Privacy Policy
Last updated: April 15, 2026
1. Who We Are
Picelo ("we," "us," or "our") is an AI-powered product photography platform accessible at picelo.app. This policy explains how we collect, use, store, and protect your personal data in compliance with India's Digital Personal Data Protection (DPDP) Act, 2023 and other applicable privacy laws.
If you have questions, contact us at privacy@picelo.studio.
2. Information We Collect & Why
2.1 Account Information
When you sign up via Google OAuth, we receive your name, email address, and profile picture from Google. We do not collect or store your Google password. This data is used to create and manage your account.
2.2 Uploaded Product Images
You voluntarily upload product photographs for AI processing. These images are stored in our cloud infrastructure. By uploading, you give us your explicit consent to:
- Store the image securely in your account.
- Transmit the image to our AI processing providers (Fal.ai) to perform scene generation.
- Run automated quality analysis and subject identification on the image.
We do not use your uploaded images to train, fine-tune, or improve any AI models. Your images are sent to our AI providers solely for single inference calls (i.e., generating your specific requested output) and are not retained by those providers for training purposes under our agreements with them.
2.3 AI-Generated Outputs
The photorealistic scenes generated from your uploads are stored in your account. Generated images that you reject are permanently deleted from our storage. Accepted images are retained until you choose to delete them or close your account.
2.4 Payment Information
Payments are processed by Razorpay, a PCI-DSS compliant payment gateway. We do not directly store your card numbers, UPI IDs, or bank details. We store transaction references, order IDs, credit amounts, and payment status for billing records.
2.5 Usage & Platform Data
We collect information about how you use Picelo — including credit usage, generation history, workflow selections, and feature interactions — to operate and improve the service.
3. Lawful Basis for Processing
Under the DPDP Act and applicable law, we process your data on the following bases:
- Consent: For processing uploaded images through AI models. You provide consent when you initiate a generation.
- Contractual necessity: For account management, credit tracking, and payment processing required to deliver the Service.
- Legitimate interest: For fraud prevention, abuse detection, and service security.
- Legal obligation: For retaining payment records as required by Indian financial and tax laws.
4. Sub-Processors & Third-Party Services
We share your data with the following third-party sub-processors where necessary to operate Picelo. Each is contractually obligated to handle your data securely and only for the specified purpose:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication, database, file storage | Account info, images, generation data |
| Fal.ai | AI image generation (Flux models) | Uploaded product images, generation prompts |
| Razorpay | Payment processing | Name, email, payment amount |
| Vercel | Application hosting | Request metadata (IP, headers) |
| Trigger.dev | Background AI task processing | Generation job data, image references |
| Authentication (OAuth) | Name, email, profile picture |
We do not sell, rent, or share your personal data with any third party for advertising or marketing purposes.
5. Data Storage & Security
- Row-Level Security (RLS): Database policies enforce that users can only access their own data — enforced at the database level, not just the application layer.
- Encrypted transmission: All data is transmitted over HTTPS/TLS. Storage is encrypted at rest.
- No password storage: Authentication is handled via Google OAuth 2.0 — we never see or store your password.
- PCI-DSS compliant payments: All payment processing is handled entirely by Razorpay.
- Access control: Internal access to production data is restricted and logged.
6. Data Retention
- Account data: Retained while your account is active. Deleted upon account closure.
- Uploaded images: Retained until you delete them or close your account.
- Rejected generated images: Permanently and immediately deleted from storage upon rejection.
- Accepted generated images: Retained until you delete them.
- Payment records: Retained for a minimum of 7 years as required by Indian tax and financial regulations.
- Audit logs: Credit and generation audit trails are retained for the lifetime of the account for dispute resolution and transparency.
7. Your Rights (DPDP Act)
Under the Digital Personal Data Protection Act, 2023, you have the following rights as a "Data Principal":
- Right to Access: Request a summary of the personal data we hold about you.
- Right to Correction: Request correction of inaccurate or incomplete personal data.
- Right to Erasure: Request deletion of your personal data, uploaded images, and AI-generated outputs. To exercise this, email privacy@picelo.studio with subject line "Erasure Request." We will process your request within 30 days. Note: payment records may be retained as required by law.
- Right to Withdraw Consent: You may withdraw consent for AI processing of your images at any time, which will result in the deletion of unprocessed uploads. This does not affect prior lawful processing.
- Right to Grievance Redressal: Contact our designated grievance contact at privacy@picelo.studio for any data-related complaints.
8. Cookies
We use only essential cookiesfor authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics. Your theme preference (light/dark mode) is stored in your browser's local storage, not on our servers.
9. Children's Privacy
Picelo is not intended for individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact us immediately and we will delete it.
10. Changes to This Policy
We may update this policy periodically. Material changes will be communicated via the platform or email. Continued use after changes are posted constitutes acceptance.
11. Traceability & Legal Compliance
In compliance with the 2026 Indian IT Rules, every AI-generated image produced by Picelo is embedded with non-visible metadata and unique identifiers. This information allows us to trace any image back to the account that generated it if required for a valid legal investigation.
We will disclose this traceability data to law enforcement or regulatory authorities only upon receipt of a valid legal order or statutory requirement.
12. Contact & Grievance Officer
For data-related queries, corrections, or erasure requests:
- Email: privacy@picelo.studio
- Response time: Within 30 days