PixTagger

Privacy Policy

Last updated: 25 September 2025

This Privacy Policy explains how PixTagger (operated by neuraforce GmbH) collects, uses, processes, stores, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.

Annotation Licensing

By submitting annotations or tags, you agree to release them under the Public Domain Dedication (CC0). PixTagger and other users may use, share, and modify your annotations without restriction.

1. Data Controller and Contact Information

neuraforce GmbH
Dora-Koch-Stetter-Weg 22
18055 Rostock
Germany

Email: support@pixtagger.com
Data Protection Officer: dpo@pixtagger.com

2. Categories of Personal Data We Collect

We may collect and process the following categories of personal data:

Account Information:

  • Name and username
  • Email address
  • Password (encrypted)
  • Account preferences and settings
  • Subscription and billing information

Content Data:

  • Uploaded images and associated metadata (EXIF data, file size, format)
  • External images downloaded from URLs you provide for annotation (including metadata)
  • AI-generated tags, descriptions, and categorizations
  • Custom tags and annotations you create
  • Album and folder structures

Technical Data:

  • IP address and geolocation data
  • Browser type, version, and language settings
  • Device information (operating system, device type)
  • Usage patterns and interaction data
  • Log files and error reports

Communication Data:

  • Support requests and correspondence
  • Feedback and survey responses
  • Marketing communication preferences

3. Purposes of Processing and Legal Basis

PurposeLegal Basis (GDPR)
Providing and maintaining the PixTagger serviceArt. 6(1)(b) - Performance of contract
Processing and organizing uploaded images using AIArt. 6(1)(b) - Performance of contract
User authentication and account securityArt. 6(1)(b) - Performance of contract
Art. 6(1)(f) - Legitimate interests
Customer support and communicationArt. 6(1)(b) - Performance of contract
Art. 6(1)(f) - Legitimate interests
Service improvement and analyticsArt. 6(1)(f) - Legitimate interests
Marketing communications (where consented)Art. 6(1)(a) - Consent
Legal compliance and fraud preventionArt. 6(1)(c) - Legal obligation
Art. 6(1)(f) - Legitimate interests
Downloading and storing external images you request for annotationArt. 6(1)(b) - Performance of contract

4. Data Sharing and Third-Party Processors

We may share your personal data with the following categories of recipients:

Cloud Infrastructure Providers:

For hosting and data storage (all EU-based)

AI Processing Services:

For image analysis and tagging (GDPR-compliant processors)

Payment Processors:

For subscription billing (when applicable)

Legal Authorities:

When required by law or court order

Important: All third-party processors are bound by Data Processing Agreements (DPAs) ensuring GDPR compliance. We conduct regular audits of our processors' security measures.

5. International Data Transfers

All personal data is processed and stored exclusively within the European Union/European Economic Area (EU/EEA). We do not transfer personal data to third countries outside the EU/EEA.

In the exceptional case that international transfers become necessary, we will implement appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission and obtain your explicit consent where required.

6. Data Retention Periods

Account Data:Duration of account + 30 days after deletion
Uploaded Images:Until user deletion or account termination
Usage Logs:12 months from creation
Support Communications:3 years from last interaction
Legal Compliance Data:As required by applicable law

Data is securely deleted or anonymized when retention periods expire. Backup copies in isolated systems are permanently purged within 90 days of the primary deletion.

7. Data Protection for Minors

Age Restriction: PixTagger is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age.

If we become aware that we have collected personal data from a child under 16 without proper parental consent, we will take immediate steps to delete such data. Parents or guardians who believe we may have collected data from their child should contact us immediately.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access (Art. 15)

Request a copy of the personal data we hold about you

Right to Rectification (Art. 16)

Correct inaccurate or incomplete personal data

Right to Erasure (Art. 17)

Request deletion of your personal data ("right to be forgotten")

Right to Restrict Processing (Art. 18)

Limit how we process your personal data in certain circumstances

Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format

Right to Object (Art. 21)

Object to processing based on legitimate interests or direct marketing

How to Exercise Your Rights:

To exercise any of these rights, please contact us at support@pixtagger.com with a clear description of your request.

Response Time: We will respond to your request within 30 days (or 60 days for complex requests). We may require additional information to verify your identity before processing your request.

9. Cookies and Tracking Technologies

Essential Cookies (Always Active):

  • Authentication and session management
  • Security and fraud prevention
  • Basic functionality and user preferences

Optional Cookies (Require Consent):

  • Analytics and performance monitoring
  • Personalization and user experience enhancement
  • Marketing and advertising (if applicable)

You can manage your cookie preferences through our cookie consent banner or your browser settings. Disabling essential cookies may affect the functionality of our service.

10. Automated Decision-Making and Profiling

We use automated processing (AI) to analyze and categorize uploaded images, including:

  • Object detection and identification
  • Scene recognition and tagging
  • Content organization and search optimization

Important: These automated processes do not produce legal effects or significantly affect you. They are purely for service functionality and user convenience. You have the right to request human intervention and challenge automated decisions.

11. Data Security Measures

We implement comprehensive security measures to protect your personal data:

Technical Safeguards:

  • End-to-end encryption in transit (TLS 1.3)
  • AES-256 encryption at rest
  • Regular security audits and penetration testing

Organizational Measures:

  • Staff training on data protection
  • Access controls and need-to-know basis
  • Incident response procedures
  • Regular backup and disaster recovery testing

12. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • Inform affected individuals without undue delay if the breach poses a high risk
  • Provide clear information about the nature of the breach and recommended actions
  • Take immediate steps to contain and remedy the breach

13. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. Our lead supervisory authority is:

Landesbeauftragter f. Datenschutz & Informationsfreiheit MV
Lennéstraße 1
19053 Schwerin
Germany

Phone: +49 385 59494-0
Email: info@datenschutz-mv.de
Website: www.datenschutz-mv.de

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification of Changes: We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Displaying a prominent notice on our platform

Continued use of our service after notification constitutes acceptance of the updated policy.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

General Inquiries:

Email: support@pixtagger.com
Response time: Usually within 48 hours during business hours

Data Protection Officer:

Email: dpo@pixtagger.com
For specific privacy and data protection matters

This Privacy Policy is effective as of the date listed at the top of this document. By using PixTagger, you acknowledge that you have read and understood this Privacy Policy.

PixTagger