Privacy Policy

In the following policy, Picloq refers to the service offered by Picloq Limited (the “Company” or “We”) through the website or Picloq Android/IOS mobile app (the “Service”). This Privacy Policy explains (i) what information we collect through your access and use of our Service (ii) the use we make of such information; and (iii) the security level we provide for protecting such information.

By downloading Picloq mobile application and using the Services provided here, you agree to the terms outlined in this privacy policy.

Legal Framework

The Company is domiciled in UK at the following address:

Picloq Limited

Hallings Hatch Parkgate RoadNewdigateDorkingRH55DY, UK

All data storage infrastructure is located solely within UK and Europe, and thus governed by the laws and regulations of UK and European Union.

1. Data Collection

Our company’s overriding policy is to collect as little user information as possible to ensure a completely private user experience when using the Service. We also have no technical means to access your encrypted message contents.

Service’s user data collection is limited to the following:

Account creation: Any user signing up for a User Account on Picloq is requested for the following personal information,as defined and protected by the General Data Protection Regulation (GDPR).

  1. Name
  2. Contact Number
  3. Email id

In order to use the encrypted messaging service of the mobile app, a user will need to provide additional personal information as mentioned below:

  1. Photograph
  2. Facial Biometric Data

Further, the mobile app generates a 3dFace-map, using the facial biometric data provided by a user, for each individual user and the same is associated with the respective user account.

Other Personal Information Collected during Use: We may collect geolocation of your device and IP address during your use of the services.

2. Why is this data required and/or processed and Legal Basis of Processing?

i. Account Opening Related Data: In order to maintain integrity of the Service, Picloq must take measures to avoid creation of accounts by spammers. Each User Account is unique and associated with an individual. Therefore, a unique identifier consisting of first name, last name, gender is generated and associated with each user. Contact number is used to facilitate messaging service between one or more users of the service. The legal basis for processing is User Consent under Article 6(1)(a) and for performance of contract under Article 6(1)(b) of GDPR. Further, this data is processed based on explicit consent provided by User in line with Article 9(2)(a) of GDPR. You are free to delete your User Account and remove that data in the account panel of your Picloq User account. All users are hereby made aware, prior to providing consent, that biometric facial scan is at the core of proprietary, patent pendingtechnology that enables encrypted messaging between one or more users. Therefore, without facial biometric scan, encrypted messaging service would not work and hence Picloq would need your explicit, freeand informed consent to process your facial scan and photograph to enable encrypted messaging service.

ii. Verification: Such data will only be used to contact you with important notifications about Picloq, to send you information related to security, to send you an invitation link to create your User Account, to verify your User Account, or to send you password recovery links if you enable the option. We may also inform you about new Picloqfeatures in which you might have an interest. You are free, at any given time, to opt-out of those features through the account settings panel.The legal basis for processing is User Consent under Article 6(1)(a) and for performance of contract under Article 6(1)(b) of GDPR. Further, In order to pursue our legitimate interest of preventing the creation of accounts by spam bots or human spammers, Picloq uses a variety of human verification methods. You may be asked to verify using either reCaptcha, Email, or SMS. IP addresses, email addresses, and phone numbers provided are saved temporarily in order to send you a verification code and to determine if you are a spammer.

iii. Unauthorized Login: In order to detect unusual activity from your User Account, geolocation and IP addresses are used to ascertain only genuine users are using the services, and any suspicious activity is reported to the user. The legal basis for processing is User Consent under Article 6(1)(a) and for performance of contract under Article 6(1)(b) of GDPR and the processing is done to prevent unauthorized use of Service and protection of user’s interest, thereby maintaining integrity of the Service. Any personal information, so collected, is stored in encrypted form on Picloq’sservers.

iv. Communicating with Picloq: Your communications with the Company, such as support requests, bug reports, or feature requests may be saved by our staff. The legal basis for processing is User Consent under Article 6(1)(a) and for performance of contract under Article 6(1)(b) of GDPRand the processing is done to troubleshoot more efficiently and improve the quality of the Picloq service.

v. Payment Information: The Company relies on third parties to process credit card, PayPal, and other payment gatewaysand hence the Company necessarily must share payment information with third parties. The legal basis for processing is User Consent under Article 6(1)(a) and for performance of contract under Article 6(1)(b) of GDPR.

vi. Native Applications: When you use our native applications, we (or the mobile app platform providers) may collect certain information in addition to the information mentioned elsewhere in this Policy. We may use mobile analytics software (such as app statistics and crash reporting, Play Store app statistics, App Store app statistics, or self-hosted Sentry crash reporting) to send crash information to our developers so that we can fix bugs rapidly. Some platforms (such as the Google Play Store or the Apple App Store) may also collect aggregate, anonymous statistics like which type of devices and operating systems that are most commonly used, the total number of installs, total number of uninstalls, and the total number of active users, and may be governed by the privacy policy and terms and conditions of the Google Play Store or the Apple App Store. The legal basis for processing is Article 6(1)(f) of GDPR i.e. legitimate interest to improve the quality of the Picloq service. Any personal data acquired during this process is anonymized.

3. Data Use

We do not have any advertising on our mobile app. Any personal data that we do have will never be shared except under the circumstances described below in the Data Disclosure Section. We do NOT do any analysis on the limited data we do possess. All personal information collected from You is solely used for delivering, and improving the Service.

4. Data Storage

All servers used in connection with the provisioning of the Service are located inUK& Europe and are rented by the Company from third party service providers. Only employees of the Company have physical or other access to the servers. Data is ALWAYS stored in encrypted format on servers. Offline backups may be stored periodically, but these are also encrypted. We do not possess the ability to access any user encrypted message content on either the production servers or in the backups.

5. Data Retention

All personal information collected is retained till You delete your user account.The data records are deleted automatically once You request account deletion. Please note that Picloq shall not be responsible for providing data requests after the User Account has been deleted.

6. Right to Access, Rectification, Erasure, Portability, and Right to lodge a complaint

A user may access and view personal information associated with said User through the profile section in the mobile app.

Alternatively, any user may write an email/post-mail to Data Protection Officer for Picloq and request a copy of their personal information, as held by the Company, or request modification or deletion of their personal data. Subject to technical limitations, such request shall be entertained by the Company and the User shall be informed.

Communication Details:

Picloq Data Controller

Ajay Zharotia

Data Protection Officer


Picloq Ltd, Hallings Hatch Parkgate RoadNewdigateDorkingRH55DY, UK

The Company, on receiving such request from a user, shall attend to the request made by the user and do the needful within 7 days from date of such request.

If your User Account has been suspended for a breach of our terms and conditions, and you would like to exercise the rights related to your personal information, you can make a request to our support team.

In case of violation of your rights, you have the right to lodge a complaint to the competent supervisory authority

7. Data Sharing

Your data is not sold by us and not shared with any other entity for any commercial purpose. However, certain payment related information may be shared with third-party payment processing companies for subscription fee.

8. Data Retention

When a User Account is closed, data is immediately deleted from production servers. Active User Accounts will have data retained indefinitely. Deleted chats are also permanently deleted from production servers. Deleted data may be retained in our backups for up to 14 days.

9. Data Disclosure

We will only disclose the limited user data we possess if we are instructed to do so by a fully binding request coming from the competent UK authorities (legal obligation). While we may comply with electronically delivered notices (see exceptions below), the disclosed data can only be used in court after we have received an original copy of the court order by registered post or in person, and provide a formal response.

If a request is made for encrypted message content that Picloq does not possess the ability to decrypt, the fully encrypted message content may be turned over. If permitted by law, Picloq will always contact a user first before any data disclosure.

Picloq may from time to time, contest requests if there is a public interest in doing so. In such situations, the Company will not comply with the request until all legal or other remedies have been exhausted.

We will share information with third parties who perform services on our behalf, including who provides data processing capability on behalf of us and for maintenance purposes.We partner with GDPR compliant data processors only after a binding data processing agreement is entered into with said partners.

List of Third Party Processors:

Entity NamePurposeEntity Country
Google, Inc.Cloud Infrastructure. Email communication with customers. User app usage metricsUnited States
Amazon Web Services, Inc.Cloud Infrastructure used for CometChatUnited States
Aikaki Technologies Private LimitedHandling product development and customer support.India
Comet Chat IncManaged Chat ServersUnited States

10. Modifications to Privacy Policy

Picloq reserves the right to periodically review and change this policy from time to time and we will notify users who have enabled the notification preference about changes to our Privacy Policy. Continued use of the Service will be deemed as acceptance of such changes.

This policy is effective as of 06/10/2020