This page shows the full English legal text for global users. Mandatory local consumer rights still apply where required by law.

PixiProof Privacy Policy

Status: 02.02.2026

Version: 2026-08

No fine print — the essentials in brief

Start here with how we use data and what choices you have — the full legal text is below.

We process data to provide the Service (galleries, notifications), handle payments (via operators such as Stripe), and meet legal obligations (e.g. tax).
Photos in a Gallery may show recognisable people — then they may contain those people’s personal data. You as the photographer are responsible for the legal basis and GDPR compliance towards your clients and people in photos; we usually process these files as a processor on your instructions.
We do not sell your photos or use Gallery content to train publicly available AI models.
We may entrust data to providers such as AWS (hosting, files) — they act only as processors under our instructions and contract, without acquiring rights to your portfolio.
Some providers may process data outside the EEA (e.g. the USA) — then we use GDPR-compliant mechanisms (e.g. Data Privacy Framework, standard contractual clauses).
You have GDPR rights: access, rectification, erasure, restriction, objection, complaint to the supervisory authority — details in the full text below.
Requests related to refunding unused Wallet balance after account deletion (and data needed to process them) are accepted by email — refund rules are set out in the Terms of Service (§ 6.3).
Who is formally the controller of data related to your photographer account, billing, and contact with us — we describe in § 1 (Introduction) (name, company, tax ID, address, contact). The Service is provided under the PixiProof brand.

The full legal text is below. This summary helps you understand quickly, but only the full Privacy Policy is binding. If the summary and full text conflict, the full text prevails.

1. Introduction and controller details

This Privacy Policy explains how personal data is processed in connection with the PixiProof Service (the "Service"). We provide this information in a concise, transparent and understandable form under the GDPR and other applicable privacy laws.

The personal data controller is TBA, conducting business under PixiProof, Tax ID N/A, registered address: N/A. Contact for privacy matters and data subject requests: support@pixiproof.com (the "Controller", "we", "us"). The Service is provided under the PixiProof brand. This policy applies to account-level data, transactional data, support interactions, and technical data processed through the Service.

2. How to contact us about privacy

If you have questions about how we process your personal data, or if you want to exercise your rights, contact us at support@pixiproof.com or by post at the address listed in section 1.

3. What data we process, why, legal basis, and retention

We process only data that is necessary for specific purposes (data minimisation). Where we rely on legitimate interests, those interests typically include Service security, abuse prevention, platform integrity, and defence of legal claims.

Processing purpose	Categories of data	Legal basis	Retention period
Creating and maintaining photographer accounts	Email address, authentication and account metadata	GDPR art. 6(1)(b) - contract performance	Until account deletion, then up to 6 years for claims defence
Creating, hosting and sharing galleries	Gallery metadata, passwords, uploaded files, and optional client contact details	GDPR art. 6(1)(b) - contract performance	Until gallery deletion, then archival periods required by law or legitimate claim periods
Wallet top-ups and transaction accounting	Top-up amount, transaction logs, invoice data	GDPR art. 6(1)(b) and 6(1)(c)	For tax and accounting periods required by applicable law
Payment processing	Transaction metadata (amount, status, date, references)	GDPR art. 6(1)(b) and 6(1)(c)	For tax and accounting periods required by applicable law
Service emails and operational notifications	Email address, delivery and event metadata	GDPR art. 6(1)(b) and 6(1)(f)	Until account deletion or objection where applicable
Support, complaints and dispute handling	Contact details, support messages, complaint context	GDPR art. 6(1)(c) and 6(1)(f)	Until legal limitation periods expire
Service security and abuse prevention	Access logs, IP addresses, device and technical diagnostics	GDPR art. 6(1)(f) - legitimate interest	Typically up to 12 months or longer where incident investigation requires it

4. Gallery content, image data and roles

Image files uploaded to galleries may contain personal data (for example, identifiable persons). In most gallery-processing scenarios, you as the photographer determine the purpose and means of processing toward your clients and data subjects, and PixiProof acts as your processor for hosting and delivery functions. For account management, billing, compliance and service security, PixiProof acts as an independent controller.

You are responsible for ensuring an appropriate legal basis for image processing and for any required notices or consents toward people depicted in your content.

PixiProof does not sell gallery content and does not use gallery content to train publicly available AI models. A data processing agreement for controller-processor relations can be provided on request where required by law.

5. Is providing data mandatory?

Providing personal data is voluntary, but some fields are required to create an account, publish galleries, process payments, and use key Service functionality. Without required data, those features cannot be provided.

6. Who receives your data?

We may share personal data with trusted providers acting on our behalf under data processing agreements, including hosting, storage, email delivery, analytics and monitoring, and related infrastructure providers, only to the extent necessary to provide and secure the Service.

Payment providers may receive data as independent controllers where required to execute payment transactions, perform anti-fraud checks, and meet financial compliance obligations under their own legal duties.

We may also disclose data to public authorities or courts when legally required.

7. International data transfers

Some providers may process data outside the EEA/UK or your country of residence. Where required, we use lawful transfer mechanisms such as adequacy decisions, standard contractual clauses, the UK IDTA or UK addendum where applicable, and supplementary safeguards proportionate to transfer risk.

8. Your privacy rights

Depending on applicable law, you may have the right to access, rectify, erase, restrict processing, object, data portability, and to withdraw consent where processing is based on consent. You may also lodge a complaint with your competent supervisory authority.

To exercise your rights, contact us at support@pixiproof.com. We may need to verify your identity before fulfilling a request, and we may request additional information solely where necessary to confirm identity or locate relevant records.

9. Automated decision-making

We do not use your personal data for solely automated decision-making that produces legal or similarly significant effects on you.

10. Security safeguards

We implement appropriate technical and organisational safeguards, including access control, encryption in transit, encryption at rest where available, backups, and security monitoring, proportionate to the risks and nature of processing.

11. Data retention and deletion

We retain personal data only as long as necessary for the purposes listed in this policy, legal obligations, accounting, fraud prevention, and dispute handling. Retention periods may vary by data category and jurisdiction.

12. Children

The Service is not directed to children under the age at which parental consent is required under applicable law. If you believe a child submitted personal data without appropriate consent, contact us so we can review and take appropriate action.

13. Cookies and analytics

The Service may use cookies or similar technologies that are strictly necessary for functionality, security and user preferences. Where required by law, non-essential technologies are used only with appropriate consent.

Production pages may use analytics and diagnostics tools to understand reliability, usage patterns, and errors. Such tools may set identifiers and process technical/browser metadata subject to this policy and applicable law.

14. Changes to this policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice through the Service or by email where appropriate. Where law requires consent for specific new processing activities, we will request it before such processing starts. The latest version date appears in the metadata above.

Last updated: 02.02.2026