← Back to Pic2Plan

Privacy Policy

Last updated: 23 March 2026

Pic2Plan is a mobile app that helps you turn letters, documents, emails, screenshots and messages into calendar events using AI. This Privacy Policy explains how we use your personal data when you use our app or visit pic2plan.io.

If you have any questions, please contact us at support@pic2plan.io.

1. Who we are

Pic2Plan is owned and operated by The Contract Studio UK Ltd, a company registered in England and Wales.

For data protection purposes, The Contract Studio UK Ltd is the data controller of your personal data.

We are registered with the Information Commissioner's Office (ICO) under registration number ZC108982.

We are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What data we collect

We collect the following categories of information when you use Pic2Plan:

Account data

• Your email address and name, when you sign in with Google or Apple.
• Authentication identifiers provided by Google or Apple.

Scanned images and content

• Photos, screenshots and other images that you upload to the app for processing.
• The text extracted from those images using our AI tools.

Event data

• Events created from your scans, including title, date, time, location and description.
• Whether events are shared with other people or synced with your external calendar.

Contacts and groups

• Email addresses of family, friends and team members that you choose to add or share events with.
• Group names and group membership.

Device and technical data

• Device type, operating system version, app version and a push notification token so we can send you notifications.
• Log data about your use of the app (for example sign-in events, errors and crashes).

Usage and subscription data

• Number of scans you perform (for example, to apply the free allowance).
• Your subscription status (free, monthly or annual) and renewal dates.
• We do not receive your full payment card details; these are handled by Apple and Google.

3. How we use your data and lawful bases

We only use your personal data when we have a lawful basis under UK GDPR.

To provide and operate the app

• Creating and maintaining your account.
• Processing your uploaded images into text and events.
• Storing your events and groups and enabling sharing and calendar sync.
• Sending you service-related notifications (such as reminders and important updates).

Lawful basis: performance of a contract (our Terms of Service) and legitimate interests in running our app.

To use AI to extract information from your images

• Sending your images to an AI model to extract dates, times, locations and other relevant text.

Lawful basis: performance of a contract and legitimate interests in providing an accurate, automated service.

To share events and communicate with your contacts

• Sending emails so that your chosen recipients receive shared events or invitations.

Lawful basis: performance of a contract (at your request) and legitimate interests in enabling you to share events.

To sync with Google Calendar

• With your explicit Google OAuth consent, we access and write calendar events in your Google account as instructed by you.

Lawful basis: consent and performance of a contract.

To manage freemium limits and subscriptions

• Tracking how many scans you have used under the free tier.
• Checking your subscription status and entitlements.

Lawful basis: performance of a contract and legitimate interests in operating a sustainable business model.

To improve and protect our service

• Monitoring usage and app performance, fixing bugs, preventing abuse and improving features.

Lawful basis: legitimate interests in maintaining and improving our service.

To comply with legal obligations

• Keeping records required by law, responding to lawful requests and enforcing our legal rights.

Lawful basis: legal obligation and legitimate interests.

4. AI processing and third-party services

We rely on trusted third-party providers to deliver the app:

• Anthropic (Claude AI) – we send your scanned images to Anthropic so their models can extract text and relevant details.
• MongoDB Atlas – we store your account and event data in a MongoDB database. Our production database is hosted in Ireland (EU) data centres provided by MongoDB Atlas on Amazon Web Services.
• SendGrid (Twilio) – we use SendGrid to send transactional emails such as shared event emails and account messages.
• Google – we use Google for authentication (Google Sign-In) and, if you choose, for Google Calendar sync.
• Apple – we use Sign in with Apple for authentication and Apple App Store for subscription payments.
• Expo / EAS and push notification services – we use these to deliver the app and send push notifications to your device.
• Apple App Store and Google Play – they handle subscription payments and may process your personal data as separate controllers.

These third parties act as processors or independent controllers depending on the service. We only share the minimum data needed for them to perform their functions, and we have appropriate agreements in place where required.

5. Data retention

• Account and event data – we keep this while your account is active.
• If you delete your account, we will delete or anonymise your personal data within 30 days, unless we need to keep some information for legal or accounting reasons.
• Emails sent to your contacts – copies may be retained in our email logs for a limited period to ensure delivery and prevent abuse.
• Scanned images – uploaded images are temporarily processed and are deleted shortly after processing and creation of events. We do not store them permanently.

6. International transfers

Some of our service providers may process your data outside the UK and the European Economic Area (EEA). Where this happens, we make sure that appropriate safeguards are in place, such as adequacy regulations or standard contractual clauses approved by the UK Government or European Commission.

7. How we share your data

We do not sell your personal data.

We will share your data only with:

• The third-party providers listed above, to help us deliver the app.
• The contacts you choose to share events with (for example, family or team members) – they will see the event details you share.
• Authorities or third parties where we are required by law or need to protect our rights, users or others.
• Professional advisers (such as lawyers or accountants) where necessary.

8. Your rights

You have a number of rights over your personal data, subject to certain exemptions:

• Access – to request a copy of your personal data.
• Rectification – to correct inaccurate or incomplete data.
• Erasure – to ask us to delete your data in certain circumstances.
• Restriction – to limit how we use your data in some situations.
• Objection – to object to certain types of processing, including where we rely on legitimate interests.
• Portability – to request that we transfer your data to you or another provider in a structured, commonly used, machine-readable format where technically feasible.
• Withdraw consent – where we rely on consent (for example, Google Calendar access).

You can exercise these rights by contacting support@pic2plan.io. We may need to verify your identity before acting on your request.

If you are unhappy with how we handle your data, you can complain to the Information Commissioner's Office (ICO) at ico.org.uk, but we would appreciate the chance to resolve your concerns first.

9. Children

Pic2Plan is not directed at children and is intended for users aged 13 and over.

Under UK GDPR, children aged 13 or over can generally consent to online services themselves. We do not knowingly collect personal data from children under 13, and if we become aware that a child under 13 has provided us with personal data, we will delete it.

10. Security

We take appropriate technical and organisational measures to protect your personal data against loss, misuse and unauthorised access. No system can be completely secure, but we work to keep your data as safe as reasonably possible given the nature of our service.

11. Cookies and similar technologies

When you visit pic2plan.io, we may use cookies or similar technologies to make the site work and to understand how it is used.

• Essential cookies are needed for basic site functionality.
• Non-essential cookies (for example analytics or advertising cookies) require your consent under UK law, which we gather via a banner when they are used.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes to the app or to the law. We will post the updated version on pic2plan.io and, where appropriate, notify you in the app or by email. Your continued use of Pic2Plan after any changes means you accept the updated policy.