Privacy Policy
Last updated: April 2, 2026
PixelGust ("we", "us", or "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights under applicable data protection laws including the EU General Data Protection Regulation (GDPR).
1. Data Controller
The data controller is PixelGust, based in Athens, Greece. For privacy inquiries, contact us at privacy@pixelgust.com.
2. Information We Collect
2.1 Account Information
When you sign up, we collect:
- Email address — for authentication and communication
- Display name — provided by your authentication provider
- Profile photo URL — from Google Sign-In, if applicable
2.2 Usage Data
We automatically collect:
- Locations queried — coordinates you search (not linked to your identity for analytics)
- Saved locations — stored in your account for quick access
- API usage metrics — call counts per day for rate limiting
- Browser type and device information — via Google Analytics
2.3 Payment Information
Payments are processed by Lemon Squeezy. We do not store credit card numbers, billing addresses, or other payment details on our servers. We receive only:
- Subscription status (active, cancelled, paused)
- Plan tier and billing cycle
- Customer ID (for linking your subscription to your account)
3. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and maintain the Service | Contract performance |
| Process subscriptions and payments | Contract performance |
| Send account-related emails (e.g., billing receipts) | Contract performance |
| Improve the Service (aggregate analytics) | Legitimate interest |
| Enforce rate limits and prevent abuse | Legitimate interest |
| Send product updates (optional newsletter) | Consent |
4. Data Sharing
We do not sell your personal data. We share data only with:
- Firebase (Google Cloud) — authentication and database hosting
- Lemon Squeezy — payment processing
- Google Analytics — anonymous usage statistics
- Google Cloud Run — infrastructure hosting (EU region: europe-west1)
All sub-processors are GDPR-compliant and data is stored within the European Union.
5. Data Retention
- Account data — retained while your account is active, deleted within 30 days of account deletion request
- Saved locations — deleted when you remove them or delete your account
- API logs — retained for 90 days for debugging, then deleted
- Analytics data — anonymized and aggregated, retained indefinitely
6. Cookies
We use minimal cookies:
- Authentication cookies — essential for keeping you signed in (strictly necessary)
- Google Analytics cookies — for anonymous usage tracking (can be blocked by your browser)
We do not use advertising cookies or tracking pixels.
7. Your Rights (GDPR)
As an EU resident, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Data portability — receive your data in a machine-readable format
- Restriction — limit how we process your data
- Objection — object to processing based on legitimate interest
- Withdraw consent — for consent-based processing (e.g., newsletters)
To exercise any of these rights, email privacy@pixelgust.com. We will respond within 30 days.
8. Data Security
We protect your data through:
- HTTPS encryption for all data in transit
- Firebase/Google Cloud security controls and encryption at rest
- API key hashing (keys are never stored in plaintext)
- Least-privilege access controls for internal systems
9. International Transfers
Your data is processed and stored within the EU (Google Cloud europe-west1 region). If data is transferred outside the EU (e.g., for Google Analytics), it is covered by Standard Contractual Clauses (SCCs) or equivalent safeguards.
10. Children's Privacy
PixelGust is not directed at children under 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly.
11. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before taking effect.
12. Contact
For privacy questions or data requests:
Email: privacy@pixelgust.com