RawPicker

RawPicker Privacy Policy

Last updated: October 25, 2025

Table of Contents

  1. General Provisions
  2. Data Controller
  3. Scope of Personal Data Processed
  4. Purpose and Legal Basis for Data Processing
  5. Data Retention Period
  6. Data Recipients
  7. Data Transfers Outside the EEA
  8. User Rights
  9. Cookies
  10. Data Security
  11. Changes to the Privacy Policy
  12. Contact

1. General Provisions

1.1. This Privacy Policy defines the rules for processing and protecting the personal data of users of the RawPicker service (hereinafter: "Service"), available at rawpicker.com and the RawPicker mobile application.

1.2. The controller of personal data collected through the Service is HexBit - Wojciech Osak.

1.3. Protecting users' personal data is our priority. We make every effort to ensure that personal data is processed in accordance with GDPR (Regulation EU 2016/679).

2. Data Controller

HexBit - Wojciech Osak
ul. Herbu Janina 9A/25
02-972 Warsaw, Poland
Tax ID (NIP): 5381859620
Email: admin@rawpicker.com

3. Scope of Personal Data Processed

3.1. Data collected during registration and use of the Service:

  • Email address (required) – used for user identification, communication, and login
  • First and last name (optional) – retrieved from Google profile during Google OAuth registration
  • Google avatar URL (optional) – profile picture from Google account
  • Device ID (fingerprint) – used for user license verification
  • User photos – in the Pro plan, users can upload photos to the server for backup and AI processing

4. Purpose and Legal Basis for Data Processing

Users' personal data is processed on the following legal bases:

  • Account registration and management – Art. 6(1)(b) GDPR (contract performance)
  • Authentication via Google OAuth – Art. 6(1)(b) GDPR
  • Photo backup (Pro plan) – Art. 6(1)(b) GDPR
  • AI photo processing – Art. 6(1)(b) GDPR
  • Ensuring security – Art. 6(1)(f) GDPR (legitimate interest)

5. Data Retention Period

5.1. Data is stored for the duration of the user account's existence.

5.2. After account deletion, data is retained for an additional 14 days for security purposes.

5.3. After 14 days, data is permanently deleted from the Controller's systems.

6. Data Recipients

Personal data may be transferred to the following recipients:

  • Google LLC – authentication via Google OAuth
  • Stripe, Inc. – online payment processing
  • Dokploy – service hosting in the European Union

7. Data Transfers Outside the EEA

Some data may be transferred to the USA (Google, Stripe) based on European Commission adequacy decisions and standard contractual clauses (SCC).

8. User Rights

Users have the following rights:

  • Right of access to data (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure – "right to be forgotten" (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent
  • Right to lodge a complaint with supervisory authority

9. Cookies

The Service uses cookies. Detailed information can be found in the Cookie Policy.

10. Data Security

The Controller uses appropriate technical and organizational measures:

  • Data transmission encryption (HTTPS/SSL/TLS)
  • Secure storage in PostgreSQL database
  • Cookies secured with flags (httpOnly, secure)
  • Regular security updates and audits

11. Changes to the Privacy Policy

The Controller reserves the right to make changes to this Privacy Policy. Users will be informed of changes through publication of the new version with the update date.

12. Contact

HexBit - Wojciech Osak
Email: admin@rawpicker.com
Address: ul. Herbu Janina 9A/25, 02-972 Warsaw, Poland

Effective date: October 25, 2025

This Privacy Policy has been prepared in accordance with the requirements of GDPR (Regulation EU 2016/679), the Personal Data Protection Act, and the Act on the Provision of Electronic Services.