Privacy Policy
Last updated: 28 May 2025 · Compliant with GDPR (EU 2016/679) and LGPD
This Privacy Policy describes how GenPicz ("we", "our", "us") collects, uses, stores, and protects your personal data when you use our website and services at genpicz.com.
The data controller is: Sergio Henrique Assumpção, NIF 318727358, Rua Luciano Cordeiro, 4, 1150-215 Lisboa, Portugal. Contact: contact@genpicz.com.
1. Data we collect
1.1 Data you provide directly
- Account data: name, email address, password (hashed), billing address.
- Payment data: processed exclusively by Stripe, Inc. We do not store card numbers. We store only transaction references and plan metadata.
- Prompts and generated images: text prompts you submit and the AI images generated. These are stored to deliver the service and may be used to improve AI model quality (opt-out available in account settings).
- Communications: messages sent via contact forms or email.
1.2 Data collected automatically
- Technical data: IP address, browser type, device type, operating system, referral URL.
- Usage data: pages visited, features used, generation history, session duration.
- Cookies and similar technologies: see our Cookie Policy.
2. Legal basis for processing
| Purpose | Legal basis (GDPR) |
|---|
| Providing the service | Contract performance (Art. 6.1.b) |
| Processing payments | Contract performance (Art. 6.1.b) |
| Legal obligations (VAT, invoicing) | Legal obligation (Art. 6.1.c) |
| Improving AI models (with opt-in) | Consent (Art. 6.1.a) |
| Analytics and service improvement | Legitimate interest (Art. 6.1.f) |
| Marketing communications (newsletter) | Consent (Art. 6.1.a) |
3. How we use your data
- To create and manage your account.
- To process payments and issue invoices.
- To generate images in response to your prompts.
- To communicate important service updates, security alerts, and support responses.
- To send marketing newsletters, only with your explicit consent.
- To comply with legal and tax obligations applicable in Portugal and the EU.
- To detect, prevent, and address fraud or abuse.
4. Data sharing and third parties
We do not sell your personal data. We share data only with:
- Stripe, Inc. — payment processing. Stripe Privacy Policy: stripe.com/privacy.
- Vercel Inc. — hosting infrastructure. Privacy Policy: vercel.com/legal/privacy-policy.
- Supabase Inc. — database and authentication services.
- Legal authorities — when required by applicable law or court order.
5. Data retention
- Account and billing data: retained for 10 years from closure (Portuguese tax law requirement).
- Prompts and generated images: retained for the duration of your subscription plus 90 days. You may delete them at any time from your account settings.
- Technical logs: 90 days.
- Marketing consent records: until withdrawal of consent.
6. International data transfers
Our service providers (Stripe, Vercel) may process data outside the European Economic Area (EEA), including in the United States. Such transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring adequate protection under GDPR.
7. Your rights under GDPR
As a resident of the EU/EEA, you have the following rights:
- Right of access — obtain a copy of your personal data.
- Right to rectification — correct inaccurate or incomplete data.
- Right to erasure ("right to be forgotten") — request deletion of your data.
- Right to restriction — limit how we process your data.
- Right to data portability — receive your data in a machine-readable format.
- Right to object — object to processing based on legitimate interest or for direct marketing.
- Right to withdraw consent — at any time, for consent-based processing.
To exercise any of these rights, email us at contact@genpicz.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Portuguese data protection authority (CNPD): www.cnpd.pt.
8. Data security
We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, access controls, and regular security audits. However, no method of transmission over the internet is 100% secure.
9. Minors
GenPicz is not intended for users under the age of 16. We do not knowingly collect personal data from minors. If you believe a minor has submitted data to us, please contact us for immediate deletion.
10. Changes to this policy
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated date. For material changes, we will notify registered users by email.
11. Contact
Sergio Henrique Assumpção — Data Controller
Rua Luciano Cordeiro, 4 · 1150-215 Lisboa · Portugal
Email: contact@genpicz.com
Tel.: 273249320