1. Introduction
PIXELMENDER ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our platform and services.
By using PIXELMENDER, you consent to the practices described in this policy.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, phone number, business name, business address.
- Onboarding Data: Industry, brand assets, design preferences, business goals, EIN (for 10DLC registration).
- Payment Information: Processed by Stripe. We do not store full credit card numbers.
- Communications: Messages you send through our support channels.
2.2 Information Generated by the Platform
- Lead Data: Contact information and qualification scores for leads generated by the Digital Workforce.
- AI Conversation Logs: Chat, SMS, and voice interactions processed by the Digital Workforce (retained for quality assurance and compliance).
- Voice Recordings: Phone conversations handled by the Digital Workforce are recorded with your consent for quality assurance and lead documentation. Recordings are stored securely and retained per our data retention schedule.
- Cross-Channel Contact Records: When your customers interact with the Digital Workforce across multiple channels (chat, SMS, phone), we maintain unified contact records to provide continuity of service.
- Design Intelligence Data: Competitor analysis, design tokens, and site DNA generated during the build process.
- Audit Logs: Records of account actions, billing events, and compliance checkpoints.
2.3 Automatically Collected Information
- Usage Data: Pages visited, features used, session duration.
- Device Information: Browser type, operating system, screen resolution.
- IP Address: Used for security, geo-blocking, and compliance.
3. How We Use Your Information
We use collected information to:
- Provide, maintain, and improve our services.
- Build and deploy your custom web assets and Digital Workforce.
- Qualify and route leads to your business.
- Process payments and generate billing records.
- Communicate with you about your account, projects, and updates.
- Ensure platform security and prevent abuse.
- Comply with legal obligations and enforce our Terms of Service.
4. Third-Party Processors
We share your information with the following third-party service providers, each of which processes data according to their own privacy policies:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google Cloud Platform (Firebase) | Hosting, database, authentication, Cloud Functions | Account data, project data, audit logs |
| Stripe | Payment processing, billing, tax calculation | Payment info, billing address, transaction history |
| Twilio | SMS, voice calls, 10DLC registration | Phone numbers, SMS content, call metadata |
| OpenAI | AI workforce: chat, SMS, and voice responses | Conversation context (no PII transmitted in prompts where possible) |
| Azure OpenAI | AI workforce for healthcare industries (HIPAA-compliant routing) | Conversation context with BAA coverage |
| Anthropic (Claude) | Site generation, design analysis, vision processing | Design tokens, site content, screenshots for analysis |
| ElevenLabs | AI voice agent (The Operator): inbound phone call handling | Voice audio, call metadata, conversation context |
| Resend | Transactional and notification email | Email address, name, email content |
| Cloudflare | DNS, SSL, CDN, and domain management | Domain records, traffic metadata |
| SerpAPI | Design research and competitor discovery | Search queries (no PII) |
We do not sell your personal information to third parties.
4.2 Mobile and SMS Data
Mobile information will not be shared with or sold to third parties. Phone numbers collected through the Digital Workforce (SMS, voice) are used exclusively to deliver the services described in these terms: appointment confirmations, service reminders, lead qualification, and customer care communications on behalf of the business you opted in with.
Mobile phone numbers and SMS message content are not shared with any third party for marketing or promotional purposes. SMS data is transmitted through Twilio solely for message delivery and is subject to Twilio's privacy policy.
5. US CLOUD Act Disclosure
PIXELMENDER operates using Google Cloud Platform (Firebase) infrastructure located in the United States. As a US-based service provider, your data may be subject to access requests under the Clarifying Lawful Overseas Use of Data (CLOUD) Act of 2018.
Under the CLOUD Act, US law enforcement agencies may compel US-based service providers to disclose data stored on their servers, regardless of where the data subject is located.
What this means for you:
- Your data is stored on US-based servers.
- US authorities may request access to your data through valid legal process.
- This applies even if you are located in the EU, UK, or other jurisdictions.
- We will comply with lawful data requests as required by US law.
- Where legally permitted, we will notify you of such requests.
We commit to challenging overbroad or unlawful requests where possible and maintaining transparency about government data requests.
6. Cookies and Tracking
PIXELMENDER uses cookies to operate the platform. Our cookie categories are:
6.1 Essential Cookies (Always Active)
- Authentication: Session cookies for login state.
- Security: CSRF protection and access control tokens.
- Consent: Your cookie preference selection.
6.2 Functional Cookies (Optional)
- UI preferences, language settings, dashboard customizations.
6.3 Analytics Cookies (Optional)
- Page views, feature usage, session duration (used to improve the platform).
6.4 Marketing Cookies (Optional)
- Personalized content delivery across platforms.
You can manage your cookie preferences at any time through the cookie consent banner. We honor Global Privacy Control (GPC) signals: when detected, only essential cookies are active.
7. Data Retention
- Account Data: Retained for the duration of your account plus 30 days after termination (for data export).
- Lead Data: Retained for 18 months from last activity, then scrubbed per our lead scrubber compliance schedule.
- AI Conversation Logs: Retained for 90 days for quality assurance, then archived for 12 months.
- Voice Recordings: Retained for 90 days, then deleted. Transcripts retained for 12 months.
- Cross-Channel Contact Records: Retained for the duration of the associated business account plus 30 days.
- Billing Records: Retained for 7 years per tax and accounting requirements.
- Audit Logs: Retained indefinitely for compliance and security purposes.
8. Data Deletion
You may request deletion of your personal data at any time by contacting privacy@pixelmender.com or through your dashboard. We will process erasure requests within 30 days, subject to the following exceptions:
- Billing records required for tax compliance.
- Audit logs required for legal or regulatory obligations.
- Data necessary to resolve pending disputes.
Our erasure protocol performs cascading deletion across all platform systems, including Firestore, Cloud Storage, Stripe records (where permitted), and third-party integrations.
9. Your Privacy Rights
9.1 All Users
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate information.
- Request deletion of your data (subject to exceptions above).
- Export your data in a portable format.
- Opt out of non-essential cookies and tracking.
9.2 California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to Know: Request disclosure of the categories and specific pieces of personal information collected.
- Right to Delete: Request deletion of personal information collected.
- Right to Opt-Out: We do not sell personal information, so this right is satisfied by default.
- Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
9.3 Other State Privacy Laws
We comply with applicable state privacy laws including the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and Connecticut Data Privacy Act (CTDPA). If you are a resident of these states, you may exercise your rights by contacting us at the address below.
10. Security
We implement industry-standard security measures to protect your data, including:
- Encryption in transit (TLS) and at rest.
- Firebase Security Rules enforcing per-collection access control.
- Role-based access control (RBAC) with custom claims.
- PII sanitization in audit logs.
- HMAC-SHA256 request signatures on the Workforce API.
- Rate limiting on public endpoints.
No system is 100% secure. If you discover a security vulnerability, please report it to security@pixelmender.com.
11. Children's Privacy
PIXELMENDER is a business-to-business platform. Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date and notify you via your dashboard. Material changes will be communicated via email.
13. Contact
For privacy inquiries or to exercise your rights:
PIXELMENDER
North Carolina, USA
Email: privacy@pixelmender.com