Privacy Policy

1. Privacy at a Glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website or use the PhotoCount app. Personal data is any data by which you can be personally identified.

Data collection

Data processing is carried out by the operator of PhotoCount, whose contact details can be found in the Imprint. Data is collected when you visit this website (technical connection data) or use the app (device identifier, usage statistics, feedback). Photos are processed exclusively on your device and are never transmitted.

Your rights

You have the right at any time to obtain information about, rectify, erase, and restrict the processing of your stored personal data, as well as the right to object and to data portability. Please contact the address provided in the imprint.

2. General Information and Mandatory Disclosures

Controller

codrio – Dario Bertoli
Brockmannweg 8b, 32425 Minden, Germany
Phone: +49 176 43535753
Email: info@codrio.de

SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons. You can recognise an encrypted connection by the address bar changing from "http://" to "https://". All communication between the PhotoCount app and our servers is also exclusively encrypted.

Withdrawal of consent

Many data processing operations are only possible with your explicit consent. You may withdraw consent you have already given at any time by sending us an informal email. The lawfulness of data processing carried out prior to the withdrawal remains unaffected.

Right to object (Art. 21 GDPR)

Where data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object to processing at any time on grounds relating to your particular situation. We will then no longer process your data unless we can demonstrate compelling legitimate grounds that override your interests, or the processing serves the establishment, exercise, or defence of legal claims.

Right to lodge a complaint

In the event of GDPR infringements, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR).

Right to data portability

You have the right to receive data that we process automatically on the basis of your consent or in fulfilment of a contract in a commonly used, machine-readable format, or to have it transferred directly to another controller where technically feasible.

Access, rectification, and erasure

You have the right at any time to obtain free information about your stored personal data, its origin, recipients, and the purpose of processing, and to request rectification or erasure. Please contact the address provided in the imprint.

Right to restriction of processing

You have the right to request restriction of processing of your personal data if you contest its accuracy, the processing is unlawful but you oppose erasure, we no longer need the data but you require it for legal claims, or you have objected under Art. 21(1) GDPR and the outcome is pending.

3. Data Collection on This Website

Server log files

The hosting provider automatically collects and stores information in server log files transmitted by your browser: browser type and version, operating system, referrer URL, hostname of the accessing device, time of the server request, and IP address. This data is not combined with other data sources. Legal basis: Art. 6(1)(f) GDPR.

Cookies

This website uses only technically necessary session cookies to store your language preference (English/German). These cookies contain no personal data, are not used for tracking or advertising, and are automatically deleted when you close your browser. Legal basis: Art. 6(1)(f) GDPR.

Enquiries by email or phone

If you contact us by email or phone, your enquiry and all resulting personal data are stored and processed for the purpose of handling your request. We do not share this data without your consent. Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR. Data is retained until you request deletion or the purpose ceases to apply.

4. PhotoCount App

On-device processing

PhotoCount processes all photos exclusively on your device. Images you select for analysis are never transmitted to external servers. The AI models run entirely offline on your smartphone.

Device registration

On first launch, the app generates a random, anonymous device identifier (UUID) and stores it locally. This UUID is transmitted once to our servers along with your OS type (iOS/Android) and version to enable model updates and anonymous usage statistics. The UUID is purely random, contains no hardware information, and cannot be traced back to your identity. It is reset upon reinstalling the app.
Legal basis: Art. 6(1)(b) GDPR.

Usage statistics

The app sends anonymised event data to our servers, including:

• App launches and registration
• Scan start and completion, including the identifier of the model used
• Buttons tapped (e.g. camera, gallery, share)
• Timestamp of each event
• Your anonymous device identifier (UUID)

This data contains no personal information and is used solely to improve the app. Your IP address is briefly processed server-side when establishing a connection but is not stored.
Legal basis: Art. 6(1)(f) GDPR.

Feedback form

If you submit feedback, your message and optionally your name and email address are transmitted to our servers. These details are used solely to respond to your enquiry, are not shared with third parties, and are deleted once the matter is resolved.
Legal basis: Art. 6(1)(a) GDPR.

Model downloads

To download AI models, the app connects to our servers. Your anonymous device identifier is transmitted to check the current model version. Your IP address is briefly processed server-side but is not stored.
Legal basis: Art. 6(1)(b) GDPR.

5. Advertising (Google AdMob)

The app displays advertisements from Google AdMob (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google may collect device-related data such as the advertising ID. See the Google Privacy Policy and Ad Settings.
Legal basis: Art. 6(1)(a) or Art. 6(1)(f) GDPR.

6. Data Collected by Third-Party Platforms

Independent of the app itself, the platforms through which the app is distributed may collect certain data:

Apple App Store & iOS

Apple may collect crash reports, performance metrics, and diagnostic data as part of iOS system services and App Store analytics. This data is governed by Apple's Privacy Policy. You can control this in iOS Settings → Privacy & Security → Analytics & Improvements.

Google Play Store & Android

Google may collect app installation data, crash reports, and Android Vitals diagnostics (such as ANR and crash rates) through Google Play Services. This data is governed by Google's Privacy Policy.

Flutter Framework

PhotoCount is built with Google's Flutter framework. The Flutter framework itself does not collect any user data. However, apps distributed through the App Store or Google Play are subject to the platform data collection described above.

7. Data Retention

Usage statistics and device information are stored for a maximum of 24 months. Feedback messages are deleted once your enquiry is resolved. You may request deletion of your data at any time (see Section 2).

Last updated: May 2026