Privacy Policy
1. Introduction
PilahFoto operates the photo selection platform at pilahfoto.id. This privacy policy explains how we collect, use, store, and protect your personal information when you use our service.
2. Information We Collect
We may collect the following information when you use PilahFoto:
- Google account information: name, email address, and profile photo provided through Google OAuth.
- Limited Google Drive access: read access only to folders you explicitly choose inside the Drive folder picker, so galleries can display the correct images.
- WhatsApp number: the number you save to receive client photo selections.
- Usage data: project name, folder reference, gallery settings, and related service activity.
3. How We Use Information
- Service delivery: to show Google Drive photos as private online galleries for your clients.
- Authentication: to verify your identity through Google OAuth.
- Communication: to send client selections to your registered WhatsApp number.
- Product improvement: to operate, secure, and improve the platform.
4. Google Drive Access
PilahFoto requests read-only Google Drive access so you can browse folders, choose the right gallery source, and display those photos inside your client gallery.
- We only read photo files from folders you explicitly choose.
- We do not request access to your entire Google Drive.
- We do not access files outside the chosen project folder.
- We do not upload, modify, delete, move, or re-share your Drive files.
- You can revoke access anytime from Google Account permissions.
5. Data Storage and Security
- Account data is stored in encrypted PostgreSQL infrastructure.
- Google access tokens are encrypted and stored securely.
- Communication with the service uses HTTPS/TLS encryption.
- We apply standard rate limits and security protections.
6. Sharing with Third Parties
We do not sell or rent your personal information. Data is only shared when necessary to operate the service, including:
- Google: for authentication and limited Google Drive access.
- Midtrans: for subscription billing and payment processing.
- Legal obligations: when required by applicable law.
7. Client Galleries
- Clients access galleries through unique links with optional login protection.
- Clients only see images from the project folder you selected.
- Selections are sent directly to your WhatsApp.
- We do not store client personal data beyond gallery access credentials that you create.
8. Your Rights
- Access and update your account information.
- Revoke Google Drive access at any time.
- Request account or data deletion by contacting us.
- Cancel your subscription at any time.
9. Policy Updates
We may update this policy from time to time. Any revision will be published on this page together with its latest effective date.
10. Google API Services Disclosure
Use and transfer of information received from Google APIs by PilahFoto will adhere to the Google API Services User Data Policy, including Limited Use requirements.
A. What Google user data is collected
We collect only basic profile information needed for account creation and limited folder/file access for Drive content you explicitly choose.
B. How we use Google user data
We use Google Drive access solely to let you browse folders, choose the correct gallery folder, and display the photos required for client delivery.
C. Sharing and disclosure
We do not sell Google user data and do not disclose it to third parties except as required to provide core application functionality.
D. Protection and security
We use standard encryption in transit and encrypt stored authorization credentials to prevent unauthorized access.
E. Retention and deletion
When you disconnect your Google account or delete your PilahFoto account, we delete access tokens and related references from our systems.
11. Contact Us
If you have any questions about this privacy policy, contact us at admin@pilahfoto.id.