01. Introduction
Pixsprint is a creator-facing SaaS app for photographers, influencers, and similar creators to upload media, publish creator profiles, build galleries and media kits, manage leads, use AI-powered tools, and connect supported integrations.
This Policy applies to creators and account users, website and public gallery visitors, trial or free users, paid subscribers, people who contact support, and people whose information appears in content submitted to Pixsprint.
Some creator information may be visible to clients or public visitors when a creator publishes a profile, gallery, media kit, package, call to action, social link, Instagram-related metric, selected place, or other profile field.
02. Information we collect
- Account and authentication data, such as name, email, username, Clerk user ID, login/session metadata, and account preferences.
- Profile and public page data, such as profile photo, bio, social links, footer settings, creator slug, public profile settings, media-kit settings, and custom domain settings.
- Creator content, such as uploaded photos, image metadata, captions, alt text, tags, gallery content, selected photos, packages, trust content, lead forms, and saved AI outputs.
- Billing data, such as Stripe customer IDs, subscription status, invoice metadata, transaction metadata, billing contact details, tax identifiers, and limited payment method details. Stripe processes payment card details.
- AI-related data, such as selected photos, image URLs, gallery text, profile details, marketing context, generated descriptions, tags, embeddings, content ideas, and AI usage records.
- Integration data from Instagram/Meta, including authorized account identifiers, username, profile metadata, follower and media counts, insights, media metadata, encrypted access tokens, scopes, expiry dates, sync status, and rate-limit or error metadata.
- Location and place data that creators enter or select, including locations served, target brand/place details selected through Google Places, selected city/region/country, and coarse visitor country for analytics. Based on the current codebase, we do not use precise browser GPS.
- Usage and technical data, such as pages viewed, gallery events, CTA clicks, lead submissions, download requests, shortlist activity, device type, referrer, session identifiers, consent state, browser storage identifiers, hashed user-agent data, coarse country, diagnostics, and security or rate-limit logs.
- Communications data, such as support requests, transactional emails, marketing preferences, unsubscribe tokens, delivery logs, and email provider webhook events.

Your privacy rights, handled with care
03. How we use information
- Create and manage accounts, authenticate users, secure accounts, and prevent fraud or abuse.
- Provide creator profiles, galleries, media kits, lead capture, share links, downloads, analytics, billing, email, custom domain, and account settings features.
- Display profile, gallery, location, package, social, Instagram, and media-kit information to clients or public visitors when a creator publishes or shares it.
- Process subscriptions, invoices, cancellations, billing support, taxes, accounting, and payment-provider records.
- Provide AI features, measure AI usage limits, generate image descriptions, tags, search support, marketing copy, content ideas, and related suggestions.
- Send transactional emails, support messages, product notices, and marketing communications where permitted.
- Analyze product usage, debug issues, improve features, aggregate gallery performance, enforce limits, protect the service, and comply with legal obligations.
04. AI features
Premium or plan-based AI features may process user-uploaded photos, selected images, image URLs, gallery text, profile details, Instagram metrics, and other context to generate content, suggest content, describe images, support image search, or recommend photos.
AI results are automated suggestions and may be inaccurate, incomplete, repetitive, biased, unsafe, or unsuitable. Users are responsible for reviewing AI outputs before publishing or relying on them.
We do not use your photos, profile content, or AI prompts to train our own AI models. We use third-party AI providers to operate premium AI features. As currently configured, we do not opt in to third-party model training using your AI inputs or outputs. If this changes, we will update this Policy and provide any required notices or choices.
Based on the current codebase, Pixsprint does not use AI features for face recognition, identity verification, biometric identification, sensitive-trait inference, or automated decisions with legal or similarly significant effects.
05. Location and place information
Pixsprint uses creator-entered or creator-selected place information, such as locations served, target brand locations, Google Places suggestions, selected place IDs, city, region, country, address labels, and primary place type. We also use coarse visitor country signals for analytics.
Based on the current codebase, we do not use precise browser GPS or retain location trails. If a creator publishes a location, location-served field, or target brand/place detail, that information may be visible to public visitors or clients. Creators can edit, hide, or remove these fields through available settings and editor flows.
06. Public and client-visible information
Depending on creator settings and publication choices, public visitors or shared-link recipients may see usernames, display names, profile photos, bios, social links, published galleries and media kits, uploaded media, captions, package details, availability, calls to action, Instagram metrics, selected locations or target brands, and other fields selected for publication.
Creators are responsible for deciding what to publish and for making sure they have permission to publish people, places, brands, client names, logos, and third-party content.
07. Service providers and integrations
We disclose information to service providers that help us host, secure, operate, analyze, support, and improve Pixsprint, process payments, provide authentication, send emails, provide AI features, and support integrations.
| Provider | Purpose | Data involved |
|---|---|---|
| Google Cloud Platform | Hosting, Cloud Run infrastructure, storage, delivery, logs | Application data, files, uploaded media, generated sizes, logs, and related technical data |
| MongoDB Atlas | Database | Account, profile, gallery, media, billing metadata, analytics, integration, and app data |
| Stripe | Payments and subscriptions | Customer IDs, subscription status, invoices, transaction metadata, billing contact data, limited payment method details |
| Clerk | Authentication | Account credentials, user IDs, emails, auth/session metadata, login security data |
| OpenAI | AI features | Selected images, prompts, profile or gallery context, AI inputs and outputs needed for requested features |
| Resend | Email delivery | Email addresses, message content, preferences, delivery and webhook metadata |
| Google Places/Maps | Place search and autocomplete | Search terms, selected places, place IDs, formatted addresses, place types, network/device data processed by Google |
| Instagram/Meta | Creator integration | Authorized account data, profile and media metadata, insights, tokens, scopes, sync metadata |
09. EU/UK privacy layer
This EU/UK privacy layer applies where Pixsprint is intentionally offered to people in the EEA or the UK, or where Pixsprint monitors behavior of people located there through analytics, tracking, profiling, or similar technologies.
For the current B2C creator product, Pixsprint generally acts as the controller for creator account data, profile data, uploaded creator content, optional current location, subscription and billing metadata, AI feature usage, analytics and product improvement data, support communications, and integration connection status or tokens.
Vendors and integrations such as Google Cloud Platform, MongoDB Atlas, Clerk, Stripe, Resend, OpenAI, Google Places/Maps, and Instagram/Meta may act as processors, independent controllers, or separate service providers depending on the specific data flow and their terms.
This draft does not list a DPO, EU representative, UK representative, legal entity name, or postal address because those details are not discoverable in the repository. Add those details before publication where legally required.
Where applicable, you may complain to a relevant supervisory authority, and you may contact Pixsprint first so we can try to resolve your request.
10. Legal bases for EU/UK-style privacy laws
| Purpose | Legal basis |
|---|---|
| Account creation, subscriptions, and core service | Contract |
| Payments, tax, accounting, legal records | Legal obligation and legitimate interests |
| Security, fraud prevention, debugging, abuse prevention | Legitimate interests |
| Creator-selected location or public profile display | User direction, contract, or consent where required |
| Marketing emails | Consent or legitimate interests where permitted |
| Non-essential cookies or persistent analytics identifiers | Consent where required |
| AI premium features | Contract, plus consent where required for specific data or features |
11. International processing
The deployment scripts and deployment documentation in this repository use Google Cloud's europe-west1 region, Belgium, as the default primary Cloud Run and related Google Cloud deployment region when that default or matching deployment secret is used. MongoDB Atlas and other provider regions must be confirmed from provider configuration before making an EU-only storage claim.
Some service providers and integrations may process information in other countries. Where required, we use appropriate safeguards for international transfers.
12. Automated decision-making and profiling
For the current MVP, Pixsprint positions AI photo recommendations, image analysis, search support, and content generation as creator-controlled suggestions. Pixsprint does not make final decisions about users' legal rights, employment, credit, eligibility, pricing, or access.
If future features rank creators, hide creators, determine eligibility, price services, score attractiveness, or otherwise affect access or opportunity, Pixsprint should revisit automated decision-making, profiling, fairness, transparency, and privacy risk-assessment requirements before launch.
13. Retention and deletion
- Raw analytics events and daily analytics rollups are configured with 90-day retention in the codebase.
- Uploaded media, saved AI outputs, public profile data, optional location fields, and integration data are kept while needed to provide the service, until deleted by the user, disconnected, unpublished, or deleted through a verified deletion request, subject to limited retention needs.
- If you request account deletion, Pixsprint aims to remove or anonymize account profile data, uploaded creator content, saved AI outputs, optional location data, and integration tokens from production systems within 30 days after verification, unless limited retention is needed for legal, billing, tax, security, fraud-prevention, dispute-resolution, or compliance purposes.
- Backups are deleted on their normal rotation, usually within 90 days.
- Billing, tax, accounting, fraud, security, support, marketing suppression, consent, and legal records may be retained longer where necessary.
14. Your rights and choices
- You can update profile, public page, billing contact, email preference, published content, and integration settings through available account tools.
- You can unsubscribe from non-transactional emails using unsubscribe or preference links.
- You can accept, reject, or revisit analytics cookie choices through the cookie banner or settings button.
- Depending on your location, you may request access, correction, deletion, portability, restriction, objection, consent withdrawal, or appeal of a denied request.
- Where applicable, you may also object to legitimate-interest processing, object to direct marketing, withdraw consent for consent-based processing, and complain to a relevant supervisory authority.
- To make a privacy request, contact support@pixsprint.app.
15. Children and minors
Pixsprint is not directed to children under 13, and users under 13 may not create accounts. Paid creator/client-facing use is intended for users who are at least 18 or the age of majority where they live.
16. Security
Pixsprint uses technical and organizational measures designed to protect information, such as authentication, access controls, encryption in transit, provider security controls, rate limiting, logging, monitoring, backups, and incident response practices. No online service can be guaranteed to be 100% secure.
17. Changes and contact
We may update this Policy from time to time. For material changes, we will provide reasonable notice where required.
Contact Pixsprint at support@pixsprint.app.