Pixel NovaPixel Nova

    Privacy Policy

    Effective Date: 15 of June, 2025

    PixelNova LLC ("Pixel Nova," "we," "us," or "our"), located in Florida, United States, respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

    1. Scope

    This Privacy Policy applies to all users of the Pixel Nova platform, including but not limited to the website, applications, and related services provided by Pixel Nova LLC.

    2. Information We Collect

    We collect the following categories of information:

    2.1. Account Information

    • Email address
    • Username
    • Third-party provider information (if applicable; e.g. Google, GitHub)

    2.2. Google User Data

    When you sign in with Google, we may collect:

    • Google account email address
    • Google profile information (name, profile picture)
    • Google OAuth tokens for authentication

    Google API Services User Data Policy Compliance

    Our use of Google user data strictly adheres to Google's API Terms of Service, API Services User Data Policy, and Limited Use requirements. Specifically:

    How We Access Google User Data:

    • We request minimal necessary scopes for authentication and profile access only
    • OAuth consent is obtained before accessing any Google user data
    • Access is limited to profile information and email for account creation/login

    How We Use Google User Data:

    • Authenticate your identity and provide secure login
    • Create and maintain your Pixel Nova account
    • Provide user-facing features prominent in our app interface
    • Maintain security and prevent abuse

    How We Store Google User Data:

    • Stored securely in our Supabase database with encryption
    • Retained only as long as necessary for service provision
    • No storage of sensitive Google data beyond basic profile information

    How We Share Google User Data:

    • We do NOT sell, lease, or license Google user data to third parties
    • We do NOT transfer Google user data to advertising platforms or data brokers
    • We do NOT use Google user data for advertising, retargeting, or credit decisions
    • Limited sharing only for: security purposes, legal compliance, or with explicit user consent

    Limited Use Compliance:

    • Google user data is used solely for features visible in Pixel Nova's interface
    • No human reading of data except for security, legal compliance, or with explicit consent
    • Data is not used for AI model training without explicit user consent
    • All employees and contractors comply with Google's User Data Policy

    User Control:

    • You can revoke Pixel Nova's access through your Google Account settings at any time
    • You can request deletion of your Google user data through our support.
    • Transparent consent process with clear scope explanations

    2.3. Usage Data

    • Prompts and inputs provided when generating content
    • AI generation outputs (pixel art images), which are stored in publicly accessible URLs
    • IP address, browser type, device information, operating system, and usage logs

    2.4. Analytics Data

    • Aggregated usage metrics
    • Behavioral data for platform improvement
    • Website performance and user interaction data

    We use Umami Analytics and Cloudflare Analytics to collect anonymous usage data. These privacy-focused analytics platforms help us understand how users interact with our service while respecting user privacy:

    • Umami Analytics: Collects basic metrics like page views and events without using cookies or collecting personal information
    • Cloudflare Analytics: Provides web analytics without storing personal data or using cookies, focusing on aggregated performance and security metrics

    Both analytics services are configured to respect Do Not Track (DNT) browser settings and do not perform cross-site tracking.

    2.5. Moderation and Logging

    Logs of user activity for abuse prevention, moderation, and security monitoring

    2.6. AI Processing Data

    Prompts and related data are shared with model providers, including OpenAI and Hugging Face, for the purpose of generating content.

    3. Use of Information

    We use the collected data to:

    • Provide, operate, and improve the Service
    • Process user requests and generate AI-driven pixel art
    • Perform security monitoring, abuse detection, and moderation
    • Conduct internal analytics and research
    • Facilitate customer support and respond to user inquiries
    • Comply with legal obligations

    3.1. Cookies and Local Storage

    We use cookies and similar technologies to enhance your experience, provide functionality, and analyze usage patterns:

    • Essential Cookies: Required for authentication, security, and basic functionality
    • Functional Cookies: Store user preferences and settings
    • Analytics Cookies: Used by Umami and Cloudflare Analytics for anonymous usage tracking
    • Local Storage: Stores temporary data like canvas states and user preferences in your browser

    You can control cookie settings through your browser preferences. Disabling essential cookies may impact service functionality.

    4. Disclosure of Information

    We may share your information in the following circumstances:

    • AI Model Providers: Prompts and related data are transmitted to third-party model providers such as OpenAI and Hugging Face.
    • Cloud Storage Providers: User data, including generated images, is stored via Supabase providers and associated cloud infrastructure.
    • Google User Data: Google user data is handled in accordance with Google's Limited Use requirements and is not shared with third parties except as necessary to provide our service or comply with applicable law.
    • Legal Requirements: We may disclose information if required to do so by law, subpoena, or other legal process.
    • Business Transfers: In connection with a merger, acquisition, or sale of assets, user information may be transferred.

    We do not sell, lease, or license personal data to third parties for marketing or advertising purposes.

    5. Data Storage and Retention

    User data is stored on cloud infrastructure provided by Supabase and may reside in the United States or other jurisdictions. Publicly generated images are stored with publicly accessible URLs.

    We retain user data as long as necessary for the purposes described in this Privacy Policy unless a longer retention period is required by law.

    6. Data Security

    We implement reasonable technical and organizational measures to protect your personal data, including:

    • Secure access controls
    • Encrypted storage for sensitive data
    • Activity logging and monitoring

    However, no system can guarantee absolute security. Users are responsible for safeguarding their account credentials.

    6.1. Payment Processing

    Payment transactions are processed by Stripe, Inc. ("Stripe"). When you make a purchase:

    • Payment information is collected and processed directly by Stripe
    • We receive transaction confirmations and subscription status updates
    • No credit card information is stored on our servers
    • Stripe's privacy policy governs how your payment data is handled

    For billing inquiries, contact us at [email protected]. For payment security questions, refer to Stripe's privacy policy.

    6.2. International Data Transfers

    Your personal data may be transferred to, stored, and processed in countries other than your country of residence, including the United States. We ensure appropriate safeguards are in place:

    • Standard contractual clauses for data transfers outside the EU/EEA
    • Adequacy decisions by the European Commission where applicable
    • Compliance with applicable data protection laws

    6.3. Content Ownership and Generated Images

    Regarding content generated through our service:

    • You retain ownership of prompts and inputs you provide
    • Generated pixel art images are owned by you, subject to our Terms of Service
    • Images are stored with publicly accessible URLs by default
    • We reserve the right to use anonymized, aggregated data for service improvement
    • Content that violates our terms may be removed or blocked

    6.4. Automated Decision Making and AI Processing

    Our service uses automated systems and AI models for:

    • Content generation based on your prompts
    • Content moderation and safety filtering
    • Usage pattern analysis for service improvement
    • Abuse detection and prevention

    You have the right to request human review of automated decisions that significantly affect you.

    7. Enhanced User Rights

    7.1. General Rights

    All users have the following rights:

    • Access: Request a copy of your personal data
    • Correction: Request correction of inaccurate data
    • Deletion: Request deletion of your data
    • Portability: Request your data in a structured format
    • Objection: Object to processing for certain purposes

    7.2. California Residents (CCPA)

    California residents have additional rights under the California Consumer Privacy Act:

    • Know: Right to know what personal information is collected and how it's used
    • Delete: Right to delete personal information
    • Opt-Out: Right to opt-out of the sale of personal information (we don't sell data)
    • Non-Discrimination: Right not to be discriminated against for exercising privacy rights

    7.3. EU/EEA Residents (GDPR)

    EU/EEA residents have rights under the General Data Protection Regulation:

    • Lawful Basis: We process data based on legitimate interests, consent, or contract performance
    • Restriction: Right to restrict processing in certain circumstances
    • Complaint: Right to lodge a complaint with your local data protection authority
    • Withdraw Consent: Right to withdraw consent where processing is based on consent

    To exercise rights, email [email protected] with "PRIVACY REQUEST" in the subject line. Include your registered email and specify your request type.

    8. Google OAuth Verification Compliance

    Google OAuth Verification Compliance

    Pixel Nova fully complies with Google's OAuth verification requirements, including:

    For details on how we handle Google user data specifically, please see section 2.2 above.

    9. Third-Party Services

    Our service integrates with various third-party providers. Each has their own privacy practices:

    • Supabase: Database and authentication services
    • OpenAI: AI model processing for content generation
    • Hugging Face: AI model processing and hosting
    • Stripe: Payment processing and subscription management
    • Google OAuth: Third-party authentication
    • GitHub OAuth: Third-party authentication
    • Cloudflare: CDN, security, and analytics
    • Umami: Privacy-focused analytics

    We recommend reviewing the privacy policies of these services for complete information about their data practices.

    10. Data Breach Notification

    In the event of a data breach that poses a risk to your rights and freedoms:

    • We will notify relevant authorities within 72 hours where required by law
    • Affected users will be notified without undue delay
    • We will provide information about the nature of the breach and steps being taken
    • Recommendations for protecting yourself will be included in notifications

    11. Marketing Communications

    We may send you service-related communications and promotional materials:

    • Service Communications: Essential notifications about your account and service updates
    • Promotional Emails: Information about new features, tips, and offers (with consent)
    • Opt-Out: You can unsubscribe from promotional emails at any time

    Essential service communications cannot be opted out of while you maintain an active account.

    12. Account Deactivation and Data Retention

    When you deactivate your account:

    • Account access is immediately disabled
    • Personal data is anonymized or deleted within 30 days
    • Generated images may remain publicly accessible unless specifically requested for removal
    • Some data may be retained for legal, security, or fraud prevention purposes
    • Backup systems may retain data for up to 90 days before complete removal

    13. Children's Privacy

    The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe that a child under 13 has provided us with personal information, contact us immediately at [email protected] for removal.

    14. Future Use for Model Training

    Currently, user data is not used to train machine learning models. Pixel Nova reserves the right to update this policy and begin using submitted data for model training in the future. If this occurs, users will be notified in advance, and the Privacy Policy will be updated accordingly.

    15. Changes to This Privacy Policy

    We reserve the right to modify this Privacy Policy at any time. When we make material changes:

    • We will update the effective date at the top of this policy
    • Significant changes will be announced via email or in-app notification
    • Continued use of the service constitutes acceptance of changes
    • You may close your account if you disagree with policy changes

    16. Contact Information

    For any questions regarding this Privacy Policy, contact:

    PixelNova LLC
    Data Protection Officer
    Email: [email protected]
    Subject Line: "Privacy Policy Inquiry"

    EU Representative: If you are in the EU/EEA and wish to contact our EU representative, please email the above address with "EU Privacy Inquiry" in the subject line.