Privacy Center

Your privacy matters to us. Learn how we collect, use, and protect your personal information.

Effective Date: January 2024 | Last Updated: June 2026

This Privacy Policy explains how 012VIZ (operating as "Pictosso") collects, uses, discloses, and safeguards your personal information when you visit our website https://pictosso.com/ and use our services.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other relevant privacy legislation.

1. Data Controller

The data controller responsible for your personal information is:

012VIZ (Pictosso)

  • • Legal form: French limited liability company (SARL)
  • • Registration: Fréjus Trade and Companies Registry, number 922 535 828
  • • Registered office: 190 boulevard du Vallon, 83700 Saint-Raphaël, France
  • • VAT number: FR 04922535828
  • • Email: custom@pictosso.com
  • • Privacy inquiries: support@pictosso.com

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when you:

  • Create an account: Name, email address, password (if user accounts are enabled)
  • Place an order: Full name, email address, shipping address, billing address, phone number
  • Make a payment: Payment information (processed securely through Stripe - we do not store complete card details)
  • Contact us: Name, email address, message content, any information you choose to share
  • Design your Product: Custom text, uploaded photos, videos, voice content, design preferences, icon selections
  • Subscribe to communications: Email address, communication preferences

2.1.a Uploaded photos, videos, and memory content

When you upload personal memories to build your Pictosso, we treat that content as private user material, not as marketing inventory or reusable public content.

  • Uploads are sent through encrypted connections.
  • Memory content is used only to create, host, display, and deliver your Pictosso experience.
  • We do not sell your uploaded photos, videos, or personal messages.
  • Visibility depends on the sharing settings you choose inside the product.

2.1.b Photos and videos featuring other people

When you upload content featuring other individuals (family, friends, colleagues), you act as the data controller for their personal data within the meaning of GDPR Article 4(7). By uploading such content, you confirm that:

  • You have obtained the consent of the people who appear in the uploaded content, or have another valid legal basis to share their image.
  • The content does not infringe on the rights, dignity, or privacy of any third party.
  • You will honour any request from a person appearing in your content to have their image removed.

Pictosso acts as a data processor for this content and processes it solely on your instructions. If a third party contacts us regarding content in which they appear, we will forward the request to the account holder.

2.2 Information Collected Automatically

When you use our website, we automatically collect certain information:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent on pages, links clicked, referring website
  • Location Data: General geographic location based on IP address
  • Cookies and Tracking: Information collected through cookies and similar technologies (see Section 6)

2.3 Information from Third Parties

We may receive information from:

  • Authentication services: If you use Google OAuth or other sign-in methods (name, email, profile picture)
  • Music platforms: When you connect Last.fm or Spotify accounts (listening history, artist data, album information) - used solely for personalizing your Product
  • Payment processors: Stripe provides payment confirmation and transaction data
  • Analytics providers: Aggregated usage statistics from analytics services

3. How We Use Your Data

We use your personal information for the following purposes:

Order Fulfillment (Contractual Necessity)

  • Processing and fulfilling your orders
  • Creating your personalized canvas artwork
  • Communicating with you about your order status
  • Arranging shipping and delivery
  • Processing payments and refunds

Customer Support (Legitimate Interest)

  • Responding to your inquiries and support requests
  • Troubleshooting technical issues
  • Resolving complaints and disputes

Service Improvement (Legitimate Interest)

  • Analyzing website usage and user behavior
  • Improving our products and services
  • Developing new features and functionality
  • Personalizing user experience

Marketing Communications (Consent)

  • Sending promotional emails and newsletters (with your consent)
  • Informing you about new products, features, and offers
  • You can opt-out at any time using the unsubscribe link

Legal Compliance (Legal Obligation)

  • Complying with legal obligations and regulations
  • Preventing fraud and illegal activities
  • Enforcing our Terms and Conditions
  • Protecting our rights and property
  • Responding to legal requests and court orders

4. Data Sharing and Third-Party Service Providers

We do not sell your personal information. We share your data only with trusted service providers necessary for our operations:

Service ProviderPurposeData SharedLocation
Gelato
Privacy Policy
Printing, framing, and worldwide delivery of your personalized productsName, shipping address, design data, order detailsGlobal network (15 countries)
Stripe
Privacy Policy
Secure payment processingPayment information, billing address, transaction dataUnited States (GDPR compliant)
Vercel / AWS
Privacy Policy
Website hosting and infrastructureAll website data, technical logsEuropean Union / Global
Supabase
Privacy Policy
Database services, data storageUser data, order information, design dataEuropean Union
Cloudinary
Privacy Policy
Secure media hosting and delivery for uploaded photos, videos, and other memory filesUploaded media files, technical metadata needed to process and deliver themGlobal infrastructure
Last.fm / SpotifyMusic data enrichment for personalized designsArtist names, album data, listening history (with your consent)Various
PostHog
Privacy Policy
Product analytics (anonymous usage metrics, pageviews)Anonymous usage events, pages visited (no personal identifiers)European Union (EU Cloud)
Email Services
(Resend)
Transactional emails, order confirmationsEmail address, name, order informationUnited States (GDPR compliant)

Important: All our service providers are contractually bound to protect your data and use it only for the specified purposes. We ensure they comply with GDPR and other applicable data protection laws.

No resale of memory content: We do not sell or license your uploaded photos, videos, or personal memory content to advertisers or unrelated third parties.

Other Disclosures

We may also disclose your information:

  • To comply with legal obligations, court orders, or government requests
  • To protect our rights, property, or safety, or that of our users
  • In connection with a business transfer, merger, or acquisition
  • With your explicit consent for specific purposes

5. Your Privacy Rights

Under GDPR and other data protection laws, you have the following rights:

🔍 Right to Access

Request a copy of the personal data we hold about you.

✏️ Right to Rectification

Request correction of inaccurate or incomplete personal data.

🗑️ Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data in certain circumstances.

⛔ Right to Object

Object to processing of your data for specific purposes (e.g., marketing).

📦 Right to Data Portability

Receive your data in a structured, machine-readable format.

⏸️ Right to Restriction

Request limitation on how we process your data.

🚫 Right to Withdraw Consent

Withdraw consent for data processing at any time (where consent is the legal basis).

How to Exercise Your Rights

To exercise any of these rights, please contact us:

  • Email: support@pictosso.com
  • Subject line: "Privacy Rights Request"
  • Include: Your name, email address, and specific request
  • Response time: Within 30 days of receipt

Identity Verification: To protect your privacy, we may need to verify your identity before processing your request. We may ask for government-issued ID or other verification documents.

Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority:

Digital DSAR

Submit a GDPR request online

Use our encrypted form to request access, deletion, portability or any other GDPR right. Each submission generates a reference code and is triaged by our Data Protection Officer within 48 hours.

  • 30-day statutory response time guaranteed (Article 12 GDPR).
  • Evidence stored in the EU (Supabase Frankfurt) with role-based access.
  • Identity verification may be required before fulfilling sensitive actions.

Audit ready

Every submission is timestamped, hashed, and stored with its processing status.

Need help?

Email support@pictosso.com or reply to the confirmation email you will receive.

Receive a copy of all personal data linked to your account.

40 more characters required0/4000

Data transmitted via HTTPS and stored with encryption-at-rest in EU data centers.

6. Cookies and Tracking Technologies

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide you with a better experience and allow certain features to function.

Types of Cookies We Use

🔒 Strictly Necessary Cookies

Essential for the website to function. Cannot be disabled.

  • Session management and authentication
  • Shopping cart functionality
  • Security and fraud prevention
  • Preference cookies (language, currency)

📊 Performance/Analytics Cookies

Help us understand how visitors use our website.

  • Google Analytics: Traffic analysis, page views, user behavior
  • Vercel Analytics: Performance monitoring
  • All data is aggregated and anonymized

🎯 Functional Cookies

Remember your preferences and settings.

  • Design project saves (local storage)
  • User preferences and settings
  • Language and region selection

🎨 Marketing Cookies (with consent)

Track your activity for advertising purposes.

  • Social media integration (Instagram, LinkedIn)
  • Retargeting and advertising campaigns
  • Only used with your explicit consent

Browser Storage

We use browser local storage to cache your design projects and icon data. This improves loading speed and allows you to resume your work. This data:

  • Does not contain personal information
  • Is stored only on your device
  • Is not transmitted to our servers unless you save a project
  • Can be cleared from your browser settings

Managing Cookies

You can control cookies through:

  • Browser Settings: Most browsers allow you to block or delete cookies
  • Opt-out Links: Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout
  • Cookie Preferences: Update your preferences in our cookie banner (if available)

Note: Blocking cookies may affect website functionality, including the ability to place orders and save your design projects.

7. Data Security

We implement industry-standard security measures to protect your personal data:

🔐 Encryption

SSL/TLS encryption for data transmission, encrypted databases

🛡️ Access Controls

Restricted access to personal data, role-based permissions

🔍 Regular Audits

Security assessments, vulnerability scanning, penetration testing

🔄 Secure Backups

Encrypted backups, disaster recovery procedures

Additional protections for uploaded memories

  • Access to uploaded memories is limited according to account permissions and sharing settings.
  • Operational access is restricted to authorized personnel and processors who need it to run the service.
  • We support deletion and access requests for personal data through our Privacy Center workflow.

Data Breach Notification: In the unlikely event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours as required by GDPR.

While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security but continuously work to protect your data.

8. Data Retention

We retain your personal data only as long as necessary:

Data TypeRetention PeriodReason
Order information10 yearsLegal/tax requirements, warranty claims
Account data (if applicable)Until account deletionOngoing service provision
Marketing communicationsUntil opt-outConsent-based communication
Draft Pictossos and related uploaded memoriesWhile the project is active; unpaid Studio drafts are automatically deleted after 30 days unless edited or orderedService provision, storage minimization, draft lifecycle
Support correspondence5 yearsLegal protection, quality improvement
Analytics data26 monthsGoogle Analytics standard retention

After retention periods expire, we securely delete or anonymize your data. You can request earlier deletion by exercising your Right to Erasure (see Section 5).

9. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@pictosso.com. We will promptly delete such information.

Parental Consent: If you are under 16, please have a parent or guardian review this Privacy Policy and make purchases on your behalf.

10. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, through our service providers (Stripe, Gelato, Vercel).

We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs): EU-approved data transfer agreements
  • Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
  • Privacy Shield / Data Privacy Framework: For US-based processors
  • Binding Corporate Rules: Internal policies of multinational processors

All our service providers are contractually obligated to implement appropriate safeguards and comply with GDPR requirements for international data transfers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes:

  • We will update the "Last Updated" date at the top of this policy
  • We will notify you via email (if you have provided your email address)
  • We may display a prominent notice on our website
  • For significant changes, we may request your renewed consent

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email

support@pictosso.com

For general privacy inquiries

Data Protection Officer

custom@pictosso.com

For privacy rights requests and DPO inquiries

Postal Address

012VIZ (Pictosso)
190 boulevard du Vallon
83700 Saint-Raphaël
France

Phone

Available upon request

⚡ Quick Response

We aim to respond to all privacy inquiries within 48 hours and resolve requests within 30 days as required by GDPR.

Additional Resources

For more information about your privacy rights and data protection:

🇪🇺 GDPR Information

https://gdpr.eu/

🇫🇷 CNIL (France)

https://www.cnil.fr/

📋 Our Terms & Conditions

/general-terms

❓ FAQ

/faq

Last updated: November 2025
Previous version: January 2024
Effective date: January 2024