The Company is domiciled in UK at the following address:
Hallings Hatch Parkgate RoadNewdigateDorkingRH55DY, UK
All data storage infrastructure is located solely within UK and Europe, and thus governed by the laws and regulations of UK and European Union.
1. Data Collection
Our company’s overriding policy is to collect as little user information as possible to ensure a completely private user experience when using the Service. We also have no technical means to access your encrypted message contents.
Service’s user data collection is limited to the following:
Account creation: Any user signing up for a User Account on Picloq is requested for the following personal information,as defined and protected by the General Data Protection Regulation (GDPR).
In order to use the encrypted messaging service of the mobile app, a user will need to provide additional personal information as mentioned below:
Further, the mobile app generates a 3dFace-map, using the facial biometric data provided by a user, for each individual user and the same is associated with the respective user account.
Other Personal Information Collected during Use: We may collect geolocation of your device and IP address during your use of the services.
2. Why is this data required and/or processed and Legal Basis of Processing?
i. Account Opening Related Data: In order to maintain integrity of the Service, Picloq must take measures to avoid creation of accounts by spammers. Each User Account is unique and associated with an individual. Therefore, a unique identifier consisting of first name, last name, gender is generated and associated with each user. Contact number is used to facilitate messaging service between one or more users of the service. The legal basis for processing is User Consent under Article 6(1)(a) and for performance of contract under Article 6(1)(b) of GDPR. Further, this data is processed based on explicit consent provided by User in line with Article 9(2)(a) of GDPR. You are free to delete your User Account and remove that data in the account panel of your Picloq User account. All users are hereby made aware, prior to providing consent, that biometric facial scan is at the core of proprietary, patent pendingtechnology that enables encrypted messaging between one or more users. Therefore, without facial biometric scan, encrypted messaging service would not work and hence Picloq would need your explicit, freeand informed consent to process your facial scan and photograph to enable encrypted messaging service.
ii. Verification: Such data will only be used to contact you with important notifications about Picloq, to send you information related to security, to send you an invitation link to create your User Account, to verify your User Account, or to send you password recovery links if you enable the option. We may also inform you about new Picloqfeatures in which you might have an interest. You are free, at any given time, to opt-out of those features through the account settings panel.The legal basis for processing is User Consent under Article 6(1)(a) and for performance of contract under Article 6(1)(b) of GDPR. Further, In order to pursue our legitimate interest of preventing the creation of accounts by spam bots or human spammers, Picloq uses a variety of human verification methods. You may be asked to verify using either reCaptcha, Email, or SMS. IP addresses, email addresses, and phone numbers provided are saved temporarily in order to send you a verification code and to determine if you are a spammer.
iii. Unauthorized Login: In order to detect unusual activity from your User Account, geolocation and IP addresses are used to ascertain only genuine users are using the services, and any suspicious activity is reported to the user. The legal basis for processing is User Consent under Article 6(1)(a) and for performance of contract under Article 6(1)(b) of GDPR and the processing is done to prevent unauthorized use of Service and protection of user’s interest, thereby maintaining integrity of the Service. Any personal information, so collected, is stored in encrypted form on Picloq’sservers.
iv. Communicating with Picloq: Your communications with the Company, such as support requests, bug reports, or feature requests may be saved by our staff. The legal basis for processing is User Consent under Article 6(1)(a) and for performance of contract under Article 6(1)(b) of GDPRand the processing is done to troubleshoot more efficiently and improve the quality of the Picloq service.
v. Payment Information: The Company relies on third parties to process credit card, PayPal, and other payment gatewaysand hence the Company necessarily must share payment information with third parties. The legal basis for processing is User Consent under Article 6(1)(a) and for performance of contract under Article 6(1)(b) of GDPR.
3. Data Use
We do not have any advertising on our mobile app. Any personal data that we do have will never be shared except under the circumstances described below in the Data Disclosure Section. We do NOT do any analysis on the limited data we do possess. All personal information collected from You is solely used for delivering, and improving the Service.
4. Data Storage
All servers used in connection with the provisioning of the Service are located inUK& Europe and are rented by the Company from third party service providers. Only employees of the Company have physical or other access to the servers. Data is ALWAYS stored in encrypted format on servers. Offline backups may be stored periodically, but these are also encrypted. We do not possess the ability to access any user encrypted message content on either the production servers or in the backups.
5. Data Retention
All personal information collected is retained till You delete your user account.The data records are deleted automatically once You request account deletion. Please note that Picloq shall not be responsible for providing data requests after the User Account has been deleted.
6. Right to Access, Rectification, Erasure, Portability, and Right to lodge a complaint
A user may access and view personal information associated with said User through the profile section in the mobile app.
Alternatively, any user may write an email/post-mail to Data Protection Officer for Picloq and request a copy of their personal information, as held by the Company, or request modification or deletion of their personal data. Subject to technical limitations, such request shall be entertained by the Company and the User shall be informed.
Picloq Data Controller
Data Protection Officer
Picloq Ltd, Hallings Hatch Parkgate RoadNewdigateDorkingRH55DY, UK
The Company, on receiving such request from a user, shall attend to the request made by the user and do the needful within 7 days from date of such request.
If your User Account has been suspended for a breach of our terms and conditions, and you would like to exercise the rights related to your personal information, you can make a request to our support team.
In case of violation of your rights, you have the right to lodge a complaint to the competent supervisory authority
7. Data Sharing
Your data is not sold by us and not shared with any other entity for any commercial purpose. However, certain payment related information may be shared with third-party payment processing companies for subscription fee.
8. Data Retention
When a User Account is closed, data is immediately deleted from production servers. Active User Accounts will have data retained indefinitely. Deleted chats are also permanently deleted from production servers. Deleted data may be retained in our backups for up to 14 days.
9. Data Disclosure
We will only disclose the limited user data we possess if we are instructed to do so by a fully binding request coming from the competent UK authorities (legal obligation). While we may comply with electronically delivered notices (see exceptions below), the disclosed data can only be used in court after we have received an original copy of the court order by registered post or in person, and provide a formal response.
If a request is made for encrypted message content that Picloq does not possess the ability to decrypt, the fully encrypted message content may be turned over. If permitted by law, Picloq will always contact a user first before any data disclosure.
Picloq may from time to time, contest requests if there is a public interest in doing so. In such situations, the Company will not comply with the request until all legal or other remedies have been exhausted.
We will share information with third parties who perform services on our behalf, including who provides data processing capability on behalf of us and for maintenance purposes.We partner with GDPR compliant data processors only after a binding data processing agreement is entered into with said partners.
List of Third Party Processors:
|Entity Name||Purpose||Entity Country|
|Google, Inc.||Cloud Infrastructure. Email communication with customers. User app usage metrics||United States|
|Amazon Web Services, Inc.||Cloud Infrastructure used for CometChat||United States|
|Aikaki Technologies Private Limited||Handling product development and customer support.||India|
|Comet Chat Inc||Managed Chat Servers||United States|
This policy is effective as of 06/10/2020