Pixovo Privacy Policy

Last Updated: 21 June 2025

This Privacy Policy is provided for general information only and does not constitute legal advice. If you operate in jurisdictions with specific privacy requirements, consult qualified counsel before relying on or publishing this document.

1. Who We Are

Controller: Individual Entrepreneur Vladimir Boldyrev (doing business as "Pixovo")
Legal address: 38 Tbel Abuseridze St #63, Batumi 6000, Georgia
Email: privacy@pixovo.io

Pixovo provides an online AI‑powered image‑generation service (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect personal data when you interact with our websites, apps, or related services.

2. Scope

This Policy applies to personal data we process about:

Visitors to pixovo.io and related sub‑domains;
Users who create an account or otherwise interact with the Service;
Individuals whose images or personal data may appear in User uploads or Generated Content.

It does not apply to third‑party websites or services that may be linked from our Service.

3. Personal Data We Collect

Category	Examples	Source
Account Data	Email address, hashed password, username, authentication tokens	Provided by you
Payment Data	Transaction ID, plan tier, last four digits of card (full card data handled by Paddle)	Paddle ↔ you
User Content	Photos, prompts, text, metadata you upload	Provided by you
Generated Content & Metadata	AI‑generated images, prompt history, model parameters	Produced by Service
Usage Data	IP address, device type, browser, interaction events, referral URLs, cookies	Collected automatically
Support Data	Emails, chat transcripts, bug reports	You or our systems

Sensitive Personal Data: We do not intentionally collect or process special‑category data (e.g., biometric templates, health data). If you choose to upload such data, you are responsible for obtaining any legally required consents.

4. Legal Bases for Processing (GDPR)

Purpose	Legal Basis
Provide and maintain the Service	Performance of a contract (Art 6(1)(b))
Account verification & security	Legitimate interests (Art 6(1)(f))
Payment processing	Performance of a contract; Compliance with legal obligations (tax)
Service improvement & analytics	Legitimate interests; Consent (cookie banner)
Marketing emails (optional)	Consent (Art 6(1)(a))
Fraud prevention & legal compliance	Legitimate interests; Legal obligation

For California residents, these purposes correspond to the "business purposes" set out in the CCPA.

5. How We Use Your Information

Service Delivery: Authenticate you, generate images, provide customer support.
Account Management: Administer subscriptions, send invoices, renewals, and service messages.
Service Improvement: Train and refine our AI models, debug, and develop new features.
Analytics & Reporting: Monitor usage trends to optimize performance and user experience.
Security & Fraud Prevention: Detect abuse, spam, or violations of our Terms or Content Policy.
Legal & Compliance: Respond to lawful requests, enforce our agreements, and comply with tax obligations.

We do not perform automated decision‑making that produces legal or similarly significant effects.

6. Sharing & Disclosure

We never sell or rent your personal data. We share it only as described below:

Recipient	Purpose	Country	Safeguard
Paddle.com Market Ltd.	Merchant‑of‑Record, payment processing, tax remittance	UK	Standard Contractual Clauses (SCCs)
Supabase Inc.	Cloud database, authentication, file storage	US/EU	SCCs + encryption
OpenAI, L.L.C.	AI model inference (image generation)	US	SCCs
Cloudflare Inc.	Security, CDN, DDoS protection	US/EU	SCCs
PostHog Inc.	Product analytics (cookie‑based, opt‑in)	US	SCCs, IP truncation
Law enforcement / regulators	Legal compliance	Varies	As required by law
Professional advisers	Accounting, legal, auditing	Varies	Confidentiality agreements

We may also disclose data with your explicit consent (e.g., publishing testimonials) or in connection with a business transfer (merger, acquisition) subject to confidentiality.

7. International Transfers

Our primary servers are located in the European Union (Frankfurt) and theUnited States. When we transfer personal data outside the European Economic Area or UK, we rely on:

Standard Contractual Clauses approved by the European Commission;
Adequacy decisions (e.g., UK–EU).

You may request a copy of the relevant transfer mechanism by emailing privacy@pixovo.io.

8. Data Security

We apply industry‑standard safeguards, including:

TLS 1.2+ encryption in transit;
AES‑256 encryption at rest (Supabase Postgres & object storage);
Principle‑of‑least‑privilege access controls and MFA for admin accounts;
Annual penetration tests and vulnerability scans;
Continuous audit logging and monitoring via Cloudflare & Supabase.

No system is 100% secure; you are responsible for securing your own devices and credentials.

9. Data Retention

Data Type	Retention Period	Rationale
Account data	Until you delete the account, plus 30 days backup grace	Service continuity
Generated images	90 days (unless you delete sooner)	Storage cost & privacy
Payment & invoicing records	6–10 years (statutory tax rules)	Legal obligation
Usage logs	12 months	Security & analytics
Support tickets	24 months	Follow‑up reference

We may retain aggregated, anonymised data indefinitely.

10. Your Rights

Subject to local law, you may have the right to:

Access – Request a copy of personal data we hold about you.
Rectification – Correct inaccurate or incomplete data.
Erasure – Delete your account and personal data ("right to be forgotten").
Restriction – Limit processing in certain circumstances.
Portability – Receive data in a structured, machine‑readable format.
Object – Object to processing based on legitimate interests or direct marketing.
Withdraw consent – Where processing is based on consent.

To exercise any right, email privacy@pixovo.io from the email linked to your account. We will verify your identity and respond within 30 days (or as required by law).

If you are an EEA resident, you may lodge a complaint with your local Data Protection Authority. Georgian residents may contact the State Inspector's Service.

CCPA residents may designate an authorized agent and shall not receive discriminatory treatment for exercising privacy rights.

11. Cookies & Similar Technologies

We use:

Essential cookies (authentication, session management);
Preference cookies (remember UI settings);
Analytics cookies (PostHog – opt‑in via banner);
Security cookies (Cloudflare bot management).

You can control cookies via your browser or opt‑out banners. Disabling essential cookies may impair the Service.

12. Children's Privacy

The Service is not directed to children under 16 (or 13 in jurisdictions permitting a lower age). We do not knowingly collect personal data from minors. If we learn we have done so, we will delete it promptly.

13. Automated Decision‑Making

Pixovo does not engage in automated decision‑making that produces legal or similarly significant effects on users.

14. Changes to This Policy

We may revise this Policy periodically. We will post the updated version on this page and, for material changes, provide at least 30 days' notice via email or in‑Service notification. Your continued use after the effective date constitutes acceptance.

15. Contact Us

Questions, requests, or complaints:

Email: privacy@pixovo.io
Postal: Vladimir Boldyrev (Pixovo), 38 Tbel Abuseridze St #63, Batumi 6000, Georgia

If you contact us by postal mail, please include your email address or phone number so we can respond efficiently.

Legal Entity & Contact Information

Individual Entrepreneur Vladimir Boldyrev

38 Tbel Abuseridze St #63

Batumi 6000, Georgia

Email: info@pixovo.io
Privacy: privacy@pixovo.io
Support: support@pixovo.io
Legal: legal@pixovo.io

Thank you for trusting Pixovo with your data. We are committed to protecting your privacy while enabling creativity.