ICAZO

Privacy Policy

Last updated: April 19, 2026

Picazo (“we,” “us,” “our”) operates picazo.io and provides a browser-based image editing platform. This policy explains what we collect, why, and the choices you have. We built Picazo with privacy as a default: most image processing runs entirely in your browser and never reaches our servers.

1. Information we collect

Account information. When you sign in with Google, GitHub, or Microsoft, we receive your name, email address, and profile picture from that provider. We do not receive or store your password.

Designs you save. If you choose to save a design to your account, we store the canvas data (shapes, text, filters, layer structure) and the image layers you upload. These are encrypted at rest in Vercel Blob storage and are accessible only to you.

Payment information. If you subscribe to a paid plan, Stripe handles your payment. We store your Stripe customer ID and subscription status, but we never see or store your card number, CVC, or billing address.

Usage data. We collect anonymized analytics (pages visited, feature usage, error reports) through Google Analytics and Vercel Analytics to improve the product. This data is not tied to your name or email.

Images you edit locally. Images you drop into the editor stay in your browser unless you explicitly save them or use an AI feature that requires server processing (see below). We do not upload your images automatically.

2. How AI features handle your images

Some AI tools (background removal, face detection, object tracking) run entirely on-device using WebAssembly models — your image never leaves your browser.

Other AI tools (upscaling, generative fill, background replacement) require server-side processing through third-party providers such as Replicate or OpenAI. When you use one of these features, the specific image you chose is uploaded to that provider for the duration of the request and then deleted. We do not retain a copy, and these providers are contractually prohibited from using your images to train their models.

3. How we use your data

  • To provide and maintain the editor and your saved designs
  • To authenticate you and keep your account secure
  • To process payments and manage subscriptions
  • To improve features and diagnose bugs through aggregated analytics
  • To send transactional emails (sign-in links, receipts, account notices)

We do not sell your data, rent it, or share it with advertisers. We do not use your images, designs, or account information to train AI models.

4. Who we share data with

We share limited information only with service providers required to run Picazo:

  • Vercel — hosting, analytics, blob storage
  • Google / GitHub / Microsoft — OAuth sign-in
  • Stripe — payment processing
  • Replicate, OpenAI — AI model inference for specific tools
  • Prisma / Vercel Postgres — user and design database
  • Upstash Redis — rate limiting

We may also disclose information if required by law, to enforce our Terms, or to protect the safety of our users.

5. Cookies and tracking

We use strictly necessary cookies for authentication (NextAuth session) and anonymized analytics cookies (Google Analytics, Vercel Analytics). We do not use third-party advertising cookies or tracking pixels.

6. Data retention

Account data and saved designs are retained until you delete them or close your account. Analytics data is retained for up to 14 months in aggregated form. Stripe retains payment records for the period required by tax and financial regulations.

7. Your rights

You can, at any time:

  • Access the data we hold about you
  • Update your profile information
  • Delete individual designs
  • Delete your account, which removes all saved designs and personal data
  • Export your designs as PNG, JPG, PDF, or SVG
  • Opt out of non-essential analytics through your browser settings

To delete your account or request a copy of your data, email privacy@picazo.io. We respond within 30 days. Users in the EU, UK, and California have additional rights under GDPR and CCPA, including the right to object to processing and the right to data portability.

8. Security

We protect your data with TLS in transit, encryption at rest for database and blob storage, and strict access controls. However, no system is perfectly secure — if we detect a breach affecting your account, we will notify you promptly as required by law.

9. Children

Picazo is not directed to children under 13 (under 16 in the EU). We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will remove it.

10. International users

Picazo is operated from servers located in the United States and the European Union. By using Picazo, you consent to your data being processed in those regions, subject to the protections described in this policy.

11. Changes to this policy

We may update this policy to reflect changes in our practices or for legal reasons. Material changes will be announced via email or an in-app notice at least 14 days before taking effect. The “Last updated” date at the top of this page always reflects the current version.

12. Contact

Questions, complaints, or data requests: privacy@picazo.io.

By using Picazo, you agree to this Privacy Policy and to our Terms of Service.