Privacy Policy

If you require any more information or have any questions about our ToS, please feel free to contact us by email at [email protected].

Last Updated: October 29, 2025

Your privacy is important to us. This Privacy Policy explains how Logopony OÜ (registry code 14402347), which owns and operates https://pfpmaker.com ("PFPMaker", "we", "us", or "our"), collects, uses, stores, and protects your personal information when you use our Service.

Platform Nature: PFPMaker is a neutral technology platform that provides AI-powered tools for users to create content. We do not create, control, review, or endorse user-generated content. Users are solely responsible for all content they upload, create, or generate using our Service. We act as a technology service provider, not as a publisher or content creator.

By using PFPMaker, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use our Service.

1. Information We Collect

1.1 Personal Information You Provide

When you use our Service, we may collect the following personal information needed for our service to be operational:

Account Information:

Email address
Name (optional)
Google account information (name/email/profile pic if you sign in with Google OAuth)
Password hash (if using email authentication)

Payment Information:

Payment card details (processed and stored by Stripe, not by us)
Billing address
Transaction history

Communication Information:

Support inquiries and correspondence
Feedback and survey responses
Email communications

1.2 Photos and Images

Your Uploaded Photos:

Photos you upload for AI processing
Important: We do NOT permanently store your uploaded photos on our servers
Image metadata (EXIF data, location data, camera info) is automatically stripped in your browser BEFORE upload
Your Responsibility: You are solely responsible for ensuring you have the legal right to upload and process all photos, including obtaining necessary permissions and consents for any recognizable individuals

AI-Generated Images:

Images created or edited using our AI tools
Important: We do NOT store generated images on our servers
Results are returned directly to your browser
You are responsible for downloading and saving any images you wish to keep
Your Responsibility: You are solely responsible for all content you generate and how you use, distribute, or display generated images

1.3 Automatically Collected Information

Usage Data:

Which AI tools are used
Credit usage and transaction history
Success/failure status of AI operations
Processing times
Note: We do NOT store the actual images or results, only metadata about usage for analytics

Device and Browser Information:

IP address
Browser type and version
Device type and operating system
Screen resolution
Language preferences
Referral source

Cookies and Tracking Technologies:

Session cookies (for authentication)
Analytics cookies (Google Analytics)
Preference cookies (for user settings)
See Section 11 for detailed Cookie Policy

2. How We Use Your Information

2.1 To Provide the Service

Create and manage your account
Process your photos through AI systems
Deliver AI-generated results to you
Track and manage your credit balance
Process payments and billing
Provide customer support

2.2 To Improve the Service

Analyze usage patterns and trends (aggregated, anonymized data)
Debug technical issues and errors
Improve AI model performance and accuracy
Test new features and tools
Monitor system performance and uptime

2.3 To Communicate with You

Send transactional emails (receipts, account updates, password resets)
Respond to support inquiries
Send important service announcements
Send promotional emails (only if you opt in - you can unsubscribe anytime)
Request feedback and reviews

2.4 To Ensure Security and Compliance

Prevent fraud and abuse
Enforce our Terms of Service
Detect and prevent prohibited content
Comply with legal obligations
Protect our rights and property

2.5 What We Do NOT Do

We do NOT:

Monitor, review, or approve content you upload or generate
Control or endorse user-generated content
Act as a publisher or content creator
Take responsibility for how you use generated images
Verify that you have permissions to use uploaded photos
Monitor compliance with third-party rights (copyright, publicity rights, etc.)

You are solely responsible for all content you create using our platform.

3. Our Core Privacy Commitments

3.1 We Do NOT Store Your Photos

Your uploaded photos are NEVER permanently stored on our servers. Here's how it works:

Browser processing: Metadata is stripped from your photos in your browser before upload
Immediate processing: AI systems process your photo
Direct return: Results are returned directly to your browser

We have NO access to your photos after processing is complete.

3.2 We Do NOT Train AI on Your Photos

We do NOT use your uploaded photos or generated images to train AI models. Your photos are used solely to provide the Service you requested.

Third-Party AI Providers: We process your images through third-party AI services (Replicate, Fal.ai, Google Cloud AI). According to the publicly available terms of service and privacy policies of these providers, images processed through paid API access (which is how we use their services) are not used for training their AI models. We rely on these providers' published commitments and have selected them based on their stated data protection practices. However, we cannot provide independent guarantees regarding third-party practices beyond their stated policies. We encourage you to review their privacy policies for complete details.

3.3 We Do NOT Add Watermarks

Generated images do not contain AI watermarks or any identifying marks. The images are yours to use freely (subject to our Terms of Service).

3.4 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Ever.

4.1 Third-Party Service Providers

We share your information with third-party service providers who help us operate the Service. These are independent SaaS platforms that we access through their APIs, each with their own terms of service and privacy policies.

AI Processing Providers:

Replicate, Inc. (replicate.com) - AI model hosting and inference
Fal.ai (fal.ai) - AI model hosting and inference
Google Cloud AI (cloud.google.com) - AI processing services
Purpose: Process your photos to generate AI results
Data shared: Your uploaded photos (temporarily, for processing only)
Important: These are independent third-party services. We have reviewed their compliance documentation and selected them based on their stated commitments to data protection and security. However, they maintain their own terms and privacy policies which govern how they process your data. By using our Service, you acknowledge that your images will be processed by these third-party providers according to their respective policies.

Payment Processing:

Stripe (stripe.com)
Purpose: Process payments, manage subscriptions, handle refunds
Data shared: Payment card information, billing address, transaction amounts

Authentication:

Google OAuth (accounts.google.com)
Purpose: Authenticate users who sign in with Google
Data shared: Email address, name, profile picture (if you choose Google sign-in)

Email Services:

Resend (resend.com)
Purpose: Send transactional emails (receipts, password resets, notifications)
Data shared: Email address, name

Infrastructure and Hosting:

DigitalOcean (DigitalOcean.com) - Application hosting
MongoDB Atlas (mongodb.com) - Database hosting
Purpose: Host and operate the Service
Data shared: Account data, usage logs, transaction records

Analytics and Monitoring:

Google Analytics (analytics.google.com) - User analytics
Sentry (sentry.io) - Error monitoring
Purpose: Understand usage patterns, monitor performance, debug errors
Data shared: Anonymized usage data, error logs

Customer Support:

Crisp (crisp.chat)
Purpose: Provide live chat support
Data shared: Name, email, support conversation history

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

Valid legal processes (court orders, subpoenas)
Requests from law enforcement or government agencies
Investigations of fraud, security breaches, or Terms of Service violations
Protection of our rights, property, or safety, or those of our users

We will notify you of legal requests unless prohibited by law.

4.3 Business Transfers

If PFPMaker is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your personal information.

We may share your information for other purposes with your explicit consent. For example:

Featuring your generated images in marketing materials (only with your permission)
Sharing testimonials or reviews (only if you agree)

5. Data Retention

5.1 What We Keep

Account Data:

Stored until you delete your account
Includes: email, name, preferences, authentication credentials

Transaction Records:

Retained for 7 years for legal, tax, and accounting requirements
Includes: payment history, credit purchases, subscription records

Usage Logs:

Includes: which tools used, success/failure status, processing times
Does NOT include: your photos, generated images, or image content

5.2 What We Don't Keep

Your Photos:

NEVER stored permanently
Deleted immediately after processing

Generated Images:

NOT stored on our servers
Returned directly to your browser

Image Metadata:

Stripped before upload
NOT stored anywhere

5.3 Account Deletion

You can delete your account at any time by contacting support at [email protected].

Upon account deletion:

Your account data will be permanently deleted within 30 days
Transaction records will be retained for 7 years for legal, tax, and accounting requirements
Any remaining credits will be forfeited
This action is irreversible

Important: Since we don't store your uploaded photos or generated images, there is no image data to delete. Only your account information, preferences, and transaction history are affected.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to:

Request a copy of your personal data
Download your account information
Receive your data in a structured, machine-readable format

To request your data, email: [email protected]

6.2 Correction and Updates

You can update your account information at any time through your account settings. If you need assistance, contact [email protected].

6.3 Deletion

You have the right to request deletion of your personal data. See Section 5.3 for details on account deletion.

6.4 Opt-Out of Marketing

You can opt out of promotional emails by:

Clicking "Unsubscribe" in any marketing email
Updating your email preferences in account settings
Contacting [email protected]

Note: You cannot opt out of transactional emails (receipts, password resets, service announcements) as these are necessary for the Service.

You can control cookies through your browser settings. See Section 11 for detailed information.

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

Right to Access: Request confirmation of what personal data we process and obtain a copy

Right to Rectification: Correct inaccurate or incomplete personal data

Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data

Right to Restriction: Limit how we process your personal data

Right to Data Portability: Receive your data in a structured, commonly used format

Right to Object: Object to processing of your personal data for certain purposes

Right to Withdraw Consent: Withdraw consent at any time (doesn't affect prior processing)

Right to Lodge a Complaint: File a complaint with your local data protection authority

7.2 Legal Basis for Processing

We process your personal data based on:

Contract performance: To provide the Service you requested
Legitimate interests: To improve the Service, prevent fraud, ensure security
Legal obligations: To comply with laws and regulations
Consent: For optional features like marketing emails (you can withdraw anytime)

7.3 Data Transfers

Your data may be transferred to and processed in countries outside the EEA, including the United States. We ensure appropriate safeguards are in place (such as Standard Contractual Clauses) to protect your data in accordance with GDPR requirements.

7.4 Exercising Your Rights

To exercise any of these rights, contact us at:

Email: [email protected]
Subject line: "GDPR Data Request"
Include: Your name, email address, and specific request

We will respond within 30 days of receiving your request.

7.5 Data Protection Officer

Data Controller: Logopony OÜ Registry Code: 14402347 Address: Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 5, 10145, Estonia Email: [email protected]

8. Security Measures

We take security seriously and implement appropriate technical and organizational measures to protect your personal information:

8.1 Technical Safeguards

Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL
Secure authentication: Passwords are hashed using industry-standard algorithms (never stored in plain text)
Access controls: Limited access to personal data on a need-to-know basis
Regular security audits: Ongoing monitoring and testing of our security measures
Secure infrastructure: Hosted on enterprise-grade cloud platforms (DigitalOcean, MongoDB Atlas)

8.2 Operational Safeguards

Employee training on data privacy and security
Confidentiality agreements with all team members
Incident response procedures for data breaches
Regular backups of critical data

8.3 Limitations

No system is 100% secure. While we implement industry-standard security measures, we cannot guarantee absolute security. You are responsible for:

Keeping your password secure
Not sharing your account credentials
Logging out after using shared devices
Notifying us immediately of unauthorized access

8.4 User Content Responsibility

You are solely responsible for the security and legality of content you upload and generate. We do not:

Verify the source or ownership of uploaded photos
Check whether you have permissions to use images of other people
Monitor whether generated content violates third-party rights
Review content for legal compliance before you create it

It is your responsibility to ensure all content you upload and generate complies with applicable laws and respects the rights of others. See our Terms of Service for detailed requirements and restrictions.

9. Children's Privacy

9.1 Age Restrictions

PFPMaker is not intended for anyone under 18 years of age. We do not knowingly collect personal information from individuals under 18.

You must be at least 18 years old (or the age of legal majority in your jurisdiction) to use our Service.

9.2 Parental Rights

If you believe a person under 18 has provided us with personal information, please contact us immediately at [email protected]. We will:

Delete the information promptly
Terminate the account
Not use the information for any purpose

10. International Data Transfers

10.1 Where Your Data Is Processed

PFPMaker is operated from Estonia, but we use service providers located worldwide. Your personal information may be transferred to and processed in:

European Union (Estonia - where we are based)
United States (DigitalOcean, Stripe, Replicate, Google Cloud)
Other countries where our service providers operate

10.2 Safeguards for EU Data

For data transfers from the EU/EEA to countries without adequate data protection laws, we implement appropriate safeguards:

Standard Contractual Clauses (SCCs) approved by the European Commission
Service providers certified under data protection frameworks (e.g., EU-US Data Privacy Framework where applicable)
Additional security measures to ensure your data is protected

11.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us recognize you, remember your preferences, and provide essential functionality.

11.2 Types of Cookies We Use

Essential Cookies (Required):

Authentication: Keep you logged in between sessions
Security: Prevent fraud and protect your account
Session management: Maintain your session state
These cookies are necessary for the Service to function and cannot be disabled

Analytics Cookies (Optional):

Google Analytics: Understand how users interact with our Service
Plausible Analytics: Privacy-friendly usage statistics
Purpose: Improve user experience, identify bugs, optimize features
You can opt out via your browser settings

Preference Cookies (Optional):

User settings: Remember your preferences (language, theme, etc.)
Feature flags: Control which features you see
Purpose: Personalize your experience

11.3 Third-Party Cookies

Some third-party services may set their own cookies:

Stripe: For payment processing security
Google OAuth: For authentication (if you use Google sign-in)
Crisp: For customer support chat

These cookies are governed by the respective third-party privacy policies.

11.4 Managing Cookies

Browser Settings: Most browsers allow you to:

Block all cookies
Block third-party cookies only
Delete cookies after each session
Notify you when cookies are set

Browser-Specific Instructions:

Chrome: Settings > Privacy and security > Cookies and other site data
Firefox: Settings > Privacy & Security > Cookies and Site Data
Safari: Preferences > Privacy > Cookies and website data
Edge: Settings > Privacy, search, and services > Cookies and site data

Note: Blocking essential cookies will prevent you from using the Service.

11.5 Do Not Track

Some browsers have "Do Not Track" (DNT) features. We respect DNT signals for optional analytics cookies, but essential cookies are still required for the Service to function.

12. Changes to This Privacy Policy

12.1 Updates

We may update this Privacy Policy from time to time to reflect:

Changes in our practices
New features or services
Legal or regulatory requirements
Feedback from users

12.2 Notification

When we make material changes to this Privacy Policy, we will:

Update the "Last Updated" date at the top
Notify you via email (to your registered email address)
Display a prominent notice on our website for 30 days
For significant changes affecting your rights, we may require your explicit consent

12.3 Your Acceptance

Your continued use of the Service after changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree to the changes, you must stop using the Service and may delete your account.

13. Third-Party Links and Services

13.1 External Links

Our Service may contain links to third-party websites (e.g., social media, help resources, partner sites). We are not responsible for the privacy practices or content of these external sites.

We recommend you review the privacy policies of any third-party sites you visit.

13.2 Third-Party Services

Some features may integrate with third-party services (e.g., Google sign-in, Stripe checkout). These services have their own privacy policies, and your use of them is subject to their terms.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

14.1 Your CCPA Rights

Right to Know: Request disclosure of personal information we collect, use, and share

Right to Delete: Request deletion of your personal information

Right to Opt-Out: Opt out of "sale" of personal information (Note: We do NOT sell personal information)

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

14.2 Categories of Information Collected

Identifiers: Email, name, IP address
Commercial information: Purchase history, credit usage
Internet activity: Usage data, feature interactions
Inferences: Preferences based on usage patterns

14.3 Business Purpose

We collect and use personal information for the purposes described in Section 2 of this Privacy Policy.

14.4 Exercising Your Rights

California residents may submit requests by:

Email: [email protected] with subject "California Privacy Request"
Include: Your name, email, and specific request

We will respond within 45 days of receiving your verified request.

15. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or our privacy practices, please contact us:

Email: [email protected] Support: [email protected] Website: https://pfpmaker.com

Company Information: Logopony OÜ Registry Code: 14402347 Address: Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 5, 10145, Estonia

Data Protection Contact: For GDPR-related inquiries, email: [email protected] with subject "Data Protection Request"

We will respond to all inquiries within 5 business days.

16. Summary of Key Privacy Points

✓ We do NOT store your uploaded photos
✓ We do NOT train AI on your photos
✓ We do NOT add watermarks to images
✓ We do NOT sell your personal data
✓ We do NOT monitor or control user-generated content
✓ Metadata is stripped before upload
✓ You own all generated images (and are responsible for them)
✓ You can delete your account anytime
✓ 30-day data deletion after account closure
✓ You control your data and privacy settings
✓ Service is for ages 18+ only

By using PFPMaker, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.