Privacy Policy
Last updated: March 8, 2026
Table of Contents
1. Information We Collect
We collect information you provide directly to us when you create an account, use our services, or communicate with us. This includes:
- Name and email address
- Payment information (processed securely through Stripe)
- Images you upload and generate
- Usage data and preferences
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our services
- Process your transactions and manage your account
- Send you technical notices and support messages
- Respond to your comments and questions
- Detect and prevent fraud and abuse
2.1. AI-Generated Content & Etsy Integration
When you use our Etsy Listing Generator:
- Your uploaded images are sent to Google Gemini AI for analysis
- Images are processed in real-time and not stored permanently by us
- Generated content (titles, tags, descriptions) is stored in your Pixoria account
- We do not share your images or generated content with third parties (except Google for AI processing)
- You retain all rights to your uploaded images and generated content
When you connect your Etsy shop:
- We use OAuth 2.0 for secure authentication with Etsy
- We only request minimum necessary permissions (read shop info, create draft listings)
- We DO NOT access your Etsy payment information or financial data
- We store your Etsy shop ID and access token securely encrypted
- You can disconnect your Etsy shop at any time from your account settings
- We act as a service provider processing Etsy data only to fulfill the services you request
Important: We do not create listings directly on Etsy without your explicit permission. All listings are created as drafts that you must review and publish manually, or you can authorize automatic publishing through your Etsy connection settings.
3. Data Storage and Security
We use industry-standard security measures to protect your personal information. Your data is stored securely using Supabase, and payment information is processed through Stripe's secure payment infrastructure.
Data Location: Your data is stored on secure servers in the European Union to ensure GDPR compliance.
3.1. Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide our services (account creation, image generation, billing)
- Consent: For optional features like analytics cookies and marketing communications
- Legitimate Interest: For fraud prevention, service improvement, and security
- Legal Obligation: For tax records and compliance with Belgian law
3.2. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy:
- Account Data: Retained while your account is active, plus 30 days after deletion
- Generated Images: Stored for the duration of your subscription, deleted 90 days after account closure
- Payment Records: Retained for 7 years as required by Belgian tax law
- Analytics Data: Anonymized after 26 months
- Support Communications: Retained for 3 years
4. Third-Party Services
We use the following third-party services:
- Stripe: Payment processing
- Supabase: Database and authentication
- Google Gemini: AI image generation
- Vercel: Hosting and deployment
5. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Data Portability: Export your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Restrict Processing: Limit how we use your data
- Right to Withdraw Consent: Withdraw consent for optional processing at any time
To exercise any of these rights, please contact us at support@pixoria.app. We will respond within 30 days.
5.1. Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Belgian Data Protection Authority:
Authority: Autorité de Protection des Données (APD) / Gegevensbeschermingsautoriteit (GBA)
Address: Rue de la Presse 35, 1000 Brussels, Belgium
Phone: +32 (0)2 274 48 00
Email: contact@apd-gba.be
Website: www.dataprotectionauthority.be
6. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You can request information about the personal data we collect, use, disclose, and sell
- Right to Delete: You can request deletion of your personal data (subject to certain exceptions)
- Right to Opt-Out: We do not sell your personal information to third parties
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
Categories of Personal Information We Collect:
- Identifiers (name, email, IP address)
- Commercial information (subscription, payment history)
- Internet activity (usage data, generated content)
- Geolocation data (approximate location from IP)
To exercise your CCPA rights, please contact us at support@pixoria.app. We will respond within 45 days.
7. Contact Us
If you have any questions about this Privacy Policy, please contact us at:
support@pixoria.app