Safety & Privacy & GDPR

Can I rely on you and do you backups?

Yes, our servers are connected to the rest of the world several times, backed up and monitored around the clock, so that we can guarantee a network availability of at least 95%. In case of failures, you can be sure, it is in our own interest to get PicDrop back up and running as soon as possible.

Your data is backed up daily. Of course, you can also download a complete backup of your data at any time via your FTP access and have the selections, image comments etc. of all galleries sent to you as a bundled PDF. (soon!)

Note: Your data is safe with us. Nevertheless, we do not see PicDrop as a backup solution for you, but as a tool for communicating with your clients. Solid backups are a completely different subject, and as a photographer, you should always keep in mind delimited backups and a solid data architecture. Your pictures are your capital. By the way, the American photographer Chase Jarvis has prepared more information on this topic very well in his blog.

Who can view and access a gallery?

In principle, anyone to whom you give the direct address of a gallery can also access it. So you alone are responsible for who can see your galleries. We therefore recommend two things:

  1. Protect your galleries with a password, especially when it comes to sensitive topics. (weddings, erotic pictures, company secrets etc…)
  2. Always use secure links and deactivate the clear link of a gallery if necessary. (What exactly is a “secure link”?)

Should I use FTP or SFTP?

We clearly recommend SFTP. The access data remains exactly the same, only the port changes to port 22. The upload via SFTP serves your own security because otherwise you can transfer your access data unencrypted with every login and every upload and someone else can intercept and steal them if necessary.

What exactly is a “secure link”?

If you use the “Secure Link” function, you can give your clients or third parties a link to your gallery from the address with the exact structure of your folder and the gallery structure will not be visible.

For example, would appear as

Someone who only knows this shortened, secure address and has bad intentions cannot simply find out the addresses of your other galleries by analyzing or trying them out.

Of course, you should always protect your galleries with a password that only you and your client know. You can enter it under “Gallery Settings” and select “Gallery Password”. If the item “View sub-galleries” is activated in the parent gallery, your client can, of course, continue to navigate via the navigation on the left side and continue to access parent folders etc..


Where are your servers located?

PicDrop GmbH is a purely German company. All our servers are located at large and well-known providers in Germany. Your data is therefore subject to strict German data protection regulations.

For the reliable delivery of data and for our communication with clients (newsletters, customer support, credit card payments, etc.) we use further, international services and tools from industry-leading companies. It is important to us that each of these companies is contractually bound to the same GDPR obligations towards us, you and your clients.

You can find more information about this in our privacy policy. Furthermore you can sign a Data Processing Agreement (DPA) with us in your account under “Payments & Legal” that lists all companies and service providers we use.

How do I prevent visitors to a gallery from accessing the parent gallery?

To ensure that visitors to a sub-gallery in the left menu do not have access to the parent gallery, the option “Navigation to sub-galleries and vice versa” must be inactive in this parent gallery. Therefore, no one in the parent gallery can see the sub-galleries – and vice versa.

In order to additionally prevent a “clever” visitor from shortening the address of a sub-gallery by one level and still being able to access the parent gallery, we recommend using the “secure link”. This link consists of only one code and does not allow any conclusions on your folder structure. You can find it in the “Send” section.

I have general questions about GDPR.

On May 25, the General Data Protection Regulation (GDPR) was enforced in the EU. This standardizes the strict data protection laws of all European countries and thus ensures an even better and more effective protection of your data as well as the data of your clients.

What changes with the GDPR?

Actually, not much has changed. German legislation on data protection has already been very strict, so the changes are more in the details. The protection of your data has always been an important concern for us, in which we invest a lot of money and effort. Your photos at PicDrop are automatically subject to German jurisdiction and data protection.

What changes for me?

The changes for you can be divided into two areas. The first area concerns your PicDrop account. Not much will change here. We will have revised our data protection regulations at the latest by the time the GDPR is enforced and will inform you in good time. Since your rights as a client are significantly strengthened with the GDPR, this is only to your advantage.

Sharing data? Do we have to do this?

For example, in order to send a newsletter or to debit money for the monthly services from your account, we use other but serious and reliable service providers who support us like any other website. We carefully select these service providers and ensure through contracts that your data is also secure there and that all parties involved are adhering to the high legal data protection standards.

As part of the order processing agreement, we accurately list the service providers we work with and keep you informed of any changes.



Do I have to complete a Data Processing Agreement?

If you process personal data of your clients with the help of a service provider (e.g. PicDrop), it is a Data Processing Agreement (in the past this was called order data processing or ADV; but in principle, it is the same thing). This data processing must be regulated by contract, which ensures that the service provider (i.e. us) adheres to the rules of the GDPR and also ensures the protection of your data (and that of your clients) if it is passed on to third parties.

The conclusion of such an agreement with us is voluntary. The decisive criterion is rather whether you process “personal data” of your clients (i.e. “information that refers to an identified or identifiable natural person”; §4 GDPR) via PicDrop. According to some experts, this term could already include portrait photos. Depending on the nature of your work, however, this may not be necessary. The deciding factor is always the specific individual case. To find out whether this applies to your work, please contact your lawyer or your photographers’ association directly.

Either way, it cannot hurt to conclude a Data Processing Agreement with us.