Legal

Privacy Policy

Last updated: February 12, 2026

1. Introduction

Pikto ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and related services.

Pikto is operated from Norway and complies with the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (Personopplysningsloven).

2. Information We Collect

2.1 Account Information

When you create an account we collect your name, email address, and profile picture (if provided via OAuth).

2.2 Project Data

Content you upload or create within Pikto — including project files, preview URLs, pin annotations, comments, tasks, and chat messages — is stored on our servers to provide the service.

2.3 Usage Data

We automatically collect technical data such as your IP address, browser type, device information, pages visited, and feature interactions. This data is anonymized and used solely for analytics and service improvement.

2.4 Cookies

We use essential cookies to keep you logged in and optional analytics cookies to understand usage patterns. See our Cookie Policy for details.

3. How We Use Your Information

  • Provide, operate, and maintain the Pikto service
  • Authenticate your identity and manage your account
  • Send transactional emails (e.g. project invitations, password resets)
  • Analyze usage to improve performance and features
  • Detect, prevent, and address technical issues or abuse
  • Comply with legal obligations

4. Data Sharing

We do not sell your personal data. We may share data with third-party service providers (hosting, analytics, email delivery) solely to operate the service. All providers are bound by data processing agreements compliant with GDPR.

5. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it by law.

6. Your Rights

Under GDPR, you have the right to:

  • Access and receive a copy of your personal data
  • Rectify inaccurate or incomplete data
  • Request deletion of your personal data
  • Restrict or object to certain processing
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@pikto.dev.

7. Security

We use industry-standard measures to protect your data, including encryption in transit (TLS), encrypted storage, access controls, and regular security audits. No method of transmission over the Internet is 100% secure — but we work hard to protect your information.

8. International Transfers

Your data may be processed on servers located within the EU/EEA. If we transfer data outside the EEA, we ensure adequate safeguards are in place (e.g. Standard Contractual Clauses).

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date and notify you via email or in-app notification for material changes.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, reach out at privacy@pikto.dev or visit our Contact page.