Privacy Policy
Last updated June 14, 2026
This Privacy Policy explains how Pictograph ("Pictograph", "we", "us") collects, uses, and protects information when you use our website, application, API, SDK, and related services (the "Service"). By using the Service you agree to the practices described here.
Information we collect
We collect the following categories of information:
- Account information. Your email address, name, and authentication identifiers. You can sign in with email and password or through Google or GitHub OAuth.
- Organization and team data. Workspace names, member roles, and invitations.
- Content you upload. Images, annotations, datasets, trained models, and project configuration you create or import.
- Usage and billing data. API and compute usage, credit consumption, plan, and payment details processed by our payment provider.
- Technical data. IP address, browser type, and request logs used for security, rate limiting, and debugging.
How we use your information
- To provide, operate, and improve the Service, including annotation, model training, deployment, and search.
- To authenticate you, enforce role-based access, and isolate each organization's data.
- To meter compute usage, manage credits, and process billing.
- To send service notifications, such as training completion or export readiness.
- To secure the Service, prevent abuse, and comply with legal obligations.
We do not sell your data, and we do not use your images or annotations to train shared or foundation models. Embeddings and auto-tags generated for your images are computed on Pictograph-managed hardware and stored only within your organization to power your own search and labeling.
Where your data is stored
Your content is hosted with established cloud infrastructure providers, primarily in the United States, and is encrypted in transit and at rest. Each organization's data is logically isolated so that one organization cannot access another's content, annotations, or account information.
Third-party processors
We rely on a small number of established service providers ("sub-processors") to operate the Service. Each processes only the data needed for its function and is bound by confidentiality and data-protection obligations. By category:
| Category | Purpose |
|---|---|
| Cloud infrastructure | Application hosting, data storage, and content delivery |
| Payment processing | Subscription billing and payment handling |
| Email delivery | Transactional and security notifications |
| AI image generation | Optional image generation and editing that you choose to initiate |
A current list of our named sub-processors is available to customers on request at support@pictograph.io.
Data retention and deletion
We retain your content for as long as your account is active. You can delete images, datasets, models, and your organization at any time. When you delete content it is removed from active systems; backups age out on a rolling schedule. To request full account deletion, contact support@pictograph.io.
Cookies and analytics
We use essential cookies to keep you signed in and to secure the Service. We do not use advertising trackers. Any analytics we use are limited to aggregate, privacy-respecting product metrics.
Security
We protect your data with industry-standard safeguards: all traffic is encrypted in transit over TLS, access requires authentication, credentials are never stored in plain text, and each organization's data is isolated from others'. No method of transmission or storage is perfectly secure, but we work continuously to protect your information and to limit access to it.
Your rights
Depending on your location, you may have the right to access, correct, export, or delete your personal information. To exercise these rights, contact us at support@pictograph.io.
Changes to this policy
We may update this policy from time to time. Material changes will be reflected in the "Last updated" date above and, where appropriate, communicated to you.
Contact
Questions about this policy? Reach us at support@pictograph.io.