Privacy Policy

This Policy explains how we collect, use, store, and share personal data when you use PicsOn (the "Services"). By using the Services, you consent to the practices described here, unless a different policy is presented to you for a specific product.

PicsOn is built and operated by CRODE Labs, a brand of Not a Parent Company Pvt Ltd ("NAPCo", "we", "us"). We act as data controller for personal data we collect directly through the Services. Payment processing is handled by Dodo Payments, an independent third-party payment processor who acts as a separate and independent controller for all payment-related data in accordance with their own Privacy Policy.

• Account Data: Name, email, login credentials, and basic profile information you provide.
• Payment Data: Payment and billing information is collected and processed exclusively by Dodo Payments. We do not have access to full payment card details.
• Usage Data: IP address, device type, browser metadata, interaction logs, and aggregated analytics.
• Communications: Support emails, form submissions, and other messages you send us.
• Photos & Media: Images uploaded through events are stored securely and associated with your guest identity.

• To provide, maintain, and improve the Services
• To authenticate users and secure accounts
• To process payments and manage subscriptions
• To comply with legal, regulatory, and compliance obligations

Legal bases: contract performance, our legitimate interests in operating and improving the Services, and consent where required by law. We do not sell personal data.

All payments for PicsOn are processed by Dodo Payments, an independent third-party payment processor. Dodo Payments acts as a separate and independent data controller for all payment, billing, checkout, and transaction-related data.

When you make a purchase through PicsOn, Dodo Payments collects and processes payment information (including payment card details, billing address, transaction history, and related data) in accordance with Dodo Payments' Privacy Policy, which governs their data collection, use, retention, and security practices.

We do not have access to your full payment card details. Dodo Payments handles all aspects of payment processing, order fulfillment, tax compliance, and payment security under their own terms and policies.

For questions about how Dodo Payments processes your payment data, please refer to their Privacy Policy or contact Dodo Payments directly.

• Essential cookies: Used for security, session management, and core site functionality.
• Analytics cookies: Used in aggregated form to understand how the Services are used and to improve performance.

We retain personal data only as long as necessary for the purposes described in this Policy or as required by applicable law. When data is no longer needed, we securely delete or anonymize it. Event photos are subject to the storage duration of the selected package tier.

• Administrative, technical, and physical safeguards to protect against unauthorized access, alteration, disclosure, or loss of personal data.
• Payment data is processed exclusively by Dodo Payments in accordance with industry-standard security practices, including PCI-DSS compliance where applicable.
• Photos and media files are stored securely in encrypted cloud infrastructure with access controls and regular security audits.
• While we implement reasonable security measures, no system is completely secure, and we cannot guarantee absolute security of data transmitted over the internet.

• Access, correct, delete, or export your personal data, subject to legal limits
• Withdraw consent for processing where consent is the legal basis

To exercise your rights, email privacy@notaparentcompany.com. We may need to verify your identity before responding.

Personal data may be processed in Maldives, the EU, the UK, or other jurisdictions where our service providers operate. When data is transferred internationally, we use appropriate safeguards such as standard contractual clauses or equivalent mechanisms, where required.

Our Services are not directed to minors under 18, and we do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will take steps to delete it.

We may update this Policy from time to time. The effective date above reflects the latest version. Material changes will be highlighted on this page or communicated through the Services.