Cookie settings

We use cookies to keep GenPic working properly and understand how we can improve. Cookie policy

GenPic
🇪🇸 Español 🇺🇸 English 🇫🇷 Français 🇧🇷 Português 🇮🇹 Italiano
Styles Gallery How it works Pricing FAQ Create my portrait

Privacy Policy

Last updated: March 2026

At Color Vivo Internet S.L., we take your privacy very seriously. This Privacy Policy explains how GenPic.com handles your personal data when you use our AI artistic portrait service. Our commitment: your photos are automatically deleted after 14 days and are never shared with third parties except to generate your portrait.

1. Data Controller

In accordance with Article 13 of Regulation (EU) 2016/679 (GDPR), the data controller is:

  • Color Vivo Internet S.L.
  • Tax ID (CIF): ESB13340724
  • Registered office: Calle Mesones 9, 13640 Herencia (Ciudad Real), Spain
  • Email: [email protected]
  • Corporate website: colorvivo.com

2. Data We Collect

Data Purpose Retention
Email address Send download links and transactional emails Until account deletion request
Uploaded photo Generate your AI portrait 14 days, then permanently deleted
Generated portrait Show preview + deliver purchased files 14 days, then permanently deleted
IP address Rate limiting and fraud prevention 14 days
Payment data Process purchases via Stripe We never see or store card numbers. Stripe handles all payment data.

3. Data We Do NOT Collect

GenPic does not collect, store, or process the following data:

  • Biometric data: we do not extract or store biometric data from your photographs.
  • Facial recognition: face detection runs entirely in your browser (face-api.js). No facial data is sent to our servers.
  • Location or geolocation data.
  • Bank card numbers or financial data (Stripe handles these directly).
  • Passwords (the service does not require creating a password-protected account).

4. How We Process Your Photo

  1. You upload a photo from your device.
  2. Face detection runs in your browser (face-api.js). No facial data is sent to our servers.
  3. Your photo is sent to fal.ai (our AI provider) to generate the portrait. fal.ai processes the image and returns the result. They do not store your photo beyond the processing time.
  4. The generated portrait is stored on our servers (Wasabi S3) for 14 days.
  5. After 14 days, both the original photo and the portrait are permanently and automatically deleted.

5. Legal Basis for Processing

The processing of personal data is based on the following legal grounds under Article 6.1 of the GDPR:

  • Consent (Art. 6.1.a): You voluntarily upload your photo and provide your email.
  • Contract (Art. 6.1.b): Processing your payment and delivering purchased files.
  • Legitimate interest (Art. 6.1.f): Fraud prevention and rate limiting.

6. Third-Party Processors

Service Purpose Location
fal.ai, Novita, Evolink, OpenRouterAI portrait generation (best available provider is selected at each moment)USA/EU
StripePayment processingUSA/EU
WasabiFile storage (S3-compatible)EU
StackscaleCloud infrastructure (servers in Europe)EU

All processors comply with GDPR or operate under adequate safeguards (EU Standard Contractual Clauses). Your photo is sent to the AI provider solely to generate the portrait and is deleted immediately afterwards.

7. International Data Transfers

Some of the providers mentioned (AI providers, Stripe) are based outside the European Economic Area (EEA). In these cases, international data transfers are carried out with the appropriate safeguards provided for in the GDPR:

  • Standard Contractual Clauses (SCCs) approved by Commission Implementing Decision (EU) 2021/914.
  • Transfer Impact Assessments (TIAs) carried out when necessary.

The main service infrastructure (Stackscale servers, Wasabi EU storage) is located within the European Economic Area. Photographs are only temporarily sent to AI providers for portrait generation and are deleted immediately after processing.

8. Data Retention

  • Original photographs: 14 days from upload, then automatic and permanent deletion.
  • Generated portraits and download files: 14 days, then automatic and permanent deletion.
  • User email: until deletion request by the data subject.
  • IP address: 14 days (for fraud prevention and rate limiting).
  • Session and preference cookies: until browser close or 12 months depending on type.
  • Analytics data (if consent given): 14 months.

9. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability
  • Withdraw consent at any time

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. Security Measures

  • All connections encrypted via HTTPS/TLS
  • Images stored in private storage, never publicly accessible
  • Download links are signed and time-limited
  • Rate limiting and anti-abuse protections
  • Automatic file purging after 14 days

11. Children

GenPic is not directed at children under 16, in accordance with Article 8 of the GDPR and Article 7 of Spain's LOPDGDD. If you are under 16, you need your parent's or guardian's consent to use the service. Photos of minors may be included in group or family photos uploaded by their parent or legal guardian with authorization. We do not knowingly collect data from children under 16 without parental consent. If we detect that data has been collected from a minor without the required consent, we will delete it immediately.

12. Changes to this Policy

Color Vivo Internet S.L. reserves the right to modify this Privacy Policy to adapt it to legislative, jurisprudential developments, or changes in the Service. Any modification will be published on this page with the revised update date. In case of substantial modifications, users will be informed through the website.

Contact

For any queries regarding your privacy or this policy:

[email protected]