Privacy Policy

Last updated: November 27, 2025

This Privacy Policy explains how Piximg ("we", "us", or "the service") collects, uses, and protects your information when you use our image hosting service at pixi.mg.

1. Information we collect

1.1 Account Information

When you create an account, we collect:

• Email address – Used for account access and essential communications
• Password – Stored as a secure hash (we cannot see your actual password)
• Account creation date – For record keeping

1.2 Uploaded Content

When you upload images, we store:

• Image files – The actual images you upload
• Metadata – Original filename, file size, dimensions, upload timestamp
• Tags and galleries – Organization data (Pro accounts only)

1.3 Technical Information

We automatically collect:

• IP addresses – For security, rate limiting, and abuse prevention
• Browser information – User agent, language preferences
• Usage data – Pages visited, features used, upload frequency
• Error logs – Technical issues for debugging and improvement

1.4 Payment Information (Pro accounts)

Payment processing is handled by Stripe. We do not store your full credit card details. We receive from Stripe:

• Last 4 digits of card number
• Card brand (Visa, Mastercard, etc.)
• Subscription status and billing dates

See Stripe's Privacy Policy for how they handle payment data.

2. How we use your information

We use collected information to:

• Provide the service – Upload, store, and deliver your images
• Manage accounts – Authentication, galleries, tags, API access
• Process payments – Handle Pro subscriptions via Stripe
• Improve security – Detect abuse, prevent spam, enforce rate limits
• Fix technical issues – Debug errors and improve performance
• Communicate with you – Essential service updates (we do not send marketing emails)

3. Cookies and tracking

Piximg uses minimal cookies:

• Session cookie – Keeps you logged in (essential, cannot be disabled)
• CSRF token – Security protection against cross-site attacks (essential)

We do not use:

• Advertising cookies
• Analytics cookies (no Google Analytics, no third-party tracking)
• Social media tracking pixels

4. Data sharing and disclosure

We do not sell or rent your personal information to anyone.

We may share data only in these limited cases:

• Service providers – Stripe (payments), hosting providers (infrastructure)
• Legal requirements – If required by law, court order, or legal process
• Safety and security – To prevent illegal activity, abuse, or harm

5. Public content

Images you upload are publicly accessible to anyone with the direct link. Features like galleries and public tags are also publicly accessible.

Do not upload sensitive, private, or confidential information unless you intend to share it publicly.

6. Data retention

We retain your data as follows:

• Images – Until you delete them or your account is closed
• Account data – Until you request account deletion
• Logs and metadata – Typically 90 days for security/debugging purposes
• Deleted content – Backups may retain data for up to 30 days

7. Your rights (GDPR & UK GDPR)

If you're in the UK or EU, you have these rights:

• Access – Request a copy of your personal data
• Correction – Fix inaccurate or incomplete data
• Deletion – Request deletion of your account and data ("right to be forgotten")
• Portability – Receive your data in a machine-readable format
• Objection – Object to certain processing activities
• Restriction – Request limitation of processing

To exercise these rights, contact us at privacy@pixi.mg

8. Data security

We take reasonable measures to protect your data:

• Passwords stored using bcrypt hashing
• HTTPS encryption for all data transmission
• CSRF protection on all forms
• Rate limiting to prevent brute force attacks
• Regular security updates and monitoring

However, no system is 100% secure. Use strong passwords and keep your account credentials private.

9. Children's privacy

Piximg is not intended for children under 13. We do not knowingly collect information from children. If you believe a child has created an account, please contact us immediately.

10. International data transfers

Piximg is operated from the United Kingdom. If you access the service from outside the UK, your data may be transferred to and stored in the UK.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect changes. Continued use of Piximg after changes means you accept the updated policy.

12. Contact us

For privacy-related questions, data requests, or concerns:

• Email: privacy@pixi.mg
• GDPR requests: gdpr@pixi.mg