1. Information We Collect

Information You Provide

Account Information: Email address, name, and profile picture (when using Google Sign-In)
Images: Photos you upload for processing
Prompts & Settings: Text prompts and transformation settings you use
Showcase Content: Images and descriptions you choose to share publicly
Payment Information: Processed securely by our payment providers (we don't store card details)

Information Collected Automatically

Usage Data: Features used, processing frequency, and error logs
Device Information: Browser type, operating system, screen resolution
IP Address: Used for rate limiting and abuse prevention
Cookies: Session management and preferences (essential cookies only)

Information We DON'T Collect

Tracking cookies or advertising identifiers
Location data (beyond general region from IP)
Biometric data or facial recognition profiles
Contact lists or social media connections

2. How We Use Your Information

Primary Uses

Service Delivery: Process and transform your images as requested
Account Management: Maintain your account, history, and preferences
Communication: Send service updates, respond to support requests
Improvement: Analyze usage patterns to enhance features and fix bugs
Security: Prevent abuse, fraud, and unauthorized access

AI Processing

When you use our AI features:

Images are processed using Google Gemini, OpenAI, or local processing
We don't use your images to train AI models
Prompts may be logged for quality improvement (anonymized after 30 days)
Processed images are deleted from our servers after 30 days unless saved to your account

3. Data Storage and Security

Where Your Data Lives

Local Processing: Many features run entirely in your browser
Temporary Storage: Images in processing queue (deleted after completion)
Account Data: Stored securely on Supabase (PostgreSQL database)
CDN Cache: Processed images cached for performance (30-day retention)

Security Measures

End-to-end encryption for data transmission (HTTPS/TLS)
Encrypted database storage
Regular security audits and updates
Access controls and authentication
Rate limiting to prevent abuse
No storage of payment card details

4. Information Sharing

We Share Data Only When:

You Explicitly Share: Posting to the community showcase
Service Providers: AI processing (Gemini, OpenAI), hosting (Vercel), database (Supabase)
Legal Requirements: Court orders, law enforcement requests (we'll notify you when possible)
Safety: To prevent harm, fraud, or security threats
Business Transfer: If PicForge is acquired (with notice to users)

We NEVER:

Sell your personal information
Share images without your permission
Use your content for advertising
Allow third-party tracking

5. Your Rights and Controls

You Have the Right To:

Access: Download your data and processing history
Correction: Update incorrect information
Deletion: Request account and data deletion
Portability: Export your data in standard formats
Object: Opt-out of certain data uses
Restrict: Limit how we process your data

Privacy Controls

Delete individual images from history
Clear all processing history
Make showcase submissions private
Disable account features while keeping data
Export all data before deletion

6. Cookies and Tracking

PicForge uses only essential cookies for:

Session management (keeping you logged in)
Security tokens (CSRF protection)
User preferences (theme, settings)
Rate limiting (preventing abuse)

We do NOT use advertising cookies, analytics trackers, or third-party cookies.

7. Children's Privacy

PicForge is not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately for removal.

8. International Data Transfers

Your data may be processed in the United States where our servers are located. We ensure appropriate safeguards are in place for international transfers, including:

Standard contractual clauses with service providers
Encryption for all data transfers
Compliance with GDPR and CCPA requirements

9. Data Retention

Data Type	Retention Period
Uploaded images (not saved)	24 hours
Processed images (not saved)	30 days
Saved images (user account)	Until deleted by user
Account information	Until account deletion
Usage logs	90 days
Payment records	7 years (legal requirement)

10. Privacy Policy Changes

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

Email notification to registered users
Prominent notice on our website
In-app notification

Continued use after changes indicates acceptance of the updated policy.

11. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

Right to know what personal information is collected
Right to know if personal information is sold (we don't sell data)
Right to opt-out of sale (not applicable as we don't sell data)
Right to deletion
Right to non-discrimination for exercising privacy rights

12. European Privacy Rights (GDPR)

If you're in the European Economic Area, you have rights under GDPR including:

Legal basis disclosure (we process based on consent and legitimate interests)
Data protection officer contact (privacy@picforge.com)
Right to lodge complaints with supervisory authorities
Automated decision-making disclosure (AI processing with human oversight)

13. Contact Us

For privacy concerns, questions, or to exercise your rights, contact us at:

Email: privacy@picforge.com
Data Protection Officer: dpo@picforge.com
Mailing Address:
PicForge Privacy Team
123 AI Boulevard
San Francisco, CA 94105
United States

Privacy at a Glance

✓ We process images locally when possible
✓ We never sell your personal data
✓ You own your images and creations
✓ We delete temporary data automatically
✓ You can delete your account and data anytime
✓ We use only essential cookies
✓ We comply with GDPR and CCPA

Last Updated: October 1, 2025
Version: 2.0

Privacy Policy

Our Privacy Commitment