Skip to content
Back to Home

Privacy Policy

Last updated: 18 March 2026

This Privacy Policy applies to the PixTagger website, web app and related APIs. It explains which personal data we process, why we process it and which rights you have under the GDPR.

This version has been tightened to match the processing that is actually apparent from the codebase instead of relying on broad template language.

1. Controller

neuraforce GmbH
Dora-Koch-Stetter-Weg 22
18055 Rostock
Germany

Email: support@pixtagger.com
General contact: info@neuraforce.com

2. Data we process

Account and authentication data

  • Email address, username and password hash
  • 2FA data, backup codes, login codes, magic links and session data
  • Data received from optional social sign-in via Google or Apple

Content and usage data

  • Images you upload or image URLs you submit
  • Image metadata such as file information and available EXIF data
  • Tags, keywords, captions, bounding boxes, comments, lists and repository data you create
  • Takedown requests and other free-text input submitted through the platform

Technical and security data

  • IP address, timestamps, request IDs, user agent and language settings
  • Login history, failed attempts, unusual-login risk assessments and security events
  • Server-side logs and operating data used for troubleshooting and abuse prevention

Communication data

  • Transactional emails such as registration, login code, password reset and notifications
  • Messages sent to support or through the platform
Please do not enter unnecessary personal or sensitive data into publicly visible fields such as comments, tags or descriptions. Depending on platform functionality, such content may be visible to other users.

3. Purposes and legal bases

PurposeLegal basis
Operating the platform, account management, sign-in, upload, annotation and searchArt. 6(1)(b) GDPR
Optional sign-in with Google or Apple at your requestArt. 6(1)(b) GDPR
System security, abuse prevention, rate limiting, unusual-login detection and technical stabilityArt. 6(1)(f) GDPR
Compliance with legal obligations and handling access, deletion or official requestsArt. 6(1)(c) GDPR
Documenting, establishing, exercising or defending legal claimsArt. 6(1)(f) GDPR

4. Recipients and international transfers

We use service providers where necessary for hosting, object storage, email delivery, infrastructure operations and securing the service. Those recipients only receive the data they need for their specific task.

If you use Google or Apple sign-in, data is exchanged directly with that provider. In that context, the provider may act as its own controller and processing outside the EU/EEA cannot be ruled out.

We disclose data to other recipients only where required by law or where necessary to establish, exercise or defend legal claims.

5. Cookies and similar storage technologies

PixTagger uses technically necessary cookies and browser storage such as Local Storage and Session Storage. This includes session cookies for sign-in as well as language and locale cookies such as session, language, locale and NEXT_LOCALE.

The web app also stores certain state information locally in the browser, for example the cookie notice status, temporary editor drafts, interface preferences, OAuth intermediate state and security helper data.

Based on the current implementation visible in this repository, the core application does not set its own analytics or marketing cookies on general pages. If you use external identity providers, those providers may set their own cookies or similar technologies on their own pages.

6. Retention

We generally keep account data and content you submit until you delete the account or the content is removed, unless statutory retention duties or overriding security interests require longer storage.

Session, login, audit and security data are retained only as long as necessary for secure operations, abuse detection, troubleshooting or legal evidence purposes.

Emails, support matters, notifications and takedown-related records are retained for as long as needed to handle the underlying matter or to comply with legal record-keeping obligations.

7. Automated processing

PixTagger uses automated image analysis to technically structure content, for example for tags, descriptions or search. Based on the current implementation, we do not make solely automated decisions that produce legal effects concerning you or similarly significantly affect you.

8. Your rights

Your GDPR rights

  • Access under Art. 15 GDPR
  • Rectification under Art. 16 GDPR
  • Erasure under Art. 17 GDPR
  • Restriction of processing under Art. 18 GDPR
  • Data portability under Art. 20 GDPR
  • Objection under Art. 21 GDPR

Contact for data subject requests

Email: support@pixtagger.com
Please describe your request as precisely as possible so we can identify and process it.

9. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement. The authority competent for us is in particular:

State Commissioner for Data Protection and Freedom of Information Mecklenburg-Western Pomerania
Lennéstraße 1
19053 Schwerin
Germany
Website: https://www.datenschutz-mv.de

10. Changes to this Privacy Policy

We update this Privacy Policy when the actual processing, the legal framework or the technical implementation materially changes. The version published on this page is the current version.

This version reflects the service state as of 18 March 2026.

Back to Home