Privacy Policy

Your photos stay in Google. We never store, process, or see the contents of your photos or videos. We store only your account information (email, name) and anonymized usage analytics. We don't sell your data. We don't run ads. We make money through subscriptions only.

Account data: When you sign in with Google, we receive your name, email address, and profile photo URL from Google's OAuth API. We store these to identify your account.

Room data: We store room codes, creation timestamps, and expiry times. Room codes are randomly generated and expire after 24 hours (anonymous rooms expire after 6 hours). We do not log which photos were cast in a room.

Usage analytics: We collect anonymized, aggregated data about feature usage (e.g., how many rooms are created per day) using privacy-respecting analytics. This data cannot be traced back to an individual user.

What we do NOT collect: Photo contents, video contents, file metadata, EXIF data, location data from photos, or viewing history.

When you connect Google Photos, picNplay requests a read-only OAuth token scoped to photospicker.mediaitems.readonly. You select photos and videos in Google's own Photos Picker, and picNplay can only access the specific items you pick — never your wider library. picNplay never writes to, modifies, or deletes any content in your Google Photos library.

To display the items you pick on your screen, picNplay downloads those specific photos and videos and caches them on our storage so your display device can load them. We only ever process the items you explicitly select; we do not access, scan, or store the rest of your library, and we do not inspect content beyond what is needed to display it.

Limited use: picNplay uses your Google Photos access solely to let you select content to display on your chosen screen. The access token is stored only in your session and is never shared with third parties. We do not use your photos for training, analysis, advertising, or any purpose other than fulfilling your cast requests.

Multi-sender rooms: When multiple people join the same room, each sender authenticates independently. A sender can only pick and cast their own Google Photos; they cannot access another sender's library.

You can revoke picNplay's access at any time via Google Account Permissions. Revoking access does not affect photos you have optionally uploaded to your picnplay library.

picNplay's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, do not allow humans to read it, and do not transfer it to third parties except as necessary to provide the casting service, comply with applicable law, or as part of a merger or acquisition in which users are notified in advance.

• To authenticate your account and maintain your session
• To create and manage casting rooms on your behalf
• To send transactional emails (account verification, password reset)
• To improve the product through aggregated, anonymized analytics
• To process subscription payments via Stripe (payment details are never stored on our servers)

We share your data with the following third parties only as necessary to operate the service:

• Google — we receive authentication tokens and OAuth credentials from Google; we do not send Google user data to Google or any other third party
• Stripe — payment processing for Pro subscriptions
• Vercel / Railway — cloud infrastructure for hosting the application

We do not sell, rent, or trade your personal data to any third party for commercial purposes.

Room data expires automatically after 24 hours (anonymous rooms after 6 hours). Account data is retained as long as your account is active. You may request deletion of your account and all associated data at any time by emailing [email protected]. We will process deletion requests within 30 days.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict certain processing
• Data portability — receive your data in a machine-readable format

To exercise any of these rights, contact [email protected].

The display page (picnplay.com/room/CODE) requires no account and can be opened on any screen — TV, projector, laptop. We log the room code and join time for each display connection so senders can see how many screens are active. We do not log display-side IP addresses beyond standard web server request logs, which are retained for 30 days and used solely for security and uptime monitoring. picNplay does not record, capture, screenshot, or transmit the content shown on the display back to our servers. AirPlay, Chromecast, and similar casting technologies operate entirely within your local network or your device's operating system — they are not integrations with picNplay and no data about that cast is sent to us.

We use essential cookies to maintain your authentication session. We use optional analytics cookies to understand product usage in aggregate. See our Cookie Policy for details.

We may update this policy as the product evolves. Material changes will be communicated via email to registered users. The date at the top of this page reflects the most recent revision.

picnplay Privacy Team
[email protected]