Privacy Policy

This Policy explains how we collect, use, store, and share personal data when you use PicsOn (the "Services"). By using the Services, you consent to the practices described here, unless a different policy is presented to you for a specific product.

PicsOn is built and operated by CRODE Labs, a brand of Not a Parent Company Pvt Ltd ("NAPCo", "we", "us"). We act as data controller for personal data we collect directly, and as an independent controller alongside our payment partners for checkout-related data.

• Account Data: Name, email, login credentials, and basic profile information you provide.
• Finance Data: Limited finance details handled by third-party payment providers on our behalf (we never see full card data).
• Usage Data: IP address, device type, browser metadata, interaction logs, and aggregated analytics.
• Communications: Support emails, form submissions, and other messages you send us.
• Photos & Media: Images uploaded through events are stored securely and associated with your guest identity.

• To provide, maintain, and improve the Services
• To authenticate users and secure accounts
• To process payments and manage subscriptions
• To comply with legal, regulatory, and compliance obligations

Legal bases: contract performance, our legitimate interests in operating and improving the Services, and consent where required by law. We do not sell personal data.

Payments are processed by verified third-party providers on our behalf. They handle order processing, payments, and tax compliance under their own privacy and security standards. When payments are processed through a Merchant-of-Record or payment processor, that provider acts as an independent controller for checkout data in addition to NAPCo.

• Essential cookies: Used for security, session management, and core site functionality.
• Analytics cookies: Used in aggregated form to understand how the Services are used and to improve performance.

We retain personal data only as long as necessary for the purposes described in this Policy or as required by applicable law. When data is no longer needed, we securely delete or anonymize it. Event photos are subject to the storage duration of the selected package tier.

• Administrative, technical, and physical safeguards to protect against unauthorized access, alteration, or loss.
• Payment data processed exclusively through PCI-DSS-compliant payment providers and, where applicable, Merchant-of-Record partners.
• Photos stored securely in cloud infrastructure with access controls.

• Access, correct, delete, or export your personal data, subject to legal limits
• Withdraw consent for processing where consent is the legal basis

To exercise your rights, email privacy@notaparentcompany.com. We may need to verify your identity before responding.

Personal data may be processed in Maldives, the EU, the UK, or other jurisdictions where our service providers operate. When data is transferred internationally, we use appropriate safeguards such as standard contractual clauses or equivalent mechanisms, where required.

Our Services are not directed to minors under 18, and we do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will take steps to delete it.

We may update this Policy from time to time. The effective date above reflects the latest version. Material changes will be highlighted on this page or communicated through the Services.