Privacy Policy

Effective Date: 1 October 2025

 

1. Overview

This Privacy Policy explains how Pictora s.r.o. (Reg. No. 23585404), Tyršova 1838/14, Nové Město, 12000 Praha 2, Czech Republic (“Pictora,” “we,” “us,” or “our”) collects, uses, shares, and protects personal data when you visit dreamai.design or use our AI image-generation services (the “Services”). By using the Website/Services, you acknowledge this Policy. If you do not agree, please do not use the Website/Services.

2. What We Collect

Information you provide: name, email address, account credentials, and any content you submit (e.g., prompts, uploaded references). If you purchase requests, limited billing details may be collected; full payment data is handled by our payment processors.
Information collected automatically: IP address, device/browser type, language settings, pages viewed, interactions, referral URLs, time/date, and basic location derived from IP. We use cookies or similar technologies for essential functions, analytics, preferences, and security (see §8).
User content: prompts, settings (e.g., style, focus, tone), chosen size/format (JPEG/PNG/PDF), and generated outputs you store with us.

3. How We Use Personal Data

• Operate the Services: create/manage accounts, process requests, deliver outputs, provide downloads/links.

• Support & communications: respond to inquiries, send service notices (e.g., policy or security updates).

• Payments & fraud prevention: process transactions via third-party gateways; detect/prevent abuse.

• Improve & secure: diagnose issues, analyze aggregated usage, test new features, enhance performance and safety.

• Legal compliance: meet obligations under applicable laws, enforce our Terms, and protect rights.

4. Sharing & Disclosure

We do not sell personal data. We may share limited data with:

• Service providers (e.g., hosting, analytics, email, payment processors) under contracts and confidentiality.

• Authorities where legally required or to protect our users, property, or compliance posture.

• Corporate events (e.g., merger or asset transfer) with safeguards and notice where required.

5. Legal Bases (GDPR)

Where the GDPR applies, we rely on one or more of the following: contract necessity (to provide the Services), legitimate interests (security, improvement, anti-fraud, analytics balanced against your interests), consent (e.g., optional marketing or non-essential cookies), and legal obligation (recordkeeping, compliance).

6. Data Retention

We retain personal data only as long as needed for the purposes above:

• Account data & service records: for the life of the account and as required for legal/audit obligations.

• Payment/transaction records: per applicable accounting/tax laws.

• Logs/analytics: for a limited period, then aggregated or anonymized.
  When data is no longer needed, we delete or irreversibly anonymize it.

7. International Transfers

Your data may be processed in or transferred to locations outside your country/EEA. Where required, we use appropriate safeguards (e.g., EU Standard Contractual Clauses or adequacy decisions) to protect personal data.

8. Cookies & Similar Technologies

We use cookies and similar tools to keep the site secure and functional, remember preferences, and understand how the Website is used. Non-essential cookies are used with your consent where required. You can manage cookies in your browser; disabling some may affect functionality. (A standalone Cookie Policy can complement this section.)

9. Security

We apply industry-standard measures, including TLS encryption in transit, access controls (least-privilege), monitoring, backups, and vendor due diligence. No online service can guarantee absolute security; please protect your credentials and notify us of any suspected compromise.

10. Your Rights

Depending on your location and applicable law (e.g., GDPR), you may: access your data; rectify inaccuracies; request erasure; object to or restrict certain processing; exercise data portability; and withdraw consent where processing relies on consent (without affecting prior processing). You also have the right to lodge a complaint with a supervisory authority (in the Czech Republic: ÚOOÚ).

11. Third-Party Links

The Website may contain links to third-party sites/services. Their privacy practices are independent of ours; please review their policies before providing personal data.

12. Children

The Services are intended for adults (18+). We do not knowingly collect personal data from children. If you believe a minor has provided data, contact us and we will delete it.

13. Changes to This Policy

We may update this Policy to reflect legal, technical, or business changes. We’ll post updates on dreamai.design and revise the Effective Date above. Continued use after changes means you accept the updated Policy.

14. Contact

Pictora s.r.o.
Reg. No. 23585404
Tyršova 1838/14, Nové Město, 12000 Praha 2, Czech Republic
Email: howdy@dreamai.design