Privacy Policy

1. Scope

This Privacy Policy applies to the Pixbox website, applications, and services (the “Service”). It describes how we handle personal information for photographers, studios, hosts, and guests. By using the Service, you agree to this policy. It should be read together with our Terms of Service.

2. Information we collect

Information you provide

• Account information — name, email address, password (stored hashed), and, if you sign in with Google, the basic profile information Google shares (name, email, profile photo, and a stable account identifier).
• Profile and studio details — business name, branding, and settings you add.
• Photos, videos, and albums you upload, together with their embedded metadata (for example camera details, capture time, and any location data the file contains).
• Communications — messages you send us, support requests, and survey responses.
• Payment information — handled by our payment processor; we receive confirmation and limited details (such as the last four digits and billing country), not your full card number.

Information collected automatically

• Usage and device data — pages viewed, actions taken, approximate location inferred from IP, browser and device type, and similar diagnostic data.
• Cookies and similar technologies — used to keep you signed in, remember preferences, and understand product usage (see “Cookies” below).

3. Facial detection and matching data

Where the feature is enabled for an event, Pixbox uses automated facial detection to find faces in uploaded photos and generate facial geometry data (a numerical “faceprint” representation) so that photos can be grouped and a personal “photos of you” view can be delivered. Depending on your jurisdiction, this may be considered biometric or special-category personal information.

• Consent and control. Guests opt in to selfie matching by choosing to take a selfie. Hosts and photographers control whether facial matching is enabled on an album.
• Purpose limitation. We use faceprints only to organize and deliver photos within the Service. We do not sell faceprints, and we do not use them to identify people for advertising, surveillance, or any unrelated purpose.
• Retention and deletion. Faceprints are retained while the related album is active and are deleted when the album or your account is deleted, when the feature is turned off, or when you ask us to delete them at support@pixbox.io.

4. How we use information

• To provide, maintain, secure, and improve the Service;
• To store, process, and deliver your photos and albums to the people you authorize;
• To enable facial detection and matching where you have turned it on;
• To process payments and manage subscriptions and purchases;
• To send transactional messages (sign-in, receipts, album invitations, notifications);
• To provide support and respond to your requests;
• To detect, prevent, and address fraud, abuse, and security issues; and
• To comply with legal obligations.

Our legal bases (where applicable) include performance of our contract with you, your consent (for example, for facial matching and certain cookies), our legitimate interests in running and securing the Service, and compliance with law.

5. How we share information

We do not sell your personal information. We share it only as needed to run the Service:

• With people you authorize — hosts, photographers, and guests see the albums and photos you share with them, according to the permissions you set.
• With service providers (subprocessors) who process data on our behalf under contract, listed below.
• For legal reasons — to comply with law, enforce our terms, or protect the rights and safety of users and the public.
• In a business transfer — if Pixbox or Lysensy Inc. is involved in a merger, acquisition, or asset sale, with continued protection under this policy.

Subprocessors

6. Cookies and analytics

We use strictly necessary cookies to keep you signed in and to operate the Service, and analytics cookies (via PostHog) to understand how the Service is used so we can improve it. You can control cookies through your browser settings; disabling necessary cookies may break sign-in and core features.

7. Data retention

We keep personal information for as long as your account is active or as needed to provide the Service, and afterward only as required to comply with legal obligations, resolve disputes, and enforce our agreements. Photos and albums are retained per your plan and your deletion choices; deleted Content is removed from active systems and purged from routine backups within a limited period.

8. Your rights and choices

Depending on where you live (for example under Canada’s PIPEDA, the EU/UK GDPR, or California’s CCPA/CPRA), you may have the right to access, correct, delete, port, or restrict the processing of your personal information, to withdraw consent, and to object to certain processing. To exercise these rights, email support@pixbox.io; we will respond as required by law and will not discriminate against you for exercising them. If you are in the EEA/UK, you also have the right to lodge a complaint with your local data-protection authority.

9. International transfers

We and our subprocessors may process and store information in Canada, the United States, and other countries. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for cross-border transfers of personal information.

10. Children’s privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from them as account holders. Photos uploaded by adults may depict children; the account holder is responsible for having the right to upload and share that Content. If you believe a child has provided us personal information as a user, contact us and we will delete it.

11. Security

We use technical and organizational measures — including encryption in transit, access controls, and reputable infrastructure providers — to protect your information. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security. Keep your account credentials confidential and use a strong, unique password.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will revise the “last updated” date above and, for material changes, provide additional notice where appropriate.

13. Contact

For privacy questions or requests, email support@pixbox.io.

Pixbox is a product of Lysensy Inc., a corporation incorporated under the laws of Canada, which is the data controller responsible for personal information processed through the Service.