Last updated: February 10, 2026
Picweave ("we," "us," or "our") is operated by Centricle LLC. This Privacy Policy explains how we collect, use, and protect your personal information when you use picweave.us (the "Service").
When you create an account, we collect your email address, display name, and password. Authentication is handled by Supabase.
When you use the Service, we store the data you create, including: timeline titles, descriptions, and date ranges; uploaded photos and their metadata (EXIF timestamps, GPS coordinates, file sizes); contributor information (display names, invite tokens); and timeline sharing tokens.
If you use the trial mode without an account, your data is stored in your browser's IndexedDB (up to 10 photos) and is not sent to our servers. If you contribute photos via an invite link without an account, your display name (text only — no email or account required) and photos are stored on our servers and attributed to you within that timeline.
Photos uploaded by contributors are processed the same way as timeline owner photos. We extract EXIF metadata client-side before upload, including GPS coordinates (latitude and longitude), device timestamps, and image dimensions. This data is stored in our database and used to sort photos chronologically and display locations on map views in shared timelines. GPS data from contributor photos is visible to the timeline owner and anyone with a share link.
When you upload photos, we extract EXIF metadata (date taken, GPS coordinates) to sort photos chronologically and display them on a map. This metadata is stored alongside your photos. If your photos do not contain EXIF data, you can manually set timestamps.
With your consent, we collect anonymized usage data through Google Analytics, including pages visited, time spent, device type, browser, and general geographic region. This data is not linked to your account.
We use the following third-party services to operate Picweave:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, photo storage | Account info, timeline data, photos |
| Google Maps Platform | Photo location display | GPS coordinates from photos |
| Google Analytics | Usage analytics (consent-gated) | Anonymized browsing data |
| Netlify | Hosting & serverless functions | HTTP request data |
Each service operates under its own privacy policy. We encourage you to review them.
We use minimal cookies and browser storage:
| Item | Type | Purpose | Required |
|---|---|---|---|
| Supabase auth token | localStorage | Keeps you signed in | Essential |
| picweave_analytics_consent | localStorage | Remembers your analytics choice | Essential |
| Trial mode data | IndexedDB | Stores photos and timeline in trial mode | Essential |
| Google Analytics cookies | Cookies | Usage analytics | Optional (consent-gated) |
We do not use advertising or retargeting cookies. Google Analytics cookies are only set after you accept analytics via the consent banner. You can change your choice at any time by clearing your browser's local storage for this site.
We retain your data for as long as your account is active. If you delete your account, we will remove your personal data and uploaded photos within 90 days. Anonymized analytics data may be retained indefinitely.
We use reasonable measures to protect your information, including encryption in transit (HTTPS), secure authentication, and row-level security on our database. Photos are stored in Supabase Storage with access controls. No method of transmission over the Internet is 100% secure, so we cannot guarantee absolute security.
Picweave is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.
You have the right to:
To exercise any of these rights, contact us.
If you are a resident of California, Virginia, Colorado, Connecticut, or another US state with consumer privacy laws, you may have additional rights including:
To exercise these rights, contact us.
If you contributed photos to a timeline via an invite link without creating an account, you have the right to request removal of your photos and display name from our servers. To request removal, contact the timeline owner directly or contact us.
We will process removal requests within 30 days. Note that if the timeline or the timeline owner's account is deleted, all contributed photos are also deleted.
In the event of a data breach affecting your personal information, we will notify affected users within 72 hours via email (for account holders) or through a notice on the Service. We will also notify relevant authorities as required by applicable law.
Centricle LLC is based in the United States. If you access the Service from outside the US, your data is transferred to and processed in the United States.
Our legal bases for processing personal data under the GDPR include:
International users have the right to:
To exercise these rights, contact us.
We do not currently respond to Do-Not-Track browser signals. However, you can decline analytics cookies via our consent banner to prevent any non-essential tracking.
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. For material changes, we will provide notice through the Service.
If you have questions about this Privacy Policy, please contact us.