PicTwinAI

Privacy Policy

Last updated: November 13th, 2025

This Privacy Policy applies to the website pictwinai.com and all its subdomains (the "Sites"), together with the PicTwinAI web applications and services (the "Services"), owned and operated by Josip Ledic (Sole Proprietor Business, collectively, "Josip Ledic", "we", "us", or "our"). This Privacy Policy describes how we collect, use, share, and secure the personal information you provide to us. It also describes your choices regarding use, access, correction, and deletion of your personal information.

For our Terms of Service, please visit /terms.

1. What Data We Collect

We collect both information you knowingly and actively provide us when using or participating in any of our services and promotions, and any information automatically sent by your devices in the course of accessing our products and services.

We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.

We do not sell your personal information or any data you enter into our Services in any way.

2. How We Collect Information

We collect the following personal information from you:

Information That You Provide to Us About Yourself

When you sign up for the Services, we request information such as:

  • Contact Information: such as name and email address.
  • Unique Identifiers: such as username, account number or password.
  • Business-Related Information: Company name, company size, and business type.

Information Collected Automatically

When you visit our website, our servers automatically log standard data provided by your web browser. This may include your device's Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.

Training Images (Uploaded Photos)

When you upload photos for AI model training, they are transmitted directly to our AI processing provider (fal.ai) via secure connection. PicTwinAI does not store training images on our servers. The images are sent to fal.ai for processing, where they are used solely for training your custom AI model.

Generated Images and AI Models

Trained AI models and images generated by your models are stored on fal.ai's infrastructure, not on PicTwinAI servers. We store only metadata (image URLs, generation parameters, timestamps, and model references) to display your gallery and enable service functionality. fal.ai stores generated content with a minimum 7-day retention guarantee. We strongly recommend downloading your AI models and generated images if you wish to keep them permanently. When you delete your account, we remove all metadata references. Account deletion requests can be forwarded to fal.ai manually.

3. Third-Party Service Providers

We use the following third-party service providers to operate our business and deliver the Services. Each provider processes data on our behalf in accordance with their respective privacy policies:

fal.ai (AI Processing & Image Hosting)

  • Purpose: AI model training and image generation infrastructure
  • Data Processed: Training images you upload, AI-generated images, trained AI models, model configurations
  • Storage: All trained models and generated images are stored on fal.ai's servers with minimum 7-day retention. PicTwinAI does not store your actual image files - we only store metadata (URLs and references).
  • Data Usage: Your training images and generated outputs are not used to train or retrain AI models.
  • Privacy Policy: fal.ai Privacy Policy

Clerk (Authentication)

  • Purpose: User authentication and session management
  • Data Processed: Email address, name, authentication tokens
  • Cookies: __session, __client_uat (essential cookies only)
  • Privacy Policy: Clerk Privacy Policy

Stripe (Payment Processing)

  • Purpose: Payment processing and subscription management
  • Data Processed: Payment card information, billing address, transaction history
  • Note: Payment card details are processed directly by Stripe and never stored on our servers
  • Privacy Policy: Stripe Privacy Policy

Sentry (Error Monitoring)

  • Purpose: Application error monitoring and debugging
  • Data Processed: Error logs, stack traces, anonymized usage data
  • Privacy Policy: Sentry Privacy Policy

Rybbit (Privacy-First Analytics)

  • Purpose: Website analytics and usage statistics
  • Data Processed: Page views, referrers, anonymized device/browser info
  • Cookieless: No cookies or cross-site tracking
  • Privacy-First: No personally identifiable information collected
  • Privacy Policy: Rybbit Privacy Policy

Google Ads (Conversion Tracking)

  • Purpose: Advertising conversion measurement and campaign optimization
  • Data Processed: Page visits, conversions, transaction values, browser/device information
  • Consent Required: Only active if you grant marketing consent in our cookie banner (Google Consent Mode v2 compliant)
  • Cookies Used: _gcl_*, _gac_*, IDE (conversion tracking cookies)
  • Duration: Up to 90 days
  • Opt-Out: You can opt out by selecting "Essential only" in the cookie banner or via browser settings
  • Privacy Policy: Google Privacy Policy
  • Google Ads Settings: Manage your Google Ads preferences

Data Processing Agreements: All service providers listed above operate under data processing agreements or terms that comply with GDPR and other applicable data protection regulations.

4. Cookies and Local Storage

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.

Essential Cookies (Authentication)

We use essential cookies provided by Clerk (our authentication provider) to keep you logged in and secure your session. These cookies are strictly necessary for the website to function and cannot be disabled.

Clerk Authentication Cookies:

  • __session - Session cookie that keeps you logged in (Purpose: Authentication and session management, Duration: Session - deleted when browser closes)
  • __client_uat - Client update-at-time token (Purpose: Track authentication state updates, Duration: Persistent, synced with session)

Marketing & Analytics Cookies (Optional - Requires Consent)

These cookies are only activated if you grant marketing consent in our cookie banner. They help us measure the effectiveness of our advertising campaigns.

Google Ads Conversion Tracking Cookies:

  • _gcl_* - Google Click ID cookies (Purpose: Track ad clicks and conversions, Duration: Up to 90 days)
  • _gac_* - Google Analytics Campaign cookies (Purpose: Track campaign performance, Duration: Up to 90 days)
  • IDE - DoubleClick cookie (Purpose: Measure ad conversion and retargeting, Duration: Up to 13 months)

Your Choice: When you first visit our website, you'll see a cookie banner with two options:

  • "Accept all" - Enables all cookies including marketing cookies (Google Ads tracking)
  • "Essential only" - Only uses essential authentication cookies (no marketing or analytics tracking)

Local Storage

We use browser local storage to save your preferences and improve your experience. This data is stored locally on your device and is not transmitted to our servers.

  • cookieConsent - Stores your cookie consent choice: "all" (accepted marketing cookies) or "essential" (essential only). This prevents the banner from showing repeatedly. Duration: Persistent until cleared.

What We Do NOT Use

  • No Data Selling - We never sell your personal data to third parties
  • No Cross-Site Tracking Without Consent - Marketing cookies are only activated with your explicit consent
  • No Social Media Pixels (without consent) - We do not use Facebook Pixel, TikTok Pixel, or similar tracking technologies without consent

Your Cookie Choices

You can manage cookies through your browser settings. Please note that disabling cookies may affect the functionality of the website, particularly authentication.

How to manage cookies:

  • Chrome: Settings → Privacy and security → Cookies and other site data
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Manage Website Data
  • Edge: Settings → Cookies and site permissions → Cookies and site data

5. Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: With third-party service providers (listed in Section 3) who assist us in operating our business and providing our Services, subject to confidentiality obligations.
  • Legal Compliance: To comply with legal obligations, court orders, subpoenas, or government requests; to enforce our Terms of Service; to respond to claims that content violates the rights of others; or to protect the rights, property, or safety of PicTwinAI, our users, or the public.
  • Corporate Restructuring: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. In such cases, you will be notified via email and/or a prominent notice on our website.
  • Harm Prevention: When we have a good faith belief that disclosure is necessary to prevent fraud, illegal activity, or threats to physical safety.
  • With Your Consent: With your explicit consent or at your direction.

6. International Data Transfers

Your personal information may be transferred to and processed in countries other than your country of residence. Our servers and third-party service providers (including fal.ai, Clerk, Stripe) may be located in the United States or other jurisdictions.

When we transfer personal data from the European Economic Area (EEA) to countries outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Data processing agreements with our service providers that comply with GDPR requirements

7. Security

The security of your personal information is important to us. We implement adequate measures to protect the personal information submitted to us, both during transmission and once it is received. We restrict access to personal information to our employees, contractors and agents who need to know that information in order to operate, develop or improve our service.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

8. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR.

Our breach notification will include:

  • The nature of the breach and the categories of data affected
  • The likely consequences of the breach
  • The measures we have taken or propose to take to address the breach
  • Contact information for further inquiries

9. Your Rights (GDPR & Data Protection)

Under GDPR and other applicable data protection laws, you have the following rights regarding your personal information:

  • Right to Access: You can request a copy of your personal data.
  • Right to Correction: You can correct inaccurate or incomplete data.
  • Right to Deletion (Right to be Forgotten): You can request deletion of your account and data through your profile settings. You can choose between soft-delete (account deactivation) or hard-delete (permanent removal of all data).
  • Right to Data Portability: You can request a copy of your data in a structured, machine-readable format.
  • Right to Object: You can object to certain types of data processing.
  • Right to Restrict Processing: You can request that we limit how we use your data.

How to Request Your Data (Data Export)

To request a copy of your personal data or exercise any of your rights, please contact us at:

[email protected]

We will respond to your request within 30 days. Please include "Data Export Request" or "GDPR Request" in the subject line and provide sufficient information to verify your identity.

10. Data Retention

We retain your personal information for as long as necessary to provide you with our services and comply with legal obligations:

  • Account Data: Retained while your account is active
  • Soft-Delete: If you soft-delete your account (account deactivation), your data is marked as deleted but retained for 30 days in case of accidental deletion, then permanently removed within 90 days
  • Hard-Delete (GDPR): If you hard-delete your account, all your AI models, generated images, and personal data are immediately removed from our active databases
  • Financial Records (Legal Requirement): In compliance with German tax law (§147 AO - Abgabenordnung), we are legally required to retain financial transaction records (payment history, invoices, credit transactions) for 10 years for tax audit purposes. When you delete your account with hard-delete, these records are anonymized (your user ID is set to NULL) but the transaction amounts and dates are retained to comply with German law.
  • Backup Systems: Data removed from active databases may persist in backup systems for up to 90 days before permanent deletion

Note: Images and models hosted on fal.ai are stored with minimum 7-day retention. We delete metadata references when you delete your account. Account deletion requests can be forwarded to fal.ai manually.

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from someone under 18, we will take steps to delete that information immediately.

12. Changes to this Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this privacy policy.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

[email protected]

    PicTwinAI - AI Photo Generation | Create Professional Photos Instantly