Privacy Policy

Who is responsible

Pixshift ("we", "us") operates this service from Germany. For data protection questions, write to support@pixshift.com. Full contact details are on the Impressum page.

The short version

Your images stay on your device. Every conversion and compression runs in your browser. We never upload your image files to our servers and we do not keep copies of them.

The data we do collect is limited to what we need to give you an account, run the service, and process payments.

What we collect and why

Account email and authentication identifier (when you sign in with Google) — needed to give you an account and let you sign back in. Legal basis: contract (Art. 6(1)(b) GDPR).

Stripe customer ID and billing records — needed to process payments and meet tax record-keeping rules. Legal basis: contract and legal obligation (Art. 6(1)(b) and (c) GDPR).

Device fingerprint for anonymous users — used to apply daily limits to free conversions. The fingerprint is a non-personal identifier. Legal basis: legitimate interest in preventing abuse (Art. 6(1)(f) GDPR).

Per-day conversion counters — used to enforce daily limits and show you usage in your dashboard. Legal basis: legitimate interest in operating the service (Art. 6(1)(f) GDPR).

What we do not collect

Image files. Conversion and compression happen entirely in your browser. The images never leave your device.

Browsing analytics, advertising identifiers, or any third-party tracking.

Who else processes your data

Supabase — provides our authentication and database. Data is hosted in the European Union.

Stripe — processes payments and stores billing records. Stripe may transfer data to the United States under EU Standard Contractual Clauses.

Google — only used if you choose to sign in with your Google account. Sign-in data may be processed in the United States under EU Standard Contractual Clauses.

We do not sell your data and we do not share it with advertisers.

Cookies

We use only the cookies needed for the service to work — an authentication session cookie and a small preference cookie. We do not use analytics or advertising cookies. See the Cookies page for details.

How long we keep your data

Account data — for as long as your account exists. You can delete your account at any time by emailing us.

Usage counters — about 90 days, then they are cleared.

Billing records — 10 years, as required by German tax law (§147 AO).

Your rights

Under the GDPR you have the right to access your data (Art. 15), correct it (Art. 16), have it deleted (Art. 17), restrict our processing of it (Art. 18), receive a copy in a portable format (Art. 20), and object to processing based on legitimate interest (Art. 21).

To exercise any of these rights, email support@pixshift.com. We will respond within one month.

You also have the right to lodge a complaint with a data protection supervisory authority — in Germany, the Federal Commissioner for Data Protection (BfDI) or your state data protection authority.

International data transfers

Where data leaves the European Union — to Stripe or Google as described above — the transfer is protected by EU Standard Contractual Clauses approved by the European Commission.

Children

Pixshift is not directed at children under 16. If you believe a child has created an account, email us and we will delete it.

Changes to this policy

If we update this policy, we will change the date at the top. Material changes will also be highlighted on the home page.