Privacy Policy

1. Introduction

BILDI DIGITAL OÜ ("we," "us," or "our") operates Pictorino ("the Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered portrait generation service.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and Estonian data protection regulations.

2. Information We Collect

Personal Information You Provide

• Account Information: Email address, name (if provided), authentication credentials
• Payment Information: Processed securely through Stripe (we do not store credit card details)
• Profile Photos: Images you upload for AI model training
• Generated Content: AI-generated portraits created using your model
• Communications: Messages you send to our support team

Automatically Collected Information

• Usage Data: Pages visited, features used, generation history
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, access times, referring URLs
• Cookies: Session cookies for authentication and preferences

3. How We Use Your Information

Primary Purposes

• Service Delivery: Training AI models and generating portraits
• Account Management: Authentication, billing, and customer support
• Communication: Service updates, transaction confirmations, support responses
• Improvement: Analyzing usage patterns to enhance our service
• Security: Detecting and preventing fraud or abuse

Legal Basis for Processing (GDPR)

We process your data based on:

• Contract Performance: To provide the services you've purchased
• Legitimate Interests: For security, fraud prevention, and service improvement
• Consent: For optional features and marketing communications
• Legal Obligations: To comply with applicable laws and regulations

4. How We Share Your Information

We do not sell your personal information. We share data only in these circumstances:

Service Providers

• Supabase: Database hosting and authentication services
• fal.ai: AI model training and image generation
• Stripe: Payment processing
• Resend: Email notifications
• Vercel: Website hosting and content delivery

Other Circumstances

• Legal Requirements: When required by law or court order
• Safety: To protect rights, property, or safety of our users
• Business Transfers: In connection with a merger or acquisition
• With Consent: When you explicitly authorize sharing

5. Data Storage and Security

Storage Location and Duration

• Primary Data: Stored on secure servers within the European Union
• Photos and Models: Retained for 6 months (extendable) after last activity
• Account Data: Retained while your account is active
• Transaction Records: Retained for 7 years for tax compliance

Security Measures

• Encryption of data in transit (HTTPS) and at rest
• Secure authentication with optional two-factor authentication
• Regular security audits and vulnerability assessments
• Access controls limiting data access to authorized personnel
• Signed URLs with expiration for image access

6. Your Rights and Choices

Data Subject Rights (GDPR)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your data
• Object: Oppose certain types of processing
• Withdraw Consent: Where processing is based on consent

How to Exercise Your Rights

To exercise any of these rights, contact us at support@pictorino.com. We will respond within 30 days.

Account Deletion

You can request account deletion at any time. Upon deletion:

• Your AI models will be permanently removed
• All generated images will be deleted from our servers
• Personal information will be erased (except where legally required to retain)
• This action is irreversible

7. Cookies and Tracking Technologies

Essential Cookies

We use essential cookies for:

• User authentication and session management
• Security features and fraud prevention
• Remembering your preferences

Analytics

We may use privacy-focused analytics to understand usage patterns. This data is aggregated and does not identify individual users.

Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain features of our Service.

8. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal information from minors. If we discover we have collected data from a child, we will promptly delete it.

Parents who believe their child has provided us with personal information should contact us immediately at support@pictorino.com.

9. International Data Transfers

While we primarily store data in the EU, some of our service providers may process data in other countries. When transferring data outside the EU, we ensure:

• Appropriate safeguards are in place (e.g., Standard Contractual Clauses)
• The receiving country has adequate data protection laws
• Your rights remain protected regardless of location

10. AI-Specific Considerations

How Your Photos Are Used

• Photos are used exclusively to train your personal AI model
• Each user's model is isolated and not shared with others
• We do not use your photos to improve general AI models
• Generated images are created based solely on your trained model

AI Model Deletion

When you delete your account or your model expires, we ensure complete removal of:

• Your trained AI model files
• Training data and parameters
• All derivative works and cached data

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via:

• Email notification to your registered address
• Prominent notice on our website
• In-app notification when you next log in

We encourage you to review this policy regularly. Your continued use after changes indicates acceptance of the updated policy.

12. Data Protection Officer

For privacy-related inquiries or to exercise your rights, contact our Data Protection Officer:

13. Supervisory Authority

If you are unsatisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority. In Estonia, this is: