Picaloca – Privacy Policy

Effective date:
Controller: Serhii Yaniuk (individual developer)
Contact: info@challengeme.team

Picaloca lets you find where a photo was taken. You upload a picture, our AI estimates the place (city, country, coordinates) and shows it on a map. No user account is required.

We respect your privacy. This Policy explains what we collect, how we use it, and your rights.

1) What we collect

We collect only what’s needed to provide the service, improve reliability, and handle purchases.

Data you provide

  • Photos you choose to analyze. Processed to produce location results (city/country/coordinates) and a short description.

Data collected automatically

  • Device information & identifiers: device model, OS version, app version, language/locale; a device identifier (e.g., Android ID or Vendor ID) stored in our database to prevent abuse, enforce rate limits, and support purchases.
  • Usage & diagnostic data: crash reports and basic analytics (screen views, performance data, install/launch counts). We do not log sensitive content of your photos in analytics.

Purchase data

  • In-app purchases (consumables). Receipts/tokens are processed by Apple/Google and RevenueCat to validate purchases. We do not receive your full payment card details.

Location

  • Picaloca infers location from the photo content. We do not collect your device GPS location in the background or without you initiating an analysis.
We do not collect: contact lists, SMS, microphone recordings, advertising IDs, or precise device location outside the photo-analysis feature.

2) How we use your data

  • Provide the core feature: send the selected photo to our AI processing provider to return the predicted place and confidence.
  • Show maps & results: render map tiles and display the predicted city/country/coordinates.
  • Operate and secure the service: rate limiting, fraud/abuse prevention (using device ID), error diagnosis.
  • Measure and improve: anonymous/aggregated analytics and crash diagnostics to fix bugs and improve performance.
  • Process purchases: validate consumable in-app purchases and restore eligibility where applicable.

We do not sell your personal information or share it for third-party advertising.

4) Service providers (processors)

We use reputable vendors to operate Picaloca:

  • AI image processing: an AI inference provider to analyze the photo and produce the location output. We configure provider settings to limit retention and model training where such controls are available.
  • Analytics & diagnostics: Firebase Analytics, Firebase Crashlytics, Firebase Remote Config (Google).
  • Purchases: RevenueCat (validates receipts from Apple/Google; no card data to us).
  • Backend & storage: Supabase (stores minimal app records such as device ID and purchase-related metadata).
  • Maps: map tiles and geodata may be fetched from third-party providers (e.g., OpenStreetMap/other tile sources) when displaying results; these providers receive standard internet metadata (e.g., IP address).

These providers act on our instructions and only for the purposes stated above.

5) Data retention

  • Photos: uploaded images are processed and not kept longer than necessary for delivering the result; we do not build user profiles from your photos.
  • Device ID & minimal app records (Supabase): retained while needed for abuse prevention, purchase support, and legitimate business purposes; deleted upon verified request.
  • Analytics/Crash logs: retained per provider defaults to maintain app quality (typically months).
  • Purchase records: retained as needed for accounting and fraud prevention.

6) International transfers

Our providers may process data on servers located outside your country. We rely on appropriate safeguards (e.g., Standard Contractual Clauses) and vendor compliance frameworks to protect your data.

7) Your choices & rights

  • Do not upload: you can use the app without uploading photos at any time.
  • Access/erasure: email info@challengeme.team to request a copy or deletion of personal data we store (e.g., device-ID record in Supabase). We will verify the request and respond within applicable legal timeframes.
  • EEA/UK: you may have rights to object to processing, restrict processing, and data portability; you may lodge a complaint with your local data protection authority.
  • California: we do not sell or share personal information as defined by the CCPA/CPRA. You may request access/deletion as above.

8) Children’s privacy

Picaloca is not directed to children under 13. If you believe a child provided us personal data, contact info@challengeme.team and we will delete it.

9) Security

We apply technical and organizational measures appropriate to the risk (encryption in transit, restricted access, least-privilege practices). No method of transmission or storage is 100% secure; we work continuously to improve safeguards.

10) In-app purchases (consumables)

Payments are processed by Apple App Store or Google Play; we do not receive your full payment instrument details. RevenueCat processes receipts to confirm entitlements and prevent fraud.

11) Changes to this Policy

We may update this Policy as our service evolves. We will post the updated version with a new Effective date. Continued use after changes means you accept the revised Policy.

Contact

If you have questions or requests about privacy, email info@challengeme.team.

App Privacy summary (for store forms)

  • Data linked to you: Purchases (receipt metadata), Identifiers (device ID), Diagnostics (crash data), Usage Data (basic analytics).
  • Data not collected: contacts, precise device location, advertising data.
  • Purpose: app functionality, analytics, fraud prevention, purchase validation.
  • Sharing: no sale or third-party advertising use.