Privacy Policy

This Privacy Policy explains how Picopry ("Picopry", "we", "us", "our") processes personal data when you use picopry.com, including our home pages, redirect links, and contact form.

This notice is designed to meet the transparency requirements of the EU General Data Protection Regulation (GDPR), UK GDPR, the UK Data Protection Act 2018, and the ePrivacy rules applicable to cookies and similar technologies.

Depending on your interaction with the website, we may process the following categories of data:

• Contact form data: name, email address, subject, message content.
• Technical and analytics data: visited path, timestamp, IP address, user agent, referrer, browser language, and device type.
• Location approximation: country and city derived from IP lookup for analytics reporting.
• Security and anti-abuse data: reCAPTCHA token/score, honeypot field state, and rate-limit counters.
• Redirect integrity cookie: a cookie named similar to yt_clicked_* to reduce duplicate redirect counting.

We do not intentionally collect special category personal data through the public website.

For visitors in the EEA and UK, we rely on the following legal bases:

• Legitimate interests: operating and improving site performance, audience analytics, service reliability, and fraud prevention.
• Steps prior to contract / legitimate interests: replying to business inquiries and collaboration requests sent through the contact form.
• Legal obligations: compliance, recordkeeping, and handling lawful requests from authorities.
• Consent (where required): processing that specifically requires consent under local law.

When we rely on legitimate interests, we balance our interests against your rights and freedoms.

We currently use a limited set of cookies and related mechanisms:

• Essential/functional cookie: redirect deduplication cookie to avoid counting duplicate redirect events from the same browser.
• Cookie attributes: HTTPOnly and SameSite=Lax are used for this cookie; maximum lifespan is up to 10 years unless deleted sooner by your browser.
• Security technologies: anti-spam controls such as Google reCAPTCHA.

You can block or clear cookies in your browser settings. Some features may not work correctly if cookies are disabled.

To operate the site, we use selected third-party services or providers, including:

• Google reCAPTCHA: spam and abuse prevention on contact submissions.
• YouTube and Instagram: links and embedded platform interactions.
• Hosting and infrastructure providers: website delivery and operational security.
• IP geolocation provider: best-effort country/city lookup for analytics dashboards.

These providers may act as independent controllers or processors depending on the service context.

Some processing may involve transfers outside the UK/EEA (for example, global cloud and security providers).

Where required, we use appropriate safeguards such as adequacy regulations/decisions, Standard Contractual Clauses (SCCs), UK International Data Transfer Addendum (IDTA), or comparable legal transfer mechanisms.

We retain data only for as long as needed for operational, security, legal, and reporting purposes.

• Contact messages: retained while needed to respond and manage ongoing business/legal matters.
• Website analytics records: retained for service analysis, fraud monitoring, and trend reporting.
• Rate-limit/security cache entries: short-lived technical controls (for example, temporary anti-spam/rate-limit windows).
• Redirect deduplication cookie: up to 10 years unless you clear cookies.

Where feasible, we delete or anonymize data when it is no longer necessary.

Subject to applicable law, you may have the right to:

• Access your personal data.
• Request correction of inaccurate data.
• Request deletion (right to erasure).
• Restrict or object to certain processing.
• Receive data portability where applicable.
• Withdraw consent where processing is consent-based.
• Lodge a complaint with your local supervisory authority.

We aim to respond to valid requests within one month, or as otherwise required by law.

We use appropriate technical and organizational measures to protect personal data, including secure transport, access controls, abuse monitoring, and operational safeguards.

No internet system is completely risk-free, but we continuously improve our security posture based on current risks and platform requirements.

Our website is not intended for children, and we do not knowingly collect personal data from children in violation of applicable law. If you believe a child submitted personal data, contact us so we can review and delete it where appropriate.

We may update this Privacy Policy to reflect legal, technical, or business changes. Material updates are posted on this page with a revised "Last Updated" date.