Privacy Policy

If you require any more information or have any questions about our ToS, please feel free to contact us by email at [email protected].

Last Updated: November 14, 2025


Your privacy is important to us. This Privacy Policy explains how Logopony OÜ (registry code 14402347), which owns and operates https://pfpmaker.com ("PFPMaker", "we", "us", or "our"), collects, uses, stores, and protects your personal information when you use our Service.

Platform Nature: PFPMaker is a technology platform that provides AI-powered tools for users to create content. We generally do not proactively create, control, review, or endorse user-generated content before processing. Users are solely responsible for all content they upload, create, or generate using our Service. We act primarily as a technology service provider. However, we reserve the right to take action in response to legal complaints, violations of our Terms of Service, or as required by law.

By using PFPMaker, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use our Service.

1. Information We Collect

1.1 Personal Information You Provide

When you use our Service, we may collect the following personal information needed for our service to be operational:

Account Information:

  • Email address
  • Name (optional)
  • Third-party account information (if you sign in through third-party authentication)
  • Password hash (if using email authentication)

Payment Information:

  • Payment card details (processed and stored by third-party payment processors)
  • Billing address
  • Transaction history

Communication Information:

  • Support inquiries and correspondence
  • Feedback and survey responses
  • Email communications

1.2 Photos and Images

Your Uploaded Photos:

  • Photos you upload for processing through our Service
  • Registered Users: Uploaded photos are stored until you close your account
  • Guest Users: Some tools may process images without storage; other tools require account creation. Images processed without an account are generally not retained beyond the active session
  • Your Responsibility: You are solely responsible for ensuring you have the legal right to upload and process all photos, including obtaining necessary permissions and consents for any recognizable individuals

AI-Generated Images:

  • Images created or edited using our AI tools
  • Registered Users: Generated images are stored until you close your account
  • Guest Users: AI tools require account creation and are not available without registration
  • Your Responsibility: You are solely responsible for all content you generate and how you use, distribute, or display generated images

1.3 Automatically Collected Information

Usage Data:

  • Which AI tools are used
  • Credit usage and transaction history
  • Success/failure status of AI operations
  • Processing times
  • Note: We generally collect metadata about usage for analytics purposes rather than storing the actual image content

Device and Browser Information:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Screen resolution
  • Language preferences
  • Referral source

Cookies and Tracking Technologies:

  • Session cookies (for authentication)
  • Analytics cookies
  • Preference cookies (for user settings)
  • See Section 11 for detailed Cookie Policy

2. How We Use Your Information

2.1 To Provide the Service

  • Create and manage your account
  • Process your photos through AI systems and image processing tools
  • Store and deliver images as necessary for service functionality
  • Track and manage your credit balance
  • Process payments and billing
  • Provide customer support

2.2 To Improve the Service

  • Analyze usage patterns and trends (aggregated, anonymized data)
  • Debug technical issues and errors
  • Improve AI model performance and accuracy
  • Test new features and tools
  • Monitor system performance and uptime

2.3 To Communicate with You

  • Send transactional emails (receipts, account updates, password resets)
  • Respond to support inquiries
  • Send important service announcements
  • Send promotional emails (only if you opt in - you can unsubscribe anytime)
  • Request feedback and reviews

2.4 To Ensure Security and Compliance

  • Prevent fraud and abuse
  • Enforce our Terms of Service
  • Detect and prevent prohibited content
  • Comply with legal obligations
  • Protect our rights and property

2.5 Platform Limitations and User Responsibility

As a technology platform, we generally do not:

  • Proactively monitor, review, or approve content you upload or generate before processing
  • Exercise editorial control over user-generated content
  • Act as a publisher or content creator
  • Assume responsibility for how you use generated images
  • Verify that you have necessary permissions to use uploaded photos
  • Proactively monitor compliance with third-party rights (copyright, publicity rights, etc.)

However, we reserve the right to take action (including content removal, account suspension, or termination) if we become aware of violations of our Terms of Service, receive valid legal complaints, or as required by law.

You are solely responsible for all content you create using our platform and ensuring compliance with applicable laws and third-party rights.

3. Our Privacy Practices

3.1 Photo Storage Practices

Registered Users:

Images uploaded or generated through your account are stored until your account is closed.

Guest Users:

Certain tools allow image processing without account creation. Images processed in this manner are generally not retained beyond the active session. Other tools require account registration.

Image Processing:

Images may be processed by third-party service providers or on our infrastructure depending on the tool used. Processing may involve transformations or generation of new images.

Technical Storage:

Images and related data may exist in various technical systems as necessary for service operation. Retention periods may vary based on technical requirements and operational necessities.

3.2 Use of Photos for AI Training

We do not currently use your uploaded photos or generated images to train our own AI models. Your photos are used to provide the Service you requested.

Third-Party AI Providers: We process your images through third-party AI service providers. According to the publicly available terms of service and privacy policies of these providers, images processed through paid API access are generally not used for training AI models. We rely on these providers' published commitments and have selected them based on their stated data protection practices. However, we cannot provide independent guarantees regarding third-party practices beyond their stated policies.

3.3 Watermarks

We do not intentionally add watermarks or identifying marks to generated images under normal operation. Images are provided for your use subject to our Terms of Service and applicable law.

3.4 Data Sharing Practices

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share data with service providers as described in Section 4 or as required by law.

4. How We Share Your Information

4.1 Third-Party Service Providers

We share your information with third-party service providers who help us operate the Service. These are independent services, each with their own terms of service and privacy policies.

AI Processing Providers:

  • Purpose: Process your photos using AI to generate results
  • Data shared: Uploaded photos and related processing data
  • Important: These are independent third-party services with their own terms and privacy policies which govern how they process your data. By using our Service, you acknowledge that your images will be processed by these third-party providers according to their respective policies.

Payment Processing:

  • Purpose: Process payments, manage subscriptions, handle refunds
  • Data shared: Payment card information, billing address, transaction amounts

Authentication Services:

  • Purpose: Authenticate users who sign in through third-party authentication providers
  • Data shared: Email address, name, profile information (if you choose third-party sign-in)

Email and Communication Services:

  • Purpose: Send transactional emails and provide customer support
  • Data shared: Email address, name, support conversation history

Infrastructure and Hosting Providers:

  • Purpose: Host and operate the Service, store data and images, provide file delivery
  • Data shared: Account data, usage logs, transaction records, uploaded photos, generated images, file metadata
  • Location: Data may be stored in various geographic regions

Analytics and Monitoring Services:

  • Purpose: Understand usage patterns, monitor performance, debug errors
  • Data shared: Usage data, error logs

We may disclose your information if we believe it is required or appropriate under applicable law, or in response to:

  • Legal processes we determine to be valid (court orders, subpoenas, warrants)
  • Requests from law enforcement or government agencies
  • Investigations of potential fraud, security breaches, or Terms of Service violations
  • Protection of our rights, property, or safety, or those of our users or the public
  • Legal disputes, claims, or litigation

We may notify you of legal requests where feasible and unless prohibited by law, legally inadvisable, or impractical.

4.3 Business Transfers

If PFPMaker is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred, sold, or disclosed as part of that transaction. We will make reasonable efforts to notify you via email and/or a notice on our website of any material change in ownership or use of your personal information, where legally permitted and feasible.

We may share your information for other purposes with your explicit consent. For example:

  • Featuring your generated images in marketing materials (only with your permission)
  • Sharing testimonials or reviews (only if you agree)

5. Data Retention

5.1 What We Keep

Account Data:

  • Stored until you delete your account
  • Includes: email, name, preferences, authentication credentials

Transaction Records:

  • Retained for 7 years for legal, tax, and accounting requirements
  • Includes: payment history, credit purchases, subscription records

Usage Logs:

  • Retained for operational and analytics purposes
  • Typically includes: which tools used, success/failure status, processing times
  • We do not intentionally retain image content in usage logs under normal operation, though technical logs may inadvertently capture data

5.2 Image Retention Practices

Registered User Images:

  • Uploaded photos and generated images are retained in cloud storage until you delete your account
  • Upon account closure, images are deleted within 30 days, subject to technical and legal constraints
  • Deleted images may persist in backups, caches, logs, or archived systems for a technically necessary period
  • We may retain certain metadata separately from image content for operational purposes

Guest User Images:

  • Images processed without account creation are generally not retained in persistent storage beyond the active session
  • Temporary storage may occur during processing
  • Some tools require account creation and do not support guest usage

Image Metadata:

  • Images may contain embedded metadata (EXIF data) when uploaded
  • We may collect and retain metadata for service functionality and operational purposes

5.3 Account Deletion

You can request account deletion at any time by contacting support at [email protected].

Upon account deletion:

  • Your account data will be deleted within 30 days, subject to technical and legal constraints
  • Your uploaded photos and generated images will be deleted within 30 days, subject to technical and legal constraints
  • Transaction records may be retained for up to 7 years as required for legal, tax, and accounting obligations
  • Any remaining credits will be forfeited
  • This action is generally irreversible
  • Some data may persist in backups, logs, or technical infrastructure for a limited period

6. Your Rights and Choices

6.1 Access and Portability

You have the right to:

  • Request a copy of your personal data
  • Download your account information
  • Receive your data in a structured, machine-readable format

To request your data, email: [email protected]

6.2 Correction and Updates

You can update your account information at any time through your account settings. If you need assistance, contact [email protected].

6.3 Deletion

You have the right to request deletion of your personal data. See Section 5.3 for details on account deletion.

6.4 Opt-Out of Marketing

You can opt out of promotional emails by:

  • Clicking "Unsubscribe" in any marketing email
  • Updating your email preferences in account settings
  • Contacting [email protected]

Note: You cannot opt out of transactional emails (receipts, password resets, service announcements) as these are necessary for the Service.

You can control cookies through your browser settings. See Section 11 for detailed information.

7. GDPR Rights (European Economic Area)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

7.1 Your GDPR Rights

Right to Access: Request confirmation of what personal data we process and obtain a copy

Right to Rectification: Correct inaccurate or incomplete personal data

Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data

Right to Restriction: Limit how we process your personal data

Right to Data Portability: Receive your data in a structured, commonly used format

Right to Object: Object to processing of your personal data for certain purposes

Right to Withdraw Consent: Withdraw consent at any time (doesn't affect prior processing)

Right to Lodge a Complaint: File a complaint with your local data protection authority

We process your personal data based on:

  • Contract performance: To provide the Service you requested
  • Legitimate interests: To improve the Service, prevent fraud, ensure security
  • Legal obligations: To comply with laws and regulations
  • Consent: For optional features like marketing emails (you can withdraw anytime)

7.3 Data Transfers

Your data may be transferred to and processed in countries outside the EEA, including the United States. We aim to ensure appropriate safeguards are in place (such as Standard Contractual Clauses or reliance on adequacy decisions) to protect your data in accordance with GDPR requirements, though we rely on our service providers' compliance representations and cannot independently guarantee their data protection practices.

7.4 Exercising Your Rights

To exercise any of these rights, contact us at:

  • Email: [email protected]
  • Subject line: "GDPR Data Request"
  • Include: Your name, email address, and specific request

We aim to respond within 30 days of receiving your verified request, though this period may be extended in complex cases as permitted by law.

7.5 Data Protection Officer

Data Controller: Logopony OÜ Registry Code: 14402347 Address: Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 5, 10145, Estonia Email: [email protected]

8. Security Measures

We take security seriously and implement appropriate technical and organizational measures to protect your personal information:

8.1 Technical Safeguards

  • Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL
  • Secure authentication: Passwords are hashed using industry-standard algorithms (never stored in plain text)
  • Access controls: Limited access to personal data on a need-to-know basis
  • Regular security audits: Ongoing monitoring and testing of our security measures
  • Secure infrastructure: Hosted on enterprise-grade cloud platforms

8.2 Operational Safeguards

  • Employee training on data privacy and security
  • Confidentiality agreements with all team members
  • Incident response procedures for data breaches
  • Regular backups of critical data

8.3 Limitations

No system is 100% secure. While we implement security measures we believe to be reasonable, we cannot and do not guarantee absolute security or the prevention of unauthorized access, disclosure, alteration, or destruction of data. Security incidents may occur despite our efforts.

You are responsible for:

  • Keeping your password secure and confidential
  • Not sharing your account credentials
  • Using appropriate security measures on your devices
  • Logging out after using shared or public devices
  • Notifying us promptly if you suspect unauthorized access

Disclaimer: To the extent permitted by law, we disclaim liability for security breaches, data losses, or unauthorized access resulting from factors beyond our reasonable control, including but not limited to third-party actions, force majeure, or inherent risks of internet-based services.

8.4 User Content Responsibility

You are solely responsible for the security and legality of content you upload and generate. As a technology platform, we generally do not:

  • Proactively verify the source or ownership of uploaded photos
  • Check whether you have obtained necessary permissions to use images of other people
  • Proactively monitor whether generated content violates third-party rights
  • Review content for legal compliance before processing

It is your responsibility to ensure all content you upload and generate complies with applicable laws and respects the rights of others. We reserve the right to respond to legal complaints and take appropriate action as required by law. See our Terms of Service for detailed requirements and restrictions.

9. Children's Privacy

9.1 Age Restrictions

PFPMaker is not intended for anyone under 18 years of age. We do not knowingly collect personal information from individuals under 18.

You must be at least 18 years old (or the age of legal majority in your jurisdiction) to use our Service.

9.2 Parental Rights

If you believe a person under 18 has provided us with personal information, please contact us immediately at [email protected]. Upon verification, we will take appropriate action which may include:

  • Deleting accessible account information
  • Terminating the account
  • Ceasing further processing of the information

Note: Some data may persist in backups, logs, or archived systems for a period of time due to technical constraints.

10. International Data Transfers

10.1 Where Your Data Is Processed

PFPMaker is operated from Estonia, but we use service providers located worldwide. Your personal information may be transferred to and processed in:

  • European Union (Estonia - where we are based)
  • United States and other countries where our service providers operate

10.2 Safeguards for EU Data

For data transfers from the EU/EEA to countries without adequate data protection laws, we aim to implement appropriate safeguards where feasible, which may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable
  • Reliance on service providers' certifications under data protection frameworks (e.g., EU-US Data Privacy Framework where applicable)
  • Additional security measures where technically and commercially reasonable

Note: We rely on third-party service providers' representations regarding their compliance with applicable data protection frameworks. We cannot independently verify or guarantee their compliance.

11.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us recognize you, remember your preferences, and provide essential functionality.

11.2 Types of Cookies We Use

Essential Cookies (Required):

  • Authentication: Keep you logged in between sessions
  • Security: Prevent fraud and protect your account
  • Session management: Maintain your session state
  • These cookies are necessary for the Service to function and cannot be disabled

Analytics Cookies (Optional):

  • Purpose: Understand how users interact with our Service, improve user experience, identify bugs, optimize features
  • You can opt out via your browser settings

Preference Cookies (Optional):

  • User settings: Remember your preferences (language, theme, etc.)
  • Feature flags: Control which features you see
  • Purpose: Personalize your experience

11.3 Third-Party Cookies

Some third-party services may set their own cookies for:

  • Payment processing security
  • Third-party authentication (if you use third-party sign-in)
  • Customer support services

These cookies are governed by the respective third-party privacy policies.

11.4 Managing Cookies

Browser Settings: Most browsers allow you to:

  • Block all cookies
  • Block third-party cookies only
  • Delete cookies after each session
  • Notify you when cookies are set

Browser-Specific Instructions:

  • Chrome: Settings > Privacy and security > Cookies and other site data
  • Firefox: Settings > Privacy & Security > Cookies and Site Data
  • Safari: Preferences > Privacy > Cookies and website data
  • Edge: Settings > Privacy, search, and services > Cookies and site data

Note: Blocking essential cookies will prevent you from using the Service.

11.5 Do Not Track

Some browsers have "Do Not Track" (DNT) features. We respect DNT signals for optional analytics cookies, but essential cookies are still required for the Service to function.

12. Changes to This Privacy Policy

12.1 Updates

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices
  • New features or services
  • Legal or regulatory requirements
  • Feedback from users

12.2 Notification

When we make material changes to this Privacy Policy, we will typically:

  • Update the "Last Updated" date at the top
  • Make reasonable efforts to notify you via email (to your registered email address) or through the Service
  • Display a notice on our website
  • For significant changes affecting your rights, we may seek your explicit consent where required by law

Notification methods and timing may vary based on the nature of changes and technical capabilities.

12.3 Your Acceptance

Your continued use of the Service after changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree to the changes, you must stop using the Service and may delete your account.

Our Service may contain links to third-party websites (e.g., social media, help resources, partner sites). We are not responsible for the privacy practices or content of these external sites.

We recommend you review the privacy policies of any third-party sites you visit.

13.2 Third-Party Services

Some features may integrate with third-party services (e.g., authentication providers, payment processors). These services have their own privacy policies, and your use of them is subject to their terms.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

14.1 Your CCPA Rights

Right to Know: Request disclosure of personal information we collect, use, and share

Right to Delete: Request deletion of your personal information, subject to legal and technical constraints

Right to Opt-Out: Opt out of "sale" of personal information (Note: We do not sell personal information to third parties for their marketing purposes as that term is commonly understood)

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

14.2 Categories of Information Collected

  • Identifiers: Email, name, IP address
  • Commercial information: Purchase history, credit usage
  • Internet activity: Usage data, feature interactions
  • Inferences: Preferences based on usage patterns

14.3 Business Purpose

We collect and use personal information for the purposes described in Section 2 of this Privacy Policy.

14.4 Exercising Your Rights

California residents may submit requests by:

  • Email: [email protected] with subject "California Privacy Request"
  • Include: Your name, email, and specific request

We aim to respond within 45 days of receiving your verified request, though this period may be extended as permitted under CCPA for complex requests.

15. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or our privacy practices, please contact us:

Email: [email protected] Support: [email protected] Website: https://pfpmaker.com

Company Information: Logopony OÜ Registry Code: 14402347 Address: Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 5, 10145, Estonia

Data Protection Contact: For GDPR-related inquiries, email: [email protected] with subject "Data Protection Request"

We aim to respond to inquiries promptly, though response times may vary based on request complexity and volume.

17. General Disclaimers

This Privacy Policy describes our general data practices. However:

  • Actual data handling may vary based on technical requirements, system architecture, and operational necessities
  • Technical systems may temporarily cache, log, or store data in ways not explicitly described herein
  • We cannot control or guarantee the data practices of third-party service providers beyond their stated policies
  • Data deletion requests are subject to technical limitations, legal requirements, and backup retention schedules
  • We reserve the right to retain data as required by law, for legitimate business purposes, or to resolve disputes
  • This policy describes our intended practices but does not create contractual obligations beyond those required by applicable law

We make reasonable efforts to comply with this Privacy Policy but cannot guarantee perfect adherence due to technical limitations, human error, or unforeseen circumstances.

By using PFPMaker, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.