PRIVACY POLICY
PiktID Privacy Policy
Version: 2.0
1. DATA CONTROLLER
Responsible for the processing of your data:
| Company | PiktID FlexCo |
| Address | Lakeside Park B01a, 9020 Klagenfurt am Wörthersee, Austria |
| office@piktid.com | |
| Managing Director | Davide Righini |
2. INTRODUCTION
The protection of your personal data is important to us. We process your data exclusively on the basis of applicable legal provisions, including the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG 2018), and the Austrian Telecommunications Act (TKG 2003). This Privacy Policy informs you about the key aspects of data processing in connection with PiktID’s services.
3. AI-POWERED IMAGE AND VIDEO PROCESSING SERVICES
PiktID provides AI-powered image and video processing solutions designed for fashion e-commerce, content production, and creative workflows. Our Platform (accessible at https://www.piktid.com/ and https://on-model.com/) processes visual content to generate, edit, individualize, and transform images and videos.
3.1 Fashion Photography Services
Our fashion AI services enable you to:
| Service | Description |
|---|---|
| Model Swap | Replace models in product images while preserving every detail of garments with pixel-perfect accuracy |
| Flat-Lay to On-Model | Transform flat product photography into realistic on-model images without additional photoshoots |
| Virtual Model Creation | Generate diverse AI models or create digital twins from brand ambassadors |
| Garment Preservation | AI-powered preservation ensuring products appear exactly as intended—every stitch, pattern, and detail maintained |
3.2 Image Editing Services
Our AI-powered image editing capabilities include:
| Service | Description |
|---|---|
| Background Processing | Automatic background removal, replacement, and intelligent lighting adjustment |
| Image Upscaling | AI-powered resolution enhancement for higher quality outputs |
| Canvas Extension | Generative AI expansion of image dimensions |
| Facial Feature Generation | Generation of facial characteristics including expression, skin tone, and features |
| Selective Editing | Targeted refinement of specific elements (hair, hands, clothing, accessories) |
| Batch Processing | Process entire catalogs and thousands of images at scale via web application or API |
3.3 Video Editing Services
Our AI-powered video editing capabilities include:
| Service | Description |
|---|---|
| Video Model Swap | Replace faces or models in video content while maintaining natural movement and expressions |
| Video Anonymization | Anonymize individuals in video footage for privacy protection |
| Video Enhancement | AI-powered quality improvement, stabilization, and optimization |
| Frame-by-Frame Processing | Consistent AI processing across video frames for seamless results |
3.4 Anonymization Services
Our service provides you with the capability to modify images and videos such that natural persons can no longer be identified or their identification is significantly impeded. To achieve this, computer-generated alternative faces are created for the individuals depicted. By using this service, you are implementing an important measure to protect the data subjects depicted when publishing visual material.
3.5 Data Processing for These Services
When you use these services, the following data processing occurs:
- Input Content: Images and videos you upload are temporarily stored for processing
- Output Content: AI-generated results are stored according to your selected retention period (see Order Form)
- Sensitive Content: Content marked as sensitive is subject to 24-hour maximum retention with enhanced protection
- Processing Logs: Technical logs are maintained for service quality and troubleshooting
PiktID does not use any Input or Output provided by users to train or improve AI models. User content is processed solely for the purpose of delivering the requested service.
4. CUSTOMER DATABASE AND MARKETING
If you are a customer, your data may be stored in a customer database for our own marketing purposes. The Austrian Telecommunications Act permits us, unless you object, to send you advertising for products similar to those you have already purchased from us, including via email. We store your data for this purpose until the end of the third year following the last customer contact with you. The legal basis for this processing activity is predominantly the legitimate interests of the data controller. You may direct your objection to us using the contact details provided above.
5. RESPONDING TO INQUIRIES
When you send us inquiries regarding our products and services, we process your data on the basis of pre-contractual measures initiated by you. If you direct inquiries to us that are not related to the performance of a contract or pre-contractual measures initiated by you, we consider this action as consent to the processing of your data for this purpose. In this case, you have the right to withdraw your consent. You may direct your withdrawal to us using the contact details provided above.
Retention periods:
-
Non-contractual inquiries: Data is stored for up to 6 months after response, or until the resolution of any legal disputes in which the data serves as evidence.
-
Contract-related inquiries: Data is stored for 6 months after response and thereafter until the expiration of any applicable warranty, liability, and limitation periods. Data is also retained until the resolution of any legal disputes.
We only store your data longer than 6 months for this processing purpose if the data contained in the inquiry or the response is relevant to these matters.
6. PROVISION OF OUR WEBSITE
In connection with our website, we store IP addresses, connection data, your browser version, and operating system. This data is deleted or anonymized after 6 months. We require this data to protect our website against attacks and misuse and for statistical analysis based on legitimate interest. You have the right to object. You may direct your objection to the contact details provided above.
7. IT INFRASTRUCTURE MAINTENANCE AND SERVICE IMPROVEMENT
In improving our services and maintaining or repairing our systems, we are partially supported by service providers. Therefore, external IT service providers and business consultants may have access to and insight into personal data stored by you. However, these service providers are bound by confidentiality obligations and may not copy or process your data for their own purposes. To fulfill our tax obligations, we engage a tax advisor.
8. ANALYTICS
We use analytics services to collect, monitor, and analyze information. We use this information to improve functionality and usability and to better tailor our services to the needs of our visitors. Accordingly, usage data may be shared with analytics providers who have their own privacy policies. We recommend that you read these privacy policies to understand how providers use the information.
9. DATA DELETION
We store personal data only as long as it is needed for a specific purpose and as long as we have a permissible legal basis for doing so. If the purpose or legal basis no longer exists, your data will be deleted from our live systems as quickly as possible. Since it is not possible for us to delete your data from our backups with proportionate effort, deletion from backups occurs when a backup is restored.
10. YOUR RIGHTS
You generally have the following rights under applicable data protection law:
| Right | Description |
|---|---|
| Access | Right to obtain confirmation of whether personal data is being processed and access to that data |
| Rectification | Right to have inaccurate personal data corrected |
| Erasure | Right to have personal data deleted under certain circumstances |
| Restriction | Right to restrict processing under certain circumstances |
| Data Portability | Right to receive personal data in a structured, commonly used format |
| Objection | Right to object to processing based on legitimate interests |
To exercise these rights, please contact us using the details provided above.
If you believe that the processing of your data violates data protection law or that your data protection rights have been otherwise infringed, you may file a complaint with the supervisory authority. In Austria, the competent authority is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde).
11. LIST OF SUB-PROCESSORS
As of the Effective Date of this DPA, the Processor engages the following Sub-processors for the Processing of Personal Data on behalf of the Controller. The list is updated from time to time in accordance with Section 6 of this DPA.
| Sub-processor | Service Provided | Location of Processing | Safeguards |
|---|---|---|---|
| Amazon Web Services EMEA SARL 38 Avenue John F. Kennedy L-1855 Luxembourg |
Cloud infrastructure (compute, storage, networking, managed services) used to host the Services and process Personal Data. | EU data center regions (e.g., eu-central-1 / Frankfurt, eu-west-1 / Ireland). | GDPR Art. 28-compliant Data Processing Addendum (AWS DPA); ISO/IEC 27001, SOC 1/2/3, C5 certified; SCCs for any onward transfer outside the EEA. |
| Google Cloud EMEA Limited 70 Sir John Rogerson’s Quay Dublin 2, Ireland |
Cloud infrastructure and managed services used for selected workloads, AI/ML processing, and storage. | EU data center regions (e.g., europe-west3 / Frankfurt, europe-west1 / Belgium). | Google Cloud Data Processing Addendum (GDPR-compliant); ISO/IEC 27001, 27017, 27018, SOC 1/2/3 certified; SCCs for any onward transfer outside the EEA. |
| Microsoft Ireland Operations Limited One Microsoft Place South County Business Park Leopardstown, Dublin 18, Ireland |
Microsoft Azure cloud infrastructure used for selected workloads and storage. | EU data center regions (e.g., West Europe / Amsterdam, Germany West Central / Frankfurt). | Microsoft Online Services Data Protection Addendum (DPA); ISO/IEC 27001, 27017, 27018, SOC 1/2/3 certified; EU Data Boundary commitments; SCCs for any onward transfer outside the EEA. |
| Stripe Payments Europe, Limited 1 Grand Canal Street Lower Grand Canal Dock Dublin, D02 H210, Ireland |
Payment processing, subscription billing, and invoicing in connection with the Services. Processes account-related and billing data of the Controller’s authorized users (name, email, billing address, payment method tokens). Does not process image data or end-user Personal Data submitted to the Services. | Primary processing within the EEA (Ireland); limited onward transfers to Stripe, Inc. (USA) under SCCs. | Stripe Data Processing Agreement (GDPR-compliant); PCI DSS Level 1 certified; ISO/IEC 27001, SOC 1/2 certified; SCCs (Module 3) for transfers to Stripe, Inc. in the United States. |
12. CONTACT FOR DATA PROTECTION MATTERS
For all data protection inquiries, please contact:
Email: office@piktid.com
Postal Address:
PiktID FlexCo
Lakeside Park B01a
9020 Klagenfurt am Wörthersee
Austria
This Privacy Policy is subject to change. The current version is always available upon request.