Picasso IA Logo
Start Free Now

Privacy Policy

Last updated: February 2025

The data controller of your personal data is Picasso IA, a company legally established in Spain. To exercise your rights or make privacy inquiries, you may contact us at: team@picassoia.com

1. Introduction and Legal Framework

This Privacy Policy aims to inform users of the website picassoia.com (hereinafter, "Picasso IA", "the Website" or "the Platform") about how we collect, use, store, protect and, where applicable, share their personal data.

This policy is prepared in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation or GDPR), and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD) of Spain.

By using our services, the user accepts the practices described in this Privacy Policy. If you do not agree with any of the terms set forth herein, please refrain from using our services.

2. Data Processing Principles

At Picasso IA we are committed to processing the personal data of our users in accordance with the following principles:

  • Lawfulness, fairness and transparency: Data is processed lawfully, fairly and transparently in relation to the data subject.
  • Purpose limitation: Data is collected for specified, explicit and legitimate purposes.
  • Data minimization: We only collect data that is strictly necessary for the purposes of processing.
  • Accuracy: We keep data up to date and take measures to delete or rectify inaccurate data.
  • Storage limitation: Data is kept only for as long as necessary for the purposes of processing.
  • Integrity and confidentiality: We implement technical and organizational measures to ensure data security.

3. Personal Data We Collect

Depending on how you interact with our Platform, we may collect the following types of personal data:

3.1 Data provided directly by the user

  • Registration data: Email address, username and password (encrypted).
  • Profile data: Name, profile picture (optional), language preferences.
  • Communication data: Information included in emails, contact forms or support requests.

3.2 Automatically collected data

  • Usage data: Information about how you use our services, including the AI models used, number of generations, timestamps, etc.
  • Technical data: IP address (anonymized for analysis), browser type, operating system, device type, time zone.
  • Performance data: Loading times, system errors, performance metrics to improve the service.

3.3 Transaction data

  • Payment information: Picasso IA DOES NOT store credit/debit card data or complete banking information. Payments are processed by third-party payment service providers that comply with PCI-DSS standards.
  • Transaction history: Records of purchases, subscriptions, dates, amounts and transaction statuses (necessary for billing and support).

4. Purposes of Processing

The personal data collected is used for the following purposes:

  • Service provision: Create and manage your account, process your content generation requests, provide access to Platform functionalities.
  • Payment and billing management: Process transactions, issue invoices, manage subscriptions and renewals.
  • Service communications: Send important notifications about your account, service changes, updates to terms and policies.
  • Customer support: Respond to queries, resolve technical incidents, handle complaints.
  • Service improvement: Analyze usage patterns to improve user experience, develop new functionalities, optimize performance.
  • Security: Prevent fraud, detect suspicious activities, protect our systems and users.
  • Legal compliance: Comply with legal obligations, respond to requests from competent authorities.

5. Legal Basis for Processing

The processing of your personal data is based on the following legal bases, depending on the purpose:

  • Performance of a contract (Art. 6.1.b GDPR): Processing is necessary for the provision of contracted services (account creation, generation processing, subscription management).
  • Consent (Art. 6.1.a GDPR): For sending commercial communications, newsletters and for marketing purposes (always revocable).
  • Legitimate interest (Art. 6.1.f GDPR): For service improvement, usage analysis, fraud prevention and Platform security.
  • Legal obligation (Art. 6.1.c GDPR): For compliance with tax, accounting and legal obligations.

6. Cookie Policy

Picasso IA uses cookies and similar technologies minimally. Our philosophy is to respect user privacy to the maximum:

6.1 Strictly necessary cookies

We only use essential technical cookies for the operation of the Platform, such as session cookies to maintain user authentication. These cookies do not require consent.

6.2 Analytical cookies

We may use analytics tools (such as Firebase Analytics) to understand how our Platform is used. These tools may use cookies. Data is collected in aggregated and anonymized form when possible.

6.3 Cookie management

The user can configure their browser to reject all cookies or to be notified when a cookie is sent. However, some functionalities of the Platform may not be available if technical cookies are disabled.

7. Sharing Data with Third Parties

Picasso IA DOES NOT sell, rent or trade the personal data of its users. However, we may share data with third parties in the following cases:

7.1 Service providers

We share data with providers who help us deliver our services, including:

  • Cloud infrastructure providers (Firebase, Cloudflare)
  • Payment processors (complying with PCI-DSS standards)
  • Transactional email services
  • Artificial intelligence model providers

All our providers are subject to confidentiality and data processing agreements that guarantee the protection of your information.

7.2 Legal obligations

We may disclose personal data when required by law, in response to requests from public authorities (such as court orders or requests from regulatory bodies), or when we believe in good faith that such disclosure is necessary to protect our rights, your safety or that of others.

7.3 International transfers

Some of our service providers may be located outside the European Economic Area (EEA). In these cases, we ensure that adequate safeguards exist, such as standard contractual clauses approved by the European Commission, adequacy decisions or certifications from recognized privacy frameworks.

8. Data Security

The security of your personal data is a priority for Picasso IA. We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure or destruction, including:

  • Encryption: Communications are conducted via HTTPS (TLS 1.2 or higher). Passwords are stored using secure hash functions.
  • Access control: Restricted access to personal data based on the need-to-know principle.
  • Monitoring: Detection and response systems for security incidents.
  • Backups: Regular backup procedures to ensure data availability.
  • Updates: Regular maintenance of systems and software to correct vulnerabilities.

Despite our efforts, no method of transmission over the Internet or method of electronic storage is 100% secure. In the event of a security breach affecting your personal data, we will notify you in accordance with applicable legal requirements.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which they were collected:

  • Account data: While the account remains active and for an additional period of 30 days after the deletion request.
  • Transaction data: During the period legally established for tax and accounting obligations (6 years according to Spanish legislation).
  • Communication data: During the time necessary to resolve the query or incident, plus a reasonable period for future reference.
  • Generated content: While the user keeps their account active, unless explicitly deleted by the user.

After the retention periods, data will be securely deleted or irreversibly anonymized.

10. Your Rights as a Data Subject

In accordance with the GDPR and the LOPDGDD, you have the following rights in relation to your personal data:

  • Right of access: Obtain confirmation as to whether we process your data and, if so, access it and obtain a copy.
  • Right to rectification: Request the correction of inaccurate or incomplete data.
  • Right to erasure (right to be forgotten): Request the deletion of your data when no longer necessary, you withdraw your consent, or you object to processing, among other cases.
  • Right to object: Object to the processing of your data in certain circumstances, especially for direct marketing purposes.
  • Right to restriction of processing: Request the suspension of processing in certain cases, keeping the data blocked.
  • Right to data portability: Receive your data in a structured, commonly used and machine-readable format, and transmit it to another controller.
  • Right not to be subject to automated decisions: Not be subject to decisions based solely on automated processing that produce legal effects or significantly affect you.
  • Right to withdraw consent: Withdraw your consent at any time, without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, you may send a request to team@picassoia.com indicating the right you wish to exercise and attaching a copy of your identity document. We will respond to your request within a maximum period of one month. team@picassoia.com

11. Protection of Minors

The services of Picasso IA are intended for persons over 18 years of age (or the minimum age required in your jurisdiction to consent to the processing of personal data). We do not knowingly collect personal data from persons under that age.

If you are aware that a minor has provided personal data without adequate parental consent, please contact us so that we can proceed with its deletion.

12. Modifications to this Policy

Picasso IA reserves the right to modify this Privacy Policy at any time. Modifications will be effective from their publication on the Website. In case of substantial changes, we will notify registered users by email or through a prominent notice on the Platform.

We recommend reviewing this page periodically to be informed of any updates. The date of the last update is indicated at the beginning of this document.

13. Contact and Privacy Inquiries

For any questions, requests, or complaints related to this Privacy Policy or the processing of your personal data, you may contact us at: team@picassoia.com

We are committed to responding to your data protection inquiries as quickly as possible and, in any case, within the legally established deadline.