Privacy Policy

Effective date: 10 April 2026

This Privacy Policy explains how Parklolo UG (haftungsbeschränkt) ("we", "us", "our") processes personal data when you use the Piclolo mobile application and related services (collectively, the "Service").

We are committed to protecting the privacy and security of personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable data protection laws.

1. Controller and Contact Details

The data controller is:

Parklolo UG (haftungsbeschränkt)
Jan-Külper-Weg 1 a
22547 Hamburg
Germany

Registered with the commercial register of the local court (Amtsgericht) Hamburg under HRB 175340
EUID: DEK1101R.HRB175340
Email: support@parklolo.com

2. Categories of Personal Data We Process

2.1 Account Data

When you register for Piclolo, we process:

• Username and display name
• Email address
• Password (hashed)
• Avatar image (optional)
• Company/organization identifier

2.2 Photos and Videos

When you upload content to shared albums, we process:

• Photos and videos you upload
• Associated metadata (file name, size, type, upload timestamp)
• Album/event association

2.3 Selfie Filter (Face Matching)

When you use the selfie filter feature:

• A selfie image you provide is processed to match your face against photos in the album
• Face embeddings (numeric representations) are generated for matching purposes
• The selfie image is used only for the duration of the filtering session and is not permanently stored

2.4 Technical Data

• IP address
• Device type and operating system
• App version
• Access tokens and session identifiers

3. Purposes and Legal Bases

3.1 Providing the Service

Purpose: To enable account creation, photo sharing, album management, and all core app functionality.

Legal basis: Art. 6(1)(b) GDPR — performance of a contract.

3.2 Face Matching (Selfie Filter)

Purpose: To allow you to find photos containing your face within a shared album.

Legal basis: Art. 6(1)(a) GDPR — your explicit consent when you choose to use this feature. Art. 9(2)(a) GDPR for biometric data processing.

3.3 Security and Abuse Prevention

Purpose: To protect the Service, detect abuse, and ensure stability.

Legal basis: Art. 6(1)(f) GDPR — legitimate interests.

4. Data Sharing

Your photos and videos are shared with other members of the same album — this is the core purpose of the Service. We do not sell personal data to third parties.

We may share data with:

• Hosting and infrastructure providers (to operate the Service)
• Professional advisers where required by law

5. Data Retention

• Account data: stored for the duration of your account and deleted upon account deletion
• Photos and videos: stored as long as the album exists; album owners can delete content at any time
• Selfie images for face matching: processed temporarily and not permanently stored
• Technical logs: retained for up to 30 days

6. International Data Transfers

Our primary infrastructure is located in the European Union. If data is transferred outside the EEA, we ensure appropriate safeguards such as EU Standard Contractual Clauses (SCCs).

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Access (Art. 15 GDPR) — obtain information about your data
• Rectification (Art. 16 GDPR) — correct inaccurate data
• Erasure (Art. 17 GDPR) — request deletion of your data
• Restriction (Art. 18 GDPR) — restrict processing
• Data portability (Art. 20 GDPR) — receive your data in a structured format
• Object (Art. 21 GDPR) — object to processing based on legitimate interests
• Withdraw consent (Art. 7(3) GDPR) — withdraw consent at any time

To exercise your rights, contact us at support@parklolo.com.

You also have the right to lodge a complaint with a supervisory authority.

8. Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS), access controls, and regular backups.

9. Children's Privacy (COPPA & GDPR Compliance)

Piclolo is designed to be safe for users of all ages. We comply with the US Children's Online Privacy Protection Act (COPPA) and the EU General Data Protection Regulation (GDPR).

9.1 Data Collection

We treat all users equally and apply the highest privacy standards to everyone:

• We collect only the minimum personal data necessary to provide the Service (username, email for account creation)
• We do not collect location data, device identifiers for advertising, or any data beyond what is needed for core functionality
• We do not serve advertisements of any kind
• We do not share personal data with third parties for marketing or advertising purposes

9.2 Content Safety

All content within shared albums is user-generated. Album owners are responsible for ensuring content is appropriate. We provide reporting mechanisms for inappropriate content, and we respond promptly to reports involving content that may be harmful to children.

9.3 No Advertising

Piclolo does not display any advertisements. There are no ad networks, tracking SDKs, or third-party advertising services integrated into the app.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will indicate the date of the last update at the top. Material changes may be communicated via the app or email.

11. Contact Us

Parklolo UG (haftungsbeschränkt)
Jan-Külper-Weg 1 a
22547 Hamburg
Germany
Email: support@parklolo.com