Back to home

Privacy Policy

Last updated: February 19, 2026

Introduction

At Pimplo ("we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered thumbnail creation platform at pimplo.com and all associated services.

By using Pimplo, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

Information We Collect

Personal Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Profile information you choose to provide
  • Payment information (processed securely through Stripe — we never store card details on our servers)

Usage Information

We automatically collect certain information when you use our services:

  • Thumbnails and projects you create
  • Feature usage, preferences, and language settings
  • Credit consumption and transaction history
  • Device information and IP address
  • Browser type and operating system
  • Page views and navigation patterns

Uploaded Content

When using our platform, you may upload:

  • Images for editing, background removal, or as base thumbnails
  • Persona/face reference photos for consistent AI generation
  • Brand assets (logos, fonts, color palettes)
  • Videos for frame extraction

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process your transactions and manage your credit balance
  • Generate AI-powered thumbnails based on your prompts and preferences
  • Send you technical notices, security alerts, and support messages
  • Respond to your comments, questions, and support requests
  • Detect, prevent, and address fraud, abuse, and technical issues
  • Analyze usage patterns to improve user experience
  • Send you marketing communications (with your consent, opt-out available)
  • Enforce our Terms of Service and policies

AI Processing

Our platform uses third-party AI services to provide core functionality:

  • OpenAI (DALL-E 3, GPT-4 Vision) — for thumbnail generation, text suggestions, and image analysis
  • Replicate (SDXL) — for additional image generation styles and background removal

When you use AI features, your prompts and uploaded images are sent to these services for processing. These providers process data according to their own privacy policies and data processing agreements. We have agreements in place that prohibit these providers from using your content for model training.

We do not use your thumbnails, images, or creative content to train any AI models. Your content is processed solely to deliver the service you requested.

Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Your data is stored and protected using:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Supabase (PostgreSQL) with row-level security for database storage
  • Secure cloud infrastructure hosted on Vercel
  • CSRF protection on all state-changing API requests
  • Content Security Policy (CSP) headers
  • Regular security audits and dependency updates
  • Access controls, API key scoping, and authentication via Supabase Auth

Your Content

You retain all ownership rights to the thumbnails and content you create using Pimplo. We do not claim ownership of your content.

We do not use your thumbnails or creative content to train our AI models or for any purpose other than providing our services to you. Projects are stored with a retention period, and you may delete them at any time.

Third-Party Services

We use trusted third-party services to help us provide and improve our platform:

  • Stripe — payment processing (PCI DSS compliant)
  • Cryptomus — cryptocurrency payment processing
  • Supabase — database, authentication, and file storage
  • Vercel — application hosting and CDN
  • Resend — transactional email delivery
  • OpenAI & Replicate — AI image generation and analysis
  • Pexels — stock photo integration (when you search for stock images)
  • PostHog — product analytics (optional, anonymized)

Each of these services has their own privacy policies and processes your data according to their terms. We only share the minimum data necessary for each service to function.

Your Rights

Depending on your location, you may have the following rights:

  • Access — Request a copy of your personal information
  • Rectification — Correct inaccurate or incomplete data
  • Erasure — Request deletion of your data ("right to be forgotten")
  • Portability — Export your data in a structured format
  • Restriction — Limit how we process your data
  • Objection — Object to processing based on legitimate interests
  • Opt-out — Unsubscribe from marketing communications at any time
  • Withdraw consent — Revoke previously given consent

To exercise these rights, please contact us at privacy@pimplo.com. We will respond within 30 days of receiving your request.

Cookies and Tracking

We use cookies and similar technologies for the following purposes:

  • Essential cookies — Authentication, session management, CSRF protection, language preference
  • Functional cookies — Remembering your preferences, theme, and settings
  • Analytics cookies — Understanding how you use our platform (via PostHog, if enabled)

You can manage your cookie preferences through our cookie consent banner or your browser settings. For more details, see our Cookie Policy.

Data Retention

We retain your data for the following periods:

  • Account data — Retained while your account is active and for 30 days after deletion request
  • Projects and thumbnails — Stored with a 15-day inactive retention period; active projects are retained indefinitely
  • Transaction records — Retained for 7 years as required by financial regulations
  • Server logs — Automatically deleted after 90 days

International Data Transfers

Our services are hosted in the United States. If you are accessing Pimplo from outside the US, your data may be transferred to and processed in the US or other countries where our service providers operate. We ensure appropriate safeguards are in place for these transfers in compliance with applicable data protection laws.

Children's Privacy

Our services are not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@pimplo.com and we will promptly delete the data.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a prominent notice on our platform, and we will update the "Last updated" date at the top of this page. Your continued use of Pimplo after such notification constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us:

  • Privacy inquiries: privacy@pimplo.com
  • General support: support@pimplo.com
  • Support page: pimplo.com/support