π Summary: Ask N Pic collects only the data strictly necessary to operate the service. Your briefs and parametric files are encrypted at rest (AES-256-GCM). All data is hosted in Europe (Infomaniak, Switzerland). It is never sold or shared with advertisers, and never passes through OpenAI, Anthropic or Google. At any time you have the right to access, rectify, erase, and object to the use of your data for improving the AI model.
The controller of the personal data collected through the Ask N Pic Service is:
Audrey Redondo β My Codeuse
78 Avenue des Champs-ΓlysΓ©es, Bureau 326, 75008 Paris, France
SIRET: 879 571 255 00055
Email: contact@asknpic.com
The founder also acts as de facto Data Protection Officer (DPO), in the absence of a legal obligation to appoint one at this stage. Any exercise of GDPR rights may be addressed to her directly.
| Data | Collection | Purpose |
|---|---|---|
| Email address | Required β entered by the user | Confirmation email and communications relating to the launch |
| Type of interest (beta tester / launch alert) | Automatic β inferred from the submitted form | List segmentation to tailor communications |
| Page language at sign-up | Automatic β inferred from the URL (/fr/ or /en/) | Communicating in the user's language |
| Data | Collection | Purpose |
|---|---|---|
| Email address | Required | Unique login identifier, deduplication across authentication methods, service communications |
| Password (PBKDF2-hashed, never in cleartext) | Required | Authentication |
| Phone number (international format E.164) | Required | Anti-spam verification via SMS OTP β required to unlock generation features |
| Preferred language | Automatic β inferred from the Accept-Language HTTP header |
Personalising the interface and communications, injected into the authentication token |
| First / last name | Optional | Profile pre-fill |
If you choose to sign up via Google, GitHub, LinkedIn or Facebook, the following data is transmitted by the OAuth provider:
| Data | Collection | Purpose |
|---|---|---|
| Email address verified by the provider | Required | Login identifier, automatic merge with an existing account if the address matches |
| External identifier (ExternalId) | Required | Stable identifier at the provider (e.g. Google sub, GitHub id), stored in the
account-linking table |
| First / last name | Automatic β transmitted by the provider if available | Profile pre-fill β ignored if not provided |
| Phone number | Required β entered by the user after first login | Anti-spam OTP verification β mandatory even for OAuth accounts |
Note on US OAuth providers: Google, GitHub and Facebook are US companies subject to the Cloud Act. During an OAuth login, these providers learn that you use Ask N Pic at the date and time of the connection. This information is inherent to the OAuth protocol and beyond Ask N Pic's control. If full sovereignty over your login data is essential, email/password sign-up is recommended.
| Data | Collection | Purpose | Encryption |
|---|---|---|---|
| User briefs (free text) | Required to generate a visual | Output file generation, audit, AI model improvement (see section 8) | AES-256-GCM, per-user derived key |
| Brief translated by the AI model | Automatic (only when your brief was translated before generation) | Processing chain traceability, right to data portability (Art. 20 GDPR) | AES-256-GCM, same derived key as the brief |
| Brief complexity score estimated before processing | Automatic | Service optimisation, processing chain traceability | No (aggregated data) |
| Raw parametric files produced by the AI model | Automatic (only when the delivered file has been algorithmically corrected) | AI output traceability (AI Act compliance), right to data portability (Art. 20 GDPR) | AES-256-GCM, same derived key as the brief |
| Algorithmic correction log | Automatic (only when the delivered file has been algorithmically corrected) | AI output traceability (AI Act compliance), internal audit | No (technical metadata containing no personal data) |
| Final parametric files | Automatic on each generation | User history, audit, AI model improvement (see section 8) | AES-256-GCM, same derived key as the brief |
| Daily AI token consumption | Automatic | Plan quota enforcement, billing, internal audit | No (aggregated data) |
| Prompt system version identifier and AI model version used | Automatic | AI output traceability (AI Act compliance), audit | No (metadata) |
The briefs you submit may contain personal data (names, addresses, contact details). This data is processed by our self-hosted artificial intelligence model (Mistral via Ollama). It never passes to third-party services; OpenAI, Anthropic or Google never see the content of your briefs.
Briefs and parametric files are encrypted at rest as soon as they are received. The database never contains briefs or parametric files in cleartext.
When the delivered parametric file has been algorithmically corrected by our validation system, the raw file produced by the AI model is retained separately from the delivered file, in encrypted form, for the same retention period as the delivered file according to your plan. This retention ensures full traceability of the corrections applied and allows you to exercise your right to data portability (Art. 20 GDPR) over the original file produced by the model. You are notified by a visible message in the Service interface when a corrected file is delivered.
We distinguish two categories of logs, with different purposes and retention periods:
| Category | Data | Purpose | Retention |
|---|---|---|---|
| Application logs | Technical identifiers (UserId, TenantId, correlation identifier), technical events. No direct personal data (email, phone masked). | Debugging, service operation | 30 days |
| Security logs | Technical identifiers, IP address, security events (login, password change, sensitive accessβ¦) | Incident and attack investigation | 1 year |
The IP address, a personal data point, is retained only in the security logs, for the purpose of protection against attacks, on the basis of our legitimate interest.
Payments are processed entirely by Stripe. Ask N Pic neither collects nor stores any banking
data (card number, CVV, IBAN). Only a Stripe customer identifier (StripeCustomerId) is retained to
link your account to your subscription or one-off purchases.
Two types of purchase are possible through Stripe: monthly subscriptions (Starter, Pro, Agency plans) and additional credit packs (one-off purchase, no subscription, no expiry date). Additional credits supplement your daily quota ; they are consumed after it and require explicit confirmation in the interface before use.
Candidates selected for the beta phase are invited to complete a qualification form (hosted via Infomaniak Newsletter, a Swiss processor). This form collects additional information used solely for selecting and monitoring testers.
| Data | Collection | Purpose |
|---|---|---|
| Profile (freelancer, agency, SMB, individual) | Required | Balanced selection of tester profiles |
| Country | Required | Geographic selection and GDPR compliance (transfers outside EU/EEA) |
| Current creation tools used | Optional | Understanding the tester's context |
| Type of visuals sought | Optional | Guiding test scenarios |
| Estimated visual usage frequency | Optional | Calibrating quota thresholds |
| Main motivation for testing | Optional | Assessing expected feedback quality |
Tester selection is a human decision, not automated. Participation in the beta and consent to the use of generations for model improvement are subject to two separate, explicit consents.
| Purpose | GDPR legal basis | |
|---|---|---|
| Managing the waitlist and launch communications | Consent (Art. 6.1.a) | |
| Providing the Service and managing accounts | Performance of the contract (Art. 6.1.b) | |
| Anti-spam verification (phone OTP) | Legitimate interest (Art. 6.1.f) β protecting the infrastructure against abuse | |
| Billing and accounting | Legal obligation (Art. 6.1.c) | |
| Managing additional credit packs (one-off purchase) | Performance of the contract (Art. 6.1.b) | |
| Service security, abuse prevention, logging | Legitimate interest (Art. 6.1.f) | |
| Improving the AI model (Mistral fine-tuning) | Legitimate interest (Art. 6.1.f) β subject to the right to object (opt-out) | |
| Sending marketing communications (newsletter) | Consent (Art. 6.1.a) | |
| Retention for evidentiary purposes (termination for serious cause) | Legitimate interest (Art. 6.1.f) + Art. 17.3.e exception | |
| Managing beta candidacies and testers | Selection (human), participation tracking, reward allocation | Pre-contractual measures and legitimate interest (Art. 6.1.b and 6.1.f) |
| Managing support requests | Processing reports and assistance | Performance of the contract (paid plans) / legitimate interest (free accounts) |
| Security and incident investigation | Detecting and investigating attacks (security logs, IP) | Legitimate interest (Art. 6.1.f) |
| Data | Retention period |
|---|---|
| Email address (waitlist) | Until unsubscription or 2 years after the last contact |
| Account data (email, phone, profile) | Lifetime of the account. Immediate physical deletion upon account closure. |
| Briefs (encrypted) β Free and Starter plans | 7 days (Free) / 30 days (Starter) after generation, then immediate physical deletion of the encrypted content. The non-personal metadata is kept 30 days for internal audit, then deleted. Immediate deletion upon account closure. |
| Briefs (encrypted) β Pro and Agency plans | Retained for the entire lifetime of the account. Immediate physical deletion of the encrypted content upon account closure. Only non-personal metadata is kept 30 days for internal audit, then deleted. |
| Translated brief (encrypted, only when your brief was translated before generation) | Same retention period as the original brief according to your plan. Immediate deletion upon account closure. Included in data export upon request. |
| Parametric files (encrypted) β Free and Starter plans | 7 days (Free) / 30 days (Starter) after generation, then immediate physical deletion of the encrypted content. The non-personal metadata is kept 30 days for audit, then deleted. |
| Parametric files (encrypted) β Pro and Agency plans | Immediate physical deletion of the encrypted content upon account deletion. Only non-personal metadata is kept 30 days for internal audit, then deleted. |
| Raw parametric file (encrypted, only when the delivered file has been algorithmically corrected) | Same retention period as the delivered parametric file according to your plan. Immediate deletion upon account closure. Included in data export upon request. |
| Algorithmic correction log (only when the delivered file has been algorithmically corrected) | Lifetime of the account. Deleted within 30 days of account closure. Included in data export upon request. |
| Training dataset entries (encrypted) | Immediate deletion upon account deletion or exercise of the right to object to fine-tuning, within a maximum of 30 days for entries already integrated. |
| Generation metadata (date, plan, scores β no encrypted content) |
Active account: kept for the entire lifetime of the account. Deleted account: deleted within 30 days of account closure. |
| Server access logs (Apache/Infomaniak): IP, browser, pages viewed, timestamps. | Purpose: network security and aggregated anonymised statistics. Kept 1 year. |
| Application logs (Serilog): UserId, TenantId, CorrelationId, technical events | No direct personal data (email, phone) is kept in cleartext (masked at write time). Brief content, JWT tokens and OTPs are never logged. Kept 30 days. |
| Security logs (Serilog): UserId, TenantId, CorrelationId, IP address, security events (authentication, password change, sensitive access) | The IP address is kept in cleartext because it is the object of the security investigation; other direct personal data remains masked. Kept 1 year. Legal basis: legitimate interest (protection against attacks). |
| Security logs (authentication, OTP attempts, account lockouts) | 1 year β required for detecting progressive attacks and managing disputes |
| Detailed AI consumption (tokens per day per tenant) | 90 rolling days β quota optimisation and anomaly detection |
| Monthly consumption summary (aggregated by plan) | 2 years β justification of billing in the event of a dispute |
| Billing data (Stripe identifiers) | 10 years β legal accounting retention obligation (Art. L123-22 French Commercial Code) |
| Gift codes (coupon code, type, issue date, activation date, recipient UserId) | 1 year after the code expires, then deleted. |
| Evidentiary data (termination for serious cause) | Data strictly necessary to establish proof of the breach β for the applicable statutory limitation period (5 years in civil matters, criminal period where applicable). Legal basis: Art. 6.1.f + Art. 17.3.e GDPR. Triggered manually on a qualified case. |
Deletion of inactive accounts: any account with no activity (no login and no generation) for 12 months is deleted, after a warning email sent about 30 days beforehand. This deadline is the maximum retention period for the data attached to an account, including data kept in an inaccessible state following a plan downgrade.
Ask N Pic undertakes never to sell or rent your personal data. Data may be shared with the following processors, strictly within the scope of their service:
| Processor | Country | Purpose | Safeguard |
|---|---|---|---|
| Infomaniak Network SA | Switzerland | Service hosting (databases, servers), newsletter management (waitlist and beta qualification) | EC adequacy decision β protection level equivalent to the EU |
| Stripe, Inc. | United States | Payment processing (the only third party authorised to process financial data) | Standard Contractual Clauses (SCC) Art. 46 GDPR |
| Brevo (formerly Sendinblue) | France / EU | Sending verification SMS OTPs and transactional emails | French company, data hosted in the EU, outside the Cloud Act |
The artificial intelligence model (Mistral) is self-hosted on our infrastructure. No brief or parametric file passes to a third-party LLM provider.
Service hosting is provided exclusively by Infomaniak, whose servers are located in Switzerland. Switzerland benefits from a European Commission adequacy decision guaranteeing a level of protection equivalent to that of the EU.
Stripe, a US-based payment provider, processes your data under the Standard Contractual Clauses (SCC) approved by the European Commission (Art. 46 GDPR). Only the data strictly necessary for payment is transmitted to it.
Brevo, a French-law SMS and transactional email provider, hosts its data in Europe. Its services are outside the jurisdiction of the US Cloud Act.
The OAuth providers (Google, GitHub, LinkedIn, Facebook) may be informed of the act of connection when you choose this authentication method (see section 2.3).
No other transfer of personal data outside the EU/EEA is carried out.
Ask N Pic implements high-level technical and organisational measures:
Briefs and parametric files are encrypted with the AES-256-GCM algorithm (authenticated encryption). The encryption key is derived per user via HKDF-SHA256 from a master key stored only in an environment variable, never in the database. Each user has a unique cryptographic key. The compromise of one user's data does not expose that of others.
Deleting an account triggers immediate cryptographic erasure and physical deletion of the encrypted content (briefs and parametric files) without delay. The derived key becomes unrecoverable as soon as the account is deleted. Only the non-personal technical metadata (generation date, plan) is kept 30 days for internal audit reasons, then deleted.
Data is spread across 4 separate PostgreSQL databases: account and quota data, encrypted briefs, encrypted production parametric files, and the fine-tuning dataset (never accessible from the production API). Briefs and parametric files (which constitute the sensitive content) are encrypted at the application level (AES-256-GCM): these databases, if stolen in isolation, are unusable without the master key. Account data (email, phone) is stored in cleartext in the dedicated database, protected by PostgreSQL authentication and encryption in transit (TLS) ; their readability is necessary for authentication and verification functions.
Passwords are hashed via PBKDF2 (ASP.NET Core Identity). Access tokens (15-minute lifetime) are stored in JavaScript memory only (never in localStorage). Refresh tokens (7 days) are stored in an httpOnly, Secure, SameSite=Strict cookie, inaccessible to JavaScript.
5 incorrect OTP attempts trigger a temporary 15-minute lockout. 3 consecutive lockouts trigger a permanent account block requiring support intervention.
In the event of a breach likely to create a risk to the rights and freedoms of the data subjects, Ask N Pic undertakes to notify the CNIL within 72 hours and the affected users as soon as possible.
Ask N Pic retains full traceability of each generation in accordance with the auditability requirements of the AI Act (EU) 2024/1689:
These elements ensure full traceability of the processing chain, from the original brief to the delivered file, in compliance with the requirements of the AI Act and your right to data portability (Art. 20 GDPR).
Ask N Pic uses Mistral, an open-source artificial intelligence model, self-hosted on our European infrastructure. Your briefs never leave our infrastructure to be processed by a third-party LLM. The system makes no automated decision producing a legal or similar effect on individuals. It is currently classified as a limited-risk system within the meaning of the AI Act (EU) 2024/1689, subject to the transparency obligations of Art. 50. The Publisher undertakes to reassess this classification at each significant evolution of the Service that may change its risk level.
Each generated output is associated with a prompt system version identifier and a model version, allowing full traceability of outputs in accordance with the AI Act's auditability requirements. When an output has been algorithmically corrected before delivery, or when your brief was translated before processing, the intermediate data is retained separately in encrypted form (see section 7).
In order to improve generation quality, validated (brief, parametric file) pairs may be used to train a specialised version of the Mistral model. This use is subject to the following safeguards:
Generations that failed validation (rejected parametric files) may also be kept in the dataset, together with the technical rejection feedback. This data is processed with the same safeguards as validated generations and subject to the same rights to object.
You may at any time exercise your right to object to the use of your generations for model fine-tuning, from your personal account area (Training dataset opt-out setting) or by email to contact@asknpic.com.
The objection takes effect immediately: your generations are removed from the selection dataset and will no longer be used for any future training. If some have already been used to train an earlier version of the model, their removal from the trained model is not technically possible: this is a limitation inherent to machine learning technologies, recognised by the European data protection authorities. Your account and access to the Service are not affected.
For beta-phase testers, the use of generations for model improvement relies on explicit and separate consent, collected separately from the participation consent, and revocable at any time.
The asknpic.com showcase site uses no third-party cookies for advertising or behavioural tracking purposes.
The following data is stored locally in your browser. It is never sent to our servers:
| localStorage entry | Purpose | Duration |
|---|---|---|
theme |
Remembering the chosen light/dark theme | Persistent β until manually cleared |
lang |
Remembering the chosen language | Persistent β until manually cleared |
These entries are preference data β they do not constitute cookies within the meaning of the ePrivacy directive and require no consent.
| Cookie | Purpose | Duration |
|---|---|---|
refresh_token |
Maintaining the authenticated session β encrypted renewal token | 7 days β deleted on logout |
The refresh_token cookie is strictly necessary for the operation of the Service. It is exempt from
consent under Article 5.3 of the ePrivacy directive. It is not accessible from JavaScript (the
httpOnly attribute) and cannot be read by third-party scripts or browser extensions. No consent
banner is required for any of these storage mechanisms.
Browsing statistics are measured via the Infomaniak server logs in an aggregated and anonymised way, without placing any cookie or installing any third-party script.
In accordance with the GDPR, you have the following rights:
To exercise these rights, contact us at contact@asknpic.com. A response is guaranteed within one month of receipt of your request. For complex requests, this period may be extended by two further months with prior notice.
Email: contact@asknpic.com
Mail: Audrey Redondo β My Codeuse, 78 Avenue des Champs-ΓlysΓ©es, Bureau 326, 75008 Paris,
France
If you consider that the processing of your data constitutes a breach of the GDPR, you have the right to lodge a complaint with the CNIL (the French data protection authority):