Privacy Policy

2. Information We Collect

2.1 Information You Provide

• Account Information: When you sign in using an OAuth provider (such as Google), we receive basic account information such as your email address and profile details made available by that provider.
• Payment Information: When you purchase credits, payment processing is handled by Stripe. We do not store your full credit card number. We receive and store transaction records (for example, amounts, dates, and Stripe identifiers) needed for billing and support.
• User Preferences: Settings you choose to save, such as editor preferences and default mask styles.
• Support & Feedback: Information you submit to us, such as feedback messages and support requests.

2.2 Information Collected Automatically

• Usage Data: We collect information about how you use the Service, such as credit usage and which features you use.
• Technical Data: Standard technical data sent by your browser or network, such as IP address and user agent, which may be used for security, abuse prevention, and troubleshooting.
• Analytics: If enabled, we may use analytics tools (such as Google Analytics) to understand how the website is used.
• Cookies: We use essential cookies for authentication and session management. See Section 7 for more details.

2.3 Image Data

Important: Manual editing stays on your device.

• When you use the manual editor, your images are processed in your browser. They are not uploaded to PixBlur.
• When you use AI redaction, you upload an image to our server for processing and we send it to third-party AI providers (for example, Google AI services such as Google Gemini) for analysis.
• We do not save your original image in our database as part of the AI redaction feature. The image is handled in memory during processing and then discarded.
• We store AI task metadata such as processing timestamps, counts (for example, number of faces detected), and error diagnostics for monitoring and support. AI masks returned to your browser are not persisted by default.

Third-party AI providers may process your data according to their own terms and privacy policies.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process your transactions and manage your account
• Send transactional emails (for example, receipts)
• Respond to your inquiries and provide customer support
• Monitor and analyze usage patterns to improve user experience and reliability
• Detect and prevent fraud and abuse
• Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

4.1 Service Providers

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Retention

We retain personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Retention depends on the type of data and why we collected it.

• Account data: kept until you delete your account (subject to the deletion process below).
• Financial and billing records: kept as required for accounting and legal compliance.
• Support communications: kept to provide support and maintain an audit trail of communications.
• AI task metadata and operational logs: kept for reliability, abuse prevention, and troubleshooting.

6. Data Retention After Account Deletion

When you delete your account:

During the 7-Day Recovery Period

• Your access is revoked and you cannot sign in
• You can restore the account by signing in again within 7 days

After the Recovery Period (Permanent Purge)

• Your profile information stored on the user record (such as email, name, and image) is removed from that record
• Active sessions are removed and linked OAuth accounts are deleted
• Some records may be deleted or anonymized (for example, IP addresses in certain audit/billing logs), while financial records may be retained to meet legal obligations

What We May Retain

• Deleted email hashes: We retain a SHA-256 hash of your email address for fraud prevention (for example, to prevent abuse of signup bonuses). This hash is not used to contact you.
• Financial records: We may retain billing and payment-related records as required for accounting and legal compliance.
• Support communications: Feedback and support messages may be retained for support and compliance purposes.

7. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication and core functionality. These cannot be disabled.
• Analytics Cookies (if enabled): Google Analytics (GA4) may be used to understand how visitors interact with our website. You can opt out using browser settings or the Google Analytics opt-out tools.

We do not use advertising pixels for behavioral advertising.

8. Your Rights

Depending on your location, you may have the following rights:

8.1 For All Users

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and data
• Export: Download your data in a portable format (JSON)

8.2 For EU/EEA Residents (GDPR)

• Restriction: Request restriction of processing
• Object: Object to processing based on legitimate interests
• Portability: Receive your data in a machine-readable format
• Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Lodge Complaint: File a complaint with your local supervisory authority

8.3 For California Residents (CCPA)

• Know: Know what personal information is being collected
• Delete: Request deletion of personal information
• Opt-Out: Opt out of the sale of personal information (note: we do not sell personal information)
• Non-Discrimination: Not be discriminated against for exercising your rights

To exercise these rights, please use the account settings in your dashboard or contact us at support@pixblur.com.

9. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Encryption in transit (TLS/HTTPS)
• Row Level Security (RLS) ensuring users can only access their own data
• Access controls and monitoring for abuse prevention
• Limited employee access to personal data
• Secure OAuth authentication (no password storage)

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own because our service providers operate globally.

Where required, we rely on appropriate legal mechanisms for such transfers, and you can review the privacy documentation of our providers for details.

11. Children's Privacy

PixBlur is not intended for children. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us at support@pixblur.com.

12. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.

For significant changes, we may also send you an email notification. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: support@pixblur.com