Pictaar
Continue with Google

Last updated April 28, 2026

Privacy Policy

This Privacy Policy explains how Pictaar collects, uses, stores, shares, and protects personal data when you use our website, app, AI thumbnail generation tools, thumbnail scoring tools, account features, payment features, YouTube URL import, persona features, and brand asset features.

1. Controller

The controller responsible for the processing of personal data under this Privacy Policy is:

Tim Leimkühler
trading as Leimkühler Data Consulting
Luise-Rinser-Str. 8
47506 Neukirchen-Vluyn
Germany

Email: contact@pictaar.com

2. Scope of this Privacy Policy

This Privacy Policy applies to all users of Pictaar, including visitors, registered users, free users, paying subscribers, creators, agencies, businesses, and other users.

Pictaar is intended for users who are at least 18 years old. We do not knowingly collect personal data from children or users under the age of 18.

3. Categories of Personal Data We Process

Depending on how you use Pictaar, we may process the following categories of personal data:

Account data

  • name;
  • email address;
  • Google account identifier;
  • profile picture, if provided through Google OAuth;
  • account status;
  • subscription status;
  • credit balance;
  • account settings.

Authentication data

  • Google OAuth authentication data;
  • login timestamps;
  • session data;
  • security tokens;
  • device and browser information.

Usage data

  • prompts entered by you;
  • generation requests;
  • thumbnail scoring requests;
  • selected styles and reference images;
  • feature usage;
  • credit usage;
  • generated thumbnail history;
  • account actions;
  • support interactions.

Uploaded content

  • uploaded images;
  • existing thumbnails;
  • screenshots;
  • brand assets;
  • logos;
  • persona images;
  • images of persons;
  • style reference images;
  • files submitted for generation, scoring, or improvement.

Generated content

  • AI-generated thumbnails;
  • thumbnail variations;
  • thumbnail scores;
  • heatmaps;
  • AI-generated recommendations;
  • improvement suggestions;
  • metadata related to generation or scoring.

YouTube-related data

  • YouTube URLs submitted by you;
  • publicly accessible or API-accessible video data;
  • thumbnail images;
  • video titles;
  • channel-related public data;
  • other data made available through the YouTube Data API, where technically supported.

Payment and subscription data

  • subscription plan;
  • billing period;
  • payment status;
  • invoices;
  • payment method details processed by Stripe;
  • transaction metadata;
  • refund status;
  • billing email.

Technical data

  • IP address;
  • browser type and version;
  • device type;
  • operating system;
  • referral URL;
  • page views;
  • log files;
  • error logs;
  • timestamps;
  • security events.

Communication data

  • emails sent to us;
  • support requests;
  • refund requests;
  • account deletion requests;
  • legal or privacy-related requests.

4. Purposes of Processing

We process personal data for the following purposes:

To provide the service

  • creating and managing user accounts;
  • enabling Google login;
  • generating thumbnails;
  • scoring thumbnails;
  • creating improvement suggestions;
  • storing generations for registered users;
  • managing personas and brand assets;
  • processing prompts and uploaded content;
  • enabling YouTube URL import;
  • providing downloads and account features.

To process payments and subscriptions

  • managing paid plans;
  • processing payments through Stripe;
  • issuing invoices;
  • managing credits;
  • handling refunds;
  • detecting failed payments or chargebacks.

To secure and operate Pictaar

  • preventing fraud and abuse;
  • detecting scraping, automation, account sharing, and misuse;
  • enforcing rate limits;
  • blocking malicious requests;
  • protecting accounts;
  • maintaining server security;
  • debugging errors;
  • ensuring technical stability.

To improve the service

  • analyzing feature usage;
  • improving generation quality;
  • improving scoring and heatmap features;
  • detecting technical issues;
  • optimizing user experience;
  • improving prompts, workflows, and product performance.

To communicate with you

  • responding to support requests;
  • sending account-related messages;
  • sending billing-related messages;
  • sending security notices;
  • responding to privacy or legal requests.

To comply with legal obligations

  • tax and accounting obligations;
  • legal retention obligations;
  • responding to lawful requests;
  • enforcing legal claims;
  • complying with consumer protection and data protection law.

6. Google OAuth Login

Pictaar uses Google OAuth to allow users to sign in with their Google account.

When you sign in with Google, we may receive and process basic account information such as your name, email address, Google account identifier, and profile picture, depending on the permissions granted by you.

We use this information to create and manage your Pictaar account, authenticate you, prevent abuse, and provide account-related features.

Your use of Google services is also subject to Google’s own privacy terms and policies.

7. YouTube Data API

Pictaar may use the YouTube Data API to access YouTube-related information when you submit a YouTube URL or use YouTube-related features.

Depending on the URL and available API data, Pictaar may process data such as video title, thumbnail image, channel-related public information, and other information made available through the YouTube Data API.

We use this information to provide thumbnail analysis, inspiration, scoring, generation, and improvement features.

Pictaar is not affiliated with, endorsed by, or controlled by YouTube or Google.

Your use of YouTube-related features may also be subject to YouTube’s and Google’s own terms and privacy policies.

8. OpenAI Processing

Pictaar uses OpenAI services to provide AI thumbnail generation, thumbnail scoring, visual analysis, heatmaps, improvement suggestions, and related AI-assisted features.

When you use AI features, we may send prompts, uploaded images, thumbnails, brand references, persona references, and related metadata to OpenAI where necessary to provide the requested feature.

OpenAI may process this data as a service provider or processor according to the applicable OpenAI terms and data processing arrangements.

We do not use persona images or brand assets for general model training unless separately disclosed and legally permitted.

9. Stripe Payment Processing

Pictaar uses Stripe to process payments, subscriptions, invoices, refunds, and billing-related information.

When you purchase a paid plan, Stripe may process your payment details, billing information, transaction information, and fraud prevention data.

Pictaar does not store full credit card numbers on its own servers.

Stripe may process data as an independent controller or processor depending on the processing activity. Stripe’s own privacy terms may also apply.

10. Hosting and Infrastructure

Pictaar is hosted through infrastructure providers, including Strato in the European Union.

Our hosting providers may process technical data such as IP addresses, server logs, request logs, security logs, and stored files where necessary to operate, secure, and deliver the service.

11. Uploads, Personas, and Brand Assets

You may upload images, thumbnails, logos, screenshots, brand assets, and images of persons to use Pictaar.

If you create personas or brand styles, we store the uploaded reference images in your account until you delete them or delete your account.

Persona images and brand assets are used to provide the requested generation features for your account. They are not used for general model training unless separately disclosed and legally permitted.

You are responsible for ensuring that you have the necessary rights, permissions, and consents to upload and use these materials.

12. Generated Thumbnails and Outputs

If you have an account, Pictaar may store your generated thumbnails, thumbnail variations, scores, heatmaps, and improvement suggestions until you delete them or delete your account.

Generated outputs may be used to provide your account history, allow downloads, improve the product, debug errors, prevent abuse, and provide support.

Pictaar may use generated thumbnails as public examples, showcase content, marketing materials, or product demonstrations, provided that such use is legally permissible and does not unlawfully disclose personal data, confidential information, or protected third-party content.

13. Product Improvement and Human Review

We may use prompts, generated outputs, usage data, technical logs, error data, and aggregated or anonymized information to improve, secure, debug, and optimize Pictaar.

We may manually review user content and generated outputs where necessary for:

  • customer support;
  • troubleshooting;
  • abuse prevention;
  • safety review;
  • fraud prevention;
  • quality assurance;
  • legal compliance;
  • enforcement of our Terms of Service.

We limit manual review to what is necessary for the relevant purpose.

14. Cookies and Similar Technologies

Pictaar may use cookies and similar technologies to operate the website, keep users logged in, secure accounts, remember preferences, measure usage, and improve the service.

Strictly necessary cookies are used to provide core functionality and security.

Optional analytics, marketing, or tracking cookies are only used where legally permitted and, where required, with your consent.

15. Email Communications

We may send you service-related emails, including account notices, login or security messages, billing messages, subscription updates, refund communications, and important legal notices.

We may send marketing emails only where legally permitted, for example if you have consented or where another legal basis applies. You can unsubscribe from marketing emails at any time.

16. Data Sharing and Recipients

We may share personal data with the following categories of recipients where necessary:

  • hosting and infrastructure providers;
  • AI service providers, including OpenAI;
  • payment providers, including Stripe;
  • authentication providers, including Google;
  • YouTube API services, where YouTube-related features are used;
  • email and communication providers;
  • analytics providers, if used;
  • legal, tax, accounting, and compliance advisors;
  • public authorities, courts, or law enforcement where legally required;
  • service providers supporting security, monitoring, and technical operations.

We only share personal data where necessary for the purposes described in this Privacy Policy or where otherwise legally permitted.

17. International Data Transfers

Pictaar is operated from Germany and uses hosting infrastructure in the European Union. However, some third-party providers, including OpenAI, Stripe, Google, and YouTube-related services, may process data in the United States or other countries outside the European Economic Area.

Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards where required, such as adequacy decisions, the EU-U.S. Data Privacy Framework, Standard Contractual Clauses, data processing agreements, or other legally recognized transfer mechanisms.

18. Data Retention

We store personal data only for as long as necessary for the purposes described in this Privacy Policy, unless longer retention is required by law.

Account data

Stored for as long as your account exists.

Generated thumbnails and account history

Stored until you delete the relevant content or delete your account.

Uploads, personas, and brand assets

Stored until you delete the relevant files or delete your account.

Free and paid credit history

Stored as long as necessary to operate the account, prevent abuse, resolve disputes, and comply with legal obligations.

Billing and invoice data

Stored for the legally required retention period under applicable tax and accounting laws.

Support and communication data

Stored as long as necessary to respond to your request and protect legal interests.

Technical logs

Stored for a limited period necessary for security, debugging, abuse prevention, and service operation.

Backup copies

Deleted or overwritten according to our backup cycles, unless longer retention is required for legal, security, or technical reasons.

19. Account Deletion

You may delete your account through the account page or by contacting us at contact@pictaar.com.

When your account is deleted, we delete stored generations, uploads, personas, brand assets, and account-related content associated with your account, subject to:

  • legal retention obligations;
  • billing and tax records;
  • fraud prevention;
  • security logs;
  • dispute resolution;
  • backup deletion cycles;
  • legal claims.

20. Your Rights

Where the GDPR or similar data protection laws apply, you may have the following rights:

  • right of access;
  • right to rectification;
  • right to erasure;
  • right to restriction of processing;
  • right to data portability;
  • right to object to processing based on legitimate interests;
  • right to withdraw consent at any time where processing is based on consent;
  • right to lodge a complaint with a data protection authority.

To exercise your rights, contact us at contact@pictaar.com.

We may need to verify your identity before responding to your request.

21. Right to Object

You have the right to object to processing based on Art. 6(1)(f) GDPR where grounds relating to your particular situation apply.

If we process personal data for direct marketing, you may object at any time. If you object to direct marketing, we will stop processing your data for that purpose.

22. Security

We use technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, disclosure, or destruction.

These measures may include access controls, secure authentication, encrypted connections, server-side processing, logging, abuse detection, and restricted access to stored content.

No online service can guarantee absolute security. You are responsible for keeping your Google account and device secure.

23. User Responsibility for Uploaded Content

You are responsible for ensuring that uploaded images, persona images, brand assets, logos, thumbnails, screenshots, prompts, and YouTube URLs are lawful and that you have the necessary rights and permissions.

Do not upload sensitive personal data, confidential information, private documents, or images of persons unless you have the legal right and consent to do so.

24. No Sale of Personal Data

We do not sell personal data in the traditional sense.

If privacy laws applicable to your jurisdiction define certain analytics, advertising, or tracking activities as a “sale” or “sharing” of personal data, we will provide the legally required notice and opt-out options where applicable.

25. Users Outside the European Union

Pictaar is operated from Germany and may be accessed internationally.

If you use Pictaar from outside Germany or the European Union, your personal data may be processed in Germany, the European Union, the United States, or other countries where our service providers operate.

By using Pictaar, you understand that data protection laws may differ from those in your country of residence.

26. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we may notify you by email, in-app notice, website notice, or another appropriate method.

The updated Privacy Policy applies from the date indicated at the top unless otherwise stated.

27. Contact

For privacy-related questions, requests, or complaints, contact:

Tim Leimkühler
trading as Leimkühler Data Consulting
Luise-Rinser-Str. 8
47506 Neukirchen-Vluyn
Germany

Email: contact@pictaar.com