Privacy Policy

Last update: 16 August 2025

Data Controller:

Phottr s.r.o., ID No.: 21409684, VAT No.: CZ21409684

Headquarters: Vranové 1.díl 13, 468 22 Malá Skála, Czech Republic

E-mail: legal@phottr.com

Data Protection Officer: Honza Vojtek (honza@phottr.com)

Published at: https://www.phottr.com/privacypolicy

1. Purpose of the document

This document sets out the principles of processing personal data of users of the PHOTTR mobile application (hereinafter referred to as the "Application"), operated by Phottr s.r.o. as the data controller, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act No. 110/2019 Coll., on the processing of personal data.

2. Scope of the data processed

  • Login credentials: email and name obtained through Firebase Auth when using Apple Sign-In or Google Sign-In.

  • User content: photos uploaded to the app for editing and export purposes. We do not store metadata (EXIF, GPS).

  • Technical data: anonymised telemetry data (device model, operating system version) via Sentry to ensure functionality and error reporting.

  • Operational logs: the IP address may be temporarily logged in the server logs, but is not processed in a targeted manner.

3. Method and place of processing

  • The photos are processed on the user's device, in the Google Cloud (EU) and partly via a technology partner based in the USA, with transfer in accordance with the requirements of the GDPR (standard contractual clauses).

  • Photos remain stored on cloud storage until the user deletes them.

  • When processing via the partner's API, the photos are not stored on the partner's servers.

  • When exporting data to third-party systems, we only transfer the product data created by the user in the application - i.e. the photo, name and product code.

4. Recipients of personal data

Personal data may be disclosed to the following categories of recipients:

  • Apple and Google (login providers).

  • Infrastructure providers (Google Cloud - EU, technology partner - USA).

  • Telemetry provider (Sentry).

  • Apple (for In-App Purchase payment processing).

  • Shoptet (recipient of exported photos).

Transfers outside the European Economic Area are carried out in accordance with Chapter V of the GDPR.

5. Legal basis for processing

  • Fulfillment of the contract according to Article 6(1)(b) of the GDPR - provision of application functions, in particular photo editing and export.

  • Legitimate interest under Article 6(1)(f) GDPR - ensuring the security and functionality of the application, including telemetry and troubleshooting.

  • Compliance with the legal obligation under Article 6(1)(c) of the GDPR - storing accounting and tax documents in accordance with Act No. 563/1991 Coll., on Accounting, and Act No. 235/2004 Coll., on Value Added Tax, for the period specified in these regulations.

6. Data retention period

  • Photos: until deleted by the user.

  • Technical and error logs: 30 days.

  • Accounting and tax documents: for up to 10 years, according to the relevant legislation.

  • After cancellation of the user account, all related data is deleted within 7 days.

7. Rights of data subjects

Data subjects have the right to:

  • access to personal data,

  • to correct inaccurate data,

  • for erasure ("right to be forgotten"),

  • to limit processing,

  • on data portability,

  • object to processing,

  • lodge a complaint with the Office for Personal Data Protection or another competent supervisory authority.

Requests to exercise rights can be made by email to legal@phottr.com.

8. Processing security

  • All communication is via an encrypted connection (HTTPS/TLS).

  • Data is stored in encrypted storage.

  • Access to the infrastructure is protected by two-factor authentication.

  • Only authorised persons have access to the data under an internal access policy.

9. Changes to the Policy

The Administrator reserves the right to modify this policy at any time. Users will be notified of material changes through an in-app notice and by posting an updated version on the website.

10. Dispute Resolution

Any disputes arising in connection with the use of the PHOTTR Application or this Policy shall be settled by arbitration in the Czech language under the laws of the Czech Republic. This provision is without prejudice to the consumer's right to apply to a competent court under generally binding legislation.