PixLibre

Legal

Privacy Policy

Last updated May 26, 2026

This Privacy Policy explains how [Company Legal Name] collects, uses, and shares personal information when you use [Platform Name], our marketing website, and related services.

DRAFT — FOR COUNSEL REVIEW ONLY. Align with actual data flows, subprocessors, retention schedules, and regional requirements before publishing.

Effective date: May 26, 2026

1. Introduction

[Company Legal Name] (“we,” “us,” “our”) operates PixLibre (the “Platform”). This Privacy Policy describes how we collect, use, disclose, and protect personal information when you:

  • Visit our marketing website at https://www.pixlibre.com (e.g., pricing, blog, documentation, legal pages);
  • Create or use a Creator account on the Platform (dashboard, billing, team features);
  • Use public sites hosted on the Platform (photographer subdomains such as yourname.pixlibre.com or custom domains);
  • Interact with client portals, checkout, or other flows we provide; or
  • Communicate with us (support, feedback, commitments/roadmap features).

This policy does not describe practices of Creators on their own public sites. Creators are responsible for their privacy notices to their visitors and clients. Where we process personal information on a Creator’s behalf, we act as a processor/service provider for that Creator’s audience data, and the Creator’s policy governs the relationship with their audience.

2. Roles: controller vs processor

ContextTypical role
Marketing site visitors, account holders, billingWe act as controller (or equivalent)
End Customers of a Creator (site visitors, portal users, buyers)Creator is controller; we are processor for data we handle to provide the Services
Payment card dataProcessed by Stripe; we do not store full card numbers

3. Information we collect

3.1 Information you provide

  • Account: name, email, password (stored in hashed form), organization details, preferences.
  • Billing: subscription plan, billing address (collected by Stripe where applicable), transaction history references.
  • Content: images, videos, files, page and post content, portfolio metadata, course materials, product listings.
  • Client & project data: client names, emails, delivery preferences, access codes, proofing selections, messages you store in the Platform.
  • Support & feedback: communications with us, bug reports, roadmap/feedback submissions.
  • Connect onboarding: information required by Stripe for payouts and compliance (handled under Stripe’s policies).

3.2 Information collected automatically

  • Device and usage: IP address, browser type, device identifiers, pages viewed, features used, timestamps, referral URLs.
  • Logs and security: authentication events, API logs, abuse-prevention signals.
  • Cookies and similar technologies: see Section 9.
  • Media metadata: EXIF and technical metadata embedded in uploads (e.g., capture date, camera settings, and, where present, location/GPS). Creators may configure geo visibility and redaction defaults for public display.

3.3 Information from third parties

  • Stripe: payment status, customer IDs, Connect account status, dispute/chargeback metadata.
  • Fulfillment partners (e.g., Prodigi, Gelato): order status, shipping addresses, production updates (for POD orders you initiate).
  • Authentication and security vendors (e.g., Cloudflare Turnstile): signals to reduce fraud and abuse.
  • Analytics and error monitoring (if enabled): aggregated usage or error diagnostics.

4. How we use information

We use personal information to:

  • Provide, maintain, and improve the Services;
  • Authenticate users and enforce security (sessions, access controls);
  • Process subscriptions and, where applicable, facilitate Creator commerce via Stripe and Connect;
  • Host and deliver Creator content via storage, CDN, and streaming infrastructure;
  • Operate client portals, carts, checkout, and fulfillment workflows;
  • Communicate transactional messages (receipts, security alerts, service notices);
  • Provide support and respond to inquiries;
  • Comply with law, tax, and financial record-keeping obligations;
  • Detect, prevent, and investigate fraud, abuse, and security incidents;
  • Analyze and improve performance (where permitted by settings and consent).

We do not sell personal information for money. We do not use Creator audience data for unrelated third-party advertising without appropriate legal basis and configuration.

5. Legal bases (EEA/UK)

Where GDPR or UK GDPR applies, we rely on one or more of: contract (providing the Services), legitimate interests (security, improvement, fraud prevention—balanced against your rights), consent (where required, e.g., certain cookies or marketing), and legal obligation (tax, accounting, compliance).

Creators are responsible for choosing a lawful basis for processing their End Customers’ data on their sites.

6. How we share information

We share personal information only as needed:

  • Service providers (subprocessors) who help us operate the Services, under contractual protections;
  • Stripe for payments, subscriptions, and Connect;
  • Fulfillment providers when you use print-on-demand;
  • Creators and their teams within the same account/organization as permitted by roles;
  • End Customers and the public when you publish content or settings make it visible;
  • Legal and safety when required by law or to protect rights, safety, and integrity of the Services;
  • Business transfers in connection with merger, acquisition, or asset sale (with notice where required).

We may share aggregated or de-identified information that cannot reasonably identify you.

Subprocessors (representative list)

We use trusted providers to run the Platform. Categories and examples include:

Provider (category)Purpose
StripeSubscriptions, checkout, Connect, billing portal
CloudflareCDN, DNS, security (e.g., Turnstile), edge services
Object storage (e.g., Cloudflare R2 / S3-compatible)Media and file storage
Video streaming (e.g., Bunny Stream)Video delivery where enabled
Directus (self-hosted or managed)Application database and CMS
Resend (or similar)Transactional email
Sentry (if enabled)Error monitoring
Prodigi / Gelato (when used)Print fulfillment

Links to provider privacy policies are available in dashboard settings where shown. We may update subprocessors; material changes will be reflected here or in product notices. A current list may also be published at https://www.pixlibre.com/legal/subprocessors when available.

7. Creator sites, client portals, and End Customers

When a visitor uses a Creator’s public site or client portal (e.g., email + access code login), the Creator determines what is collected and how it is used for their business. We process that information to provide hosting, delivery, commerce, and portal features at the Creator’s direction.

If you are an End Customer with questions about a Creator’s use of your data, contact that Creator first. We may assist Creators with data subject requests where we are processor.

8. Location, maps, and conservation features

The Platform may ingest location data from image metadata or Creator inputs and display maps or “impact” visualizations according to Creator settings (e.g., redaction, fuzzing, or visibility per portfolio). Public visitors see only what the Creator’s configuration allows. Map tiles may be served by third-party map providers subject to their terms.

9. Cookies and similar technologies

Marketing site. We may use essential cookies for security and session management. Analytics or marketing cookies, if used, will be described in a cookie notice and, where required, presented for consent.

Creator public sites. Creators may enable a cookie consent experience for their visitors (e.g., categories such as necessary, analytics, personalization). Choices are stored per browser according to the Creator’s configuration.

You can control cookies through browser settings; disabling some cookies may limit functionality.

10. Data retention

We retain personal information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type—for example:

  • Account data: for the life of the account and a reasonable period after deletion;
  • Billing records: as required for tax and accounting laws;
  • Logs: for a limited period for security and troubleshooting;
  • Creator content: until deleted by the Creator or through account deletion processes;
  • Data export packages: for a limited time after generation, then deleted.

Creators are responsible for retention policies for their End Customer data.

11. Security

We implement technical and organizational measures appropriate to the nature of the data, including encryption in transit, access controls, and monitoring. No method of transmission or storage is 100% secure. You are responsible for safeguarding your credentials and configuring team access appropriately.

12. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, restrict, object, portability, and to withdraw consent where processing is consent-based. You may also have rights regarding automated decision-making and to lodge a complaint with a supervisory authority.

Creators (account holders):

  • Update profile and many settings in the Platform dashboard;
  • Request a data export where available (machine-readable package of account data);
  • Request account deletion where available, subject to verification, settlement of billing obligations, and any grace period before permanent deletion.

Marketing site visitors: contact [Privacy Email] or use https://www.pixlibre.com/contact to exercise rights regarding data we control directly.

We will verify requests and respond within timeframes required by law.

13. California privacy notice (summary)

If you are a California resident, you may have additional rights under the CCPA/CPRA, including rights to know, delete, and correct personal information, and to opt out of “sale” or “sharing” as defined by law. We do not sell personal information for monetary consideration. To submit a request, email [Privacy Email]. We will not discriminate against you for exercising privacy rights.

14. International transfers

We may process information in the United States and other countries where we or our subprocessors operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for transfers from the EEA/UK.

15. Children

The Services are not directed to children under 16 (or the age required in your jurisdiction). We do not knowingly collect personal information from children. Contact [Privacy Email] if you believe we have collected a child’s information.

16. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version at https://www.pixlibre.com/legal/privacy with a revised effective date and provide additional notice where required. Continued use after the effective date constitutes acknowledgment of the update.

17. Contact us

Data protection / privacy inquiries:
[Privacy Email]

Postal address:
[Company Legal Name]
[Postal address]

Support (account issues): [Support Email] or https://www.pixlibre.com/contact