Privacy Policy

Last updated: May 1, 2026

Overview
Data We Collect
Image Content
How We Use Data
Third-Party Processors
Cookies & Tracking
Data Retention
Your Rights
Security
International Transfers
Children's Privacy
Browser Extension
Changes to This Policy
Contact

1. Overview

PixelPrism ("we", "us") respects your privacy. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have.

Plain-English summary: we collect the minimum needed to run a SaaS API — your email and password (or OAuth identity), payment metadata via Stripe, and operational logs of your API usage. We do not store the images you submit; they are processed in memory and discarded. We never use your images to train our detectors, share them with third parties, or use them for any purpose other than returning your detection result.

2. Data We Collect

Category	Examples	Source
Account info	Email address, hashed password (Argon2id), display name, OAuth provider ID (if signed in via Google or GitHub)	Provided by you at signup
Authentication	Session cookies, TOTP secret (if 2FA enabled), CSRF tokens, login IPs and user-agents	Generated by our system during sign-in
API credentials	API keys (we store only a hashed prefix; the full key is shown to you once at creation and never recoverable)	Generated when you create an API key
Billing	Stripe customer ID, subscription status, plan, billing cycle. We do not store credit-card numbers; Stripe handles all card data directly.	Stripe (after checkout)
Usage records	Per-request metadata: timestamp, image byte size, verdict returned, confidence score, latency, status code, the API key ID used	Generated when you call the Service
Diagnostic logs	Server logs containing IP addresses and request paths for security monitoring and debugging	Generated automatically

3. Image Content

Image bytes you submit to the Service ("Customer Content") are handled separately and more strictly than account/usage data:

Held in memory only. Image bytes are processed by the detection backend during the request and immediately discarded. They are not written to disk.
Never used for training. Customer Content is never added to our training corpus, used to fine-tune our detectors, or shared with any third party for any purpose.
Never logged. We do not log image content, EXIF metadata you submit, or hash signatures of your images.
Per-request only. The only persistent record of a detection request is the UsageRecord row, which contains metadata about the request (size, verdict, latency) but not the image itself or anything that could reconstruct it.

This applies whether you upload an image via the web UI at /scan or via the REST API at /api/detect.

4. How We Use Data

We use the data we collect to:

Provide the Service — authenticate you, run detection, return results;
Bill you — meter usage, generate invoices via Stripe, charge for overage above plan quota;
Communicate — send transactional email (verification, password reset, billing notices, security alerts) via Postmark;
Improve — analyze aggregate usage statistics to plan capacity, fix bugs, and prioritize features (this analysis uses metadata only, never image content);
Secure — detect and prevent fraud, abuse, account takeover attempts;
Comply — meet legal and regulatory obligations.

5. Third-Party Processors

We use the following sub-processors to operate the Service. Each handles only the data necessary to perform its function:

Provider	Purpose	Data shared
Stripe	Payment processing and subscription management	Email, billing address, card details (entered directly into Stripe — we never see card numbers)
Postmark	Transactional email delivery	Email address + message body
Google OAuth / GitHub OAuth	Optional sign-in via existing accounts	OAuth provider ID + email (if you choose to sign in this way)
Let's Encrypt	TLS certificate issuance for pixelprism.ai	Domain name only

We do not sell your data, share it with advertisers, or use it for behavioral profiling.

6. Cookies & Tracking

We use a small number of strictly-necessary cookies:

deepscan_session — your authenticated session token (HTTP-only, secure, signed)
deepscan_csrf — CSRF synchronizer token to prevent forged form submissions
deepscan_oauth — short-lived state for OAuth sign-in flow

We do not use third-party analytics, tracking pixels, or advertising cookies. We do not honor "Do Not Track" headers because we have no tracking to disable.

7. Data Retention

Active accounts: we keep account and usage data for as long as your account is active.
Closed accounts: after you delete your account or we terminate it, we retain billing-relevant data for up to 30 days for invoice reconciliation and dispute handling, then permanently delete it.
Server logs: rotated and purged after 90 days.
Stripe billing records: retained per Stripe's policies and applicable accounting / tax law (typically 7 years).
Image content: not retained — see Section 3.

8. Your Rights

Depending on your jurisdiction (notably under the EU GDPR and California CCPA/CPRA), you may have the right to:

Access the personal data we hold about you;
Correct inaccurate data — most fields are editable from your dashboard;
Delete your account and associated personal data;
Export your data in a portable format (CSV/JSON);
Restrict certain processing or object to it;
Withdraw consent at any time (where processing is consent-based);
Lodge a complaint with a data-protection authority.

To exercise any of these rights, email support@pixelprism.ai. We respond within 30 days.

9. Security

We employ commercially reasonable measures to protect your data:

TLS 1.2+ encryption for all network traffic;
Argon2id password hashing with per-user salts;
Account lockout after repeated failed login attempts;
Optional TOTP two-factor authentication;
API keys stored as truncated prefixes — full keys are non-recoverable from our database;
Server-side request validation and CSRF protection on all state-changing endpoints;
Restricted database access — production credentials are not used for development or analytics.

No system is 100% secure. If we discover a data breach affecting your personal data, we will notify you within 72 hours and provide details on the scope and remediation.

10. International Transfers

Our infrastructure is located in the United States. If you access the Service from outside the U.S., your data will be transferred to and processed in the United States. Where required by EU law, we rely on Standard Contractual Clauses (SCCs) for transfers from the EEA.

11. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 13, we will delete it promptly. Parents who believe their child has signed up should contact support@pixelprism.ai.

12. Browser Extension

Our Chrome / Edge / Firefox browser extension ("the Extension") lets you scan images on the web by right-clicking. The Extension's privacy posture is intentionally minimal:

Image bytes — sent to our API only when you take an explicit action (right-click → "Scan with PixelPrism", or click "Scan current page" in the popup). We never proactively read images from pages you visit.
Page URL — stored locally in your browser's chrome.storage.local alongside the scan result, so you can revisit the page from your scan history. The page URL is never sent to our servers.
Scan history — stored locally only. The Extension's "Clear history" button wipes it instantly.
API key — Pro+ users may paste their dsk_live_* API key into Settings. Stored locally; transmitted only as the Authorization header on scan requests.
No telemetry. We do not log which sites you visit, which pages you spend time on, or how often you open the popup.
No third-party trackers. The Extension loads no analytics, ad networks, or fingerprinting libraries.
Permissions: activeTab, contextMenus, storage, notifications, scripting, plus host permission for https://pixelprism.ai/*. We do not request <all_urls> host permission.

The same image-byte handling rules in §7 (Data Retention) apply to images uploaded via the Extension: results are kept for 7 days for share-card rendering; image bytes themselves are never persisted server-side.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page shows the most recent revision. Material changes will be communicated by email at least 14 days before they take effect.

14. Contact

Questions about your privacy or this policy? Reach us at:

PixelPrism — Privacy
Email: support@pixelprism.ai
Web: pixelprism.ai