Privacy Policy
Last updated: June 12, 2026
pickt ("we", "us") is a compliments party game app published by Pick SAS ("the Publisher"). This policy describes what data we collect, why, and your rights. pickt is rated 12+ and intended for users aged 13 and older (16+ in the EU under GDPR Article 8 national transpositions).
1. Data we collect
- Account data: a pseudonym you choose, a profile picture you upload (or a Bitmoji avatar if you sign in with Snapchat), your locale, and an anonymous Firebase user ID.
- Gameplay data: picks, guesses, hint purchases, coin balance, crew memberships. Picks are stored server-side in a protected collection and surfaced inside the user's crew through the in-app reveal mechanism.
- Contacts (optional, "friends in common"): if you choose to import your contacts to find friends, the matching is performed using one-way salted hashes computed on your device. We upload only these hashes — never the actual phone numbers, names, or any other contact details, which never leave your phone. The hashes are used solely to suggest which of your contacts are already in your school or crew so you can invite them, and to rank those suggestions. We never reconstruct phone numbers from the hashes and never share them with third parties. You can use the app without importing contacts.
- Device data: device model, OS version, app version, time zone, push notification token (via Firebase Cloud Messaging).
- Analytics: anonymized event data via Amplitude (session duration, feature usage, retention metrics). No personally identifiable information is sent to Amplitude.
- Snapchat Login (optional): if you tap "Continue with Snapchat", Snap Inc. shares with us your Snapchat display name, an external ID, and a URL pointing to your Bitmoji avatar. We never receive your Snapchat password, friends list, or messages. The Bitmoji avatar is displayed in pickt directly from the URL Snap returns — we do not download, cache, or re-host the image; it is refreshed on every Snap login so user-side updates propagate. See Snap's privacy policy.
- In-app purchases (optional): if you purchase the 24H PRO ACCESS pack (4,99 €, consumable, non-renewable), the transaction is processed by Apple's StoreKit. The receipt is validated by RevenueCat, our IAP infrastructure provider. We store the entitlement expiry timestamp, transaction ID, and a "stub" or "live" mode marker on your user record so we can grant the pack's perks and prevent double-credit. RevenueCat receives an opaque anonymous app user ID and the StoreKit receipt — never your pseudonym or profile picture.
2. What we do NOT collect
- No phone number of your own — we never ask you for your number.
- No email (V1).
- No raw contact data — if you import contacts, only on-device one-way salted hashes are uploaded; the actual phone numbers and names never leave your device (see §1).
- No precise geolocation.
- No biometric data.
- No payment card data — Apple processes payments and we never see your card details.
3. Legal basis (GDPR)
We process your data on the basis of (a) performance of our Terms of Service, (b) your explicit consent for optional features like Snapchat Login and push notifications, and (c) our legitimate interest in analyzing anonymized product metrics to improve the app.
4. Data retention
Gameplay data is retained while your account is active. If you delete your account from the in-app settings, all personally identifiable data — including any imported contact hashes — is erased within 30 days. Aggregated, non-identifiable analytics may be retained indefinitely.
5. Your rights
Under GDPR (EU) and CCPA (California), you have the right to access, correct, delete, and export your data, and to object to its processing. Contact us at jord@superdrama.eu to exercise these rights. You can also delete your account directly from the app settings at any time.
6. Children
pickt is rated 12+. We do not knowingly collect data from users under 13 (or 16 in relevant EU jurisdictions). If you believe a minor has created an account, contact us and we will delete it.
7. Third-party services
- Google Firebase (Auth, Firestore, Cloud Messaging, Cloud Functions) — policy
- Amplitude (analytics) — policy
- Snap Inc. (optional Snapchat Login) — policy
- Apple (App Store distribution, push notification delivery, In-App Purchase processing) — policy
- RevenueCat (in-app purchase receipt validation, only if you complete a purchase) — policy
8. Security
Data in transit is encrypted via TLS 1.2+. Data at rest in Firebase is encrypted by Google. Sensitive gameplay data (raw votes) is server-only and protected by Firestore security rules.
9. Changes to this policy
We will notify users in-app of any material change to this policy at least 7 days before it takes effect.
10. Contact
jord@superdrama.eu
← Back to pick.school