correct inaccurate or incomplete personal information. You can update your account information through the PhotoCab app settings, or you can contact us to request corrections.

6.3 Deletion

You have the right to request deletion of your personal information. You can delete your account and associated content through the PhotoCab app (Me → About → Delete Account) or by contacting us. We will delete your information within a reasonable time, subject to our legal obligations to retain certain data.

6.4 Objection and Restriction

You have the right to object to certain processing of your personal information (such as processing for direct marketing purposes) and to request restriction of processing in certain circumstances.

6.5 Withdrawal of Consent

If we process your personal information based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

6.6 Opt-Out of Marketing Communications

You can opt out of receiving marketing communications from us by following the unsubscribe instructions in our emails or by adjusting your preferences in the PhotoCab app settings.

6.7 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You have the right to know what personal information we collect, use, disclose, and sell (we do not sell personal information).
• Right to Delete: You have the right to request deletion of your personal information.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out: You have the right to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising).
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your California privacy rights, please contact us at [email protected].

6.8 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access (Article 15)
• Right to rectification (Article 16)
• Right to erasure ("right to be forgotten") (Article 17)
• Right to restriction of processing (Article 18)
• Right to data portability (Article 20)
• Right to object (Article 21)
• Right to withdraw consent (Article 7(3))

To exercise your GDPR rights, please contact us at [email protected].

6.9 How to Exercise Your Rights

To exercise any of your rights, please contact us at [email protected]. We will respond to your request within the timeframes required by applicable law (typically 30 days, or 45 days in some jurisdictions). We may need to verify your identity before processing your request.

7. Children's Privacy

PhotoCab is not intended for children under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected], and we will take steps to delete such information.

If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly.

In some jurisdictions (such as the European Union), the minimum age may be higher (e.g., 16 years old). We comply with the applicable minimum age requirements in each jurisdiction.

8. Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar technologies to collect information about your interactions with our Services. Cookies are small text files stored on your device that help us provide, protect, and improve our Services.

Types of Cookies We Use:

• Essential Cookies: Required for the Services to function properly (e.g., authentication, security).
• Functional Cookies: Remember your preferences and settings to enhance your experience.
• Analytics Cookies: Help us understand how our Services are used and improve them.
• Advertising Cookies: Used to deliver relevant advertisements (if applicable).

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Services.

For more information about our use of cookies, please see our Cookie Policy (if applicable) or contact us.

9. International Data Transfers and US-Based Infrastructure

US-Based Data Storage

IMPORTANT NOTICE: PhotoCab is operated by ODYSS LTD, a UK-registered company located at 128 City Road, London, United Kingdom, EC1V 2NX. However, all user data, including your photos, images, metadata, account information, and other personal information, is stored on servers and cloud infrastructure located in the United States of America.

We work exclusively with reputable, industry-leading US-based cloud service providers and infrastructure partners who maintain high standards of data security and privacy protection. These service providers operate state-of-the-art data centers in the United States with robust physical security, redundancy, and disaster recovery capabilities.

Standard Contractual Clauses (SCCs) for EU Data Transfers

For users located in the European Economic Area (EEA), United Kingdom, and Switzerland, we ensure that all data transfers to the United States are conducted in full compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We have implemented the following safeguards:

• Standard Contractual Clauses (SCCs): We use the Standard Contractual Clauses (also known as Model Clauses) approved by the European Commission pursuant to Article 46(2)(c) of the GDPR. These SCCs are legally binding contractual commitments between us and our US service providers that ensure your personal data transferred to the United States receives an adequate level of protection equivalent to the protection guaranteed within the EEA;
• Enhanced Security Measures: In addition to SCCs, our US service providers implement supplementary technical and organizational measures, including:
  • End-to-end encryption of data in transit using TLS/SSL protocols;
  • Encryption of data at rest using industry-standard encryption algorithms (AES-256 or equivalent);
  • Strict access controls, authentication mechanisms, and role-based permissions to limit data access to authorized personnel only;
  • Regular third-party security audits, penetration testing, and compliance certifications (such as SOC 2, ISO 27001);
  • Comprehensive data breach notification procedures in accordance with GDPR Article 33 and 34;
  • Data minimization practices to ensure only necessary data is transferred and retained.
• Ongoing Compliance Monitoring: We continuously monitor legal and regulatory developments related to international data transfers and update our safeguards as necessary to maintain GDPR compliance;
• Your Rights Remain Protected: Despite the data being stored in the United States, you retain all your data protection rights under GDPR, including the rights to access, rectification, erasure, data portability, and objection as described in Section 6 of this Privacy Policy.

Other International Data Transfers

Your information may also be transferred to and processed in other countries where our service providers, partners, or business operations are located. These countries may have data protection laws that differ from those in your country of residence. We take appropriate safeguards to ensure that your personal information receives an adequate level of protection in all jurisdictions, including:

• Using Standard Contractual Clauses approved by the European Commission or other relevant authorities;
• Ensuring that our service providers are bound by appropriate data protection agreements and security obligations;
• Implementing technical and organizational measures to protect your information during transfer and processing;
• Conducting due diligence assessments of service providers' data protection practices and legal frameworks.

Your Consent to International Data Transfers

By creating an account and using PhotoCab, you acknowledge that you have read and understood this Privacy Policy, and you explicitly consent to:

• The transfer of your personal data and content to the United States and other countries where our service providers operate;
• The storage and processing of your data on US-based servers and infrastructure;
• The processing of your data in accordance with the laws and regulations applicable in those jurisdictions, subject to the safeguards described in this Privacy Policy.

If you do not consent to international data transfers, you should not use PhotoCab. If you have already created an account and wish to withdraw your consent, you may delete your account at any time (Me → About → Delete Account in the app or by contacting us), and we will delete your personal data in accordance with our data retention policies.

9A. Intended Use and User Responsibilities

Service Designed for Private Use

Primary Intended Use: PhotoCab is designed, marketed, and optimized primarily for private, personal, and family use. Our service is intended for individuals and families who wish to store, organize, and share personal photos from events such as:

• Family gatherings, vacations, and celebrations;
• Weddings, birthdays, anniversaries, and personal milestones;
• Private photo sharing with friends and relatives;
• Personal photo albums and memories;
• Hobby photography and personal creative projects;
• Other non-commercial, private use cases.

Business and Institutional Users

Disclaimer for Non-Private Use: While PhotoCab can technically be used by businesses, institutions, educational organizations, religious organizations, government entities, or other commercial users, we do not specifically design, market, or certify our service for such use cases.

If you are a business or institutional user, you acknowledge and agree that:

• You are the Data Controller: For purposes of GDPR and other data protection laws, YOU act as the Data Controller for any personal data you process through PhotoCab, and you are fully responsible for ensuring lawful processing;
• Compliance is Your Responsibility: You are solely responsible for ensuring that your use of PhotoCab complies with all applicable laws and regulations in your jurisdiction and industry, including but not limited to:
  • GDPR (General Data Protection Regulation) for organizations in the EU/EEA;
  • UK-GDPR for organizations in the United Kingdom;
  • KDG (Kirchliches Datenschutzgesetz / German Church Data Protection Law) for religious organizations in Germany;
  • FERPA for educational institutions in the United States;
  • CCPA/CPRA for businesses operating in California;
  • Any other applicable data protection, privacy, or information security laws.
• Legal Assessment Required: You must conduct your own legal assessment or consult with qualified legal counsel to determine whether PhotoCab's service model, data storage location (United States), security measures, and technical safeguards meet your specific legal and regulatory requirements;
• Data Processing Agreement (DPA): If you require a formal Data Processing Agreement for institutional or commercial use, please contact us at [email protected] to discuss enterprise-level solutions;
• We Do Not Provide Legal Advice: Any information provided in this Privacy Policy or our Terms of Service is for general informational purposes only and does not constitute legal advice. We strongly recommend consulting with legal experts before using PhotoCab for business or institutional purposes.

User Responsibility for Photo Consent and Legal Rights

CRITICAL USER OBLIGATION: Regardless of whether you use PhotoCab for private or business purposes, YOU are the Data Controller for all photos and personal data you upload to PhotoCab. As the Data Controller, you are fully and solely responsible for:

1. Obtaining Consent from Individuals Depicted in Photos

You must ensure that you have obtained all necessary consents, permissions, and legal authorizations from all individuals whose images, likenesses, or personal data appear in the photos you upload, including but not limited to:

• General Consent: Explicit or implied consent from all identifiable individuals to photograph them and upload their images to PhotoCab;
• GDPR Consent (for EU users): If you are subject to GDPR, you must obtain valid consent as defined in GDPR Article 6(1)(a) and Article 7, which requires consent to be freely given, specific, informed, and unambiguous;
• Parental Consent for Minors: If your photos include images of children (under 16 in the EU, or the applicable age of consent in your jurisdiction), you must obtain consent from parents or legal guardians before uploading such photos;
• Special Categories of Personal Data: If your photos contain special categories of personal data as defined in GDPR Article 9 (such as photos revealing racial or ethnic origin, religious beliefs, health information, or biometric data for identification purposes), you must obtain explicit consent as required by GDPR Article 9(2)(a);
• Event-Specific Consent: If you are uploading photos from events (such as weddings, parties, conferences, or other gatherings), you must ensure that attendees were informed that photos would be taken and shared, and that they consented to such use;
• Sensitive Locations or Contexts: If photos were taken in sensitive locations (such as private homes, hospitals, places of worship, or secure facilities) or depict sensitive situations, you must have obtained appropriate consent and authorization.

2. Respecting Privacy, Publicity, and Image Rights

You are responsible for respecting all applicable legal rights of individuals depicted in your photos, including:

• Right to Privacy: Ensuring that your photos do not violate individuals' reasonable expectations of privacy;
• Right to One's Image (Recht am eigenen Bild in Germany): In Germany and some other jurisdictions, individuals have a legal right to control the use and distribution of their image. You must comply with these laws;
• Publicity Rights: Respecting individuals' rights to control the commercial use of their name, image, or likeness;
• Data Subject Rights under GDPR: If you are subject to GDPR, you must respect data subjects' rights to access, rectification, erasure, restriction, and objection. If an individual requests that you delete their photo, you must delete it from PhotoCab promptly.

3. Ensuring You Have Legal Right to Upload and Share

Before uploading any photo to PhotoCab, you must ensure that:

• You own the copyright to the photo or have obtained permission from the copyright holder;
• You have the legal right to upload, store, and share the photo;
• The photo does not violate any third-party intellectual property rights, trademark rights, or other legal rights;
• You comply with any applicable laws or regulations regarding the photographing, storage, or sharing of images in your jurisdiction.

PhotoCab's Role and Limitations

PhotoCab's Limited Role: PhotoCab acts solely as a technical service provider (Data Processor under GDPR) that provides cloud storage infrastructure and photo-sharing tools. We do not:

• Determine the purposes or means of processing your User Content (you, as the user, are the Data Controller);
• Have knowledge of or control over which individuals are depicted in your photos;
• Have the ability to obtain consent from individuals on your behalf;
• Review, screen, or verify that you have obtained necessary consents before you upload photos (except in cases of reported illegal content or Terms of Service violations);
• Provide legal advice or guarantees regarding your compliance with data protection laws.

PhotoCab's Disclaimer of Liability

WE EXPRESSLY DISCLAIM ANY LIABILITY FOR:

• Your failure to obtain necessary consents, permissions, or authorizations from individuals depicted in photos you upload;
• Your violation of individuals' privacy rights, publicity rights, image rights, or other legal rights;
• Your non-compliance with GDPR, KDG, CCPA, or other data protection laws when uploading, storing, or sharing photos through PhotoCab;
• Any legal claims, fines, penalties, regulatory enforcement actions, or damages arising from your unauthorized or unlawful uploading, storage, or sharing of photos without proper consent or legal authorization;
• Any disputes, complaints, or legal proceedings initiated by individuals depicted in your photos regarding privacy violations, unauthorized use of their image, or data protection breaches;
• Your failure to respond to data subject rights requests (such as requests for erasure or access) from individuals depicted in your photos.

Your Representations and Warranties

By uploading photos to PhotoCab, you represent, warrant, and covenant that:

• You have obtained all necessary consents, permissions, and legal authorizations from all individuals depicted in the photos;
• Your uploading, storage, and sharing of the photos complies with all applicable laws and regulations, including data protection laws;
• You have the legal right to upload, store, and share the photos;
• The photos do not violate any third-party rights, including intellectual property rights, privacy rights, publicity rights, or image rights;
• You will promptly respond to any requests from individuals to delete their photos or exercise their data protection rights;
• You will indemnify and hold PhotoCab harmless from any claims, damages, liabilities, or expenses arising from your breach of these representations and warranties.

Reporting Unauthorized Photos

If you believe that a photo of you has been uploaded to PhotoCab without your consent or in violation of your rights, please contact us immediately at:

Email: [email protected]
Subject: "Privacy Complaint - Unauthorized Photo"

Please provide:

• Your name and contact information;
• A description of the photo and where it is located (if you have a share link or other identifying information);
• An explanation of why you believe the photo was uploaded without your consent or violates your rights;
• Any supporting evidence or documentation.

We will investigate your complaint and take appropriate action in accordance with our legal obligations and Terms of Service. However, please note that as a technical service provider, we may need to contact the user who uploaded the photo to verify the situation and request that they delete the photo. We encourage you to first contact the person who uploaded the photo directly if possible.

10. Third-Party Links and Services

Our Services may contain links to third-party websites, services, or applications that are not owned or controlled by PhotoCab. This Privacy Policy does not apply to such third-party services. We are not responsible for the privacy practices or content of third-party services. We encourage you to review the privacy policies of any third-party services you access.

11. Third-Party SDKs and Services

PhotoCab integrates various third-party software development kits (SDKs), services, and technologies to enhance functionality, improve user experience, analyze usage patterns, ensure security, and provide essential features. By using PhotoCab, you acknowledge and agree that your information may be collected, processed, and shared with these third-party service providers in accordance with their respective privacy policies and terms of service.

Third-Party SDKs and Services We Use

The following third-party services are integrated into our applications. Please review their privacy policies to understand how they collect, use, and protect your information:

• Google Play Services: https://policies.google.com/privacy
• Google Analytics for Firebase: https://firebase.google.com/support/privacy
• Firebase Crashlytics: https://firebase.google.com/support/privacy
• Facebook SDK: https://www.facebook.com/about/privacy/update/printable
• RevenueCat: https://www.revenuecat.com/privacy/
• Apple App Store: https://www.apple.com/legal/privacy/data/en/app-store/

Data Sharing with Third-Party Services

We share only the minimum necessary information with third-party services to enable their functionality. The types of information shared may include:

• Device identifiers (such as advertising IDs, device IDs, or installation IDs);
• Technical information (such as device model, operating system version, app version);
• Usage data (such as feature usage, app events, session duration);
• Transaction information (such as purchase history, subscription status);
• Crash and performance data (such as error logs, stack traces);
• User identifiers (such as anonymized user IDs or account identifiers).

We do not share your photos, personal albums, or user-generated content with these third-party services unless explicitly required for a specific feature you choose to use (such as social sharing features).

Your Rights Regarding Third-Party Services

While some third-party services are essential for core functionality, you may have options to limit data collection:

• Analytics and Advertising: You can opt out of personalized advertising by adjusting your device settings (Limit Ad Tracking on iOS or Opt out of Ads Personalization on Android).
• Crashlytics: You can opt out of crash reporting in the app settings, though this may impact our ability to fix bugs affecting your experience.
• Location Services: You can disable location permissions for PhotoCab in your device settings at any time.
• Social Login: You can choose not to use social login features and instead create an account directly with PhotoCab.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. If we make material changes, we will:

• Provide notice through the Services, by email, or by other reasonable means;
• Update the "Last Updated" date at the top of this Policy;
• For material changes, provide at least 30 days' notice before the changes take effect (where required by law, such as in the European Union).

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree to the changes, you must stop using the Services and may delete your account.

13. Data Controller and Data Processor Roles

Clarification of Data Controller and Data Processor Roles

IMPORTANT - Role Clarification: Under GDPR and other data protection laws, the roles of Data Controller and Data Processor are clearly defined. For PhotoCab Services, the roles are as follows:

PhotoCab as Data Controller (for Account Data)

PhotoCab acts as the Data Controller for the following types of personal data:

• Account Information: Your email address, username, password (hashed), authentication credentials, and profile information that you provide during account creation;
• Service Usage Data: Log data, device information, IP addresses, browser information, and technical data we collect to operate and improve the Services;
• Payment and Subscription Data: Transaction records, subscription status, and billing information (note: actual payment card details are processed by third-party payment processors);
• Communications: Your communications with our support team and any feedback you provide to us.

For this data, PhotoCab determines the purposes and means of processing, and is responsible for GDPR compliance as the Data Controller.

PhotoCab as Data Processor (for User-Uploaded Content)

PhotoCab acts as the Data Processor (and you act as the Data Controller) for:

• Photos and Images: All photos and images you upload to PhotoCab, including any personal data of individuals depicted in those photos;
• Photo Metadata: EXIF data, captions, album names, folder names, and other descriptive information you add to your photos;
• Sharing Decisions: Your decisions about who to share photos with and what access permissions to grant.

For this user-generated content, YOU determine the purposes and means of processing. You decide what photos to upload, what personal data they contain, and who to share them with. PhotoCab merely provides the technical infrastructure (storage and sharing tools) to process this data according to your instructions.

Your Responsibilities as Data Controller (for Photos)

When you upload photos containing personal data of others, you are the Data Controller and must:

• Ensure you have legal basis (such as consent) to process that personal data;
• Comply with all applicable data protection laws (GDPR, UK-GDPR, etc.);
• Respect the rights of data subjects (individuals in your photos);
• Respond to data subject requests (access, deletion, etc.) regarding your photos;
• Only upload photos where you have the right to do so.

Contact Information for Data Protection Matters

For Account Data (where PhotoCab is Data Controller):

ODYSS LTD
128 City Road, London, United Kingdom, EC1V 2NX
Email: [email protected]
Data Protection Inquiries: [email protected]

We will respond to your inquiry as soon as reasonably possible, and in any event within the timeframes required by applicable law (typically 30 days under GDPR).

For Photo Content (where you are Data Controller):

If someone contacts us claiming their photo was uploaded without consent, we will forward the request to you (the account holder) as you are the Data Controller responsible for that content. You must respond to such requests in accordance with applicable data protection laws.

Supervisory Authority

If you are located in the European Economic Area and have concerns about our data processing practices, you have the right to lodge a complaint with your local data protection supervisory authority. You can find your local supervisory authority at: https://edpb.europa.eu/about-edpb/about-edpb/members_en