The short version: Picshoot uses one first-party session cookie to keep you logged in, a small set of localStorage keys to remember your preferences, and no advertising or tracking cookies of any kind. We do not build advertising profiles. We do not sell cookie data.
Cookies are small text files placed on your device by a website when you visit it. They are widely used to make websites work efficiently and to provide information to the site owner. Cookies can be session cookies (deleted when you close your browser) or persistent cookies (remain on your device for a set period or until you delete them).
Cookies can also be categorised by who sets them:
Picshoot sets only one first-party cookie. We do not set advertising cookies, cross-site tracking cookies, or analytics cookies via cookie storage.
The table below lists every cookie set by picshoot.app directly.
This single cookie is strictly necessary for the service to function. Without it you cannot remain authenticated. Because it is strictly necessary, it does not require consent under ePrivacy regulations — however we disclose it here in full for transparency.
In addition to cookies, Picshoot uses browser localStorage — a client-side key/value store that never leaves your browser and is never sent to our servers automatically. We use it to persist your in-app preferences across sessions without additional server round-trips.
| Key | Values | Purpose | Persisted |
|---|---|---|---|
ps_pipeline_mode |
lite / plus / pro |
Remembers which AI pipeline tier you last selected (LITE, PLUS, or PRO) so the header toggle is pre-set on your next visit. This value is also validated server-side against your subscription plan — a locally stored value does not grant access to a higher tier. | Until cleared |
ps_theme |
dark / light |
Stores your preferred UI theme. Currently the app is dark-only; this key is reserved for a future light-mode option. | Until cleared |
ps_last_shop |
Shopify store domain string | Caches the myshopify.com domain of the most recently connected store so the app can pre-fill the shop field on the connect screen and avoid an unnecessary redirect step. | Until cleared |
localStorage data is stored entirely in your browser. It is not accessible to third parties, is not transmitted to our servers as part of regular requests, and does not contain personal data beyond the store domain you have already entered. You can clear it at any time through your browser's developer tools or storage settings.
Picshoot integrates with a small number of external services that may set their own cookies or make network requests from your browser. We do not control these cookies — they are governed by the privacy policies of the respective providers.
When Picshoot runs as an embedded app inside the Shopify Admin, Shopify's own browser environment may set session and billing cookies as part of its iframe and App Bridge integration. These cookies are set by shopify.com domains, not by picshoot.app. Refer to Shopify's Cookie Policy for details.
Picshoot loads two typefaces — Cormorant Garamond and DM Sans — from the Google Fonts CDN (fonts.googleapis.com and fonts.gstatic.com). This causes your browser to make a network request to Google's servers at page load, which may be logged by Google in accordance with its privacy policy. Google Fonts does not set persistent tracking cookies from font requests. See Google Fonts Privacy FAQ for details.
If you prefer not to load fonts from Google, you can use a browser extension that blocks requests to fonts.googleapis.com; the page will fall back to your system sans-serif fonts.
When you trigger an AI generation (try-on, scenes, zoom), your garment image is sent from our server to Google's Gemini API. This is a server-to-server call — it does not involve your browser, does not set any cookies on your device, and does not transmit your browser state to Google.
Product listing copy and garment analysis are generated by sending structured data from our server to Anthropic's API. This is also a server-to-server call with no browser involvement and no cookies set on your device.
Picshoot does not use and has never integrated:
You have full control over cookies and local storage in your browser. The following options are available to you:
Deleting ps_session will sign you out of Picshoot immediately. You can do this through your browser's cookie manager or by clicking "Sign out" in the app, which expires the cookie server-side and removes it from your browser simultaneously.
Your pipeline mode, theme, and last-shop preferences can be cleared through your browser's developer tools:
Chrome / Edge: Open DevTools (F12) → Application tab → Storage → Local Storage → right-click the picshoot.app entry → Clear.
Firefox: Open DevTools (F12) → Storage tab → Local Storage → right-click the picshoot.app entry → Delete All.
Safari: Preferences → Privacy → Manage Website Data → search "picshoot" → Remove.
All modern browsers allow you to block or delete cookies at the browser level. Note that blocking the ps_session cookie will prevent you from logging in to Picshoot, as it is required for authentication. Links to browser cookie controls:
Some browsers allow you to signal a "Do Not Track" (DNT) preference. Because Picshoot does not engage in cross-site tracking regardless of this signal, we do not alter our behaviour based on DNT headers — our data practices are the same for all users.
We may update this Cookie Policy to reflect changes in the cookies or local storage keys we use, updates to third-party services, or changes in applicable law. When we make material changes we will update the "Last updated" date at the top of this page and, where appropriate, notify active users by email at least 14 days before the change takes effect.
We encourage you to review this page periodically. Continued use of Picshoot after the effective date of any changes constitutes acceptance of the updated policy.
If you have questions about this Cookie Policy, want to exercise rights under GDPR or other applicable privacy law, or have concerns about how we handle your data, please contact us:
Privacy & data requests: [email protected]
General support: [email protected]
For GDPR-specific rights (access, erasure, portability, objection), please see our Privacy Policy and GDPR Policy for full details on how to submit a request and our response timelines.