Privacy Policy

Effective date: 01/01/2025

1. Data controller

The controller of personal data is:

  • Pixel Potion
  • Address: 34660 Cournonterral, France
  • SIRET: 82119066700054
  • Contact: contact@picto.art

2. Data processed

We process the following categories of data:

  • Account and identity: name, email, hashed/encrypted password, profile photo if provided.
  • Authentication: session information, IP addresses, user agent.
  • Billing: Stripe customer ID, subscription status, related billing history.
  • Service usage: descriptions, instructions, archetypes, prompts, generated images, download status.
  • Preferences: colors, font, language, custom instructions, portrait, theme.
  • Support: email exchanges with the support team.

3. Purposes and legal bases

We use this data to:

  • Provide the service and perform the contract (legal basis: performance of the contract).
  • Manage billing and subscriptions (legal basis: performance of the contract and legal obligations).
  • Ensure security, fraud prevention, and service quality (legal basis: legitimate interest).
  • Respond to requests and communications (legal basis: performance of the contract).
  • Process optional elements (e.g., portrait) if provided (legal basis: consent).

4. Recipients and processors

We share certain data with processors strictly necessary to operate the service:

  • Google (Gemini API): image generation and editing.
  • Stripe: payments and subscription management.
  • Vercel Blob: storage of images and files.
  • Resend: sending transactional emails.

5. Image storage and public access

Generated images and portraits are stored via Vercel Blob with public URLs. Anyone with the URL can access them. Do not upload sensitive content.

6. Transfers outside the European Union

Some of our providers may process data outside the European Union. In such cases, appropriate safeguards (such as standard contractual clauses) are implemented.

7. Retention periods

  • Account data is kept as long as the account is active.
  • Billing data is kept for the period required by law.
  • Images, history, and prompts are kept as long as the account is active, or until deletion upon request.

8. Security

We implement technical and organizational measures to protect data (access control, encryption at rest/in transit when applicable, hashed passwords).

9. Cookies and local storage

We use cookies or similar technologies strictly necessary for service operation (authentication, session). Theme preferences may be stored locally in the browser.

10. Your rights

Under the GDPR, you have the rights of access, rectification, erasure, objection, restriction, and portability. You may also withdraw consent at any time.

To exercise your rights, contact us at: contact@picto.art.

You may also file a complaint with the CNIL (www.cnil.fr).

11. Contact

For any privacy-related question, contact us at: contact@picto.art.