Version 1.1 · Effective Date: June 26, 2026
Pocketclick ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services. The data controller responsible for your personal data is: Niclas Weintz, trading as Pocketclick (micro-entreprise) SIRET: 105 917 587 Contact: support@pocketclick.io This policy covers our mobile app and website (pocketclick.io).
• Account information: name, email address • Phone number (optional; may be collected during photographer KYC verification) • Profile information: bio, photos, location, specialties (photographers) • For photographers — identity verification (KYC) handled by Stripe: – Full legal name and date of birth – Government-issued ID (passport or driver's licence) – Bank account details (IBAN) – Residential address • Payment information: processed securely by Stripe — we do not store card details • Booking details: session dates, times, locations, notes
• Device information: device type, OS version, unique device identifiers • Crash and error data: technical diagnostics collected by Firebase Crashlytics • Location data: GPS coordinates, collected only when you actively use location features • Log data: access times and error logs
We use your information to: • Provide and maintain the Pocketclick service • Process bookings and payments • Verify photographer identities (required by payment regulations) • Communicate with you about bookings and account activity • Improve the app and develop new features • Prevent fraud and keep the platform safe • Comply with legal obligations • Send marketing communications (only with your prior consent)
We rely on the following legal bases for each processing activity: • Account creation, login, profile management → Performance of a contract (Art. 6(1)(b)) • Processing bookings and payments → Performance of a contract (Art. 6(1)(b)) • Booking confirmation and reminder emails → Performance of a contract (Art. 6(1)(b)) • Stripe payment receipts → Performance of a contract (Art. 6(1)(b)) • Photographer identity verification (KYC) → Legal obligation (Art. 6(1)(c)) • Location data for map and spontaneous booking features → Performance of a contract (Art. 6(1)(b)) • Fraud prevention and platform security → Legitimate interest (Art. 6(1)(f)) • Crash and error reporting (Crashlytics) → Legitimate interest (Art. 6(1)(f)) • Retaining financial records (7 years) → Legal obligation — French tax law (Art. 6(1)(c)) • Marketing communications → Consent (Art. 6(1)(a)) — you may withdraw at any time • Push notifications → Consent (Art. 6(1)(a)) — granted via your device permission prompt Where we rely on legitimate interests, we have weighed our interests against your rights and freedoms. You may object to processing based on legitimate interests at any time (see Section 7).
We share data only with processors acting on our instructions under contract: • Stripe (USA): Payment processing and photographer identity verification (KYC). Stripe stores ID documents and bank details — we do not. Stripe's Privacy Policy: stripe.com/privacy • Google Firebase (USA): Data storage, authentication, crash reporting (Crashlytics), and serverless functions. Protected by Standard Contractual Clauses and the EU–US Data Privacy Framework. • Resend (USA): Transactional email delivery — booking confirmations, reminders, account notifications, and GDPR data exports. We do not sell personal data to any third party.
• Photographers see: client name and booking details (to fulfil the booking) • Clients see: photographer profile, portfolio, and availability • We never share: bank details, identity documents, or passwords
When a booking is confirmed, the photographer receives your name and booking details solely to perform the session. Photographers act as independent data controllers for their own records (e.g. photos they have taken for you). They are contractually prohibited from using your data for any purpose other than fulfilling the booking, and from soliciting you for services outside Pocketclick. For questions about data held by a photographer, contact support@pocketclick.io and we will assist.
We may disclose your information if required by law, legal process, or a government request.
We implement industry-standard security measures: • Encryption in transit (HTTPS/TLS) • Encryption at rest (AES-256) • Secure authentication (Firebase Auth) • Access controls and monitoring No method of transmission over the internet is 100% secure. We cannot guarantee absolute security. Data Breach Notification: In the event of a personal data breach, we will notify the CNIL (France's data protection authority) within 72 hours of becoming aware, as required by GDPR Article 33. Where the breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay.
• Active accounts: data retained while your account is active • Closed accounts: personal data deleted within 90 days of account deletion • Financial records: retained for 7 years as required by French tax law • Backups: removed from active systems immediately; purged from backup systems within 90 days
You have the right to: • Access: request a copy of all data we hold about you • Rectification: correct inaccurate or incomplete data • Erasure: request deletion of your personal data ("right to be forgotten") • Restriction: limit how we process your data • Portability: receive your data in a machine-readable format • Object: object to processing based on legitimate interests or for marketing • Withdraw consent: opt out of any processing based on consent at any time To exercise these rights, contact us at support@pocketclick.io or use the "Download My Data" feature in Settings (your export will be emailed to your registered address). If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In France: CNIL — www.cnil.fr.
• Firebase Crashlytics: collects crash logs and error diagnostics to keep the app stable. This may include device type, OS version, and the technical state of the app at the time of an error. Legal basis: legitimate interest (Art. 6(1)(f)). • Firebase Analytics: the SDK is installed but analytics data collection is currently disabled at the project level. If we enable usage analytics in future, we will update this policy and obtain consent where required. Our website (pocketclick.io) does not use non-essential tracking cookies.
We collect location data only when you: • Search for nearby photographers on the map • Set your active city as a photographer • Use spontaneous booking features Photographers using spontaneous availability may have their location collected in the background while the feature is active. You can disable location services at any time in your device settings; this will limit location-based features.
Our service is restricted to users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we discover we have collected data from a minor, we will delete it immediately.
Your data may be processed in countries outside the European Economic Area (EEA), including in the United States (Google Firebase, Stripe, Resend). These transfers are protected by Standard Contractual Clauses (SCCs) and, where applicable, the EU–US Data Privacy Framework. You may request a copy of the applicable safeguards by contacting support@pocketclick.io.
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA. Categories of personal information we collect: identifiers (name, email), profile and account data, precise and approximate location data (when you use location features), commercial information (bookings and transactions), photographs you upload, and device/technical information. We do NOT sell your personal information. We do NOT share it for cross-context behavioural advertising. We disclose personal information only to service providers (Stripe, Google Firebase, Resend) under contract for the purpose of operating the platform. We do not knowingly sell or share the personal information of consumers under 16. Your rights: right to know, right to delete, right to correct, right to opt out of sale (not applicable — we do not sell), and right to non-discrimination for exercising these rights. To exercise your rights, email support@pocketclick.io. We will verify your request using the email address associated with your Pocketclick account.
We may update this Privacy Policy from time to time. We will notify you of material changes via email and in-app notification. Continued use of our services after changes constitutes acceptance of the updated policy.
For questions about this Privacy Policy or to exercise your rights: Email: support@pocketclick.io If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority (in France: CNIL — www.cnil.fr).
Last updated: June 26, 2026 · Version 1.1
This policy covers GDPR (EU/UK), CCPA (California), and general international privacy obligations.