PicMe Privacy Policy

Last updated: March 6, 2026

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the PicMe Application (the "Service") distributed on Google Play, and tells You about Your privacy rights and how the law protects You.

We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

- Account: A unique account created for You to access our Service or parts of our Service.

- Affiliate: An entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.

- Application/Service: Refers to PicMe, the mobile software program provided by the Company and distributed on Google Play, including all its associated features and functionalities.

- Company: (referred to as either "the Company", "We", "Us" or "Our") the developer of PicMe, the provider of the Service.

- Device: Any Android device that can access the Service such as a cellphone, digital tablet or other mobile terminal.

- Personal Data: Any information that relates to an identified or identifiable individual.

- Service Provider: Any natural or legal person who processes the data on behalf of the Company, including third-party companies or individuals employed to facilitate the Service, provide the Service on the Company’s behalf, perform service-related work or assist in analyzing Service usage.

- Usage Data: Data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (e.g., feature usage duration, click behavior).

- You: The individual accessing or using the Service, or the company/other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

 Collecting and Using Your Personal Data

Types of Data Collected

1. Personal Data

While using the Service, We may ask You to provide personally identifiable information for account registration and service experience optimization, including but not limited to:

- Email address (for account verification and notification)

- Profile name and avatar (optional, for personalized display)

We will not collect sensitive personal data such as your real name, ID number, address, or financial information without your explicit consent.

2. Usage Data

Usage Data is collected automatically when using the Service, for the sole purpose of optimizing Service performance and user experience, including but not limited to:

- Device IP address, Google Advertising ID (GAID)

- Device model, Android system version, browser type and unique device identifiers

- The features You use, usage time/date, and time spent on features

- Diagnostic data of the Service and interaction data with in-app advertisements (e.g., ad impressions, valid clicks)

- Information sent by your device or Google Play ecosystem when accessing the Service

Use of Your Personal Data

The Company may use Personal Data only for the following legitimate purposes:

1. Provide and maintain the Service, monitor usage and ensure normal operation of functions.

2. Manage Your Account: facilitate registration, login and access to personalized features for registered users.

3. Perform contractual obligations: fulfill the terms of any agreement between You and Us (including paid feature services if applicable).

4. Contact You: send important notifications via email/in-app push (e.g., security updates, service changes, response to your inquiries).

5. Provide personalized content/ recommendations: tailor Service experience and in-app ads based on usage habits (You may opt out of personalized ads at any time).

6. Manage Your requests: address and respond to your questions, feedback and support requests.

7. Business transfers: use information to evaluate/conduct merger, divestiture, restructuring or asset transfer, where user Personal Data is part of the transferred assets.

8. Data analysis: identify usage trends, measure the effectiveness of features/promotions, and continuously improve the Service and user experience.

Sharing of Your Personal Data

We will not sell Your Personal Data to any third party for commercial purposes. We may share Your personal information only in the following situations, and will ensure the minimum data sharing principle:

1. With Service Providers: share data with third parties who assist in providing the Service (e.g., cloud storage, analytics, ad delivery), and require them to comply with this Privacy Policy and applicable data protection laws.

2. Business transfers: share/transfer data in connection with merger, asset sale, financing or business acquisition, and notify You via email/in-app prominent notice before transfer.

3. With Affiliates: share data with our Affiliates who agree to honor this Privacy Policy and implement the same data security safeguards.

4. With Your explicit consent: disclose Your personal information for any other purpose only after obtaining Your written/electronic consent.

5. Legal compliance: disclose data when required by law or valid requests from public authorities (e.g., court/government agency), to protect the Company’s/Users’ rights/property/safety, or prevent illegal activities related to the Service.

Retention of Your Personal Data

1. The Company will retain Your Personal Data **only for the period necessary to fulfill the purposes set out in this Privacy Policy**. We will retain and use Personal Data to the extent necessary to comply with legal obligations, resolve disputes and enforce legal agreements/policies.

2. Usage Data is generally retained for a short period (no more than 6 months), except when used to strengthen Service security/improve functionality, or when legally required to retain for a longer period.

3. Upon the expiration of the retention period, all Personal Data will be **permanently deleted or anonymized** (unable to be associated with an identifiable individual), and all related backup data will be cleared simultaneously in accordance with our data destruction procedures.

4. If You request account deletion, all Your Personal Data will be deleted within 7 business days in accordance with the law, except for the data that must be retained by legal provisions.

Transfer of Your Personal Data

Your information (including Personal Data) may be processed at the Company’s operating offices or the facilities of our Service Providers in various countries/regions. This means Your data may be transferred to and maintained on computers outside Your jurisdiction (where data protection laws may differ).

Your consent to this Privacy Policy and submission of information represents Your agreement to such transfer. The Company will take all reasonable and necessary measures to ensure data security:

- Implement standard data protection clauses in cooperation agreements with overseas third parties;

- Encrypt all Personal Data in transit and at rest;

- Impose strict data access restrictions on the receiving party;

- No data transfer to organizations/countries without adequate security controls.

 User Data Security (Core Clause)

We attach the utmost importance to the security of Your Personal Data, adhere to internationally recognized industry security standards and Google Play data protection requirements, and formulate a comprehensive data security management system to prevent unauthorized access, use, disclosure, modification, damage or loss of User Data. The specific security measures implemented include:

1. Technical Security Safeguards

- Dual Encryption: All Personal Data is encrypted via SSL/TLS 1.3 during transit and AES-256(strong encryption algorithm) at rest, preventing interception/decryption by unauthorized parties.

- Access Control: Implement multi-level identity authentication and role-based access control (RBAC) for internal systems; only authorized personnel with specific job responsibilities can access User Data, with access limited to the minimum necessary data.

- Real-time Monitoring: Deploy intrusion detection/prevention systems (IDS/IPS) to monitor servers and network traffic 24/7, promptly detect and respond to abnormal access/malicious attacks, and record all access logs for audit.

- Vulnerability Management: Conduct regular security vulnerability scans and penetration tests on systems/applications, promptly repair vulnerabilities, and update software/security patches in a timely manner.

- Secure Backup: Implement regular automated data backup, store backup data in geographically isolated secure facilities, and conduct regular recovery tests to ensure data integrity/recoverability in case of system failure/disaster.

2. Administrative Security Safeguards

- Mandatory Security Training: Provide regular data security and privacy protection training for all employees, enhance security awareness and operational specifications.

- Dedicated Responsible Officers: Appoint a full-time Privacy Officer and Information Security Officer, responsible for formulating/implementing data security policies, supervising the implementation of security measures, and handling security incidents/privacy inquiries.

- Strict Confidentiality Agreements: Require all employees/Service Providers with access to User Data to sign confidentiality agreements; any violation will result in disciplinary measures and legal liability.

- Physical Security Protection: Designate the facilities for data storage/processing as secure areas, with 24/7 video surveillance and biometric access control (fingerprint/face recognition) to prevent physical unauthorized access.

3. Third-Party Security Supervision

- Conduct strict due diligence on Service Providers (evaluate data security capabilities, privacy policies and compliance status) before cooperation.

- Include strict data security clauses in cooperation agreements, requiring third parties to implement the same security standards as the Company, and prohibiting them from using/disclosing User Data for any purpose other than the agreed services.

- Conduct regular audits on third parties’ data security practices; have the right to terminate cooperation immediately if any violation or failure to meet security requirements is found.

4. Security Incident Response

- Formulate a comprehensive emergency response plan for data security incidents, clarifying the handling process, responsibility division and reporting mechanism for leakage, intrusion, ransomware attacks, etc.

- In the event of a security incident affecting User Data, immediately activate the emergency plan, take measures to contain the incident, minimize losses, and conduct a thorough investigation to prevent recurrence.

- In accordance with applicable laws, promptly notify the affected Users and relevant regulatory authorities, including the nature/scope of the incident, potential impact and remedial measures.

Note: No method of Internet transmission or electronic storage is 100% secure. We will continuously update and improve security measures to adapt to the latest security threats and technical developments, and make every reasonable effort to protect Your data security.

Your Data Protection Rights

You have the following data protection rights in accordance with applicable data protection laws (e.g., GDPR, CCPA), and the Company will respond to your valid requests in a timely manner:

1. Access and Correction: You may access, correct or update Your Personal Data at any time by logging into Your Account and entering the settings section, or by contacting Us directly.

2. Deletion Right: You have the right to request the deletion of Your Personal Data; submit a request through the Service’s settings or our contact channels, and We will process it within 7 business days (unless legally required to retain).

3. Withdrawal of Consent: You may withdraw consent to data collection/use at any time by adjusting the Service’s privacy settings or device settings (e.g., disabling GAID tracking). Withdrawal will not affect the legality of data processing before withdrawal.

4. Opt-Out of Personalized Ads: Enable the "Limit Ad Tracking" option in your Android device settings/Google Play Services settings to stop personalized ad delivery (non-personalized ads may still be displayed).

5. Data Portability: You have the right to request a copy of Your Personal Data in a structured, commonly used and machine-readable format, and request the transfer to another data controller where technically feasible.

6. Right to Lodge a Complaint: You may lodge a complaint with the relevant data protection regulatory authority if You believe our data processing violates applicable laws.

Children's Privacy

1. Our Service does not target users under the age of 13, and We do not knowingly collect personally identifiable information from anyone under 13.

2. For users in the European Economic Area (EEA) and the United Kingdom, the minimum age for using the Service is 16, and no personal information will be collected from minors under 16 without parental/legal guardian consent.

3. If You are a parent/guardian and find that Your child has provided Personal Data without consent, please contact Us immediately; if We find that we have collected minor’s data without consent, We will delete it from the server and clear all backup data within 3 business days.

4. All minors under the age of majority must have their parent/guardian read and accept this Privacy Policy and the Terms of Service on their behalf.

Links to Other Websites

The Service may contain links to third-party websites not operated by Us. If You click on a third-party link, You will be directed to its site. We strongly advise You to review the Privacy Policy and data security practices of all third-party sites You visit.

We have no control over and assume no responsibility for the content, privacy policies, data security practices or operations of any third-party sites/services.

Changes to This Privacy Policy

1. We may update this Privacy Policy from time to time (especially when data protection laws or Service practices change). For material changes, We will notify You at least 30 days in advance via in-app prominent notice, registered email and/or push notification, and indicate the effective date of the new policy.

2. We will update the "Last updated" date at the top of this Policy and post the full text in the Service and on our official channel.

3. Your continued use of the Service after the effective date of the revised Policy constitutes Your acceptance of the changes; if You do not agree, You must stop using the Service and request account/data deletion.

Contact Us

If You have any questions, concerns or requests regarding this Privacy Policy, data protection or data security, You may contact us through the following official channels (We will respond within 7 business days):

- Official email: angga.wahyu179@gmail.com