Services Privacy Policy Agreement

PixLab is committed to safeguarding your privacy. This privacy policy explains how we manage your data in accordance with strict policies and procedures to which we are contractually bound.

Connect to the PixLab Console Connect to the PixLab Console and elevate your projects with powerful Vision & Creativity APIs, designed to enhance your development workflow and productivity.

Services Privacy Policy Agreement Last updated: 01 NOVEMBER 2025

Legal & Support Links

Changelog

November 2025 - Comprehensive Privacy Policy Update - Enhanced coverage of GDPR, CCPA, and global privacy regulations.
June 2025 - New Privacy Policy Agreement to go into effect by July 01, 2025.
April 2021 - Layout Update.
April 2019 - Payment Processing/Merchant of Records (Terms).
May 2018 - GDPR Compliance.

We prioritize our users' privacy. PixLab processes your data only with your consent and in accordance with the strict policies and procedures we have contractually committed to. We do not share your data with advertiser-supported services, nor do we mine it for purposes such as marketing research or advertising.

By using the Services, you acknowledge and consent to the collection of your personally identifiable information and aggregate data as described in this Privacy Policy. All Personal Information you provide will be managed in full compliance with our Privacy Policy. By accessing the platform, you agree to this processing and confirm that all data you submit is accurate. You have the right to request the deletion of your personal information from our databases at any time, and we will take immediate action upon receiving your request.

1. About This Privacy Policy

Purpose: This Privacy Policy explains how PixLab collects, uses, discloses, and protects information about identifiable individuals ("Personal Data") when you use our Services.

Who this applies to: This Policy covers visitors, account holders, end users, developers using our APIs/SDKs, and individuals who contact us.

Key Principles:

We collect the minimum data needed to run, secure, and support the Services
We do not sell Personal Data
We do not use Customer API Data (Inputs/Outputs) for advertising or marketing
API request payloads (e.g., images, documents) are processed in memory and automatically purged upon completion by default
We use essential Cloudflare security/performance cookies only

3. Glossary and Defined Terms

Personal Data: Information relating to an identified or identifiable individual, including identifiers (such as name, email, IP address), and any information defined as "personal data," "personal information," or similar under applicable law.
Customer Data: All data submitted to the Services by or for a customer, including Inputs, Outputs, account details, configuration, logs necessary to provide the Services, and support artifacts.
Inputs: Content you or your end users submit to the Services (e.g., images, videos, documents, text, metadata, and any labels you apply).
Outputs: Results returned by the Services in response to Inputs (e.g., predictions, tags, extractions, transformations, measurements, or generated content). You own lawful Outputs, subject to our platform IP.
Account Data: Registration, profile, and billing information associated with your account (for example, name, organization, email, role, plan, payment method tokens, billing address).
Usage Data / Telemetry: Device and service interaction data (for example, IP address, timestamps, request/response sizes, feature flags, error codes, and performance metrics) generated when you use the Services.
Sensitive Data: Personal Data requiring special protection under law (e.g., health, biometric templates, precise geolocation, government IDs), if you choose to process such data through the Services.
Cookies / Similar Technologies: Small text files and comparable technologies used for session management, security, performance, and preferences. We use Cloudflare security/performance cookies as strictly necessary.
Service Providers / Sub-Processors: Third parties engaged under contract to process Personal Data for our business purposes with confidentiality, security, and data transfer safeguards.
Sell / Share (US State Laws): "Sell" and "Share" have the meanings under applicable US privacy laws (e.g., CPRA). We do not sell Personal Data, and we do not share Personal Data for cross-context behavioral advertising.

4. What This Policy Covers (and Excludes)

Covered Activities: This Policy covers Personal Data we process when you:

Visit or interact with our websites, status pages, docs, or marketing properties
Create or use an account in the PixLab console or developer portal
Use our APIs, SDKs, and integrations
Communicate with us (support tickets, sales, events, surveys)
Provide Customer Data for processing through the Services

Not Covered / Third-Party Services: This Policy does not cover:

Websites, apps, SDKs, datasets, or services that we do not control
Customer systems or third-party integrations you enable (those have their own privacy terms)
Customer-controlled processing where the customer is the controller and we act as processor

Customer-Controlled Content: Where a customer uploads Content containing Personal Data (including images, videos, audio, text, IDs, or metadata) for analysis or transformation, the customer is responsible for having a lawful basis, providing any required notices, and honoring applicable individual rights.

5. Information We Collect

We collect limited categories of Personal Data necessary to provide, secure, and improve the Services:

Contact & Identifiers: Name, company, role, email, phone (for account setup, authentication, service communications)
Account & Billing Data: Login credentials, billing address, payment tokens (processed by third-party processor), tax ID
Device & Telemetry Data: IP address, browser type, OS version, timestamps, API calls, logs, performance metrics (for security, diagnostics, usage analytics)
Inputs / Customer Content: Images, videos, documents, text, metadata, annotations (for delivering Service functionality)
Outputs / Results: Tags, classifications, extracted data, transformations (generated by Services, returned to you)
Support & Communication Records: Tickets, chat logs, emails, attachments (for customer support, compliance)
Marketing & Events Data: Newsletter sign-ups, webinar registrations (consent-based)
Recruitment Data: CVs, employment history, contact info (for recruitment and talent management)

Sources of Personal Data:

Directly from you (registration, use, support, events)
Automatically collected (cookies, API logs, SDK telemetry)
From your organization (if they grant you access to a workspace)
From integrated services (OAuth identity providers)
From public or licensed datasets (used in aggregate, not linked to individuals)

4. How We Use Personal Data

We use Personal Data for the following purposes:

Provide and Operate the Services: Account provisioning, content processing, authentication, billing, notifications, delivering Outputs
Secure and Maintain Systems: Monitoring for abuse, fraud, unauthorized access; debugging and performance optimization; enforcing acceptable-use policies
Improve and Develop Features: Analyzing anonymized usage trends; refining algorithms; testing new functionality; quality assurance
Communicate With You: Responding to inquiries; service updates, billing notices, security alerts; marketing messages (consent-based)
Comply With Law: Meeting regulatory/legal obligations; responding to lawful requests; maintaining transaction records and audit logs
Protect Rights and Interests: Defending against legal claims; preventing misuse; safeguarding PixLab's property and users

PixLab does not engage in fully automated decisions producing legal or similarly significant effects without human review.

5. Legal Bases for Processing (GDPR)

For individuals in the EEA/UK/Switzerland, we process Personal Data based on:

Contractual Necessity: Processing necessary to perform our contract with you (providing Services, managing accounts, ensuring security)
Legitimate Interests: Improving functionality, preventing abuse, securing infrastructure, corresponding with customers (you may object to processing based on legitimate interests)
Consent: Where required by law (e.g., marketing emails, event registrations, optional beta features). You may withdraw consent at any time
Legal Obligation: Processing to meet applicable laws, court orders, regulatory requirements (e.g., tax, anti-fraud laws, export controls)
Vital or Public Interest: Rare occasions where processing is necessary to protect vital interests or perform a task in the public interest

6. Inputs, Outputs & API Data Processing

Inputs: Any content, files, data, text, images, videos, or metadata you submit to the Services. PixLab processes Inputs solely to perform requested operations (e.g., object detection, document scanning) and maintain security and reliability.

No Marketing Use of Customer API Data: PixLab does not use Customer API Data (Inputs/Outputs) for advertising or marketing. Such data is processed only to provide and secure the Services, comply with law, and maintain reliability.

Outputs: Results returned by the Services (processed images, classifications, extracted data, transformations). You retain all rights in lawful Outputs, except for PixLab's underlying models, algorithms, and platform IP.

Processing & Deletion by Default: Images and documents submitted via API are processed in volatile memory and are not persisted by default. Once processing completes, payloads are purged automatically. No Customer API Data is retained unless you explicitly enable export/logging features.

Model Improvement: PixLab does not use identifiable customer Inputs or Outputs to train or fine-tune machine learning models unless you expressly opt in. We may use anonymized or statistical data derived from usage (e.g., aggregated error rates, performance trends) to enhance general system reliability.

2. Who We Are & Our Role

Controller Identity: PixLab is a trademark owned by Symisc Systems SUARL (symisc.net ↗), a private limited liability company registered and operating under the laws of the Republic of Tunisia.

Privacy Contact: [email protected]

When We Act as Controller: For account management, billing, security monitoring, product analytics, and marketing communications.

When We Act as Processor: When processing Customer Data (Inputs/Outputs) on behalf of business customers, we follow documented instructions and our Data Processing Addendum (DPA).

7. Sharing and Disclosure of Personal Data

General Principle: PixLab does not sell, rent, or lease Personal Data. We share data only as necessary for the purposes described in this Policy and subject to contractual confidentiality and security obligations.

We may share Personal Data with:

Service Providers and Sub-Processors: Third-party providers supporting service delivery (hosting, infrastructure, security, analytics, email, payment processing). Each provider processes Personal Data only under our documented instructions and is bound by strict data protection terms.
Infrastructure Providers: Reputable cloud infrastructure vendors (such as AWS or equivalent) maintaining globally distributed data centers with recognized security certifications (ISO 27001, SOC 2).
Corporate Affiliates: Controlled affiliates and subsidiaries where access is required for service operations, technical support, or corporate administration.
Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, Personal Data may be transferred to the acquiring entity subject to this Policy's terms or equivalent protection.
Legal Disclosures: Where required by applicable law, court order, or lawful government request, provided such disclosure is limited to the scope required and, where legally permitted, you or the relevant customer are notified in advance.
Protection of Rights: If we reasonably believe it is necessary to protect the rights, property, or safety of PixLab, our customers, or others, or to enforce our agreements or respond to security incidents.

7A. Sub-Processors

Definition: Sub-Processors are third parties engaged by PixLab to process Customer Data for service provision and maintenance.

Selection and Oversight: All Sub-Processors undergo security and privacy assessments before onboarding and are bound by written agreements ensuring confidentiality, access control, and data-transfer safeguards.

List and Notification: A current list of active Sub-Processors and their processing locations is maintained on PixLab's official website or customer portal. Customers may subscribe to change notifications where available.

Objection Rights: If you are a customer and object to a new Sub-Processor on reasonable grounds related to data protection, we will work in good faith to accommodate your concerns or provide an alternative processing option.

8. International Data Transfers

Global Operations: PixLab operates through distributed infrastructure. Personal Data may be transferred to and processed in countries outside your jurisdiction, including those that may not offer the same level of data protection as your home country.

Transfer Mechanisms: Where required by law, such transfers rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs), the UK Addendum, or other approved legal mechanisms.

Additional Safeguards: PixLab implements encryption, access minimization, and internal policy controls to maintain equivalent protection regardless of data location.

Obtaining a Copy: A copy of the relevant transfer mechanism or summary of safeguards can be requested by contacting [email protected], subject to redactions for confidentiality and security.

EU Residency Option: For customers with EU data-residency needs, PixLab offers private compute instances hosted in the EU. When enabled, processing and network traffic remain within the selected region.

9. Security of Personal Data

PixLab maintains administrative, physical, and technical safeguards designed to protect Personal Data against accidental loss, unauthorized access, disclosure, alteration, or destruction. These include:

Encryption in transit and at rest
Role-based access controls and authentication
Secure network architecture and firewalls
Logging, intrusion detection, and anomaly monitoring
Regular security audits and employee training

Customer Responsibilities: You are responsible for protecting credentials, configuring access permissions, and maintaining appropriate security controls within your environment.

Incident Response: In the event of a confirmed security incident affecting Personal Data, PixLab will promptly notify affected customers or individuals as required by law, describing the nature of the incident, its likely consequences, and remediation measures.

No Absolute Security: While we take extensive measures to protect information, no online system is entirely immune to risk.

10. Data Retention and Deletion

We retain Personal Data for as long as necessary to:

Provide and maintain the Services
Comply with legal obligations
Resolve disputes
Enforce agreements

Customer-Controlled Deletion: Customers may delete data at any time through the PixLab Console or by written request. Deleted data is removed from active systems promptly and from backups within standard rotation cycles.

Anonymized Data: PixLab may retain anonymized or aggregated data for legitimate business and research purposes where it can no longer identify individuals.

11. Sensitive, Special, and Biometric Data

Certain customers may choose to process sensitive categories of Personal Data through PixLab's Services (for example, government IDs, biometric patterns, or health-related images). PixLab does not require such data and processes it only on your instructions.

Customer Responsibility: If you upload or instruct us to process sensitive data, you represent that: (a) you have a lawful basis for doing so; (b) you have provided all required notices and obtained consents; and (c) the submission does not violate any rights or laws in the applicable jurisdiction.

Security Controls: All sensitive and biometric data transmitted through the Services is encrypted in transit and at rest. Access is restricted to authorized technical operations personnel who require it for maintenance or support.

Prohibition on Profiling: PixLab does not use biometric or sensitive Personal Data to profile individuals or for automated decision-making that produces legal or significant effects.

12. Children and Age Limits

Not Directed to Children: The Services are not directed to children, and PixLab does not knowingly collect Personal Data from individuals under 16 years of age (or the minimum age required by local law).

Parental or Guardian Involvement: If PixLab becomes aware that it has collected Personal Data from a child without lawful consent, it will take immediate steps to delete the data and, if applicable, terminate the related account.

Contact for Deletion: Requests relating to child data removal should be sent to [email protected] with the subject line "Child Data Deletion Request."

13. Communications, Preferences, and Marketing

Transactional and Administrative Messages: PixLab may send essential service communications (e.g., security alerts, account notices, system status updates) as part of its legitimate interests or contractual performance. These are not marketing communications and cannot be unsubscribed from while your account remains active.

Marketing Communications: PixLab may send newsletters, product updates, or invitations to webinars and events where you have opted in or where lawful under applicable regulations.

Opt-Out Options: You may withdraw consent or unsubscribe from marketing communications at any time by using the "unsubscribe" link in our emails or by contacting [email protected].

No Third-Party Advertising: PixLab does not display third-party advertising, does not sell Personal Data, and does not share information for cross-context behavioral advertising.

14. Analytics, Measurement, and A/B Testing

Purpose of Analytics: PixLab may perform limited, first-party analytics to understand aggregate usage patterns, feature performance, and system load. No advertising or fingerprinting data is collected. We do not use advertising IDs, retargeting pixels, or cross-site tracking for marketing.

Scope and Minimization: Data processed may include anonymized event counts (page loads, API calls, request latency). IP addresses are truncated or hashed before storage.

Opt-Out Mechanisms: Users may disable analytics collection via browser-level "Do Not Track" or by contacting [email protected]. Analytics data is not shared externally except with infrastructure providers acting as processors.

Testing and Improvements: From time to time, PixLab may run controlled feature tests ("A/B testing") to improve usability and performance. Personal Data is not used to identify participants, and results are aggregated.

15. Automated Decision-Making and Profiling

Limited Use: PixLab uses automated systems to detect fraud, abuse, or anomalous access patterns. These decisions are made to protect the security and reliability of the Services and do not produce legal or significant effects on individuals.

Human Review: Where an automated system flags an account or activity for review, a qualified human operator verifies the decision before any enforcement action is taken.

Transparency: You may contact [email protected] to request information about the logic involved in automated processing that concerns you, within the limits permitted by law.

15A. Candidates and Recruitment

Scope: This section applies when you apply for a role with PixLab or otherwise participate in our recruitment process.

Sources: We may collect Candidate Personal Data from you (CV/résumé, cover letters, interview materials), from references you nominate, background-check providers (where lawful), prior employers/educational institutions, recruitment agencies, and publicly available professional profiles.

Categories: Contact details; employment/education history; qualifications; work authorization/visa status; assessments and interview notes; referees' details; any other information you voluntarily provide.

Purposes & Legal Bases: Evaluate and manage applications; verify information and conduct lawful background checks; schedule and conduct interviews; maintain talent pools; comply with legal obligations. Legal bases: contractual necessity (pre-contract steps), legitimate interests (hiring, fraud prevention), consent where required, and legal obligation.

Retention: Candidate records are retained for the hiring cycle and, where permitted, for talent-pool consideration for up to 24 months (or as required by law), after which they are deleted or anonymized unless you ask us to keep them longer.

Your Choices: You may update, correct, or request deletion of Candidate data by contacting [email protected]. Where background checks apply, we'll provide notices required by local law.

16. Cookie Policy and Similar Technologies

Overview: PixLab uses a minimal set of cookies strictly necessary for security, load balancing, and network performance. These cookies are provided exclusively by Cloudflare, Inc. as part of its content delivery and protection service. PixLab does not use advertising or tracking cookies.

What Cookies We Use:

__cf_bm (Cloudflare): Distinguishes between human visitors and bots; supports anti-abuse protection and site performance. Strictly Necessary, 30 minutes duration.
cf_clearance (Cloudflare): Identifies successful security challenges to allow continuous access from verified browsers. Strictly Necessary, up to 1 year.
__cfruid (Cloudflare): Assigned to manage rate limiting and protect against distributed denial-of-service (DDoS) attacks. Strictly Necessary, session duration.

Control of Cookies: Because these cookies are essential for Service operation, disabling them in your browser may impair or block access. We do not set optional or advertising cookies.

Do Not Track and GPC: PixLab respects browser-level "Global Privacy Control" (GPC) signals to the extent technically feasible. Our Services do not track users across third-party sites.

Changes to Cookie Practices: If PixLab introduces non-essential cookies in the future (for example, to enhance analytics), this Policy will be updated in advance, and users will be offered a clear opt-in choice before such cookies are activated.

Do Not Track: Industry standards for interpreting DNT signals are not uniform; accordingly, the Services do not respond to DNT at this time. We will update this Policy if that changes.

15. Your Privacy Rights

You have the following rights regarding your Personal Data:

Access and Portability: Request a copy of the Personal Data we hold about you and, where technically feasible, request its transfer in a machine-readable format.
Correction: Request correction or update of inaccurate or incomplete information.
Deletion: Request deletion of your Personal Data, subject to lawful retention exceptions (e.g., billing or security records).
Restriction and Objection: Object to processing based on legitimate interests or request restriction of processing under certain circumstances.
Withdrawal of Consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Complaints: Lodge a complaint with a supervisory authority or regulator in your jurisdiction if you believe we have violated your privacy rights.

Verification: For security reasons, we may request proof of identity or authorization before fulfilling any rights request.

Contact for Requests: Submit privacy requests to [email protected] with sufficient details to identify your account or data relationship.

15A. Exercising Your Rights

Submission Methods: You may exercise privacy rights by:

Emailing [email protected]; or
Submitting a request through your PixLab Console account, if available.

Identity Verification: We may require information sufficient to verify your identity before responding.

Timelines: PixLab aims to respond within 30 days of receipt or the period required by local law. Complex or high-volume requests may take longer with notice.

Limitations: We may decline requests that are manifestly unfounded, repetitive, or technically infeasible, but will explain our reasoning.

Appeals and Complaints: If you disagree with our response, you may request internal review or contact your local data protection authority.

Account Closure: You may request account closure via the PixLab Console or by emailing [email protected]. We will deactivate the account and delete associated Personal Data in accordance with our retention policies, retaining only what is necessary for legal, security, and billing purposes.

15B. Customer Admins, Workspaces, and End-User Data

Admin Access: If you use the Services under an organization's account, that organization controls your access and may view or manage your data and settings. Where you choose to share content or collaborate within an organization workspace, other authorized users in that workspace may view, copy, or export that content per the organization's settings.

Audit and Logs: PixLab provides administrative audit logs for customers to track user activity and comply with internal governance policies.

End-User Rights Requests: If PixLab receives a rights request relating to data controlled by a customer, we will redirect the requester to the customer unless prohibited by law.

15C. Third-Party Links and Integrations

External Sites: Our websites and documentation may contain links to external websites or SDKs. We do not control their privacy practices and are not responsible for their content or policies.

Embedded Content: If you interact with embedded third-party content (e.g., social media widgets, payment gateways), those providers may collect data directly subject to their own privacy terms.

15D. Government Requests and Transparency

Handling Requests: PixLab reviews all governmental and law enforcement requests for data to ensure they are lawful, specific, and proportionate.

Notification: Where legally permitted, we notify the affected customer or individual before disclosing data.

Transparency Reporting: PixLab may periodically publish aggregate data about government requests it receives and how they were handled.

16. European Economic Area (EEA), United Kingdom, and Swiss Users

Controller Identity: For individuals in these regions, the controller of your Personal Data is PixLab (Symisc Systems SUARL), represented by its appointed EU/UK representative where required.

Lawful Bases Recap: Processing relies on one or more lawful bases defined under Article 6 of the GDPR (see Section 5 above).

Transfers Outside the EEA/UK: Cross-border transfers follow approved legal mechanisms (SCCs or equivalent). You may request additional information on safeguards by contacting us.

Supervisory Authority Contact: You have the right to lodge a complaint with your local supervisory authority. Contact details for EU authorities are available at https://edpb.europa.eu/about-edpb/board/members_en ↗.

17. United States State Privacy Laws (California, Virginia, and Similar)

No Sale or Share: PixLab does not sell or share Personal Data as defined by applicable U.S. state privacy laws.

Your Rights:

Right to Know: Request that we disclose the categories and specific pieces of Personal Data collected about you, its sources, purposes, and recipients.
Right to Delete: Request deletion of Personal Data collected from you, subject to lawful exceptions.
Right to Correct: Request correction of inaccurate information maintained by us.
Right to Non-Discrimination: We will not deny services, charge different prices, or provide inferior quality for exercising privacy rights.
Authorized Agents: You may designate an authorized agent to make privacy requests on your behalf by providing written authorization.

Verification: We verify requests by confirming identity through account credentials or reasonable validation steps.

Appeal Rights: If your request is denied, you may appeal by contacting [email protected], and a different personnel member will review the decision.

Response Timelines: We respond to verified requests within 45 days, extendable by 45 additional days where necessary with notice.

California "Shine-the-Light": California residents may request information regarding our disclosure of certain categories of Personal Data to third parties for their direct marketing purposes (if any) by emailing [email protected] with the subject "Shine-the-Light Request."

18. Other Regional Disclosures

Canada (PIPEDA): PixLab complies with PIPEDA principles of accountability, transparency, consent, and access. Canadian users may contact the Office of the Privacy Commissioner of Canada for complaints.

Brazil (LGPD): For Brazilian residents, PixLab processes Personal Data under legal bases consistent with the LGPD, including performance of contracts, legitimate interests, and consent. Requests may be submitted to our DPO.

Other Regions: PixLab complies with applicable local laws where it operates. We may publish localized contact information or country-specific terms on our website.

19. Changes to This Privacy Policy

PixLab may update this Privacy Policy periodically to reflect changes in law, technology, or business operations. The "Effective Date" will be updated accordingly.

Notice of Material Changes: If material changes occur, we will provide notice through the Services, email, or other appropriate means before they take effect.

Continued Use: Continued use of the Services after a new version becomes effective constitutes acceptance of the revised Policy.

20. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, contact:

Privacy and Data Protection: [email protected]
Legal Correspondence: [email protected]
Press & Media Inquiry: [email protected]
Copyright & DMCA Content Take-Down: Please refer to our dedicated DMCA - Copyright Complaint page.
Technical & Integration Support: Open a new support ticket on the PixLab Console ↗ or reach out directly to the support team via our numerous support channels.

Response Commitment: PixLab responds to all bona fide privacy inquiries promptly and in accordance with applicable law.

Feedback

We welcome feedback, comments and suggestions for improvements to the Service. You can submit Feedback by opening a new support ticket on the PixLab Console ↗ or reach out to our support team via our numerous support channels.

By doing so, you grant to us a non-exclusive, transferable, worldwide, perpetual, irrevocable, fully-paid, royalty-free license, with the right to sub-license, under any and all intellectual property rights that you own or control to use, copy, modify, create derivative works based upon and otherwise exploit the Feedback for any purpose.