Skip to main content
Policies

Privacy Policy

This policy explains what data Pixora collects, how it is used, and the choices you have. Pixora is operated by Berke Kaya as the data controller.

Last updated: December 15, 2025

1. Who We Are

Pixora is operated by Berke Kaya, who acts as the data controller for the platform. For any privacy questions reach out at info@usepixora.com.

2. Data We Collect

We collect and process the following categories of information:

  • Account data such as email address, name (if provided by Google Sign In), and hashed password.
  • Usage data including logs, generation activity, and timestamps.
  • Localization signals like browser language and approximate country.
  • Product photos and other media you upload for AI generation (you must own the rights to the content).
  • Payment information processed by our Merchant of Record. Pixora does not store card details.
  • Cookies for authentication sessions and analytics signals (Google Analytics Consent Mode).
  • Support submissions you send through our contact form, including your name, email, subject, message, and technical metadata (such as IP address and user agent).

3. Uploaded Images and Files

Files you upload are processed by Replicate and stored temporarily on Cloudflare R2 to deliver the service. This processing allows Pixora to generate your product images, keep results accessible in your account, and apply credit refunds if a job fails. Only upload product photography or assets you own; personal portraits or biometric data are not supported and may be removed. Uploaded files are never used for training, marketing, or public sharing. You can request full deletion of uploads and your account by emailing info@usepixora.com; verified requests are completed within 30 days.

4. Legal Bases

Pixora processes personal data under the following legal bases:

  • Contract performance for account management, generation workflows, and billing.
  • Legitimate interest for fraud prevention, security monitoring, and cookieless aggregate analytics.
  • Consent for non-essential analytics cookies and personalised measurement.

5. Third Party Processors

Pixora relies on carefully vetted subprocessors:

  • Supabase for authentication and database hosting.
  • Cloudflare R2 for storage of uploads and generated results.
  • Replicate for AI model execution.
  • Upstash for rate limiting and queue infrastructure.
  • Resend for transactional email delivery.
  • Our authorized Merchant of Record for payments, invoicing, tax collection, and refunds.
  • Google Analytics for usage analytics with Consent Mode (cookieless events when declined).

Some providers may process data outside the EU, such as in the United States, under Standard Contractual Clauses.

6. Cookies and Analytics

Pixora uses essential cookies required for authentication and session management. Google Analytics runs with Consent Mode: accepting analytics enables cookies, while declining leaves only cookieless, aggregated events (no identifiers). You can manage preferences via the banner or the footer link at any time.

7. Data Retention

Account data and uploaded content are stored while your account remains active. When you request deletion via the email linked to your Pixora account, we erase account data, stored generations, and related Cloudflare R2 files within 30 days unless a longer period is required by law. Contact-form messages and associated metadata are retained for up to 30 days after a support ticket is resolved, after which they are purged. Backup media may persist briefly but is overwritten on a rolling schedule.

8. Your Rights

Under GDPR and KVKK you may request:

  • Access to the personal data Pixora holds about you.
  • Correction or deletion of inaccurate or outdated data.
  • Export of your data in a structured format.
  • Withdrawal of consent where processing is based on consent.
  • Objection to processing based on legitimate interests.

Submit requests via info@usepixora.com. We acknowledge requests within two business days and respond in full within 30 days. To protect your privacy we may ask you to confirm the request from the same email address used for your Pixora account.

9. International Data Transfers

Pixora relies on service providers located in the European Union, the United States, and other jurisdictions. When personal data is transferred outside your country we use safeguards such as Standard Contractual Clauses or other lawful mechanisms made available by each provider. Using Pixora means consenting to these transfers where permitted by applicable law. For EU and Turkish users, transfers to the United States rely on Standard Contractual Clauses and Google’s GDPR-compliant safeguards.

10. Age Requirement

Pixora is intended for users who are at least 18 years of age. By using the service, you confirm that you are 18 or older. If we learn that data from an individual under 18 has been submitted, we will delete it promptly and terminate the account.

11. Contact

For privacy inquiries or data requests email info@usepixora.com.

12. Updates to This Policy

We may revise this privacy policy to reflect product, legal, or regulatory changes. Material updates are communicated by email and/or in-product notices at least 30 days before they take effect.