How getpickio processes and protects data

This Privacy Policy explains what data getpickio receives, how it is used, who it may be shared with, and how long it is retained.

The Policy applies to site visitors, registered users, and data processed while creating, running, and publishing giveaway results within the service.

We may process registration and account data such as email, password hash, account role, account status, creation date, technical login logs, and security records.

When the service is used for giveaways, we may process post URLs, source metadata, comment texts, usernames, display names, avatar URLs, platform user identifiers, eligibility markers, participant pool composition, selection results, and audit events.

For billing, we process payment and accounting metadata: package, currency, transaction status, payment amount snapshot, credits balance, credit ledger records, and technical data related to manual refund review.

Data comes directly from you during registration, sign-in, payment, account settings, and giveaway creation.

Some data also comes from public content and technical interfaces of the platforms you use as the giveaway source, as well as from the payment provider to the extent needed to confirm payment and maintain records.

We process data for registration and authentication, access to the service, participant collection, pool building, winner selection, public results, credit accounting, payments, support, and handling requests.

Data may also be used for anti-abuse checks, information security, dispute investigation, accounting and tax records, and protection of our legitimate interests.

The site uses technical cookies to maintain authenticated sessions. The access token is stored in an httpOnly cookie so the browser can securely pass it to the internal API proxy layer.

The browser may also use local storage to remember consent to legal documents and some local interface preferences. These records are auxiliary and do not replace server-side authorization.

As of this version, the service does not declare advertising networks, third-party behavioral trackers, or marketing cookies. If this changes, we will update the documents and the user notice flow.

Data may be accessed by authorized service administrators, hosting and infrastructure contractors, the payment provider, and other counterparties if objectively necessary for operating the service.

We may disclose data to public authorities, courts, law enforcement, or professional advisors when required by law or reasonably necessary to protect service rights, security, or resolve disputes.

We retain data for as long as reasonably necessary to operate the service, process payments, prevent fraud, resolve disputes, comply with legal obligations, and protect our interests.

Raw technical comment data is not stored indefinitely. Under the current service logic, raw comment data is usually cleaned after about 7 days, and old unprocessed comment records are usually deleted after about 14 days unless environment settings or technical needs require otherwise.

Account deactivation does not mean immediate deletion of all billing, accounting, anti-abuse, or audit records if further retention remains justified.

If the account has a positive balance of unused credits, a deactivation or deletion request may be declined until the balance reaches zero. This is related to accounting, abuse prevention, and orderly termination of the relationship with the user.

After winners are selected or a giveaway is finished, the service may publicly display the results on a dedicated page. That page may contain the winner username, display name, avatar, prize position, and other data resulting from the publication logic.

The user who runs the giveaway confirms that they have the proper rights and lawful grounds to use the source content and publish results within the chosen mechanics.

Subject to applicable law, you may request access to your personal data, correction, deletion, restriction of processing, or withdrawal of consent where processing is based on consent.

We may refuse complete deletion of some records or postpone it if retention is necessary for accounting, security, fraud prevention, legal obligations, or dispute resolution.

We apply technical and organizational safeguards that we consider reasonably sufficient for this type of service, including access control, password hashing, role separation, and technical logging.

At the same time, no system can guarantee absolute protection, so the user is also responsible for the security of their email, password, devices, and account access channels.