Privacy Policy

This policy is effective as of January 16, 2025.

At PhotoJoy, your privacy and trust are at the core of everything we do. We are dedicated to protecting your personal information and ensuring that your data is handled responsibly, securely, and transparently. This Privacy Policy outlines how we collect, use, share, and safeguard your information as part of our commitment to providing a safe and enjoyable experience for all users.

We understand the importance of privacy in today’s digital world and are committed to meeting and exceeding the requirements of applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Whether you’re sharing moments with friends, connecting with others, or exploring new features, we prioritize your control over your data and your ability to make informed decisions.

Our practices are designed to reflect our values as a non-profit organization focused on serving our community. We collect only the information necessary to provide our services and improve your experience. We never monetize your data or republish your content without consent, and we work exclusively with trusted partners to ensure the security and integrity of your information.

This policy details our approach to data collection, usage, sharing, and retention. It also explains your rights and the choices you have regarding your information. By using PhotoJoy, you can trust that we are fully committed to safeguarding your privacy and empowering you with control over your data. If you have any questions or concerns, we’re here to help.

1. Data Collection

At PhotoJoy, we collect and process information to provide you with a secure and personalized experience. The types of data we collect include:

• Name: Used to display your profile and help friends identify you within the app.
• Phone Number: Required for authentication and account security.
• Email Address (Optional): Provided for account recovery and to receive our opt-in quarterly newsletter.
• Payment Information: PhotoJoy does not collect or store payment information directly. All payment processing for subscriptions or other transactions is securely handled by trusted app store payment systems (e.g., Apple App Store, Google Play Store). For your security, any issues related to payments should be addressed through the app store’s customer support.

• Photos: Uploaded or posted by you, with your explicit consent during the posting process.
• Metadata: Embedded data from photos (e.g., location information via EXIF, if enabled).
• Captions, Comments, and Reactions: Content you create and share with others in the app.
• Connections: Data about friends you connect with through the platform.

• IP Addresses: Used for security, fraud prevention, and improving app performance.
• Device Information: Includes details such as operating system, device type, and app version to help us optimize functionality and troubleshoot issues.
• App Usage Patterns: Data about your interactions with the app, such as session duration and features used, collected in an anonymized format to enhance reliability and user experience.

We collect only the data necessary to provide and improve our services. Any additional data you choose to share is handled in accordance with this Privacy Policy. We are committed to transparency and give you control over what you provide and how it is used.

2. How We Use Your Data

We use the information we collect to provide you with a seamless, personalized, and secure experience. Your data enables us to deliver our services, such as creating and managing your account, facilitating interactions with friends, and ensuring the smooth operation of the app. This includes features like sharing photos, comments, and connections with others on the platform. Additionally, we use your information to enhance your overall experience by personalizing features and making ongoing improvements to the app.

We also rely on your data to communicate with you effectively. This includes sending important updates, such as changes to our policies, new app features, or notifications related to your activity—like friend requests or shared content. For users who opt in, we may also send newsletters or promotional updates about PhotoJoy.

When it comes to financial transactions, PhotoJoy relies on trusted app store payment systems (e.g., Apple App Store, Google Play Store) to securely process payments for subscriptions or purchases. PhotoJoy does not collect or store payment information such as credit card details. All payment records and transactions are managed by the app stores in compliance with their legal and operational requirements to ensure both security and accountability. To simplify subscription management and improve your in-app experience, PhotoJoy utilizes RevenueCat, a third-party service that integrates with the app stores. RevenueCat retains anonymized payment records, such as transaction details and subscription statuses, to assist with managing subscriptions. RevenueCat does not store sensitive financial information, such as credit card numbers or other payment method details. For any payment-related issues, including disputes or refunds, please contact the respective app store's customer support.

To maintain the quality and reliability of our services, we analyze app performance and usage patterns. This helps us identify and address technical issues while ensuring a smooth and error-free experience. Your data also plays a vital role in safeguarding your account and protecting the platform from unauthorized access or fraudulent activity.

In all cases, we are committed to using your data responsibly and transparently. Your information is never used for purposes beyond those outlined here without your explicit consent. Where optional features are involved, such as newsletters or promotional updates, you retain full control over your preferences.

3. Service Providers

To provide a seamless and reliable experience, we collaborate with trusted third-party service providers who help us deliver essential features of the PhotoJoy platform. These providers assist with tasks such as secure payment processing, data hosting, and identifying and addressing technical issues like app crashes. Each service provider we work with is carefully selected and contractually bound to maintain the confidentiality and security of your information.

These providers are required to comply with applicable data protection laws, such as GDPR and CCPA, ensuring your information is handled responsibly. They are authorized to use your data only to perform specific tasks on our behalf and are prohibited from using it for any other purposes. By working with these partners, we can ensure that PhotoJoy remains a safe, secure, and efficient platform for all users.

4. Data Security

At PhotoJoy, protecting your data is a top priority. We use industry-standard security measures, including advanced encryption technologies and robust access controls, to safeguard your personal information. These measures ensure that your data remains secure during storage, transmission, and processing.

In addition to employing these protections, we regularly assess our systems to identify and address potential vulnerabilities. This includes conducting security audits, monitoring for unauthorized access, and staying updated on the latest cybersecurity practices. While no system can guarantee absolute security, we are committed to maintaining a high standard of protection and continually improving our defenses to ensure the safety of your data.

5. Data Minimization

At PhotoJoy, we are committed to collecting and retaining only the data necessary to provide and improve our services. We follow the principle of data minimization, ensuring that we do not gather excessive or irrelevant information.

The data we collect is used strictly to facilitate core platform functionalities, such as account authentication, content sharing, and improving app performance. Optional data, like email addresses for newsletters, is collected only with your consent. Any information that is no longer needed for operational or legal purposes is promptly deleted or anonymized to safeguard your privacy.

By minimizing the data we store, we not only enhance your privacy but also reduce the potential risks associated with data breaches. Our non-profit model aligns with this philosophy, as we have no interest in monetizing your personal information—our focus is solely on providing you with a reliable and secure service.

6. User Control over Shared Content

At PhotoJoy, we believe in empowering you with full control over the content you share on our platform. You decide how your photos, captions, and other user-generated content are shared and accessed by others. Our app provides several features to help you manage your content and its visibility.

You can choose whether your photos are downloadable by friends, giving you greater control over how your content is used. While we block screenshots within the app to protect your privacy, we acknowledge that technical limitations may allow users to capture content by other means. For added privacy, you can choose to strip metadata, such as location data (EXIF), from photos during the posting process.

If you wish to delete a post or your account, all associated content, including photos, captions, and connections, will be permanently removed from our systems. This ensures that you maintain control over your digital footprint. We are committed to providing you with the tools and transparency needed to share content confidently while maintaining your privacy and security.

7. Third-Party Data Protection

At PhotoJoy, we prioritize the protection of your data when working with trusted third-party service providers. These providers play a vital role in supporting our platform by offering services such as payment processing, data hosting, bug tracking, and push notifications. We carefully vet all third-party partners to ensure they meet our strict security and privacy standards.

Each service provider is contractually obligated to handle your information responsibly and securely. They are permitted to use your data only for specific purposes necessary to perform their services on our behalf. Providers are prohibited from using, selling, or sharing your information for any unauthorized purposes.

Additionally, we require all third-party partners to comply with applicable data protection laws, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This ensures that your information is handled in accordance with the highest privacy standards, whether it is stored, processed, or transmitted.

By maintaining stringent agreements and ongoing oversight of our third-party providers, we ensure that your data remains secure and used only in ways that align with this Privacy Policy. Your trust is paramount, and we are committed to upholding it through every partnership we establish.

8. Tracking Technologies

PhotoJoy uses tracking technologies to enhance your experience, improve our services, and ensure the platform operates effectively. These technologies allow us to better understand how you interact with our app, enabling us to deliver a smoother and more personalized experience.

How We Use Tracking Technologies

• To maintain secure sessions and manage user authentication.
• To analyze app performance and identify areas for improvement.
• To remember your preferences and enhance app functionality.
• To ensure the stability and reliability of our services.
• To notify users of issues (e.g., service disruptions) and provide resolutions when appropriate.

While PhotoJoy primarily uses anonymized data collected through tracking technologies, there are limited scenarios where tracking data may be linked to personally identifiable information (PII) for operational purposes. For example, if an issue occurs, tracking data linked to your user ID (and by extension, your name, email, or phone number) may be used to notify you and provide resolutions.

PhotoJoy does not share or store your PII for purposes unrelated to the operation of the platform. By using our app, you agree to the use of tracking technologies as described in this Privacy Policy.

9. Incident Response

At PhotoJoy, we take the security of your data seriously and are prepared to respond promptly to any data breaches or security incidents. Our incident response process is designed to minimize risks, protect your information, and comply with applicable data protection laws.

In the event of a security incident, we work quickly to identify the scope and cause of the issue. Our technical team isolates affected systems to prevent further unauthorized access or data exposure while we assess the impact of the incident.

If a data breach compromises your personal information, we will notify you promptly, as required by applicable laws such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA). Notifications will include:

• A description of the incident and the data involved.
• Steps we are taking to resolve the issue and secure our systems.
• Recommended actions you can take to protect yourself.

Once the immediate risks are mitigated, we work to restore normal operations and strengthen our systems to prevent similar incidents in the future. This may include implementing additional security measures, revising internal processes, and conducting staff training.

We encourage you to reach out to us with any concerns or questions during or after an incident. Our goal is to be transparent and supportive while ensuring your data remains as secure as possible.

By maintaining a proactive and comprehensive incident response plan, PhotoJoy aims to protect your trust and safeguard your information, even in challenging circumstances.

10. Legal Basis for Processing

PhotoJoy processes your personal data in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and other relevant regulations. The legal basis for our data processing activities depends on the specific purposes for which the data is collected and utilized.

In many cases, we process your data to fulfill a contract or provide the services you request, such as creating and managing your account, enabling app functionality, or processing secure payments for subscriptions or purchases. For example, your data allows us to facilitate features like sharing photos, managing connections, and personalizing your experience.

In other situations, we rely on your explicit consent to process your data. This applies to optional activities, such as subscribing to newsletters or importing content from external services like Instagram. You have the right to withdraw your consent at any time, without affecting the lawfulness of prior processing based on your consent.

Additionally, we process certain data under legitimate interests that do not override your rights and freedoms. These legitimate interests include improving app performance, maintaining platform security, and analyzing anonymized usage data to enhance the user experience. We also process your information when required to meet legal or regulatory obligations, such as retaining financial records for compliance purposes.

PhotoJoy is committed to ensuring that all data processing activities are necessary, fair, and transparent. If you have questions about the legal basis for processing your data or wish to exercise your rights, please contact us at support@photojoy.org.

11. Instagram Backup Policy

PhotoJoy offers a feature that allows users to import their Instagram data to seamlessly transition their content onto our platform. This process is designed with privacy and user control in mind, ensuring that you remain in charge of your data at all times.

To import your Instagram content, you will first initiate a backup request directly through Meta/Instagram. This generates a backup file that is sent to your email by Instagram. You then have the option to upload this backup file to PhotoJoy for processing. Importantly, PhotoJoy does not act as an intermediary in this process and does not collect your Instagram credentials or directly access your Instagram account.

Once the backup file is uploaded, PhotoJoy processes the file to extract posts and related content that you wish to import. While we recommend uploading only the posts you want to transfer, you may upload a full backup file, which may include additional information. PhotoJoy will store the uploaded backup for up to 30 days, giving you ample time to complete the import or cancel the process.

At any point during the process, you can cancel the import and delete the backup file and all associated data immediately. If no action is taken within 30 days, the backup file and any unfinalized imports will be permanently deleted from our systems. Once imported, your Instagram content will be governed by PhotoJoy’s privacy and data control policies, giving you full authority over its visibility and management.

We handle Instagram backups with the highest level of confidentiality. The data is stored securely and used solely for the purpose of completing your requested import. Any information in the backup that is not relevant to your PhotoJoy account will not be processed or analyzed.

This feature is designed to give you full flexibility and peace of mind when transitioning your content to PhotoJoy, while ensuring your privacy and data security are fully respected. If you have any questions about the Instagram backup process, please contact us at support@photojoy.org.

12. Data Retention

At PhotoJoy, we retain your personal data only for as long as it is necessary to provide our services, fulfill legal and operational obligations, or achieve the purposes described in this Privacy Policy. Once the data is no longer required, we ensure that it is securely deleted, anonymized, or otherwise removed from our systems. The duration for which we retain your data depends on the type of information and its purpose. For instance:

• Account Data: Your personal information, photos, and other content remain stored as long as your account is active. If you delete your account, all associated data, including photos and personal information, is permanently deleted.
• User-Generated Content: Posts, comments, and reactions you share are deleted when you remove them from the platform or when your account is deleted.
• Operational and Legal Records: Data required for legal compliance, such as payment records or financial transactions, is retained only as long as required by law and then anonymized.

We provide you with tools to control and manage your data. You can request deletion of your account or specific content at any time, and we will promptly honor your request. Once processed, all personally identifiable information (PII) will be permanently erased. Any data that cannot be deleted due to operational needs (e.g., payment records) will be anonymized to remove any connection to your identity.

PhotoJoy retains only the data that is essential to provide and improve our services. We do not store unnecessary information, and our practices are guided by the principle of data minimization. Retaining less data not only enhances your privacy but also reduces risks associated with data breaches or unauthorized access.

13. Your Rights

For U.S. Users. Under privacy laws such as the California Consumer Privacy Act (CCPA) and other applicable state laws, U.S. users have the following rights:

• Right to Access: You have the right to request and receive a copy of the personal data we have collected about you in a portable and readily usable format.
• Right to Know: You may inquire about the categories of personal information we collect, the purposes for which it is used, and any third parties with whom your information is shared.
• Right to Deletion: You can request the deletion of your personal information, except where we are required to retain it for legal or operational purposes.
• Right to Opt-Out: If applicable, you can opt out of the sale of your personal data (although PhotoJoy does not sell your information).
• Right to Non-Discrimination: You will not be penalized or denied services for exercising your privacy rights.

To submit a request, please contact us at support@photojoy.org. You may be required to verify your identity before we process your request to ensure the security of your data.

 

For EU Users. If you reside in the European Union, your rights are protected under the General Data Protection Regulation (GDPR). These include:

• Right to Access: You have the right to request confirmation of whether we process your data and to access a copy of your personal data.
• Right to Rectification: You can request corrections to any inaccurate or incomplete personal information we hold about you.
• Right to Erasure ('Right to Be Forgotten'): You may request the deletion of your personal data, provided it is no longer necessary for the purposes for which it was collected and there is no overriding legal requirement for its retention.
• Right to Restrict Processing: You can request that we limit the processing of your personal data under certain circumstances, such as when contesting its accuracy or objecting to its processing.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transferred to another controller where technically feasible.
• Right to Object: You may object to the processing of your personal data for specific purposes, such as direct marketing or profiling.
• Right to Withdraw Consent: If we rely on your consent for processing, you can withdraw it at any time without affecting the legality of processing conducted prior to withdrawal.
• Right to Lodge a Complaint: You can file a complaint with your local data protection authority if you believe we have violated your rights.

To exercise any of these rights, contact us at support@photojoy.org. We will respond promptly, typically within 30 days, as required by GDPR. You may also contact your local supervisory authority if you have unresolved concerns.

14. Children’s Privacy

At PhotoJoy, we are committed to protecting the privacy of children. Our platform is not intended for use by individuals under the age of 13, and we do not knowingly collect, store, or process personal information from children under this age.

If we become aware that a child under the age of 13 has provided us with personal information, we will take immediate steps to delete the data from our systems. This includes any associated content or account information.

Parents and Guardians:
If you believe that your child has provided personal information to PhotoJoy without your consent, please contact us immediately at support@photojoy.org. We will work promptly to investigate the matter and ensure that all related data is removed in compliance with applicable laws, such as the Children’s Online Privacy Protection Act (COPPA) in the United States.

For Users in the European Union (EU):
In compliance with the General Data Protection Regulation (GDPR), PhotoJoy does not collect or process personal data from individuals under the age of 16 without verified parental consent. If you believe such data has been collected, please notify us immediately to ensure its deletion.

By prioritizing children’s privacy and adhering to regional regulations, PhotoJoy aims to maintain a safe and secure platform for all users. If you have any questions or concerns about our children’s privacy practices, we encourage you to contact us.

15. International Data Transfers

PhotoJoy operates on a global scale, which may involve processing your data in countries outside your jurisdiction, including those that may not have the same level of data protection laws as your home country. We recognize the importance of safeguarding your data during these transfers and are committed to ensuring that it remains protected at all times.

To facilitate international data transfers, we rely on trusted third-party providers, such as AWS, Cloudflare, RevenueCat, and app stores (e.g., Apple App Store, Google Play Store). These providers are industry leaders with robust privacy and security measures. The steps we take to ensure compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR), include:

• Standard Contractual Clauses (SCCs): We ensure that data transfers outside the European Union (EU) meet the necessary legal requirements by incorporating SCCs or equivalent safeguards into our agreements with third-party service providers.
• Encryption: We use strong encryption protocols to protect your data during transmission and storage, regardless of its location.
• Service Provider Agreements: All providers are contractually obligated to process your data securely and in accordance with GDPR or other applicable privacy regulations.

By using PhotoJoy, you consent to these international data transfers under the safeguards described in this policy. If you have questions about how your data is transferred or wish to learn more about the measures we implement, please contact us at support@photojoy.org.

16. Changes to This Privacy Policy

We may update this policy from time to time. Please check back periodically to stay informed of any changes. If we make significant changes, we will notify you via email or through the app.

17. Contact Us

If you have any questions about this policy or your data, please email us at support@photojoy.org, or send a letter to our mailing address: