Skip to content
Pictage

Privacy Policy

Last updated: 2026-05-13

This Privacy Policy explains how Apache-3 Inc. (“we”, “us”, “our”) collects, uses, and shares personal data when you use pictage (the “Service”) at https://pictage.com.

1. Data we collect

Information you provide:

  • Email address (required for account creation)
  • Name (optional)
  • Profile information you choose to add (headline, skills, resume text, social links)
  • Content you submit to the Service (project ideas, descriptions, files)
  • Payment information (handled by Stripe; we never store full card details)

Information collected automatically:

  • Log data (IP address, browser type, pages visited, timestamps)
  • Usage analytics (which features you use, how often)
  • Cookies and similar technologies (see our Cookie Policy at /cookies)

Information from third parties:

  • Authentication provider data (if you sign in with Google, GitHub, etc.) limited to email + display name + avatar
  • Stripe payment status and subscription details
  • Anthropic / OpenAI: when you generate AI outputs, your prompts are sent to these providers under their privacy terms

2. How we use data

We use the data described above to:

  • Create and manage your account
  • Provide and improve the Service
  • Process payments and send transactional emails (receipts, password resets, magic links)
  • Respond to support requests
  • Detect, prevent, and address fraud, abuse, or technical issues
  • Comply with legal obligations

We do NOT:

  • Sell your personal data
  • Share your content with other users without your consent
  • Use your content to train AI models without explicit opt-in

If you are in the European Economic Area, our legal basis for processing your data depends on the data and context:

  • Contract: processing necessary to provide the Service you signed up for
  • Legitimate interest: improving the Service, fraud prevention, basic analytics
  • Consent: marketing emails, optional analytics cookies
  • Legal obligation: tax records, responding to lawful requests

You may withdraw consent at any time without affecting prior processing.

4. Sharing data with third parties

We share data with:

  • Stripe (payment processing): card details, billing address, transaction history
  • Supabase (database hosting): all account + content data, encrypted at rest
  • Vercel (application hosting): logs, request data
  • Anthropic / OpenAI (AI providers): your prompts when you invoke AI features
  • Google Analytics (web analytics): pseudonymized usage data; can be disabled via cookie settings
  • Service providers under contract: email delivery, error monitoring, with confidentiality obligations

We disclose data when required by law (court orders, subpoenas, government requests).

5. Data retention

  • Account data: retained while your account is active and for 90 days after deletion to comply with audit and legal requirements
  • Logs: retained for 30 days unless required for security investigations
  • Payment records: retained for 7 years for tax compliance
  • Backups: retained per our backup schedule, max 30 days

You can delete your account at https://pictage.com/account; this triggers a hard delete of your account, content, and most associated data within 24 hours, with the exception of legally required retention as noted above.

6. Your rights

Depending on where you live you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data (“right to be forgotten”)
  • Restrict or object to processing
  • Receive your data in a portable format
  • Withdraw consent
  • Lodge a complaint with a supervisory authority

To exercise these rights, email apache3corp@gmail.com. We respond within 30 days.

7. International transfers

Your data may be transferred to and processed in the United States or other countries where we or our service providers operate. We rely on Standard Contractual Clauses or equivalent safeguards for transfers from the European Economic Area.

8. Children’s privacy

The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have collected such data, contact apache3corp@gmail.com and we will delete it.

9. Security

We use industry-standard measures to protect your data, including:

  • TLS encryption in transit
  • AES-256 encryption at rest (Supabase + Stripe)
  • Row-level security on database tables
  • Audit logging of admin actions
  • Regular security reviews

No system is perfectly secure. If you suspect a breach affecting your account, contact apache3corp@gmail.com immediately.

10. Changes to this policy

We may update this policy periodically. Material changes will be communicated via the Service or via email at least 14 days before they take effect.

11. Contact

Questions about this policy or your data? Email apache3corp@gmail.com.

For GDPR/UK GDPR data-protection inquiries, use the same address with subject line “Data Protection”.