Back to Home

Privacy Policy

Last updated: 8 August 2025

1. Who We Are

361 Ventures OÜ ("Soulmate Drawing", "we", "us") operates the website soulmatedrawing.co, providing an AI-powered artistic sketch generation service for entertainment purposes.

361 Ventures OÜ is the data controller responsible for processing your Personal Data under the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable privacy laws.

Controller address:
361 Ventures OÜ
Harju maakond, Tallinn, Kesklinna linnaosa,
Tornimäe tn 5, 10145 Tallinn, Estonia
Email: support@361.ventures

If you have questions regarding this Privacy Policy, please contact us at the address or email above. You may also reach our Data Protection Officer ("DPO") at support@361.ventures.

2. Scope

This Privacy Policy explains how we collect, use, disclose, and protect information that identifies or can reasonably be linked to an individual ("Personal Data") when you:

  • visit or interact with our website soulmatedrawing.co,
  • upload photos and complete questionnaires for sketch generation,
  • make a payment for our AI-generated soulmate sketch service,
  • contact our support team or communicate with us.

3. Personal Data We Process

User Photos and Questionnaire Data:

Photos uploaded by users, questionnaire responses about preferences and personality
Source: Provided directly by you during service use

Contact Information:

Email address for artwork delivery
Source: Provided directly by you during checkout

Payment Data:

Billing details, transaction ID (card details are processed by our payment provider and not stored by us)
Source: Provided by payment processor (Stripe)

Usage Data:

IP address, browser type, operating system, device information, analytics events
Source: Automatically collected during your visit

Support Data:

Email correspondence or inquiries
Source: Provided by you when contacting support

We do not process special categories of Personal Data (Art 9 GDPR).

4. Purposes and Legal Bases

Provide AI sketch generation service
Legal Basis: Contract performance (Art 6 (1)(b) GDPR)
Process payments and billing
Legal Basis: Contract performance (Art 6 (1)(b) GDPR) and legal obligations (Art 6 (1)(c) GDPR)
Fraud prevention and ensuring website security
Legal Basis: Legitimate interests (Art 6 (1)(f) GDPR)
Analytics and website improvement
Legal Basis: Legitimate interests (Art 6 (1)(f) GDPR), with pseudonymised data where possible
Handling support requests
Legal Basis: Legitimate interests (Art 6 (1)(f) GDPR)

5. How We Share Personal Data

We only disclose Personal Data where strictly necessary, to:

  • AI service providers (OpenAI) for image analysis and generation processing.
  • Payment processors (Stripe) for processing transactions.
  • Email service providers (Resend) for delivering your artwork.
  • Cloud storage providers (Supabase/Vercel) for secure data storage.
  • Analytics services (limited usage data, anonymised whenever possible).
  • Professional advisers (lawyers, auditors) under strict confidentiality.
  • Public authorities where legally required.

We never sell or rent Personal Data.

6. International Transfers

Some service providers may be located outside the European Economic Area (EEA). When transfers occur, we rely on:

  • Adequacy decisions by the European Commission (Art 45 GDPR), or
  • Standard Contractual Clauses (Art 46 GDPR) with supplementary safeguards.

Copies of these safeguards are available upon request.

7. Data Retention

User Photos and Generated Art:30 days after generation
Payment Data:7 years (statutory retention period)
Usage Logs:12 months
Support Tickets:3 years after resolution

After the retention period, data is deleted or irreversibly anonymised.

8. Security Measures

We implement technical and organisational measures in compliance with Art 32 GDPR, including:

  • TLS encryption in transit
  • Secure private storage with access controls
  • Strict access controls and least-privilege principle
  • Continuous monitoring and regular security audits
  • Secure data processing with trusted AI providers
  • Automatic data deletion after retention periods

9. Your Rights

Under GDPR, subject to conditions and legal limitations, you have the following rights:

  • Access (Art 15)
  • Rectification (Art 16)
  • Erasure (Art 17)
  • Restriction of processing (Art 18)
  • Data portability (Art 20)
  • Object to processing based on legitimate interests (Art 21)

You have the right to lodge a complaint with a supervisory authority. Our lead authority is the Estonian Data Protection Inspectorate (AKI), though you may complain to your local authority as well.

10. Automated Decision‑Making

Our AI generates artistic sketches based on your inputs, but this is purely for entertainment purposes and does not produce significant or legal effects. We do not engage in automated decision-making that affects your rights under Art 22 GDPR.

11. Children

Our website and service are intended only for individuals aged 18 or older. We do not knowingly process children's data. If we inadvertently collect data from minors, we will promptly delete it upon becoming aware.

12. Updates to This Policy

We may update this Privacy Policy periodically. We will inform you of material changes at least 14 days in advance via our website or email. Continued use after the effective date indicates acceptance of the revised Policy.

13. Contact & Data Protection Officer (DPO)

For any privacy-related questions or requests, please contact:

361 Ventures OÜ – DPO
Tornimäe tn 5, 10145 Tallinn, Estonia
Email: support@361.ventures