Privacy Policy
Last updated: May 26, 2026
1. Who We Are
Pixly (“we,” “our,” or “the Service”) is an AI-powered image optimization platform built for Shopify merchants. We help you analyze, rename, convert, and sync product images with automatically generated SEO metadata.
AIPIXLY· ABN 35 821 979 358
22 Dorcas St, Southbank VIC 3006, Australia
Contact: hello@getpixly.app
AI Transparency
- Pixly uses artificial intelligence to analyze product images you upload or connect from Shopify. The AI suggests filenames, alt text, and quality notes (such as low-resolution alerts).
- The AI receives only those product images, not your customers' personal data.
- You stay in control. Suggestions are shown for your review. Nothing is sent to Shopify until you approve it.
- Your images are not used to trainPixly's models or third-party models under our provider agreements. Our AI provider is Google. See their privacy policy: policies.google.com/privacy
2. Data We Collect
- Account data: email address and login credentials.
- Product images: images you upload or import from your Shopify store.
- Shopify connection: store domain and access credentials, stored encrypted and used only to read and update your catalog on your behalf.
- Usage data: token balance, plan, job history, processing settings, and image metadata (such as proposed alt text and filenames).
- Website and product analytics (optional): page views, conversion events (sign-up, store check, checkout, purchase), and device identifiers via cookies when you accept Analytics and/or Marketing in our Cookie Policy. This may apply across the marketing site and logged-in app.
- Referral attribution (optional): if you arrive via a partner link, we may store a partner slug or code, signup source, and link it to your account if you register. Requires cookie consent where applicable.
- Error monitoring (logged-in app): when you use the dashboard, we may send error reports, optional session replays (product images blocked in replays), and bug feedback you submit via the in-app widget to Sentry. Feedback requires your email.
3. Data Processing
When you use Pixly to optimize Shopify product images, you decide what is uploaded, approved, and synced. For that catalog workflow, you are the data controller and Pixly acts as your data processor, handling images and metadata only on your instructions.
We process personal data under these legal bases, depending on context:
- Contract: to run the Service you signed up for (account, image processing, Shopify sync, billing).
- Legitimate interests: fraud prevention, security monitoring, and product improvement using aggregated usage metrics.
- Consent: optional analytics, marketing cookies, and promotional email where required by law.
- Legal obligation: tax, accounting, and lawful requests from authorities.
Processing locations: primary infrastructure is hosted in the United States (Vercel, Supabase) with subprocessors listed in Section 6. We use contractual safeguards for international transfers where required, including standard contractual clauses for EU data subjects.
Pixly does notsell personal data. We do not use your product images to train public AI models. Shopify customer checkout data, payment card numbers, and theme code are outside Pixly's scope.
4. How Long We Keep Your Data
We collect only what we need and delete data on a fixed schedule:
- Uploads and in-progress jobs: while the job is active.
- After you sync to Shopify: processed copies are removed within 30 days.
- Items in Recently Deleted: permanently removed within 14 days.
- Account and billing records: until you delete your account, then removed as described on the Account page.
We do not sell your image data. Limited backups of account and job records may exist for disaster recovery; those backups do not include your image files. Pixly is not a backup or archive service. Keep your own copies of important catalog images.
5. How We Use Your Data
- To process and optimize your product images using AI.
- To sync optimized images and metadata back to your Shopify store.
- To manage your account, token balance, and subscription.
- To send transactional and onboarding emails (e.g. password reset, email confirmation reminders, welcome, store connection reminders, billing updates, Auto-Pilot activity). No promotional marketing without explicit consent.
- To attribute signups to partners in our partner program and calculate commissions, when you have accepted referral cookies or sign up in the same session via a partner link.
6. Subprocessors & Third-Party Services
Subprocessors are vendors Pixly uses to host, analyze, deliver, or bill the Service on your behalf. We vet subprocessors for security and privacy practices and require them to process data only under our instructions.
| Service | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Hosting, authentication, and file storage | supabase.com/privacy |
| Google (Gemini) | AI image analysis | policies.google.com/privacy |
| Replicate | Optional upscaling and background removal | replicate.com/privacy |
| Shopify | Store connection and catalog sync | shopify.com/legal/privacy |
| Shopify | App billing and subscription charges | shopify.com/legal/privacy |
| Vercel | Application hosting | vercel.com/legal/privacy-policy |
| Resend | Transactional email | resend.com/legal/privacy-policy |
| Sentry | Error monitoring, session replay (images blocked), and in-app bug feedback for signed-in users | sentry.io/privacy |
| Google Analytics | Optional analytics and conversion measurement (cookies + server API, consent required) | policies.google.com/privacy |
| Meta (Facebook) | Optional marketing pixel and Conversions API (browser + server, consent required) | privacycenter.fb.com/policy |
We will notify account holders by email before adding a new subprocessor that handles personal data, where required by applicable law.
7. Cookies & Tracking
Our website uses essential cookies to keep you signed in. Partner referral, analytics, and marketing technologies load only if you accept them in the banner. After acceptance, Google Analytics and Meta may run on marketing pages and in the logged-in app. In-app usage data (tokens, jobs, image processing) is not sold to advertisers.
Details and how to change your choices: Cookie Policy.
8. Your Rights (GDPR / CCPA / Australian Privacy Act)
Depending on your location, you have the right to:
- Access the personal data we hold about you.
- Delete your account and all associated data at any time from the Account page.
- Portability: export your image metadata on request.
- Opt out of AI processing. You can use Pixly in manual-only mode without triggering AI analysis.
- Withdraw cookie consent at any time by clearing your browser cookies.
To exercise any right, email us at hello@getpixly.app. We will respond within 30 days.
9. Data Processing Agreements (DPA)
A Data Processing Agreement (DPA) is a contract between you (the controller) and Pixly (the processor) that documents how we handle personal data on your behalf, including security measures, breach notification, and subprocessors.
EU and UK businesses that need a DPA under GDPR or UK GDPR may email hello@getpixly.app with the subject line “DPA Request”. Include your company legal name and Shopify store domain. We respond within 5 business days with our standard DPA, which incorporates EU Standard Contractual Clauses where applicable.
Shopify's mandatory GDPR webhooks (customers/data_request, customers/redact, shop/redact) are implemented for app uninstall and data erasure requests. Pixly stores merchant account and catalog processing data, not Shopify buyer checkout profiles.
10. Security
We use encryption in transit and at rest, access controls so only your account can reach your data, and server-side handling of Shopify credentials. Image access uses time-limited links. We review security practices regularly.
11. Governing Law
This Privacy Policy is governed by the laws of Victoria, Australia and, where applicable, the EU General Data Protection Regulation (GDPR) and the Australian Privacy Act 1988. While Pixly voluntarily complies with the Privacy Act regardless of turnover threshold, users in other jurisdictions also benefit from the protections described in this policy.
12. Changes to this Policy
We may update this policy to reflect changes in our practices or applicable law. We will notify you by email at least 14 days before any material changes take effect.