Privacy Policy

This Privacy Policy explains how Pixel Password ("Pixel Password," "we," "our," or "us") collects, uses, discloses, and protects personal information when you use our website, demo flows, authentication flows, APIs, and related services (collectively, the "Services").

Pixel Password is a privacy-first company. Like other privacy-focused organizations, we design our Services to protect customer information and reduce unnecessary data collection.

This policy applies to information processed through:

• https://pixelpassword.com and related routes (such as /demo, /privacy, and /terms)
• Pixel Password sign-in and verification flows
• Waitlist and feedback submissions

Pixel Password is the controller of personal information described in this policy for our own Services. Questions or requests about this policy can be sent to:

• Email: privacy@pixelpassword.com

Information You Provide

• Contact details: email address (for sign-in challenges, account access, support, and privacy requests).
• Waitlist and feedback details: company name, company email, star rating, comments, and optional request to be contacted.
• Authentication inputs: image data you submit during Pixel Password verification flows.

Information Collected Automatically

• Device and network data: IP address, browser/device information, request metadata, and coarse location indicators (such as country inferred from request headers).
• Usage and analytics data: page views, approximate engagement metrics, referrer information, and similar usage telemetry.

Information from Third Parties

• Processors and providers: delivery status events (for email delivery) and infrastructure-level technical events from our service providers.

Important Clarifications

• Pixel Password image references and temporary challenge records are stored for service operation and expire automatically based on retention settings.
• During open beta, any valid email may request sign-in challenges, and we apply throttling and operational caps to reduce abuse and protect availability.

We use personal information to:

• Provide, operate, and secure Pixel Password sign-in and demo features
• Send one-time sign-in or verification messages
• Send required operational communications, such as account, billing, and security notices
• Maintain and administer accounts
• Measure service performance, diagnose errors, and improve reliability
• Process waitlist and feedback submissions
• Detect abuse, enforce policies, and protect our Services
• Apply operational safeguards such as request throttling and daily sign-in email quotas
• Comply with legal obligations (including tax, accounting, and lawful requests)

Where GDPR or similar laws apply, we generally process personal data under one or more of these legal bases:

• Contract: to provide requested Services (for example, sign-in, account access, and subscription fulfillment)
• Legitimate interests: to secure, maintain, and improve our Services and prevent abuse
• Legal obligation: to satisfy applicable legal, tax, accounting, and compliance duties
• Consent: where required for specific processing activities

We use cookies or similar technologies for core functionality and to understand Service usage. Technologies in use include session-related functionality, analytics tooling, and tag-management tooling.

Depending on route and configuration, these may include:

• Plausible Analytics (analytics)(opens in a new tab)
• Google Analytics (analytics)(opens in a new tab)
• Microsoft Clarity (analytics)(opens in a new tab)
• Google Tag Manager (analytics tracking)(opens in a new tab)
• GitHub (waitlist and feedback issue handling)(opens in a new tab)
  • Pixel Password Private Account:
    Your message(s) go to a private, secure area that only our team can see and review.
• Resend (email delivery)(opens in a new tab)
• MongoDB (database)(opens in a new tab)

These technologies can involve information such as:

• IP address
• Browser type
• Device information
• Pages viewed and engagement events
• Approximate location signals (such as country)

You can control many cookies through browser settings. If you disable certain cookies or scripts, some features may not function correctly.

Depending on your jurisdiction, you may also have a right to opt out of personal data processing for targeted advertising, sale, or sharing. You can submit these requests by emailing privacy@pixelpassword.com.

Some browsers offer a "Do Not Track" (DNT) setting. Because there is no universally accepted DNT standard, our Services do not respond to DNT signals in a uniform way.

Where required by applicable law, we honor Global Privacy Control (GPC) signals as a request to opt out of sale, sharing, or targeted advertising for the browser or device that sends the signal.

We do not sell your personal information for monetary consideration.

We share personal information only as needed to operate our Services, perform requested actions, and satisfy legal obligations.

Under some U.S. state privacy laws, certain disclosures involving analytics or similar technologies may be treated as "sharing" or as processing for "targeted advertising." We support applicable opt-out rights as described in this policy.

• Service providers and processors (hosting, analytics, email delivery, storage, database, payments)
• GitHub, for waitlist and feedback issue handling submitted through our forms
• Authorized fiduciaries or legal representatives, where required or permitted by applicable law
• Authorities, when required by law or valid legal process
• Successors in case of merger, acquisition, or similar corporate transaction

We operate globally and use providers that may process data in the United States and other countries. Where applicable, international transfers are handled using provider-supported transfer mechanisms.

We keep data only as long as needed for the purposes described in this policy, unless longer retention is required by law.

If you submit a deletion request, we delete or de-identify eligible data from active systems. Some data may remain temporarily in backups, archived logs, or disaster-recovery media until those systems are rotated or overwritten in the ordinary course.

• API logs: 30 days
• Email delivery status events: 30 days
• Support emails: 1 year
• Backups: 90 days
• Billing records: 7 years (tax/accounting)
• Authentication challenge records and image references: typically up to 24 hours
• Waitlist and feedback entries stored in our private GitHub: until deleted by maintainers or provider controls

We apply technical and organizational safeguards designed to protect personal information, including access controls, signed URLs for temporary image access, scoped retention, and internal logging controls that redact sensitive fields in structured logs. No internet-based service can be guaranteed to be 100% secure.

General Rights

Depending on your location, you may have rights to request access, correction, deletion, or export of personal information, and to object to or restrict some processing.

EEA/UK/Switzerland

Where applicable, you may have rights including access, rectification, erasure, restriction, portability, objection, and withdrawal of consent (where consent is the legal basis).

Privacy Rights for Residents of California and Other U.S. States

Depending on your state, you may have rights such as knowing what data is collected, correcting data, deleting data, receiving a portable copy, and opting out of sale, sharing, or targeted advertising.

We do not sell personal information for monetary consideration. As noted above, some disclosures to analytics providers may be treated as "sharing" under certain state laws.

To submit a rights request (including opt-out requests), email privacy@pixelpassword.com from the address associated with your use of the Services. Where required, we also process qualifying GPC signals as described above.

Pixel Password is not intended for individuals under 18. Separately, under U.S. children's privacy law (COPPA), we do not knowingly collect personal information from children under 13.

• If we learn that we collected personal information from a child under 13, we will delete it promptly.

If you are a parent or guardian and believe a child provided us with personal information, contact us at privacy@pixelpassword.com.

We do not use solely automated decision-making that produces legal or similarly significant effects about you in the context of this Service.

For legal and operational reasons, some regions may be restricted from accessing parts of the Service. This may involve using coarse geolocation signals (such as country-level indicators) at the infrastructure layer.

• We may update this policy to reflect product, legal, or operational changes.
• Updates are posted on this page with a revised "Last updated" date.

If you have questions, concerns, or privacy requests, contact:

• Email: privacy@pixelpassword.com