Privacy Policy

Last Updated: April 18, 2026

1. Introduction

Welcome to Pho-To. We are committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use our photo and video sharing platform at pho-to.me (the "Service").

2. Information We Collect

Account Information: Email address, full name, and hashed password for authentication.

User Content: Photos and videos you upload, including media metadata (file size, dimensions, and timestamps) and album organization details.

Usage Statistics: Aggregate data such as total storage used and account activity logs.

Technical Data: Browser type, operating system, and IP address collected for security and analytics.

3. How We Use Your Information

We use your data to:

  • Provide the Service: Delivering, hosting, and displaying your media.
  • Manage Accounts: Authenticating identity and processing subscriptions.
  • Communicate: Sending transactional emails regarding your account status.
  • Improve Performance: Analyzing user interactions to optimize the platform.
  • Security: Detecting and preventing unauthorized access or fraudulent activity.

4. Third-Party Service Providers

We engage trusted third-party providers to perform essential functions. These providers are bound by confidentiality agreements and are prohibited from using your data for any other purpose:

  • Authentication & Database: We use specialized providers to securely store account data and manage user sessions.
  • Content Delivery & Storage: Media is hosted via global Content Delivery Networks (CDNs) to ensure fast and secure access.
  • Payment Processing: All payments are handled by a PCI-DSS compliant processor. We do not store your credit card information on our servers.
  • Analytics: We use industry-standard tools to monitor website performance and user behavior.

5. Data Sharing and Disclosure

We do not sell or trade your personal information. We only share data:

  • With your consent: Such as when you set an album to "Public."
  • For legal reasons: If required to comply with a subpoena or court order.
  • Service Operations: With the infrastructure providers mentioned in Section 4.

6. Your Data Rights & Deletion

Retention: We keep your data only as long as your account is active. Payment records are kept for 7 years to comply with tax laws.

Deletion: You may delete your account at any time. Upon deletion your account is immediately deactivated. All media, metadata, and personal data are permanently purged from our systems within 30 days. Backups are retained for a maximum of 30 days, after which they are permanently deleted.

Access and Portability: You have the right to request a copy of your data or request corrections to your information.

7. Security Measures

We employ industry-standard security to protect your data, including:

  • Encryption: All data in transit is protected via HTTPS/TLS encryption.
  • Access Control: We use row-level security to ensure users can only access their own content.
  • Hashed Credentials: Passwords are never stored in plain text.

8. Cookies

We use essential cookies for authentication and functional storage to remember your display preferences. Analytics cookies (Google Tag Manager) are only activated with your explicit consent. You can review and change your cookie preferences at any time on our Cookie Policy page.

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or UK, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): You may request a copy of the personal data we hold about you by contacting [email protected].
  • Right to Rectification (Art. 16): You may correct inaccurate personal data through your account settings or by contacting us.
  • Right to Erasure (Art. 17): You may delete your account at any time from your account settings. All personal data will be permanently purged within 30 days.
  • Right to Data Portability (Art. 20): You may request a machine-readable export of your personal data by contacting [email protected].
  • Right to Object (Art. 21): You may object to processing of your personal data for analytics purposes at any time via our Cookie Policy page.
  • Right to Withdraw Consent (Art. 7): Where processing is based on consent (e.g. analytics cookies), you may withdraw it at any time without affecting the lawfulness of prior processing. Manage this on our Cookie Policy page.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. International Transfers

Your information may be processed in countries other than your own. We ensure that all service providers maintain appropriate safeguards to protect your information in accordance with applicable data protection laws.

11. Contact Us

For questions regarding this policy or to exercise your privacy rights, please contact:

Privacy: [email protected]
Legal: [email protected]

Terms of Service Cookie Policy Back to Home