Privacy Policy

1. Introduction and Data Controller

This Privacy Policy explains how Pimpcasso LLC ("Pimpcasso," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use our AI-powered image analysis service (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. This Policy should be read in conjunction with our Terms of Service.

2. Information We Collect

Account Information

• Email address (required for authentication)
• Display name (optional)
• Account creation and login timestamps
• Authentication tokens and session data

Usage Data

• Images you upload for analysis
• Generated prompts and analysis results
• Credit usage and transaction history
• Feature usage and interaction patterns
• Subscription and billing history

Technical Data

• IP address and approximate geographic location
• Browser type, version, and language settings
• Device type, operating system, and screen resolution
• Referring URLs and pages visited
• Cookies and similar tracking technologies (see Section 10)

Payment Information

Payment card information is collected and processed directly by our payment processor, Stripe. We do not store your full card number, CVV, or other sensitive payment details. We receive only a tokenized reference, card type, last four digits, and expiration date for display purposes.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

4. How We Use Your Information

• Service Delivery: To provide, maintain, and improve the Service, including processing your image analysis requests.
• Authentication: To verify your identity via magic links and manage your account.
• Billing: To manage subscriptions, process payments, and provide invoices.
• Communication: To send transactional emails, service updates, and respond to support requests.
• Security: To detect, prevent, and respond to fraud, abuse, and security incidents.
• Analytics: To understand how users interact with the Service and make improvements.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

5. Image Processing and AI

• Uploaded images are processed by AI systems to generate text prompts describing the image content.
• Images are transmitted to our third-party AI provider (OpenAI) for analysis.
• Images are stored on our servers for up to 90 days to enable history and re-access features.
• We do not use your images to train AI models without your explicit consent.
• You may delete your images at any time through your account settings.

Automated Decision-Making

Our Service uses AI to automatically analyze images and generate prompts. This automated processing:

• Identifies visual elements, styles, colors, lighting, and composition in your images.
• Generates text descriptions suitable for AI image generators.
• Does not make decisions that have legal or similarly significant effects on you.

If you have concerns about automated processing, you may contact us at support@pimpcasso.com.

6. Data Sharing and Third Parties

We share your information with the following categories of third parties:

Service Providers (Sub-processors)

Other Disclosures

• Legal Requirements: We may disclose information when required by law, legal process, or government request.
• Safety and Rights: We may disclose information to protect the rights, property, or safety of Pimpcasso, our users, or the public.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

We do not sell your personal information to third parties.

7. Data Retention

You may request deletion of your data at any time (see Section 9). Some data may be retained longer if required by law or for legitimate business purposes such as resolving disputes or enforcing agreements.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in Transit: All data transmission uses TLS/HTTPS encryption.
• Encryption at Rest: Sensitive data is encrypted in our databases.
• Secure Authentication: Passwordless magic link authentication eliminates password-related vulnerabilities.
• Access Controls: Strict role-based access controls limit employee access to personal data.
• Monitoring: Continuous security monitoring and logging for threat detection.
• Vendor Security: We evaluate the security practices of our third-party providers.

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you via email within 72 hours of becoming aware of the breach, where feasible, as required by applicable law. We will also notify relevant supervisory authorities as required.

9. Your Privacy Rights

Rights for All Users

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your account and personal data.
• Export: Receive your data in a portable, machine-readable format.

Additional Rights (EEA/UK/Switzerland)

• Restriction: Request restriction of processing in certain circumstances.
• Objection: Object to processing based on legitimate interests.
• Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Lodge Complaint: File a complaint with your local data protection authority.

How to Exercise Your Rights

To exercise any of these rights, contact us at support@pimpcasso.com. We will respond to your request within:

• GDPR: 30 days (may be extended by 60 days for complex requests)
• CCPA/CPRA: 45 days (may be extended by 45 days with notice)

We may need to verify your identity before processing your request.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Your California Rights

• Right to Know: Request information about the categories and specific pieces of personal information we collect, use, and disclose.
• Right to Delete: Request deletion of your personal information.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Do Not Sell or Share My Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes as defined under the CPRA.

To make a request, contact us at support@pimpcasso.com or call [Phone number to be added]. You may also designate an authorized agent to make a request on your behalf.

Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers (email address, IP address)
• Commercial information (subscription and transaction history)
• Internet activity (usage data, interaction with the Service)
• Sensory data (images you upload)
• Inferences (AI-generated descriptions of your images)

11. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

We do not use advertising or tracking cookies.

Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block all cookies
• Clear cookies when you close your browser

12. International Data Transfers

Your information may be transferred to and processed in countries outside your residence, including the United States. These countries may have different data protection laws.

For transfers from the EEA, UK, or Switzerland to countries without an adequacy decision, we rely on:

• Standard Contractual Clauses (SCCs): EU-approved contractual safeguards with our vendors.
• Data Processing Agreements: Contractual commitments regarding data protection.

You may request a copy of these safeguards by contacting support@pimpcasso.com.

13. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

If you believe we have collected information from a child under 18, please contact us immediately at support@pimpcasso.com.

14. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Sending an email to your registered email address
• Displaying a prominent notice on the Service
• Updating the "Last updated" date at the top of this page

We encourage you to review this Privacy Policy regularly. Your continued use of the Service after changes become effective constitutes your acceptance of the revised Policy.

15. Contact Us

For privacy-related questions, concerns, or to exercise your rights, contact us at:

For general support inquiries, contact support@pimpcasso.com.