Privacy Center
Your privacy matters to us. Learn how we collect, use, and protect your personal information.
Effective Date: January 2024 | Last Updated: June 2026
Quick Links
This Privacy Policy explains how 012VIZ (operating as "Pictosso") collects, uses, discloses, and safeguards your personal information when you visit our website https://pictosso.com/ and use our services.
We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other relevant privacy legislation.
1. Data Controller
The data controller responsible for your personal information is:
012VIZ (Pictosso)
- • Legal form: French limited liability company (SARL)
- • Registration: Fréjus Trade and Companies Registry, number 922 535 828
- • Registered office: 190 boulevard du Vallon, 83700 Saint-Raphaël, France
- • VAT number: FR 04922535828
- • Email: custom@pictosso.com
- • Privacy inquiries: support@pictosso.com
2. Information We Collect
2.1 Information You Provide
We collect information that you voluntarily provide when you:
- Create an account: Name, email address, password (if user accounts are enabled)
- Place an order: Full name, email address, shipping address, billing address, phone number
- Make a payment: Payment information (processed securely through Stripe - we do not store complete card details)
- Contact us: Name, email address, message content, any information you choose to share
- Design your Product: Custom text, uploaded photos, videos, voice content, design preferences, icon selections
- Subscribe to communications: Email address, communication preferences
2.1.a Uploaded photos, videos, and memory content
When you upload personal memories to build your Pictosso, we treat that content as private user material, not as marketing inventory or reusable public content.
- Uploads are sent through encrypted connections.
- Memory content is used only to create, host, display, and deliver your Pictosso experience.
- We do not sell your uploaded photos, videos, or personal messages.
- Visibility depends on the sharing settings you choose inside the product.
2.1.b Photos and videos featuring other people
When you upload content featuring other individuals (family, friends, colleagues), you act as the data controller for their personal data within the meaning of GDPR Article 4(7). By uploading such content, you confirm that:
- You have obtained the consent of the people who appear in the uploaded content, or have another valid legal basis to share their image.
- The content does not infringe on the rights, dignity, or privacy of any third party.
- You will honour any request from a person appearing in your content to have their image removed.
Pictosso acts as a data processor for this content and processes it solely on your instructions. If a third party contacts us regarding content in which they appear, we will forward the request to the account holder.
2.2 Information Collected Automatically
When you use our website, we automatically collect certain information:
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Data: Pages visited, time spent on pages, links clicked, referring website
- Location Data: General geographic location based on IP address
- Cookies and Tracking: Information collected through cookies and similar technologies (see Section 6)
2.3 Information from Third Parties
We may receive information from:
- Authentication services: If you use Google OAuth or other sign-in methods (name, email, profile picture)
- Music platforms: When you connect Last.fm or Spotify accounts (listening history, artist data, album information) - used solely for personalizing your Product
- Payment processors: Stripe provides payment confirmation and transaction data
- Analytics providers: Aggregated usage statistics from analytics services
3. How We Use Your Data
We use your personal information for the following purposes:
Order Fulfillment (Contractual Necessity)
- Processing and fulfilling your orders
- Creating your personalized canvas artwork
- Communicating with you about your order status
- Arranging shipping and delivery
- Processing payments and refunds
Customer Support (Legitimate Interest)
- Responding to your inquiries and support requests
- Troubleshooting technical issues
- Resolving complaints and disputes
Service Improvement (Legitimate Interest)
- Analyzing website usage and user behavior
- Improving our products and services
- Developing new features and functionality
- Personalizing user experience
Marketing Communications (Consent)
- Sending promotional emails and newsletters (with your consent)
- Informing you about new products, features, and offers
- You can opt-out at any time using the unsubscribe link
Legal Compliance (Legal Obligation)
- Complying with legal obligations and regulations
- Preventing fraud and illegal activities
- Enforcing our Terms and Conditions
- Protecting our rights and property
- Responding to legal requests and court orders
4. Data Sharing and Third-Party Service Providers
We do not sell your personal information. We share your data only with trusted service providers necessary for our operations:
| Service Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Gelato Privacy Policy | Printing, framing, and worldwide delivery of your personalized products | Name, shipping address, design data, order details | Global network (15 countries) |
| Stripe Privacy Policy | Secure payment processing | Payment information, billing address, transaction data | United States (GDPR compliant) |
| Vercel / AWS Privacy Policy | Website hosting and infrastructure | All website data, technical logs | European Union / Global |
| Supabase Privacy Policy | Database services, data storage | User data, order information, design data | European Union |
| Cloudinary Privacy Policy | Secure media hosting and delivery for uploaded photos, videos, and other memory files | Uploaded media files, technical metadata needed to process and deliver them | Global infrastructure |
| Last.fm / Spotify | Music data enrichment for personalized designs | Artist names, album data, listening history (with your consent) | Various |
| PostHog Privacy Policy | Product analytics (anonymous usage metrics, pageviews) | Anonymous usage events, pages visited (no personal identifiers) | European Union (EU Cloud) |
| Email Services (Resend) | Transactional emails, order confirmations | Email address, name, order information | United States (GDPR compliant) |
Important: All our service providers are contractually bound to protect your data and use it only for the specified purposes. We ensure they comply with GDPR and other applicable data protection laws.
No resale of memory content: We do not sell or license your uploaded photos, videos, or personal memory content to advertisers or unrelated third parties.
Other Disclosures
We may also disclose your information:
- To comply with legal obligations, court orders, or government requests
- To protect our rights, property, or safety, or that of our users
- In connection with a business transfer, merger, or acquisition
- With your explicit consent for specific purposes
5. Your Privacy Rights
Under GDPR and other data protection laws, you have the following rights:
🔍 Right to Access
Request a copy of the personal data we hold about you.
✏️ Right to Rectification
Request correction of inaccurate or incomplete personal data.
🗑️ Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data in certain circumstances.
⛔ Right to Object
Object to processing of your data for specific purposes (e.g., marketing).
📦 Right to Data Portability
Receive your data in a structured, machine-readable format.
⏸️ Right to Restriction
Request limitation on how we process your data.
🚫 Right to Withdraw Consent
Withdraw consent for data processing at any time (where consent is the legal basis).
How to Exercise Your Rights
To exercise any of these rights, please contact us:
- • Email: support@pictosso.com
- • Subject line: "Privacy Rights Request"
- • Include: Your name, email address, and specific request
- • Response time: Within 30 days of receipt
Identity Verification: To protect your privacy, we may need to verify your identity before processing your request. We may ask for government-issued ID or other verification documents.
Lodge a Complaint
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority:
- France: CNIL (www.cnil.fr)
- EU: Your local data protection authority
- EU Online Platform: https://ec.europa.eu/consumers/odr
Digital DSAR
Submit a GDPR request online
Use our encrypted form to request access, deletion, portability or any other GDPR right. Each submission generates a reference code and is triaged by our Data Protection Officer within 48 hours.
- 30-day statutory response time guaranteed (Article 12 GDPR).
- Evidence stored in the EU (Supabase Frankfurt) with role-based access.
- Identity verification may be required before fulfilling sensitive actions.
Audit ready
Every submission is timestamped, hashed, and stored with its processing status.
Need help?
Email support@pictosso.com or reply to the confirmation email you will receive.
6. Cookies and Tracking Technologies
What Are Cookies?
Cookies are small text files stored on your device when you visit our website. They help us provide you with a better experience and allow certain features to function.
Types of Cookies We Use
🔒 Strictly Necessary Cookies
Essential for the website to function. Cannot be disabled.
- Session management and authentication
- Shopping cart functionality
- Security and fraud prevention
- Preference cookies (language, currency)
📊 Performance/Analytics Cookies
Help us understand how visitors use our website.
- Google Analytics: Traffic analysis, page views, user behavior
- Vercel Analytics: Performance monitoring
- All data is aggregated and anonymized
🎯 Functional Cookies
Remember your preferences and settings.
- Design project saves (local storage)
- User preferences and settings
- Language and region selection
🎨 Marketing Cookies (with consent)
Track your activity for advertising purposes.
- Social media integration (Instagram, LinkedIn)
- Retargeting and advertising campaigns
- Only used with your explicit consent
Browser Storage
We use browser local storage to cache your design projects and icon data. This improves loading speed and allows you to resume your work. This data:
- Does not contain personal information
- Is stored only on your device
- Is not transmitted to our servers unless you save a project
- Can be cleared from your browser settings
Managing Cookies
You can control cookies through:
- Browser Settings: Most browsers allow you to block or delete cookies
- Opt-out Links: Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout
- Cookie Preferences: Update your preferences in our cookie banner (if available)
Note: Blocking cookies may affect website functionality, including the ability to place orders and save your design projects.
7. Data Security
We implement industry-standard security measures to protect your personal data:
🔐 Encryption
SSL/TLS encryption for data transmission, encrypted databases
🛡️ Access Controls
Restricted access to personal data, role-based permissions
🔍 Regular Audits
Security assessments, vulnerability scanning, penetration testing
🔄 Secure Backups
Encrypted backups, disaster recovery procedures
Additional protections for uploaded memories
- Access to uploaded memories is limited according to account permissions and sharing settings.
- Operational access is restricted to authorized personnel and processors who need it to run the service.
- We support deletion and access requests for personal data through our Privacy Center workflow.
Data Breach Notification: In the unlikely event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours as required by GDPR.
While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security but continuously work to protect your data.
8. Data Retention
We retain your personal data only as long as necessary:
| Data Type | Retention Period | Reason |
|---|---|---|
| Order information | 10 years | Legal/tax requirements, warranty claims |
| Account data (if applicable) | Until account deletion | Ongoing service provision |
| Marketing communications | Until opt-out | Consent-based communication |
| Draft Pictossos and related uploaded memories | While the project is active; unpaid Studio drafts are automatically deleted after 30 days unless edited or ordered | Service provision, storage minimization, draft lifecycle |
| Support correspondence | 5 years | Legal protection, quality improvement |
| Analytics data | 26 months | Google Analytics standard retention |
After retention periods expire, we securely delete or anonymize your data. You can request earlier deletion by exercising your Right to Erasure (see Section 5).
9. Children's Privacy
Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@pictosso.com. We will promptly delete such information.
Parental Consent: If you are under 16, please have a parent or guardian review this Privacy Policy and make purchases on your behalf.
10. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, through our service providers (Stripe, Gelato, Vercel).
We ensure adequate protection through:
- Standard Contractual Clauses (SCCs): EU-approved data transfer agreements
- Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
- Privacy Shield / Data Privacy Framework: For US-based processors
- Binding Corporate Rules: Internal policies of multinational processors
All our service providers are contractually obligated to implement appropriate safeguards and comply with GDPR requirements for international data transfers.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make material changes:
- We will update the "Last Updated" date at the top of this policy
- We will notify you via email (if you have provided your email address)
- We may display a prominent notice on our website
- For significant changes, we may request your renewed consent
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Postal Address
012VIZ (Pictosso)
190 boulevard du Vallon
83700 Saint-Raphaël
France
Phone
Available upon request
⚡ Quick Response
We aim to respond to all privacy inquiries within 48 hours and resolve requests within 30 days as required by GDPR.
Additional Resources
For more information about your privacy rights and data protection:
🇪🇺 GDPR Information
https://gdpr.eu/🇫🇷 CNIL (France)
https://www.cnil.fr/📋 Our Terms & Conditions
/general-terms❓ FAQ
/faqLast updated: November 2025
Previous version: January 2024
Effective date: January 2024