The Short Version
Picteus is a local-first application. Your images, recipes, metadata, and creative work are stored on your computer — not on our servers. We don’t see your content, we don’t analyze it, and we don’t sell it. Most privacy policies exist to explain what companies do with your data in the cloud. Ours exists to explain why we barely have any of your data in the first place.
Data Controller
Picteus is developed and published by :
KoppaSoft SAS (Société par Actions Simplifiée) 9, rue de Ponthieu 75008 Paris, France RCS Paris 817 509 227 — SIRET 817 509 227 00028
Email: edouard@koppasoft.com
For the purposes of the EU General Data Protection Regulation (GDPR) and French data protection law, KoppaSoft is the data controller for any personal data processed through Picteus or its associated services.
What Stays on Your Device
When you use Picteus, the following data is created and stored entirely on your local machine:
Your images — every image you import, organize, or index remains on your hard drive in the folders you choose.
Your recipes — prompts, parameters, model settings, workflows, and all generation metadata are stored locally in Picteus’s local databases.
AI-generated captions and tags — when Picteus uses local AI models (such as Ollama) to describe or tag your images, that processing happens on your device by default. If you configure Picteus to use a cloud-hosted AI model, your data will be sent to that provider’s servers and will be subject to their privacy policy.
Your features and annotations — ratings, comments, descriptions, and any enrichments computed by extensions are stored in Picteus’s local database.
Search indexes — text search, visual similarity embeddings, and semantic search indexes are built and maintained locally.
We have no access to any of this data. It never leaves your computer unless you explicitly choose to share or export it.
What We May Collect
There are limited circumstances where Picteus or its associated services may communicate with external servers. Below is what may be collected and the legal basis for each.
Extension Marketplace (Coming Soon)
When the extension marketplace launches, browsing and downloading extensions will require communication with our servers. We will collect only the information necessary to deliver, update, and manage your extensions. We will never access the data that extensions process on your device.
Legal basis: Contract performance — providing the marketplace service you have signed up for.
Optional Cloud Backup (Planned)
In the future, Picteus may offer an optional cloud backup service for your local databases, following a model similar to Obsidian Sync. This feature will be strictly opt-in. If you choose not to enable it, your data remains exclusively on your device. If you do enable it, your backup data will be used solely for restoring your Picteus databases — never for analytics, advertising, or any other purpose.
Legal basis: Consent — you explicitly opt in to this feature.
Website
If you visit the Picteus website, we may collect standard server log data (IP address, browser type, pages visited). If we use cookies or analytics tools on the website, we will request your consent via a cookie banner in accordance with French law and the ePrivacy Directive.
Legal basis: Legitimate interest in ensuring website security, preventing abuse, and maintaining service functionality for essential server logs; consent for analytics or non-essential cookies.
Chrome Extension
Picteus includes a browser extension that can detect AI-generated images in your browser and import them along with their recipes into your local Picteus installation. This extension currently supports Gemini, with additional platform support in active development.
The extension communicates only with the Picteus application running on your local machine.
It does not send any data to our servers or to any third party.
It inspects page content solely to identify and extract recipe data from supported AI generation platforms. The extension is configured to activate only on specific platform URLs (currently limited to Gemini-related domains). This list of monitored URLs will expand as support for additional platforms is added.
You can review the extension’s permissions at any time through your browser’s extension settings.
Extension Permissions
Picteus uses an extension-based architecture. Extensions run within the application’s Node.js and Python runtime environments.
Important — current state: Today, extensions have broad access to the system they run on through these runtimes. We are actively working on sandboxing the Node.js and Python environments so that extensions cannot access the file system outside of their own folder, and cannot launch commands or external software without explicit user permission. This sandboxing is not yet implemented.
In the meantime, we strongly recommend that you only install extensions from trusted sources. Picteus’s built-in extensions are developed and maintained by the Picteus team. When the extension marketplace launches, all listed extensions will be reviewed and assessed by the Picteus team before publication.
Our long-term design goal is that you can run Picteus with zero internet connectivity if you choose — not a single byte needs to leave your machine.
Metadata and Export Controls
When you export images from Picteus, you are in full control of what metadata travels with them:
You can include the full recipe, a partial recipe, or strip all metadata entirely.
You can embed Picteus’s enrichment data (captions, tags, annotations) into the image file’s metadata — or exclude it.
You decide what to reveal and what to keep private, every single time.
By default, Picteus reads your image metadata but does not modify your original files. Your pixels and your original metadata are never altered unless you explicitly choose to embed additional data.
Open-Source Transparency
Picteus’s core application is open source. This means:
You can inspect exactly what the software does with your data.
You can verify that no hidden data collection occurs.
Security researchers and the community can audit the codebase.
You don’t have to take our word for any of the above — you can check for yourself.
Third-Party Services and Extensions
Picteus does not share, sell, or provide your data to any third party for advertising, analytics, or profiling purposes. If you use extensions that connect to third-party AI services (for example, cloud-based generation platforms), those interactions are governed by those services’ own privacy policies. Picteus’s role is to capture and organize the outputs locally — we do not act as an intermediary for your data. Third-party extensions available through the future extension marketplace may collect or transmit data according to their own privacy practices. We will require all marketplace extensions to disclose their data handling practices before installation. However, Picteus is not responsible for the privacy practices of third-party extension developers. We recommend reviewing extension permissions and privacy disclosures before installing any third-party extension.
Data Security
Your local data is protected by your own device’s security measures (disk encryption, OS-level access controls, passwords). Picteus does not introduce any network-accessible services beyond the local API used for extension communication on your machine.
Extension security — current state: Extensions currently run within Node.js and Python environments that have broad system access. We are working on sandboxing these runtimes to restrict file system access and prevent unauthorized command execution. Until this is complete, Picteus’s built-in extensions offer the highest level of trust. We recommend exercising caution when installing any third-party extension and only using extensions whose origin you know and trust.
For any server-side services we operate (such as the future extension marketplace or optional cloud backup), we implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, in accordance with GDPR Article 32.
Data Retention and Deletion
Since your data lives on your device, you are in complete control:
Delete anything, anytime. Remove images, recipes, tags, or any other data from Picteus at your discretion.
Uninstall cleanly. Removing Picteus from your computer removes the application and its local databases. Your original image files remain untouched.
No server-side traces. Because we don’t store your creative data on our servers, there is nothing for us to retain or delete on our end.
For any data held on our servers (such as future marketplace account information), we will retain it only as long as necessary to provide the service. Upon your request, we will delete your account and associated data, subject to any retention period required by applicable law.
Your Rights Under GDPR
Under the EU General Data Protection Regulation and French data protection law (Loi Informatique et Libertés), you have the right to:
Access — request a copy of any personal data we hold about you.
Rectification — request correction of inaccurate personal data.
Erasure — request deletion of your personal data from our systems.
Portability — receive your data in a structured, commonly used format.
Object — object to processing of your personal data.
Restriction — request that we limit processing of your personal data.
Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
In practice, because Picteus is local-first, most of these rights are already satisfied by design — your data is in your hands, in open formats, on your own machine. As of today, Picteus does not require any account creation or email registration. Account-based features will be introduced with the extension marketplace.
For any data we do hold (such as account information for the extension marketplace), you can exercise these rights by contacting us at the address listed under Data Controller above. We will respond to your request within one month, as required by GDPR Article 12(3).
Right to lodge a complaint: If you believe your data protection rights have not been respected, you have the right to lodge a complaint with the French data protection authority:
CNIL (Commission Nationale de l’Informatique et des Libertés)
3 Place de Fontenoy, TSA 80715
75334 Paris Cedex 07, France
www.cnil.fr
Automated decision-making: Picteus does not subject you to decisions based solely on automated processing that produce legal or similarly significant effects (GDPR Article 22).
Data breach notification: In the event of a personal data breach affecting any server-side data we hold, we will notify the CNIL within 72 hours as required by GDPR Article 33, and will inform affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
Children’s Privacy
Picteus is designed for professional creators and is not directed at children under 15 years of age (the digital age of consent in France under Article 45 of the Loi Informatique et Libertés). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.
Changes to This Policy
We may update this privacy policy from time to time. When we do, we will update the “Last updated” date at the top and, for significant changes, notify you through the application or our website.
Governing Law
This privacy policy is governed by the laws of France. Any disputes relating to this policy shall be subject to the jurisdiction of the competent courts in France, without prejudice to any mandatory provisions of consumer protection law in your country of residence.
Contact Us
If you have questions about this privacy policy or your data, reach out to us:
KoppaSoft SAS
9, rue de Ponthieu
75008 Paris, France
Email: edouard@koppasoft.com
Picteus
An open source, local-first platform for AI image creators. Capture, organize, and search your generations privately on your machine, enhanced by locally running AI models like Ollama that auto-tag and enrich every image without ever touching the cloud.