Privacy Policy

The data controller is Perfecto SARL, registered at 44 Rue Pasquier, 75008 Paris, France (SIREN 103 854 493). For any privacy request, contact [email protected].

If you are based in the European Economic Area, the United Kingdom or Switzerland, you may also contact our EU representative at the same address.

You provide

• Account data — first name, last name, email, password hash.
• Billing data — billing address, VAT identifier, payment-method metadata (we never see full card numbers).
• Studio inputs — text prompts, uploaded reference images, generated patterns, project metadata.
• Support correspondence — emails, chat transcripts, attachments.

We collect automatically

• Device & connection data — IP, user agent, language, time zone, referrer.
• Usage data — pages viewed, features used, error logs, performance metrics.
• Cookies & similar technologies — see the Cookie Policy.

• To provide and operate the studio, gallery, mockups and downloads.
• To process payments, issue invoices and prevent fraud.
• To provide support and respond to your requests.
• To improve the product — debug issues, measure performance, A/B test features.
• To send transactional emails (order receipts, password resets, security alerts).
• To send marketing emails — only with your explicit consent, and you can unsubscribe at any time.
• To comply with legal obligations (accounting, tax, anti-money-laundering).

We rely on the following GDPR Article 6 bases:

• Contract — to provide the service you signed up for.
• Legitimate interest — to keep the platform secure, prevent abuse, and improve the product.
• Consent — for non-essential cookies and marketing emails.
• Legal obligation — for accounting, tax and law-enforcement requests.

We never sell your data. We share it only with vetted processors that help us run the service, under written data-processing agreements:

• Cloud hosting & databases.
• Payment processors (card networks, bank reconciliation).
• Transactional email and customer-support tooling.
• Privacy-respecting product analytics.
• AI inference providers — prompt and image data is sent for the sole purpose of generating your output and is not used to train third-party models.

We may also disclose data when required by law, to protect our rights, or in the context of a merger, acquisition or asset sale (with notice to you).

• Account data — for as long as your account is active, plus 3 years after closure for legal and accounting reasons.
• Generated patterns & projects — for the lifetime of your account; deleted within 30 days of cancellation.
• Invoices and tax records — 10 years (French Commercial Code).
• Support tickets — 2 years.
• Server logs — 12 months.

Some processors are based outside the EEA. When that happens we rely on European Commission Standard Contractual Clauses (SCCs) and additional safeguards to ensure your data continues to receive an equivalent level of protection.

Subject to applicable law, you may:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Request erasure ("right to be forgotten").
• Restrict or object to certain processing.
• Receive your data in a portable format.
• Withdraw consent at any time, without affecting prior processing.
• Lodge a complaint with the CNIL (France) or your local supervisory authority.

To exercise any right, email [email protected]. We respond within 30 days.

We use TLS in transit, encryption at rest, role-based access control, regular vulnerability scans and least-privilege defaults. No system is perfect — if we ever discover a breach affecting your data we will notify you and the competent authority within 72 hours, as required by Article 33 GDPR.

The service is not intended for users under 16. We do not knowingly collect personal data from children. If you believe a minor has created an account, contact us and we will delete it promptly.

We will post any material change at this URL and, where required, notify you by email at least 30 days before it takes effect.