Privacy Policy

Effective Date: December 12, 2025

Pixie is committed to protecting your privacy. This Privacy Policy explains how we process data when you use our services. We follow the principles of data minimisation, local-first processing, secure transmission, immediate computation, and no server-side storage of user images.

1. Scope of This Policy

This Privacy Policy applies to all users of Pixie worldwide.

Pixie primarily operates on your device. Most image-related data is processed and stored locally and under your control. Pixie does not collect or upload your images or any image-derived data by default.

2. Information We Collect and Process

2.1 Device Identifier (Hashed Form)

This is the only piece of information we collect.

• Content: A hashed version of your device ID (non-identifiable).
• Purpose: Device registration, authorization validation, and quota management.

Commitment:

• We do not store any personal information.
• We only store the hashed device identifier on our servers.
• The identifier cannot identify you as an individual.

3. How Your Images Are Processed

To clarify GDPR responsibilities:

3.1 No Image Collection

• Pixie does not collect, upload, or store your images.
• All image browsing, indexing, tagging, compression, and preparation occur on your device.
• Because this data never leaves your device, it does not qualify as “personal data processed by the controller” under GDPR, and therefore is not listed in the “Information We Collect” section.

4. Cloud-Based AI Analysis (Optional, User-Initiated)

When you manually choose “AI Analysis”, Pixie uses a cloud-based large language model (LLM) / AI model to analyze the image content you choose to send. This feature is optional and only runs when you explicitly initiate it.

4.1 Data You Choose to Upload (Temporary Transmission Only)

• Compressed image data (only what is necessary for analysis) — temporarily transmitted for this request only
• Necessary analysis parameters — temporarily transmitted for this request only

This data is used only to complete your requested AI Analysis and is not retained after processing.

4.2 Purpose of Processing

• To generate instant scores, tags, strengths, and improvement suggestions.

4.3 Data Handling & Disposal

• Real-time processing only: Your uploaded image data is used solely to produce the analysis result.
• Discarded after analysis: Once analysis is completed, the uploaded image data is immediately discarded.
• No storage: Pixie does not store your uploaded images on our servers.
• No training: Your images are not used to train any models.
• No sharing: Your images are not shared with third parties for their own purposes.

When you do not initiate AI Analysis, no image data is uploaded at all.

5. Permissions

Pixie may request system-level permissions solely to access images on your device for local use. These permissions do not result in server-side data collection.

Internet access is required only when you manually trigger AI Analysis.

6. Third-Party Services & Data Transfers

• Cloud AI processing (only when you request it): If you trigger “AI Analysis”, compressed image data is sent to a cloud AI model for real-time analysis and then discarded after processing.
• No image storage / training / sharing: Pixie does not store your images in the cloud, does not use them for training, and does not share them with third parties.
• Authorization and quota systems use an encrypted token derived from the hashed device ID.
• No personal data is shared or sold.

7. Data Security & Minimisation

• Local-first principle: All image-related data stays on your device.
• Minimal upload: Only compressed data required for AI Analysis is transmitted.
• Secure channels: All transmissions use encrypted protocols.
• No long-term storage: We do not maintain server-side image archives or user profiles.

8. Your GDPR Rights

If you are located in the EU or UK, you have the following rights:

• Right to Access: You may review any personal data we store (limited to the hashed device ID).
• Right to Erasure: You may request deletion of your stored device identifier; all local data can be deleted by clearing app data or uninstalling the app.
• Right to Withdraw Consent: Disable image permissions or avoid triggering AI Analysis at any time.
• Right to Restrict Processing: Since we only process images when you explicitly upload them, you control all processing.
• Right to Data Portability: Applicable only to the hashed device ID, as no other personal data is collected.

9. Children's Privacy

Pixie is not designed for children and does not knowingly process children's personal data. If you believe data relating to a minor has been processed, you may request its removal.

10. Policy Updates

We may update this Privacy Policy as necessary. Updates will be announced through in-app notifications. Continued use of Pixie indicates acceptance of the revised policy.