Privacy Policy
PIXIEDITOR PRIVACY POLICY
Section titled “PIXIEDITOR PRIVACY POLICY”This Privacy Policy (hereinafter: “Policy”) contains information on the processing of your personal data in connection with the use of the PixiEditor desktop App and PixiEditor.net website operating at the Internet address https://pixieditor.net/ (hereinafter: “PixiEditor”).
Any capitalized terms not otherwise defined in the Policy shall have the meaning given to them in the Terms of Service, available at: https://pixieditor.net/docs/terms-of-service/.
Personal data Controller
Section titled “Personal data Controller”The Controller of your personal data is Pixi Labs sp. z o.o. with its registered office in Międzyświec (registered office address: Błądnicka 23, 43-430 Skoczów), entered into the register of entrepreneurs of the National Court Register kept by the District Court in Bielsko-Biała, VIII Commercial Division of the National Court Register under KRS number: 0001179424, TIN: 5482769278, REGON number: 54203277600000, having a share capital of PLN 15,000 (hereinafter: “Controller”).
Contact with the Controller
Section titled “Contact with the Controller”In all matters related to the processing of personal data, you can contact the Controller via e-mail: info@pixieditor.net
Personal data protection measures
Section titled “Personal data protection measures”The Controller applies modern organisational and technical safeguards to ensure the best possible protection of your personal data and guarantees that it processes them in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR”), the Act of 10 May 2018 on the Protection of Personal Data and Other Personal Data Protection Regulations.
The Controller services are not directed to children under the age of 16, and we do not knowingly collect personal data from anyone under 16. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us.
Information on the personal data processed - use of Umami services
Section titled “Information on the personal data processed - use of Umami services”The Controller uses Umami, an open-source, privacy-focused analytics tool that does not use cookies or collect personal data, to analyze website traffic and improve user experience. For details, see Umami’s Privacy Policy.
We use anonymized and aggregated information collected by Umami services for various purposes including improving and optimizing the Website’s content and user experience, analyzing website traffic and user behavior through Umami. The legal basis for processing analytical data is Article 6(1)(f) of the GDPR. The Controller will process the above-mentioned personal data until an effective objection is raised or the purpose of processing is achieved (whichever occurs first).
You can opt-out of Umami data collection by setting umami.disabled to true in your browser’s local storage. This will prevent Umami from collecting any data about your interactions with the Website.
Alternatively, you may disable tracking via your browser or use privacy tools that block analytics.
Information on the personal data processed - General
Section titled “Information on the personal data processed - General”The use of the PixiEditor requires the processing of your personal data. Below you will find detailed information about the purposes and legal grounds of processing, as well as the period of processing and the obligation or voluntariness to provide them.
1. Conclusion and performance of the Account Agreement
Section titled “1. Conclusion and performance of the Account Agreement”| Purpose of processing | Personal data processed | Legal basis |
|---|---|---|
| Conclusion and performance of the Account Agreement | 1. e-mail address | Article 6(1)(b) of the GDPR (processing is necessary for the conclusion and performance of the Account Agreement concluded with the data subject) |
Providing the above-mentioned personal data is a condition for concluding and performing the Account Agreement (providing them is voluntary, but the consequence of failure to provide them will be the inability to conclude and perform the Account Agreement).
The Controller will process the above-mentioned personal data until the statute of limitations for claims arising from the Account Agreement expires.
2. Conclusion and performance of the App Agreement, License Agreement and purchasing Digital Goods
Section titled “2. Conclusion and performance of the App Agreement, License Agreement and purchasing Digital Goods”| Purpose of processing | Personal data processed | Legal basis |
|---|---|---|
| Conclusion and performance of the App Agreement, License Agreement and purchasing Digital Goods | 1. e-mail address 2. billing information provided by User | Article 6(1)(b) of the GDPR (processing is necessary for the performance of the App Agreement, License Agreement and Purchasing Digital Goods concluded with the data subject or to take steps to conclude it) |
Providing the above-mentioned personal data is a condition for concluding and performing the App Agreement, License Agreement and purchasing Digital Goods (providing them is voluntary, but the consequence of failure to provide them will be the inability to conclude and perform the App Agreement, License Agreement and purchase of Digital Goods).
The Controller will process the above-mentioned personal data until the statute of limitations for claims arising from the App Agreement or License Agreement expires.
3. Sending crash reports to help maintain the App’s operational functionality
Section titled “3. Sending crash reports to help maintain the App’s operational functionality”| Purpose of processing | Personal data processed | Legal basis |
|---|---|---|
| Sending crash reports to Controller to help maintain the App’s operational functionality in accordance with the Terms of Service | 1. operating system information; 2. hardware information; 3. information about App configuration (e.g. selected language, region, selected tools) 4. other data provided by User via crash report | Article 6(1)(b) of the GDPR (processing is necessary for the performance of the App Agreement, License Agreement and ensure the App remains operational) |
In the event of crash, a report containing diagnostic data is automatically sent to the Controller servers. Providing the above-mentioned personal data is a condition to ensure the App remains operational, and App Agreement or License Agreement is performed in accordance with the TOS.
The Controller will process the above-mentioned personal data until the statute of limitations for claims arising from the App Agreement or License Agreement expires.
4. Conclusion and performance of the Newsletter Agreement
Section titled “4. Conclusion and performance of the Newsletter Agreement”| Purpose of processing | Personal data processed | Legal basis |
|---|---|---|
| Conclusion and performance of the Newsletter Agreement | 1. e-mail address | Article 6(1)(b) of the GDPR (processing is necessary for the performance of the Agreement for the provision of the Newsletter concluded with the data subject or to take steps to conclude it) and Article 6(1)(f) of the GDPR (processing is necessary for the purpose of the legitimate interest of the Controller, in this case informing about new products and promotions available in the PixiEditor) |
Providing the above-mentioned personal data is voluntary, but necessary in order to receive the Newsletter (the consequence of not providing them will be the inability to receive the Newsletter or Digital Content).
The Controller will process the above-mentioned personal data until an effective objection is raised or the purpose of the processing is achieved, or until the claims arising from the Agreement for the provision of the Newsletter (whichever occurs first).
5. Conducting a complaint procedure
Section titled “5. Conducting a complaint procedure”| Purpose of processing | Personal data processed | Legal basis |
|---|---|---|
| Conducting a complaint procedure | 1. name and surname 2. e-mail address 3. other data provided by User via complaint | Article 6(1)(c) of the GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case the following obligations: responding to a complaint - Article 7a of the Consumer Rights Act; exercising the User’s rights resulting from the provisions on the Controller’s liability in the event of non-compliance of the Physical Goods with the sales contract or the object of digital goods with the agreement applicable to it) |
Providing the above-mentioned personal data is a condition for receiving a response to the complaint or exercising the User rights resulting from the provisions on the Controller’s liability in the event of non-compliance of the Subject of Digital Service with the Agreement applicable (their provision is voluntary, but the consequence of failure to provide them will be the inability to receive a response to the complaint and the exercise of the above-mentioned rights).
The Controller will process the above-mentioned personal data for the duration of the complaint procedure, and in the case of exercising the above-mentioned rights of the User - until their limitation expires.
6. Handling queries submitted by Users
Section titled “6. Handling queries submitted by Users”| Purpose of processing | Personal data processed | Legal basis |
|---|---|---|
| Handling queries submitted by Users | 1. name 2. e-mail address 3. other data provided by User via message to the Controller | Article 6(1)(f) of the GDPR (processing is necessary for the purpose of pursuing the legitimate interest of the Controller, in this case responding to the inquiry received) |
Providing the above-mentioned personal data is voluntary, but necessary in order to receive a response to the inquiry (the consequence of failure to provide them will be the inability to receive an answer).
The Controller will process the above-mentioned personal data until an effective objection is raised or the purpose of processing is achieved (whichever occurs first).
7. Sharing App reviews
Section titled “7. Sharing App reviews”| Purpose of processing | Personal data processed | Legal basis |
|---|---|---|
| Sharing App reviews | 1. name 2. optionally - other data included in the review | Article 6(1)(f) of the GDPR (processing is necessary for the purpose of the legitimate interest of the Controller, in this case making the review available for information and promotional purposes) |
Providing the above-mentioned personal data is voluntary, but necessary in order to add a review (the consequence of not providing them will be the inability to add a review).
The Controller will process the above-mentioned personal data until an effective objection is raised or the purpose of processing is achieved (whichever occurs first).
8. Fulfilling tax obligations
Section titled “8. Fulfilling tax obligations”| Purpose of processing | Personal data processed | Legal basis |
|---|---|---|
| Fulfilling tax obligations (among others issuing a VAT invoice, storing accounting documentation) | 1. name and surname/company 2. address of residence/registered office 3. TIN (tax identification number) | Article 6(1)(c) of the GDPR (processing is necessary to comply with a legal obligation to which the Controller is subject, in this case obligations under tax law) |
Providing the above-mentioned personal data is voluntary, but necessary for the Controller to meet its tax obligations (the consequence of failure to provide them will be the Controller’s inability to meet the above-mentioned obligations).
The Controller will process the above-mentioned personal data for a period of 5 years from the end of the year in which the deadline for payment of tax for the previous year expired.
9. Compliance with obligations related to the protection of personal data
Section titled “9. Compliance with obligations related to the protection of personal data”| Purpose of processing | Personal data processed | Legal basis |
|---|---|---|
| Compliance with obligations related to the protection of personal data | 1. name and surname 2. contact details provided by User (e-mail address; correspondence address; telephone number) | Article 6(1)(c) of the GDPR (processing is necessary to comply with a legal obligation to which the Controller is subject, in this case the obligations resulting from the provisions on the protection of personal data) |
Providing the above-mentioned personal data is voluntary, but necessary for the proper performance by the Controller of the obligations resulting from the provisions on the protection of personal data, among others the exercise of the rights granted to you by the GDPR (the consequence of failure to provide the above-mentioned data will be the inability to properly exercise the above-mentioned rights).
The Controller will process the above-mentioned personal data until the expiry of the limitation periods for claims for violation of personal data protection regulations.
10. Establishing, exercising or defending against legal claims
Section titled “10. Establishing, exercising or defending against legal claims”| Purpose of processing | Personal data processed | Legal basis |
|---|---|---|
| Establishing, exercising or defending against legal claims | 1. name and surname/company 2. e-mail address 3. address of residence/registered office 4. ID number 5. TIN | Article 6(1)(f) of the GDPR (processing is necessary for the purpose of pursuing the legitimate interest of the Controller, in this case establishing, investigating or defending against claims that may arise in connection with the performance of the Agreements concluded with the Controller) |
Providing the above-mentioned personal data is voluntary, but necessary in order to establish, pursue or defend against claims that may arise in connection with the performance of the Agreements concluded with the Controller (the consequence of failure to provide the above-mentioned data will be the inability of the Controller to take the above-mentioned actions).
The Controller will process the above-mentioned personal data until the expiry of the limitation periods for claims that may arise in connection with the performance of the Agreements concluded with the Controller.
11. Analysis of your activity on the PixiEditor website
Section titled “11. Analysis of your activity on the PixiEditor website”| Purpose of processing | Personal data processed | Legal basis |
|---|---|---|
| Analysis of your activity on the PixiEditor website | 1. date and time of the visit 2. IP number of the device 3. device operating system type 4. approximate location 5. type of web browser 6. time spent on the website 7. visited subpages and other actions taken within the website 8. other data collected through Umami as described above | Article 6(1)(f) of the GDPR (processing is necessary for the purpose of the legitimate interest of the Controller, in this case obtaining information about your activity on the website) |
Providing the above-mentioned personal data is voluntary, but necessary in order for the Controller to obtain information about your activity on the website (the consequence of failure to provide them will be the Controller’s inability to obtain the above-mentioned information).
The Controller will process the above-mentioned personal data until an effective objection is raised or the purpose of the processing is achieved.
12. PixiEditor website administration
Section titled “12. PixiEditor website administration”| Purpose of processing | Personal data processed | Legal basis |
|---|---|---|
| PixiEditor website administration | 1. IP address 2. server date and time 3. web browser information 4. operating system information 5. other data collected through Umami as described above | Article 6(1)(f) of the GDPR (processing is necessary for the purpose of pursuing the legitimate interest of the Controller, in this case ensuring the proper operation of the website) |
The above data are saved automatically in the so-called server logs, each time the website is used (it would not be possible to administer it without the use of server logs and automatic saving). Providing the above-mentioned personal data is voluntary, but necessary to ensure the proper operation of the website (the consequence of failure to provide them will be the inability to ensure the proper operation of the website).
The Controller will process the above-mentioned personal data until an effective objection is raised or the purpose of the processing is achieved.
Recipients of personal data
Section titled “Recipients of personal data”The recipients of personal data will be the following external entities cooperating with the Controller:
- Stripe Inc.
- Umami Software Inc.
- Hetzner Online GmbH
In addition, personal data may also be transferred to public or private entities, if such an obligation results from generally applicable law, a final court judgment or a final administrative decision.
Transfer of personal data to a third country
Section titled “Transfer of personal data to a third country”Because the Controller uses third-party solutions, including, among others, Umami, User data may be transferred outside of the European Economic Area (EEA) to countries that may not provide the same level of data protection as your home country.
In connection with our use of the services provided by Umami, your personal data may be transferred to the following third countries: Great Britain, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia and Australia. The basis for the transfer of data to the above-mentioned third countries are:
- in the case of the United Kingdom, Canada, Israel and Japan - a decision of the European Commission stating an adequate level of protection of personal data in each of the above-mentioned third countries;
- for the USA, Chile, Brazil, Saudi Arabia, Qatar, India, China, South Korea, Singapore, Taiwan (Republic of China), Indonesia and Australia, adequacy contractual clauses in line with the standard contractual clauses set out in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council.
You can obtain from the Controller a copy of the data transferred to a third country.
Data subject rights
Section titled “Data subject rights”In connection with the processing of personal data, you have the following rights:
- the right to be informed what personal data concerning you is processed by the Controller and to receive a copy of this data (the so-called right of access). Issuing the first copy of the data is free of charge, for subsequent copies the Controller may charge a fee;
- if the processed data becomes outdated or incomplete (or otherwise incorrect), you have the right to request its rectification;
- in certain situations, you can ask the Controller to delete your personal data, e.g. when:
- the data will no longer be needed by the Controller for the purposes of which it has informed;
- you have effectively withdrawn your consent to the processing of data - unless the Controller has the right to process the data on another legal basis;
- the processing is unlawful;
- the need to delete the data results from a legal obligation to which the Controller is subject.
- if personal data is processed by the Controller on the basis of the consent granted to the processing or in order to perform the Agreement concluded with him, you have the right to transfer your data to another Controller;
- if personal data is processed by the Controller on the basis of your consent to the processing, you have the right to withdraw this consent at any time (the withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal);
- if you believe that the processed personal data are incorrect, their processing is unlawful, or the Controller no longer needs certain data, you can request that for a specified period of time (e.g. checking the correctness of the data or pursuing claims) the Controller does not perform any operations on the data, but only stores them;
- you have the right to object to the processing of personal data based on the legitimate interest of the Controller. In the event of an effective objection, the Controller will cease to process personal data for the above-mentioned purpose;
- you have the right to lodge a complaint with the President of the Office for Personal Data Protection if you believe that the processing of personal data violates the provisions of the GDPR.
PixiEditor App on Steam
Section titled “PixiEditor App on Steam”PixiEditor App is available on Steam. Using PixiEditor App through Steam will display your publicly available Steam username and avatar in the application. This information is used to personalize your experience, PixiEditor App does not send this information outside your computer and we do not have access to it.
For purchases made through Steam, follow the Steam Privacy Policy. We do not collect any information related to purchases made through Steam and do not store any information on our servers. We access your Steam account via Steamworks API to verify your ownership of the App and to provide you with the purchased features.
Discord Rich Presence
Section titled “Discord Rich Presence”PixiEditor supports Discord Rich Presence API. This means, your status
is publicly displayed on your Discord profile while using PixiEditor. By default, this option is enabled. Please refer to Discord Privacy Policy for further information. Default PixiEditor Rich Presence publicly shares information about:
- Document size
- Layers count
- Time elapsed
All the options can be disabled in the settings as well as Rich Presence itself.
Cookies
Section titled “Cookies”The Controller informs that the PixiEditor use only essential cookies, such as those that enable the processing of web server requests.
Final provisions
Section titled “Final provisions”To the extent not regulated by the Policy, the generally applicable provisions on the protection of personal data shall apply.
The policy is effective from 18.04.2026.
All of our content is carefully written by hand, no AI was involved during the process.