Let’s turn your vision

into

a reality

Contact us

into

a reality

# Pixaro Privacy Policy

**Last Updated: March 3, 2026**

**Effective Date: March 3, 2026**

Pixaro ("we," "us," or "our") operates the Pixaro mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our App.

By using Pixaro, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the App.

---

## 1. Information We Collect

### 1.1 Account Information

When you create a Pixaro account, we collect:

- **Email address** (for email-based accounts)

- **First and last name**

- **Username** (chosen by you)

- **Password** (securely stored via AWS Cognito; we never store passwords in plaintext)

- **Account type** (Creator or Brand)

- **Profile photo** (optional, uploaded to our servers)

If you sign up or log in using a third-party provider:

- **Sign in with Apple**: Email address (first sign-in only), first name, last name, Apple identity token, Apple user identifier

- **Sign in with Google**: Email address, full name, profile photo URL, Google authentication tokens

### 1.2 Profile Information (Optional)

You may choose to provide additional profile details:

- Display name

- Bio (up to 150 characters)

- Date of birth (used for age verification; minimum age is 13)

- Gender

- Country and city

- Website URL

- Background image

### 1.3 User-Created Content

When you use Pixaro to create, edit, or generate content, we collect and store:

- **Input images**: Photos you upload or import from your device for editing or AI processing

- **AI-generated images and videos**: Content produced by AI models based on your inputs

- **Text prompts**: Instructions you provide for AI generation, including negative prompts

- **Project files**: Editing session data (layers, history, settings)

- **Export files**: Final rendered outputs you download or share

### 1.4 Aura ID (AI Profile) Data

Pixaro's Aura ID feature allows you to upload personal photos for AI-powered avatar creation, face transformation, and personalized generation. When you use this feature:

- You may upload **up to 10 personal photos** per Aura ID profile

- These photos may contain your **facial likeness**

- Photos are stored on our secure cloud servers (Amazon S3)

- Photos may be sent to **third-party AI providers** for processing when you generate AI content using an Aura ID

- You can delete your Aura ID profiles and associated photos at any time

**Important**: Aura ID photos may contain biometric-adjacent data (facial features). By uploading photos to Aura ID, you explicitly consent to our storage and processing of these images, including transmission to third-party AI service providers for the purpose of AI content generation.

### 1.5 Payment and Transaction Information

We use RevenueCat and Apple In-App Purchases to process payments. We do **not** directly collect or store your payment card details. The following payment-related data is processed:

- Subscription status and entitlements

- Credit balance and transaction history

- Purchase receipts (processed by Apple and RevenueCat)

- Credit usage records (credits spent per generation)

### 1.6 Device and Technical Information

We collect limited device information for security, functionality, and abuse prevention:

- **Device identifier**: A unique identifier stored in your device's secure keychain (persists across reinstalls for account security)

- **Vendor identifier**: Apple-assigned device identifier (resets when all apps from our developer account are removed)

- **Device model**: Hardware model (e.g., "iPhone 15 Pro")

- **Operating system version**: iOS version

- **Device name hash**: A one-way cryptographic hash (SHA-256) of your device name (we cannot reverse this to learn your actual device name)

- **App version and build number**

- **Push notification token**: If you enable push notifications, Apple provides a device token for notification delivery

### 1.7 Usage and Activity Data

When you use the App, we log:

- AI generation activity (model used, provider, processing time, output dimensions)

- Credit consumption history

- Content export and share history

- Session identifiers (generated per app launch, not persistent)

### 1.8 Analytics Data (Consent-Required)

We use analytics services **only with your explicit consent**. During onboarding, you choose which analytics categories to enable or disable:

- **App usage analytics**: How you navigate and use features

- **Performance monitoring**: App speed and responsiveness

- **Crash reporting**: Error and crash data for debugging

- **User behavior insights**: Feature usage patterns

- **Third-party analytics**: Anonymized usage data shared with analytics providers

If you decline analytics, **no analytics data is collected or transmitted**. You can change your analytics preferences at any time in the App's settings.

---

## 2. How We Use Your Information

We use the information we collect to:

- **Provide and operate the App**: Create and maintain your account, process AI generation requests, store your content, manage credits and subscriptions

- **Personalize your experience**: Remember your preferences, favorite models, and settings across devices

- **Process payments**: Manage subscriptions, credit purchases, and usage tracking via RevenueCat and Apple

- **Ensure security**: Prevent fraud, detect abuse, verify accounts, and protect against unauthorized access using device fingerprinting

- **Improve the App**: Analyze usage patterns and fix bugs (only with analytics consent)

- **Send notifications**: Deliver generation completion alerts, credit balance warnings, and feature announcements (configurable in settings)

- **Provide customer support**: Respond to inquiries and troubleshoot issues

- **Comply with legal obligations**: Respond to legal requests and enforce our Terms of Service

We do **not** use your information for:

- Selling your data to third parties

- Targeted advertising

- Building advertising profiles

---

## 3. How We Share Your Information

### 3.1 Third-Party AI Service Providers

When you use AI generation features, your input data (prompts, input images, reference images including Aura ID photos) is transmitted through our backend to third-party AI providers for processing. These providers include:

**Image Generation**: Black Forest Labs (FLUX), Google AI (Gemini/Imagen), OpenAI, ByteDance (Seedream), Alibaba (Qwen/WAN/Z-Image), Ideogram, Kling AI, Luma AI, Minimax, Recraft AI, RunwayML, ImagineArt, Reve, Topaz Labs, Sourceful

**Video Generation**: Kling AI, RunwayML, Luma AI, Minimax, ByteDance, Alibaba

These providers process your data solely for the purpose of generating AI content as requested. Each provider operates under their own privacy policy and data handling practices. We route all requests through our secure backend infrastructure and do not share your account information (email, name, etc.) with these providers.

### 3.2 Cloud Infrastructure Providers

We use Amazon Web Services (AWS) for our cloud infrastructure:

- **AWS Cognito**: Authentication and account management (US East region)

- **AWS DynamoDB**: Database storage for user data, settings, and metadata

- **AWS S3**: File storage for images, videos, and project files

- **AWS CloudFront**: Content delivery network for serving media

- **AWS Lambda**: Serverless compute for API processing

- **AWS API Gateway**: API routing and authorization

All AWS services are hosted in the **US East (N. Virginia)** region.

### 3.3 Payment Processors

- **RevenueCat**: Subscription and in-app purchase management

- **Apple App Store**: Payment processing for all transactions

### 3.4 Analytics Providers (Consent-Required Only)

If you opt in to analytics, we may share anonymized usage data with:

- **Firebase** (Google): Analytics, crash reporting, and performance monitoring

- **Mixpanel**: Event analytics and user behavior

- **Amplitude**: Product analytics

These services receive your Pixaro user ID (Cognito sub) and usage events. They do **not** receive your email, name, images, or content.

### 3.5 Other Disclosures

We may disclose your information:

- **With your consent**: When you explicitly authorize sharing

- **Legal compliance**: To comply with applicable laws, regulations, or legal processes

- **Safety and rights**: To protect the rights, property, or safety of Pixaro, our users, or the public

- **Business transfers**: In connection with a merger, acquisition, or sale of assets (you would be notified of any change in data handling)

---

## 4. Content Visibility and Privacy Controls

### 4.1 Content Visibility Settings

You control who can see your generated content:

- **Private**: Only visible to you

- **Followers**: Visible to your approved followers

- **Public**: Visible to all Pixaro users

You can set a default visibility level and override it per item.

### 4.2 Section-Level Visibility

For shared content, you can individually control visibility of:

- Prompt text used for generation

- Technical details (model, settings)

- Input/reference images

- Reference videos and audio

### 4.3 Notification Preferences

You control:

- Push notification on/off toggle

- Per-type notifications (generation complete, low credits, new features)

- Notification frequency (immediate, daily, weekly)

### 4.4 Analytics Preferences

You can enable or disable each analytics category independently:

- App usage analytics

- Performance monitoring

- Crash reporting

- User behavior insights

- Third-party analytics sharing

Changes take effect immediately. Disabling analytics stops all future data collection for that category.

---

## 5. Data Storage and Security

### 5.1 Where Your Data Is Stored

- **Cloud servers**: AWS infrastructure in US East (N. Virginia) region

- **Content delivery**: AWS CloudFront CDN (global edge locations for performance)

- **On-device**: Secure iOS Keychain (authentication tokens, device ID), UserDefaults (preferences, cached settings), and temporary cache files (images)

### 5.2 Security Measures

We implement the following security measures:

- **Encryption in transit**: All data transmitted between the App and our servers uses HTTPS/TLS encryption

- **Encryption at rest**: AWS S3 and DynamoDB use server-side encryption

- **Authentication tokens**: Stored in iOS Keychain (hardware-encrypted storage)

- **Presigned URLs**: Temporary, time-limited URLs for file uploads and downloads (no permanent S3 credentials on device)

- **Signed cookies**: CloudFront CDN access controlled via signed cookies with expiration

- **Authorization**: API Gateway authorizers verify identity on every request; IAM policies restrict users to their own data

- **Password security**: Passwords are managed by AWS Cognito using industry-standard hashing; we never have access to plaintext passwords

- **Device fingerprinting**: Used for abuse prevention only (detecting multiple account creation from one device)

### 5.3 Data Retention

- **Account data**: Retained for as long as your account is active

- **User-created content**: Retained until you delete it or delete your account

- **Aura ID photos**: Retained until you delete the Aura ID or delete your account

- **Activity history**: Retained for as long as your account is active

- **Analytics data**: Retained according to each analytics provider's retention policies (typically 12-25 months)

- **Deleted account data**: Permanently deleted within 30 days of account deletion request

---

## 6. Your Rights and Choices

### 6.1 Access and Portability

You can access your profile information, content, and activity history directly within the App at any time.

### 6.2 Correction

You can update your profile information, display name, and other personal details through the App's profile settings.

### 6.3 Deletion

You have the right to:

- **Delete individual content**: Remove specific images, videos, or projects

- **Delete Aura ID profiles**: Remove Aura ID profiles and all associated photos from our servers and S3 storage

- **Delete your account**: Request complete account deletion, which permanently removes all your data from our systems including:

- Profile information

- All stored images, videos, and project files

- Aura ID photos

- Activity history

- Preferences and settings

Account deletion is processed within 30 days. Some data may be retained longer if required by law.

### 6.4 Withdraw Consent

You can withdraw consent for:

- **Analytics**: Disable any or all analytics categories in settings

- **Push notifications**: Disable notifications in settings or iOS system settings

- **Aura ID processing**: Delete Aura ID profiles to stop facial image processing

### 6.5 Rights for Specific Jurisdictions

**European Economic Area (EEA) / UK (GDPR)**:

You have additional rights including the right to data portability, the right to restrict processing, and the right to object to processing. Our legal bases for processing are: consent (analytics, Aura ID), contract performance (account and service operation), and legitimate interests (security, abuse prevention). To exercise these rights, contact us at the address below.

**California (CCPA/CPRA)**:

California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. **We do not sell your personal information.** To exercise your rights, contact us at the address below.

**Illinois / Texas / Other U.S. States with Biometric Data Laws**:

If you reside in a jurisdiction with biometric data protection laws, your use of Aura ID constitutes informed consent to our collection, storage, and processing of facial image data as described in Section 1.4.

---

## 7. Children's Privacy

Pixaro is not intended for children under 13 years of age. We enforce a minimum age of 13 during account registration by requiring date of birth verification. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us.

---

## 8. Data We Do Not Collect

For transparency, Pixaro does **not** collect:

- GPS location or precise geolocation data

- Advertising identifiers (IDFA) or tracking data for ad targeting

- Contacts or address book data

- Call logs or SMS messages

- Health or fitness data

- Financial account information (payment processing is handled entirely by Apple and RevenueCat)

- Browsing history outside the App

---

## 9. Permissions We Request

The App requests the following device permissions, all of which are optional and requested only when needed:

| Permission | Purpose |

|-----------|---------|

| Camera | Capture photos for editing or AI processing |

| Photo Library | Import images from and save images to your photo library |

| Microphone | Voice-to-text input for AI prompts |

| Speech Recognition | Convert voice input to text prompts (processed on-device) |

| Push Notifications | Deliver generation completion alerts and updates |

You can revoke any permission at any time through iOS Settings. The App will continue to function with reduced functionality if permissions are denied.

---

## 10. International Data Transfers

Your data is processed and stored in the United States (AWS US East region). If you are located outside the United States, your information will be transferred to and processed in the United States. By using the App, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

---

## 11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

- Update the "Last Updated" date at the top of this policy

- Notify you through the App or via email for significant changes

- Request renewed consent where required by law

Your continued use of the App after any changes indicates your acceptance of the updated policy.

---

## 12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about your privacy, please contact us:

**Email**: privacy@pixaro.co

**Website**: https://pixaro.co/privacy