Privacy Policy

Last updated: 18 August 2025

This Privacy Policy describes how Damian Janik ("we", "us", or "our") processes personal data in connection with SocialGallery(the "Service") on damianjanik.com (the "Website"). We act as the data controller for the processing described here.

1. What data we process

• Account and contact details you provide to us or our clients (e.g., name, email) to enable and support the Service.
• Facebook data you explicitly authorize via Facebook Login, which may include basic profile identifiers and metadata required to discover and display the posts/photos you choose for your gallery.
• Authentication tokens (Facebook OAuth access tokens) to retrieve the authorized content. Tokens are stored securely and typically expire after 60 days unless reauthorized sooner or revoked by you.
• Technical data such as device, browser/user agent, IP address, and logs for security, diagnostics, and service improvement.

2. Purposes and legal bases (GDPR Art. 6)

• Provide and operate the Service (performance of a contract, Art. 6(1)(b)), including authenticating via Facebook and rendering your gallery.
• Security, abuse detection, and service improvement (legitimate interest, Art. 6(1)(f)).
• Compliance with legal obligations (Art. 6(1)(c)).
• Where required, we will rely on your consent (Art. 6(1)(a)) and allow you to withdraw it at any time without affecting the lawfulness of processing before withdrawal.

3. Data retention

• Facebook access tokens are retained only as long as necessary to provide the Service and generally expire after 60 days unless you reauthorize sooner. When a token expires or is revoked, token-based access to your Facebook data stops.
• Gallery configuration and related cached metadata are kept until you remove them or your account/data is deleted.
• Operational logs and backups are retained for a limited period (typically up to 90 days) for security, troubleshooting, and compliance, then deleted or anonymized.

4. Data deletion and revocation

You can revoke SocialGallery's access via your Facebook account settings at any time. This prevents future retrieval of your Facebook data. You can also request deletion of data associated with the Service as described below.

1. Revoke access on Facebook: Settings > Privacy & Settings > Apps and Websites (or Business Integrations) > Remove "SocialGallery".
2. Request deletion from our systems: email [email protected] with subject "SocialGallery Data Deletion". Include your full name, the Facebook profile or Page ID connected to the Service, and (if applicable) the domain where the integration was used.

We will verify your request and delete associated data within 30 days, unless retention is required by law or for security and fraud prevention.

5. Sharing and international transfers

We do not sell your personal data. We share data with service providers that host, operate, or secure the Service (e.g., cloud providers, logging, databases) under contracts requiring appropriate safeguards and use only per our instructions. Data may be processed outside your country; where applicable, we rely on appropriate transfer safeguards (e.g., SCCs).

6. Your rights (GDPR)

• Right of access to your personal data.
• Right to rectification of inaccurate data.
• Right to erasure ("right to be forgotten").
• Right to restriction of processing.
• Right to data portability.
• Right to object to processing based on legitimate interests.
• Right to withdraw consent at any time (where processing is based on consent).
• Right to lodge a complaint with a supervisory authority.

7. Security

We implement reasonable technical and organizational measures to protect your data. While no system is perfectly secure, we continually improve our safeguards against unauthorized access and misuse.

8. Children

The Service is not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has provided data, please contact us so we can delete it.

9. Changes to this policy

We may update this policy from time to time. We will post updates here with a new "Last updated" date. Material changes may be notified where appropriate.

10. Contact

For privacy inquiries, to exercise your rights, or to request deletion, contact us at [email protected].