Privacy Policy
Last updated: February 2026
1. Overview
PictaBase (“we,” “us,” or “our”) provides a visual database management tool delivered as a self-hosted WordPress plugin. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.
2. Data Processing Architecture (Zero-Knowledge)
Unlike traditional cloud storage services, PictaBase utilizes a “Zero-Knowledge” or “Conductor” architecture for image files. When you upload an image:
- The image file is transmitted directly from your browser to Amazon S3 (Simple Storage Service) via a secure, encrypted presigned URL.
- PictaBase servers never receive, process, or store the image binary data.
- Our servers only receive metadata (filenames, file size, image dimensions, and EXIF data) necessary to index and organize your library.
- AI Analysis (if enabled) is performed by AWS Rekognition directly on the S3 object; our servers receive only the resulting text labels, not the image itself.
3. Data We Collect
We collect the following categories of data:
- Account Data: WordPress user profile information (username, email address) as managed by your WordPress installation.
- License Data: AppSumo redemption codes and associated plan tier for entitlement enforcement.
- Asset Metadata: Filenames, file sizes, dimensions, EXIF data (camera model, date taken, GPS coordinates if present in the original file), AI-generated labels, user-defined tags, and notes.
- Usage Data: Storage usage totals, project counts, and API request logs for quota enforcement and debugging.
4. Data We Do NOT Collect
- Image binary data (pixels) — these never touch our servers.
- Payment card details — handled entirely by our payment processor.
- Browsing activity outside the PictaBase application.
5. Image Storage & Data Sovereignty
Image files are stored in PictaBase-operated Amazon S3 infrastructure on your behalf. You do not need to provide AWS credentials or manage any cloud storage account. All files are stored in an isolated, access-controlled environment and are only accessible via short-lived presigned URLs generated during your authenticated session.
When you delete an asset or project through PictaBase, the corresponding image files are permanently removed from S3 storage. When you delete your account, all projects, images, and associated metadata are permanently and irreversibly deleted.
6. Third-Party Services
- Amazon Web Services (S3, Rekognition): Image storage and AI labeling. Governed by your AWS agreement and the AWS Privacy Policy.
- AppSumo: License code distribution. Governed by AppSumo’s Privacy Policy.
7. Data Retention
Asset metadata is retained for the lifetime of your account. When you delete an asset or project, associated metadata and image files are permanently removed. When you delete your account, all data — including projects, images, metadata, tags, and notes — is permanently deleted from our systems.
8. Your Rights
You have the right to access, correct, or delete your personal data at any time. You can permanently delete your account and all associated data directly from the Account page within the application. For data export requests or other privacy inquiries, please contact us at the address below.
9. Contact
For privacy-related inquiries, please contact us at [email protected].
