We handle data about children. That deserves real care, not lawyer-pasted boilerplate.
Last updated May 18, 2026.
Who is the controller
PictoShare is run as a personal project by Morten Trolle (mt@simply.tv). The controller of your data is me, personally. There is no company behind PictoShare.
Why we are allowed to process your data
We process the minimum data needed to deliver the visual-schedule service you asked for. Under GDPR Article 6(1)(b) the legal basis is performance of contract: the contract is the free use of PictoShare under the privacy notice in front of you.
What we store
- Your email address (plaintext, so we can sign you in) and the name you give us (encrypted at rest).
- Your children's first names (encrypted at rest).
- The plans you create.
- Any photos you upload. Original filenames are replaced with random IDs and EXIF metadata is stripped.
- A short audit trail: when your iPad pairs, when sessions are active, an anonymised /24 IP block.
What we don't do
- No third-party analytics — no Google Analytics, no Hotjar, no Sentry.
- No advertising.
- No selling or sharing data with anyone.
- No tracking cookies. Only the session cookie that keeps you signed in.
- No sub-processors except the EU server provider (Hetzner) and the EU mail provider.
Where it lives
A small server in the EU (Hetzner). Data never leaves the EU. The disk volume is encrypted at rest; nightly off-site backups are encrypted in transit and at rest.
How long we keep things
- Account data: until you delete the family.
- Sessions: 30 days of inactivity, or 90 days max.
- Paired iPad tokens: 90 days from last use.
- Encrypted off-site backups: 30 days. After 30 days a deleted family is gone everywhere.
- Anonymised log lines: 14 days.
Your rights
Under GDPR Articles 15–22 you can:
- Download a copy of your family's data (Settings → Download your data).
- Correct anything wrong (most fields are editable in Settings).
- Delete the family entirely (Settings → Danger zone).
- Object to processing — email us and we'll stop and erase within 30 days.
Right to be forgotten
Open Settings → Danger zone to delete your family, your children, your plans, and your photos in one tap. The data is removed from primary storage immediately; encrypted off-site backups roll off within 30 days.
Complaints
If something feels wrong, please email us first. You also have the right to complain to the Danish data protection authority, Datatilsynet.
Contact
Anything unclear? Email mt@simply.tv.
Credits
Pictograms are by ARASAAC, licensed under CC BY-NC-SA 4.0. We use them with deep thanks.