Privacy Policy

Effective: April 2026 Last updated: April 2026 Contact: privacy@pixelilo.com

    The short version
    We collect your email to create your account and send receipts. We use Stripe for payments, Supabase for auth, and Anthropic's API to power AI features. We do not sell your data. You can delete your account at any time.
  

1. Who We Are

Pixelilo ("we", "us", "our") operates a suite of AI-powered micro-tools available at pixelilo.com and its subdomains (headlines.pixelilo.com, schema.pixelilo.com, og.pixelilo.com, privacy.pixelilo.com, tax.pixelilo.com). This Privacy Policy explains what data we collect, why we collect it, and how we handle it.

2. Data We Collect

Account data

When you create an account, we collect your email address and a hashed version of your password (or a Google OAuth token if you sign in with Google). We do not store plaintext passwords.

Usage data

We collect anonymised usage data to understand which features are used and to improve the product. This includes pages visited, tool interactions, and general performance metrics. This data cannot be used to identify you individually.

Payment data

Payment information (card numbers, billing details) is collected and processed exclusively by Stripe. We never see or store your card details. We store your Stripe customer ID and subscription status so we can provision Pro access.

Tool inputs

Text and parameters you enter into our tools (headlines, schema prompts, OG image settings, policy form data, tax figures) are sent to our API to generate results. We do not persistently store this content unless you explicitly save it in a Pro account feature.

3. How We Use Your Data

Provide the service — to authenticate you, run the tools, and show your results.
Send transactional emails — payment receipts, subscription confirmations, and account-related notifications. No marketing email without your explicit consent.
Improve the product — aggregate usage analytics help us prioritise features and fix bugs.
Prevent abuse — to detect and prevent fraud, spam, or misuse of our APIs.

4. Third-Party Services

We use the following third-party services to operate Pixelilo:

Stripe Payment processing. Stripe receives your payment card details directly. See Stripe's Privacy Policy.

Supabase Authentication and database. Stores your account data on EU-region infrastructure. See Supabase's Privacy Policy.

Anthropic AI model API (Claude). Your tool inputs are sent to Anthropic's API to generate AI responses. See Anthropic's Privacy Policy.

Cloudflare CDN, edge hosting, and DNS. Cloudflare processes requests to our sites. See Cloudflare's Privacy Policy.

We do not sell, rent, or share your personal data with advertisers or other third parties not listed above.

5. Data Retention

We retain your account data (email, subscription status) for as long as your account remains active. If you delete your account, we delete your personal data within 30 days, except where we are required to retain it for legal or tax purposes (e.g., payment records, which Stripe retains per their legal obligations).

Anonymised usage analytics may be retained indefinitely as they cannot be linked back to you.

6. Your Rights

Depending on your location, you have the following rights regarding your personal data:

Access — you can request a copy of the data we hold about you.
Correction — you can update your email address from your account settings.
Deletion — you can delete your account at any time from your account settings. This removes your profile and personal data from our systems.
Data portability — you can request an export of your data in a machine-readable format.
Objection — you can object to processing based on legitimate interests.

To exercise any of these rights, email privacy@pixelilo.com. We will respond within 30 days.

7. Cookies

We use strictly necessary cookies to maintain your authenticated session (set by Supabase Auth). We do not use advertising cookies or cross-site tracking cookies. No cookie consent banner is shown because we only use essential session cookies that do not require consent under GDPR.

8. Children's Privacy

Pixelilo's tools are not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

9. Data Security

We implement reasonable technical and organisational measures to protect your data, including HTTPS encryption for all data in transit, hashed passwords, and access controls limiting who can access production data. No system is perfectly secure; if you discover a vulnerability, please contact privacy@pixelilo.com.

10. International Data Transfers

Pixelilo is operated from the European Union. Our infrastructure (Supabase, Cloudflare) may process data in the US or other regions. Where data is transferred outside the EU/EEA, we ensure adequate protections are in place (Standard Contractual Clauses or equivalent) as required by GDPR.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the relevant tool. The "Effective" date at the top of this page indicates when the current version took effect. Continued use of the service after a change constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions, requests, or complaints:

Email: privacy@pixelilo.com
Website: pixelilo.com

This document provides a general overview of our data practices. For specific legal advice about data protection in your jurisdiction, consult a qualified legal professional.