Privacy Policy
Last Updated: May 15, 2026
Introduction
Picasso ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media marketing automation platform.
Information We Collect
1. Account Information
When you create an account, we collect:
- Email address
- Name and profile image (optional)
- Password (stored as a secure hash)
- Authentication provider information (Google OAuth or email/password)
- Company affiliation and role (Owner, Admin, Editor, Viewer)
2. Company and Business Data
- Company name, description, logo, and website URL
- Brand identity information (brand voice, core values, target market, industry)
- Marketing strategies, campaigns, and content
- Product information (names, descriptions, prices, categories)
- Media assets (images, videos) uploaded by you
3. Third-Party Integration Data
When you connect social media accounts or other services:
- Social Media Platforms: Access tokens, channel IDs, page IDs, and profile information from Facebook, Instagram, LINE, and TikTok
- Odoo ERP System: Server URL, database credentials, and synced product/brand data
- Google OAuth: Profile information when signing in with Google
4. Content and Communication Data
- Marketing posts and campaigns you create
- Messages exchanged through integrated messaging channels
- Conversation history with customers through connected social media platforms
- User context and interaction data (interested products, budget preferences)
5. Analytics and Engagement Data
We collect analytics data to help you measure campaign performance:
- Post engagement metrics (likes, comments, shares, reach)
- Click tracking data including IP addresses, user agent strings, browser fingerprints, click timestamps and sources, referrer information, and geolocation data (country, city)
- Social media user IDs (Facebook, LINE) for users who interact with your posts
- Coupon claim and redemption data
6. Automatically Collected Information
- Session information and login timestamps
- Device information and browser type
- Usage patterns and feature interactions
How We Use Your Information
We use the collected information to:
- Provide Services: Operate and maintain the Picasso platform, including content generation, social media publishing, and campaign management
- AI-Powered Features: Send your company, product, and campaign data to Google Gemini API for content generation, product enrichment, and marketing optimization
- Social Media Integration: Use your connected account credentials to publish posts, retrieve engagement data, and manage conversations on your behalf
- Analytics: Track campaign performance and provide insights about post engagement and customer interactions
- Communication: Send service-related notifications and respond to your inquiries
- Improvement: Analyze usage patterns to improve our platform and develop new features
- Security: Protect against unauthorized access and ensure platform security
Third-Party Services and Data Sharing
AI Processing
We use third-party AI service providers to power our content generation features. The following data is sent to these AI services for processing:
- Product information (names, descriptions, pricing)
- Company branding and marketing context
- Campaign themes and objectives
- Content generation requests
These AI service providers process your data according to their own privacy policies. We recommend reviewing the privacy policies of the specific AI services we use.
Social Media Platforms
When you connect social media accounts, we access and transmit data to the connected platforms to publish posts, retrieve engagement metrics, and manage conversations on your behalf. Each platform processes data according to their respective privacy policies.
Odoo ERP Integration
If you connect your Odoo system, we access and sync product catalog and brand data from your Odoo database.
OAuth Providers
We use Google OAuth for authentication, which involves sharing basic profile information.
Data Storage and Security
Security Measures
- Passwords are hashed using bcrypt encryption
- All data transmissions use SSL/TLS encryption
- Access tokens are stored securely in our database
- Session tokens use JWT with 30-day maximum age
- Role-based access control to limit data access
Data Location
Your data is stored on secure servers. We implement industry-standard security measures to protect against unauthorized access, alteration, or destruction.
Data Retention
We retain your information for as long as your account is active or as needed to provide services. When you delete:
- Your account: All associated data including sessions and linked accounts are deleted
- Your company: All associated users, campaigns, products, channels, conversations, and content are permanently deleted
- Specific content: Individual campaigns, posts, or media can be deleted at any time
Your Rights and Choices
You have the right to:
- Access: Request a copy of your personal data by contacting us
- Correction: Update or correct inaccurate information through your account settings
- Deletion: Request deletion of your account and associated data by contacting us
- Opt-out: Disconnect third-party integrations at any time through the platform
- Data Portability: Request export of your data in a structured format by contacting us
- Withdraw Consent: Revoke permissions for third-party account access through your account settings
To exercise rights that require manual assistance (data access, deletion, or export), please contact us at support@picasso.app.
Cookies and Tracking Technologies
We use session cookies and browser fingerprinting for:
- Authentication and session management
- Analytics and click tracking for marketing post performance
- Improving user experience
You can control cookie settings through your browser preferences.
Children's Privacy
Picasso is not intended for users under the age of 18. We do not knowingly collect personal information from children.
International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last Updated" date.
Data Protection Rights (GDPR)
If you are in the European Economic Area (EEA), you have additional rights under GDPR:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision making
California Privacy Rights (CCPA)
If you are a California resident, you have specific rights regarding your personal information:
- Right to know what personal information is collected
- Right to know whether personal information is sold or disclosed
- Right to opt-out of the sale of personal information
- Right to deletion
- Right to non-discrimination
Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Email: admin@doia.ai
Website: picasso.doia.ai
Consent
By using Picasso, you consent to this Privacy Policy and agree to its terms.
Summary of Key Points
- We collect account, business, and marketing data necessary to operate the platform
- Your data is shared with third-party AI services and social media platforms you connect
- We implement strong security measures including password hashing and encrypted transmissions
- You can request data deletion and disconnect integrations by contacting us
- We track analytics to help you measure marketing performance
- We comply with GDPR and CCPA privacy regulations