PictureUs

PictureUs Privacy Policy

Version
v1.0
Last updated
2026-04-06

Operator: PictureUs Labs and affiliates operating the PictureUs service (“PictureUs,” “we,” “us,” or “our”). This Privacy Policy is not a substitute for legal advice; the specific items we collect and the names of subprocessors must be finalized with legal and DPO review before release.

Summary

  • Who we are: PictureUs Labs and affiliates operating PictureUs (“we,” “us”).
  • What we collect: Account and contact data; photos you upload and data derived from them (which may be treated as biometric/sensitive under some laws); usage, device, and log data; payment-related metadata (payments may be handled directly by payment processors); and support communications.
  • Why we process: To provide the Services (including session-specific personalized modeling such as LoRA training and inference), security, fraud prevention, billing and refunds, customer support, and legal compliance.
  • Model training scope: Running your order is different from optional uses such as general model improvement or marketing with identifiable likenesses. We do not use your photos to train models used for other customers’ sessions. Optional uses require separate consent where required.
  • Retention (targets): Original uploads and session training artifacts: target ~30 days after generation completes or earlier on request. Deliverables in your gallery: target ~90 days for re-download and support, then deletion—unless a different period is shown in-product. Security/audit logs may be kept longer as required by law or policy.
  • Sharing & transfers: We use processors (cloud, payments, analytics, AI inference providers). Cross-border transfers receive safeguards and notices as required (e.g., SCCs, assessments, or statutory mechanisms).
  • Your rights: Depending on your location, you may have rights to access, correct, delete, restrict, or port data, and to object or withdraw consent for optional processing. U.S. state privacy laws (e.g., California) may provide additional rights described below.
  • Contact: Use the privacy contact published on our official website.

Detailed terms

1. Scope

This Privacy Policy describes how we collect, use, disclose, and retain personal information when you use PictureUs websites, apps, and related services (the “Services”). If you do not agree, please do not use the Services.

2. Personal Information We Collect

A. Information you provide

- Account registration: email, name or display name, credentials. - Photos and related inputs (selfies, selections, prompts where applicable). - Payment information: typically handled by third-party processors; we may receive limited billing metadata. - Communications you send to support.

B. Information collected automatically

- Device and browser data, IP address, cookies and similar technologies, diagnostics, timestamps, and usage logs.

C. Inferences

- We may derive technical inferences to operate the Services (e.g., quality checks). We avoid high-risk inferences unrelated to the Services.

3. Sensitive / Biometric Categories

Photos may reveal biometric information or be classified as sensitive personal information under U.S. state laws or other regimes. Where required, we obtain explicit consent (or equivalent), limit processing to disclosed purposes, and honor withdrawal requests subject to law.

4. Purposes of Processing (legal bases)

Depending on jurisdiction, we rely on contract performance, consent (especially for optional processing), legitimate interests (security, analytics in non-identifying form), and legal obligations.

5. How AI Processing Works (PictureUs-specific)

- Session delivery: We process your uploads to train and run personalized models for your session and generate Deliverables. We do not reuse your uploads across other customers’ paid sessions for their generation. - Service improvement (optional): General model retraining, public marketing using identifiable likenesses, or research outside service delivery occur only with separate opt-in where legally required. - Aggregated analytics: We may use de-identified or aggregated metrics.

6. Disclosures

We do not sell personal information for money. We disclose information to:

- Service providers / processors under contracts (hosting, payments, email, security, AI inference APIs). - Authorities when required by law or to protect rights and safety. - Corporate transactions (merger/acquisition) with appropriate safeguards.

7. International Transfers

If we transfer personal information across borders, we implement appropriate safeguards (e.g., Standard Contractual Clauses, transfer impact assessments, or statutory exceptions) and provide notices/consents as required.

8. Retention

Retention follows the periods stated in the Summary and in-product settings, with these principles:

- Delete or anonymize when no longer needed for the purpose, unless a longer retention is required by law or legitimate security/audit needs. - Account deletion requests: we delete or anonymize personal data subject to legal holds.

9. Security

We use administrative, technical, and organizational measures designed to protect personal information. No method is 100% secure.

10. Your Privacy Rights

General: You may contact us to exercise rights available in your jurisdiction.

European Economic Area / UK (if applicable): Rights under GDPR may include access, rectification, erasure, restriction, portability, objection, and complaint to a supervisory authority.

Republic of Korea (if applicable): Rights under PIPA may include access, correction, deletion, suspension of processing, and consent withdrawal for optional processing.

11. U.S. State Privacy Notice (California and others)

If you are a California resident, the following additional disclosures may apply (and similar rights may exist in other U.S. states):

- Categories collected (illustrative): identifiers; commercial information; internet/network activity; geolocation (if collected); audio/electronic/visual information (photos); inferences. - Sensitive personal information (as defined by law) is used only as permitted (service delivery, security, short-term transient use, legal compliance, or with consent). - “Sale” / “sharing” for cross-context behavioral advertising: We do not sell personal information. If we ever engage in sharing for advertising, we will provide a “Do Not Sell or Share My Personal Information” link and honor Global Privacy Control signals where required. - Rights: access/know, delete, correct, opt-out of sale/share (if applicable), limit use of sensitive information (if applicable), and non-discrimination for exercising rights. Authorized agents may submit requests as permitted by law. - Retention: Described above; specific CCPA retention descriptions can be expanded in an internal RMIS spreadsheet mirrored on the site if required.

To submit requests, email the address posted on our website or use any webform we provide. We may verify your identity before responding.

12. Children

The Services are not directed to children under 13 (or a higher age where required). We do not knowingly collect personal information from children without proper parental consent.

13. Third-Party Links

Third-party sites and services have their own policies.

14. Changes

We will post updates with a new Last updated date and, where required, obtain additional consent.

15. Contact

Privacy inquiries: use the contact information on https://pictureus.ai (or the then-current official domain).

---