Privacy Policy

Last Updated: November 16, 2025

1. Introduction

Welcome to PetPixel ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered pet transformation service.

By using PetPixel, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you create an account or use our services:

  • Email Address: Used for account authentication, service communications, and customer support
  • Password: Securely hashed and stored for account access (we never store plain-text passwords)
  • Profile Information: Optional display name and profile settings
  • Payment Information: Processed securely through Polar (our payment processor). We do not store your full credit card details

2.2 Pet Images and AI-Generated Content

When you use our service, we collect and process:

  • Original Pet Photos: Images you upload for transformation
  • Transformation Prompts: Text descriptions you provide for AI generation
  • Generated Images: AI-transformed pet images created by our service
  • Transformation History: Record of your transformations including timestamps and AI provider used

2.3 Usage Data and Analytics

We automatically collect certain information about your device and how you interact with our service:

  • Device Information: Browser type, operating system, device type
  • Usage Metrics: Pages visited, features used, time spent on service
  • IP Address: For security, fraud prevention, and analytics
  • Cookies and Similar Technologies: Session management and preferences (see our Cookie Policy)
  • Analytics Data: Collected via Vercel Analytics for service improvement

2.4 Transaction and Credit Information

  • Credit Balance: Number of credits available in your account
  • Purchase History: Records of credit pack purchases
  • Transaction IDs: For order tracking and support
  • Referral Information: Referral codes you use or share, and bonus credits earned

2.5 AI Provider Data

We use third-party AI providers (Fal.ai, Replicate, Kie.ai) to generate transformed images. These providers temporarily process your pet images and prompts to generate transformations. They do not retain your images after processing.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our AI pet transformation service
  • Account Management: To create and manage your user account
  • AI Processing: To generate transformed pet images using our AI providers
  • Payment Processing: To process credit purchases and manage your credit balance
  • Communication: To send service-related notifications, updates, and promotional emails (with your consent)
  • Customer Support: To respond to your inquiries and provide technical assistance
  • Security: To detect, prevent, and address fraud, abuse, and security issues
  • Analytics: To understand usage patterns and improve our service
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes
  • Referral Program: To track and award referral bonuses

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

  • Supabase: Database, authentication, and file storage services
  • Polar: Payment processing and subscription management
  • Fal.ai, Replicate, Kie.ai: AI image generation providers
  • Vercel: Hosting and analytics services

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or law enforcement).

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our service of any such change.

4.4 With Your Consent

We may share your information with third parties when we have your explicit consent to do so.

5. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy:

  • Account Data: Retained while your account is active and for 30 days after account deletion
  • Pet Images: Original and transformed images are stored in your account and deleted 30 days after account deletion or upon your request
  • Transaction Records: Retained for 7 years for accounting and legal compliance purposes
  • Analytics Data: Anonymized and retained indefinitely for service improvement

You can request deletion of your data at any time by contacting us or using the account deletion feature in your settings.

6. Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption: All data transmitted between your device and our servers is encrypted using HTTPS/TLS
  • Password Security: Passwords are hashed using bcrypt before storage
  • Access Controls: Strict role-based access controls limit employee access to personal data
  • Secure Storage: Images and data are stored in secure cloud infrastructure with redundancy and backups
  • Regular Security Audits: We conduct regular security assessments and updates
  • Row-Level Security: Database implements row-level security (RLS) to ensure users can only access their own data

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Privacy Rights

7.1 General Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Data Portability: Request a copy of your data in a machine-readable format
  • Objection: Object to processing of your personal information in certain circumstances
  • Restriction: Request restriction of processing in certain circumstances

7.2 GDPR Rights (European Economic Area)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority
  • Right to object to automated decision-making and profiling

7.3 CCPA Rights (California Residents)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by businesses
  • Right to opt-out of sale of personal information (Note: We do not sell personal information)
  • Right to non-discrimination for exercising CCPA rights

7.4 Exercising Your Rights

To exercise any of these rights, please:

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

8. Children's Privacy

Our service is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

We ensure that appropriate safeguards are in place to protect your information, including:

  • Standard Contractual Clauses approved by the European Commission
  • Compliance with EU-U.S. Data Privacy Framework (where applicable)
  • Adequate security measures and data protection practices

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience on our service. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

11. Third-Party Links

Our service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information to them.

12. AI and Automated Processing

Our service uses artificial intelligence to transform pet images. This processing is automated and does not involve human review of your images unless required for customer support purposes (with your consent).

We implement the following safeguards:

  • AI providers do not retain your images after processing
  • Generated images are only visible to you and authorized personnel for support
  • You have the right to review, delete, or re-generate any AI-transformed image
  • We do not use your images to train AI models without explicit consent

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date at the top of this policy
  • Sending you an email notification (for material changes)
  • Displaying a prominent notice on our service

Your continued use of the service after changes become effective constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hello@petpixel.app

Data Protection Officer: hello@petpixel.app

Data Rights Requests: Submit a Request

Mailing Address: PetPixel, Inc. (Address to be updated)

We aim to respond to all inquiries within 48 hours.

15. Legal Basis for Processing (GDPR)

If you are in the EEA, our legal basis for collecting and using your personal information depends on the specific information and context:

  • Contract Performance: Processing necessary to provide our service (account creation, image transformation, payment processing)
  • Legitimate Interests: To improve our service, prevent fraud, and ensure security
  • Consent: For marketing communications and optional features (you can withdraw consent at any time)
  • Legal Obligations: To comply with applicable laws and regulations

Transparency Commitment: We believe in being transparent about how we handle your data. If you have any questions or concerns about our privacy practices, please don't hesitate to contact us.

This Privacy Policy is compliant with GDPR (EU General Data Protection Regulation), CCPA (California Consumer Privacy Act), and other applicable privacy laws.