PicPhoto Privacy Policy

Last updated: November 27, 2025

1. About PicPhoto

PicPhoto is an AI product-photography workspace built for independent sellers, commerce brands, and creators. Our suite covers AI Product Photography, Background Remover, Image Upscaler, Magic Eraser, and Batch Photo Editor so that a quick phone shot can become Amazon, Shopify, Temu, or Etsy ready within minutes. This document explains how we handle data when you access picphoto.ai-photogenerator.org and related applications (collectively, the “Service”).

2. Data We Collect

Account & contact details: Name, email, password hash, organization name, preferred language, and your storefront or brand alias provided during sign-up or login so we can create your account and send essential notices.
Business & usage context: Marketplace preferences, SKU tags, industry labels, prompt templates, usage frequency, and the last workflow you opened in Solutions (such as Amazon Sellers, Fashion & Apparel, Social Media) to recommend relevant flows and dashboard cards.
Uploaded assets & prompts: Product photos, reference models, logos, background assets, prompts/negative prompts, and generation settings. They are stored in our managed object storage and used only to deliver the requested AI tools and to improve output quality.
Outputs & review logs: Thumbnails, watermarked variants, moderation state, export sizes, and deletion timestamps so that we can offer history, restore options, and compliance investigations for marketplaces like Amazon or Shopify.
Device & technical data: IP address, browser user-agent, device type, locale, page performance metrics, plus anonymous heatmaps/session replays from Microsoft Clarity for security, debugging, and UX optimization. You can disable or clear cookies at the browser level.
Payment & billing data: When you upgrade a plan or buy extra credits we receive billing contact info, invoicing address, tokenized payment method data, and transaction amounts from our payment processor. We do not store full card numbers.

3. How We Use Data

Deliver core functionality: Generate photos, remove backgrounds, upscale images, and export batches according to your prompts and uploads.
Product improvement: Analyze template popularity, model parameters, and error rates to prioritize enhancements across AI Product Photography and other flagship flows.
Security & compliance: Detect abuse (e.g., copyrighted or illegal uploads), monitor suspicious logins, and satisfy audits from commerce platforms.
Communications: Send product updates (such as new Nano Banana Pro models), education, or billing alerts to users who opted in. You can unsubscribe anytime.

We never sell your personal information. We only share the minimum data necessary in these cases:

Infrastructure providers: Supabase (Postgres/storage), Cloudflare (CDN and edge execution), Vercel/Cloudflare Pages (static hosting) to run the Service.
Payments & finance: Stripe or equivalent processors for transactions and tax compliance.
Analytics & logging: Microsoft Clarity and our internal logging stacks for performance and availability research.
Legal & safety: When required by law or to protect PicPhoto, our users, or the public from harm. All partners are bound by contractual data-protection obligations and may only process data based on our instructions.

5. Storage & Security

Primary data resides in Supabase data centers located in the United States and is accessed via Drizzle ORM.
Generated assets and reference uploads are saved inside a private Supabase Storage bucket. They never live in a public CDN; instead we only expose short-lived, signed URLs (default validity 1 hour) or proxy downloads from our API so that third parties cannot enumerate or guess asset links. Object keys are stored in the database for auditing, and access to raw files is limited to on-call engineers with just-in-time credentials.
Uploads go through virus scanning and type validation before persistence; files are encrypted at rest by the cloud provider and transmitted over HTTPS/TLS.
We enforce role-based access control, audit logs, multi-factor authentication, and periodic security reviews. No online system is perfectly secure, so refrain from uploading confidential information that is not essential.

6. Retention & Deletion

Account data is deleted 30 days after you close the account unless we must preserve it longer for legal obligations.
Uploaded assets and generated results are retained for 180 days by default to enable reuse. You may delete items in the console; we purge them from production within 24 hours and from backups within 30 days.
Billing records must be kept for at least 7 years to satisfy U.S. tax regulations.

7. Your Rights

You may access, export, correct, or delete your personal information, and you can request restrictions or object to certain processing activities. Contact support@ai-photogenerator.org and we will respond within 30 days. If you reside in the EU, you may also lodge a complaint with your local supervisory authority.

8. International Transfers

We operate from the United States and our cloud resources are hosted there. By using the Service from another region you acknowledge that your data will be transferred to the U.S. and protected as described in this policy.

9. Children

PicPhoto is designed for professional users aged 13 or older (or the higher age required by your jurisdiction). We do not knowingly collect data from children; if we learn that we have, we will delete it promptly.

10. Changes

Whenever we launch new AI tools or update our data practices, we will revise this policy, update the effective date above, and provide email or in-product notice for material changes. Continued use of the Service after the updates means you accept the revised policy.

11. Contact

Website: https://ai-photogenerator.org
Email: support@ai-photogenerator.org
Legal correspondence: Please email us first to obtain the most up-to-date mailing address before sending physical documents.

Thank you for trusting PicPhoto. Reach out anytime if you have questions about this policy.