Privacy Policy

Last updated: January 2026

1. Information We Collect

We collect information that you provide directly to us, including when you create an account, use our services, or contact us.

2. How We Use Your Information

We use the information we collect to provide, maintain, and improve our services.

3. Image Processing

Images uploaded to Pixlet are processed in memory and are not stored on our servers. Your images are never permanently saved.

4. Data Security

We implement appropriate security measures to protect your personal information.

5. Cookies and Tracking

5.1 Essential Cookies

We use essential cookies that are required for the site to function properly:

  • Supabase session cookies - Required for authentication. These are set when you log in and are essential for maintaining your session.

5.2 Anonymous Usage Tracking (Requires Consent)

With your consent, we use an anonymous tracking cookie to enforce usage limits:

  • pixlet_anon_id - A randomly generated identifier (UUID) used to track your daily image processing usage. This is not linked to any personal information. The cookie expires after 1 year.

If you reject cookies, we still enforce rate limits using IP address hashing (see below), but the tracking is less accurate.

6. Anonymous Usage Tracking

To prevent abuse and enforce fair usage limits, we track anonymous usage in the following ways:

6.1 Anonymous ID Cookie

When you accept cookies and use our image tools, we assign you a random anonymous identifier (pixlet_anon_id). This identifier:

  • Is a randomly generated UUID (e.g., 550e8400-e29b-41d4-a716-446655440000)
  • Contains no personal information
  • Is signed with HMAC-SHA256 to prevent tampering
  • Expires after 1 year
  • Is only set if you accept cookies via our consent banner

6.2 IP Address Hashing

We also track usage by IP address to prevent abuse. However, we never store your actual IP address. Instead:

  • We hash your IP address using SHA-256 with a secret salt
  • The hash is a one-way function - we cannot reverse it to recover your IP
  • This allows us to detect if the same IP is making excessive requests
  • IP hashes are only used for rate limiting, not for tracking or analytics

7. Data Stored in Our Database

We store usage data in Supabase to enforce rate limits. Here's exactly what we store:

7.1 Anonymous Users

For users who are not logged in, we store:

  • anon_id - The anonymous identifier from the cookie
  • usage_date - The date of usage (e.g., 2026-01-20)
  • image_count - Number of images processed that day
  • ip_hash - SHA-256 hash of your IP address (not the actual IP)

7.2 Authenticated Users

For logged-in users, we store:

  • auth_user_id - Your Supabase user ID
  • email - Your email address (for account purposes)
  • plan_tier - Your subscription tier (free, pro, ultra)
  • usage_date - The date of usage
  • image_count - Number of images processed that day

7.3 What We Do NOT Store

  • Your actual images - all processing happens in memory
  • Your actual IP address - only hashed versions
  • Browsing history or behavior tracking
  • Any data sold to third parties

8. Third-Party Services

We use the following third-party services:

  • Stripe - For payment processing. Stripe has its own privacy policy.
  • Supabase - For authentication and database services. Data is stored securely in Supabase's infrastructure.

9. Your Rights

You have the following rights regarding your data:

  • Cookie Control - Use the Cookie Settings link in our footer to change your cookie preferences at any time.
  • Reset Anonymous ID - Clear your browser cookies to reset your anonymous tracking ID. Note that rate limits may still apply based on IP hash.
  • Request Data Deletion - Contact support to request deletion of your usage data.
  • Account Deletion - Authenticated users can delete their account in account settings.

10. Contact Us

If you have questions about this Privacy Policy or your data, please contact us through our support page.