EAT PIC – PRIVACY POLICY

Last updated: 04 July 2025

1. Who We Are

Eat Pic (“we”, “our”, “us”) operates the website eat-pic.web.app and the Eat Pic Telegram bot. We run photo-based sweepstakes in which every homemade-food photo you submit equals one entry.

2. Scope

This Policy explains how we collect, use, share and protect information when you:

• visit eat-pic.web.app;
• upload photos through the site using an Apple iCloud Link that you create;
• send photos or messages to the Eat Pic Telegram bot;
• interact with any other service that links to this Policy.

We follow U.S. privacy laws and do not knowingly collect data from children under 13.

3. What Information We Collect

• Account details – your username or handle and a hashed password (if you choose to create an account).
• Photo data you choose to share – only the images you explicitly select and the EXIF metadata embedded in those images (date, time, GPS coordinates, device model, lens information).
• When you provide an iCloud Link, we download only the files included in that link. We have no access to the rest of your iCloud Photo Library.
• When you upload via Telegram, we receive only the photos you send to the bot.
• Device and usage data – IP address, browser type, operating system, referral URL, cookie IDs, and time stamps (collected automatically through Firebase Hosting and Google Analytics).
• Sweepstakes metrics – number of photos you submit, entry totals, and prize status.

We do not request or store payment-card numbers or government identification.

4. How We Use Your Information

• Run and administer the sweepstakes: verify eligibility, count entries, randomly select and contact winners.
• Display anonymised sample photos in the public gallery (only with EXIF stripped and without personal identifiers).
• Enforce contest rules: confirm that photos were taken inside the United States and comply with content requirements.
• Improve the service: analyse aggregated statistics to refine the user experience and prize structure.
• Legal and security purposes: detect fraud, respond to lawful requests, and protect the platform.

5. How We Share Information

We do not sell your personal data. We share it only with:

• Telegram Messenger Inc. – hosts the bot and stores the messages / photos you send.
• Google / Firebase – hosts the website, stores the photos you submit, and provides analytics and authentication.
• Content-delivery and security providers (e.g., Cloudflare) – deliver content quickly and protect against attacks.
• Trusted service vendors (email, analytics, auditors) – perform limited tasks under confidentiality agreements.
• Government authorities – only when required by subpoena, court order, or other legal process.

6. Cookies and Similar Technologies

• We use first-party cookies and localStorage to keep you signed in; remember language and interface settings; measure anonymous traffic through Google Analytics.
• You can disable cookies in your browser; the site will still load, but features such as automatic login may stop working.

7. Your Choices and U.S. Privacy Rights

• Access / download your data – email us to receive a copy.
• Delete your data – request deletion of your account and all photos.
• Correct your data – update your username or other details.
• Opt out of analytics cookies – adjust browser settings or install the Google Analytics opt-out add-on.
• California residents (CCPA / CPRA) – you have rights to know, delete and opt out of the sale or sharing of personal information. Eat Pic does not "sell" personal data.
• Nevada residents – you may opt out of any future sale of covered information by contacting us.
• We will verify your identity before fulfilling a privacy request.

8. Data Retention

• Photos and EXIF data – kept until the sweepstakes ends and prizes are delivered, then deleted within 90 days. Winning photos may be retained for promotional use only with your express consent.
• Account information and server logs – retained while your account is active; deleted within 30 days after closure unless needed for legal or security reasons.

9. Security Measures

• TLS 1.2+ encryption for data in transit.
• Firebase Storage security rules restrict access to authorised services.
• Passwords hashed with bcrypt.
• Staff and vendors operate on a least-privilege basis.
• If we discover a data breach, we will notify affected users and regulators as required by law.

10. Third-Party Links

Our site may link to Instagram, Apple, Amazon, Sephora or other external sites. Their privacy practices are not covered by this Policy.

11. Changes to This Policy

We may update this Policy from time to time. Material changes will be announced on the website and via the Telegram bot. Continued use of the service after the effective date means you accept the revised Policy.

12. Contact Us

Email: eatpicsup@gmail.com
Mail: 1360 S Figueroa Street, Los Angeles, CA 90015, USA
Telegram: @foodpic_support

If we do not resolve your privacy concern, you may contact your state Attorney General or the U.S. Federal Trade Commission (FTC).