Picrly
Sign in
← Back to Picrly

Privacy Policy

Last updated: 29 April 2026

1. Introduction

Welcome to Picrly (“Picrly,” “we,” “our,” or “us”), an AI-narrated product video service operated by ASL Digital Solutions, a sole proprietorship registered in Kolkata, West Bengal, India (GSTIN: 19BDXPM8993D1ZI; UDYAM: UDYAM-WB-04-0064312; DUNS: 772338888). This Privacy Policy explains what information we collect when you use picrly.com(the “Service”), how we use it, who we share it with, and the rights you have over your data.

By creating an account or using Picrly, you agree to the practices in this policy. If you do not agree, please stop using the Service.

2. Data we collect

2.1 Account information

When you sign up, we receive and store:

  • Email address — used to identify your account, send sign-in magic links, and deliver transactional notifications.
  • Display name and profile photo — provided by Google when you sign in with Google OAuth, or entered manually for email sign-ins.
  • Firebase Authentication user ID (UID) — a unique, opaque identifier we use as the primary key for your account.
  • Onboarding details— your first name, optional last name, and use-case category (e.g. “indie SaaS founder”) collected on the welcome screen.

We do notcollect or store passwords. Authentication is handled by Google’s OAuth 2.0 system or by email magic-link tokens managed by Firebase Authentication.

2.2 User-generated content

The core function of Picrly is to turn your screenshots into a narrated video. We process and store:

  • Screenshots and images you upload to a project, stored in Firebase Storage in Mumbai, India (region: asia-south1).
  • Project metadata — title, aspect ratio, scene order, zoom rectangles, captions, scripts, and durations.
  • AI-generated voiceover audio— the MP3 files ElevenLabs returns when you generate scene narration, cached in Firebase Storage so you don’t pay twice for the same line.
  • Rendered video output — the final MP4 file, stored on AWS S3 in Mumbai (region: ap-south-1) and served via the share URL https://www.picrly.com/v/{renderId}.

2.3 Billing information

When you upgrade to Pro or buy a Lifetime plan, payment is processed by Razorpay International. Picrly itself does not see or store your card number, CVV, or expiry. We only receive and store:

  • Razorpay subscription ID, customer ID, payment ID, order ID
  • Plan tier (free / pro / lifetime), cadence (monthly / yearly / one-time)
  • Period end timestamps and renewal status
  • For Lifetime buyers: your founding-member number (1 to 100) and the amount paid in USD

Razorpay’s own privacy policy applies to the payment data it collects: razorpay.com/privacy.

2.4 Usage and quota counters

  • Per-user monthly counters: number of renders used, characters of TTS consumed, plan tier active during the month
  • Function logs: high-level events (sign-in, render started, payment captured) for debugging and abuse prevention
  • IP address and user agent on payment webhooks (used by Razorpay for fraud screening; we don’t aggregate this for marketing)

2.5 Cookies and local storage

Picrly uses a small number of essential cookies and browser storage mechanisms:

  • Firebase Auth session cookie — keeps you signed in between visits.
  • Local storage — caches your theme preference and recently-viewed projects for faster load times.

Picrly does not currently use any third-party advertising, marketing, or behavioural-tracking cookies. If we add analytics in the future, we will update this policy and obtain appropriate consent under GDPR / India DPDP rules before it goes live.

3. How we use your data

  • Provide the Service — generate scripts via Google Gemini, synthesize voice via ElevenLabs, render videos via Remotion Lambda, deliver MP4s to you.
  • Authenticate you — verify your identity, sign you in, send magic-link emails.
  • Bill you — process subscriptions and one-time purchases via Razorpay; flip your account tier when payment lands.
  • Send transactional emails — welcome email, plan activation receipts, payment receipts. We do not send marketing emails without separate opt-in consent.
  • Enforce quotas— count renders and TTS characters against your plan’s monthly cap.
  • Diagnose problems — review function logs when a render or payment fails, prevent abuse and fraud.
  • Comply with the law — retain payment and tax records for the period required by Indian law.

We do notuse your screenshots, project content, or rendered videos to train AI models — neither our own nor any third party’s. We do not sell or rent your personal data to anyone. Ever.

4. Sub-processors

We use the following third-party services to operate Picrly. Each is a data processor acting on our instructions; we are the controller.

ServicePurposeRegionPrivacy policy
Google Firebase (Authentication, Firestore, Cloud Functions, Storage)Account auth, database, video processing backend, file storageMumbai (asia-south1)link
Google Gemini APIRead uploaded screenshots and write scene narrationGlobal (Google Cloud)link
ElevenLabsText-to-speech voice synthesisUSAlink
Amazon Web Services (Remotion Lambda + S3)Render the final MP4 and serve it via the share URLMumbai (ap-south-1)link
Razorpay InternationalPayment processing (cards, UPI, wallets in USD)India / globallink
ResendTransactional email delivery (welcome, receipts)USAlink
VercelFrontend hosting + CDN for picrly.comGlobal edgelink
HostingerDNS for picrly.comGloballink

We may add or change sub-processors as Picrly evolves. Any change will be reflected on this page with a fresh “Last updated” date. Material changes will also be emailed to active users.

5. Where your data lives

  • Account profile, projects, billing state, usage counters: Cloud Firestore in Mumbai (asia-south1).
  • Uploaded screenshots and voice MP3s: Firebase Storage in Mumbai (asia-south1).
  • Rendered MP4 outputs: AWS S3 in Mumbai (ap-south-1).
  • Payment records: Razorpay’s own infrastructure (India + global).
  • Email delivery logs: Resend’s infrastructure (USA).

Some of our sub-processors (ElevenLabs, Resend, Vercel) are based in the United States. By using Picrly, you consent to the cross-border transfer of your data to these processors for the purposes described in this policy. We rely on each processor’s standard contractual clauses or equivalent safeguards under GDPR Art. 46 and India DPDP Act §16.

6. Security

  • All traffic is encrypted with HTTPS / TLS 1.2+.
  • Authentication is delegated to Google OAuth 2.0 and Firebase Authentication. We never see your password.
  • Firestore security rules restrict every document to its owning user; cross-user reads are impossible from the client.
  • Storage bucket has Uniform Bucket-Level Access enabled; rendered files use short-lived signed URLs where applicable.
  • Razorpay webhook signatures are HMAC-verified with a constant-time comparison before any plan change is honoured.
  • Server-side secrets (API keys, webhook secrets) live in Google Secret Manager, never in source code or environment files we ship.

No system is perfectly secure. If a breach affects your data we will notify you within the timeframes required by India DPDP Act §8(6), GDPR Art. 33, and applicable state breach laws.

7. How long we keep your data

  • Active accounts: as long as the account exists.
  • Deleted accounts: 30-day soft-delete window. Within those 30 days, the account is recoverable on request. After 30 days, we hard-delete account profile, projects, scenes, screenshots, and voice MP3s.
  • Rendered MP4 share URLs (picrly.com/v/{id}): kept after account deletion so links you’ve already shared keep working. You can request individual MP4 takedown by emailing hello@picrly.com.
  • Payment and tax records: retained for 8 years as required by the Indian Income-Tax Act and RBI rules for online merchants. This is a legal obligation we cannot override; it covers transaction IDs, plan tier, amount paid, and invoice metadata — not your project content.
  • Function and security logs: 30 days, then deleted automatically.

8. Your rights

Whatever jurisdiction you’re in, you have the following rights over your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — fix anything inaccurate. Most fields you can edit yourself in the app; for the rest, email us.
  • Deletion — close your account and remove your data. See our Data Deletion Policy.
  • Portability— receive your project data in a machine-readable format. Email us; we’ll send a JSON export within 30 days.
  • Withdraw consent — stop using the Service at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Objectto processing for direct marketing (we don’t do any, but the right exists).
  • Lodge a complaint— EU users may complain to their local Data Protection Authority. Indian users may complain to the Data Protection Board of India (DPBI) once it’s operational under the DPDP Act 2023.

To exercise any of these rights, email hello@picrly.com from the address on your account. We respond within 30 days, typically faster.

9. Children

Picrly is not intended for users under 18. We do not knowingly collect personal data from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal data, please email us and we will delete the account.

10. AI & Google API services disclosure

Picrly’s use and transfer of information received from Google APIs (Firebase, Gemini, OAuth) adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We do not use Gemini-processed screenshot data or generated scripts to train any AI model — ours or otherwise.
  • We do nottransfer your data to Google services outside what’s necessary to render your video.
  • Per-user OAuth tokens, when used, request the minimum scopes (email, profile) and nothing more.

11. India-specific disclosures (DPDP Act 2023 + IT Rules 2021)

As required by India’s IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 and the DPDP Act 2023:

  • Grievance Officer:
    Lal Mahammad
    ASL Digital Solutions
    Kolkata, West Bengal, India
    Email: hello@picrly.com
  • We respond to data principal grievances within 15 days as required by IT Rules 2021 §3(2)(a).
  • We are a sole proprietorship and not currently classified as a Significant Data Fiduciary under DPDP §10. A Data Protection Officer is therefore not appointed; the Grievance Officer above handles all data-principal correspondence.

12. California (CCPA / CPRA) disclosures

California residents have the right, in addition to those listed in §8 above, to:

  • Know what personal information we collect, use, and disclose.
  • Opt out of the “sale” or “sharing” of personal information. We do not sell or share personal information within the meaning of CCPA, so this is informational only.
  • Be free from discrimination for exercising your rights. We do not charge different prices or degrade Service quality based on data requests.

To submit a request, email hello@picrly.comwith the subject line “CCPA request”.

13. Changes to this policy

We may update this Privacy Policy as Picrly evolves. The “Last updated” date at the top reflects the most recent change. Material changes (a new sub-processor, a new data category, a change in retention) will be emailed to active users at least 7 days before taking effect.

14. Contact

For privacy questions, data requests, or grievances: