Effective Date: 15 August 2025

Last Updated: 15 August 2025

This Privacy Policy explains how PixelForge (“we”, “us”, “our”) collects, uses, discloses, and protects personal data of users (“you”) in connection with your use of our website and services, and your rights under the GDPR and other applicable EU laws.

Related policies: Terms & Conditions · Cookie Policy · Delivery & Access Policy · Refund Policy · Payment Security Statement · Incident Response & Data Breach Policy · Online Dispute Resolution & ADR Notice

1. Controller, DPO, and EU Representative

Controller: COMPANY_NAME (Reg. No. 16457865), ADDRESS_COMPANY
Privacy inquiries: privacy@pixelforgeteam.com
Data Protection Officer (DPO): dpo@pixelforgeteam.com
EU Representative: COMPANY_NAME, same address

2. Data We Collect

2.1 Information you provide:
– Account registration: name, email, billing address, VAT ID (if applicable)
– Transactions: order history, payment tokens (via payment processor), support communications
– User-generated content: reviews, comments, feedback

2.2 Information collected automatically:
– Device/browser data, IP address, approximate geolocation, logins, activity logs
– Usage analytics (via cookies and third-party services — see our Cookie Policy)

2.3 Third-party sources:
– Payment processors (e.g., Stripe, PayPal) for transaction validation
– Support/ticketing platforms when you submit inquiries

3. Purpose and Legal Basis (GDPR Art. 6)

CATEGORY | PURPOSE (concise) | LEGAL BASIS
Account data | Provide account, login, orders | Art. 6(1)(b) Contract
Transaction/payment | Purchases, invoicing, fraud checks | Art. 6(1)(c) Legal obligation; Art. 6(1)(f) Legitimate interest
Analytics & usage | Improve site/products; engagement | Art. 6(1)(f) Legitimate interest; Art. 6(1)(a) Consent
Marketing preferences | Newsletters, campaigns | Art. 6(1)(a) Consent
Support records | Respond to requests | Art. 6(1)(b) Contract
Cookies | Functional/analytics/marketing | Art. 6(1)(a) Consent for non-essential

4. How We Use Your Data

– Create and manage your account
– Process transactions and deliver digital products
– Respond to support inquiries; send essential service and security notices
– Analyse and improve site performance and template offerings (with consent where required)
– Comply with legal obligations (taxation, anti-fraud, security)

5. Is Data Provision Mandatory?

Certain data is necessary to enter into and perform the contract (e.g., email, billing details). If you choose not to provide required fields, we may be unable to create an account or fulfil your order.

6. Sharing Your Data (Processors/Recipients)

We share data only with service providers necessary for operations:
– Payment gateways: Stripe Payments Europe, Ltd.; PayPal (we do not store full card numbers or CVV/CVC)
– Hosting & cloud: Vercel, AWS
– Email/communications: MailerLite
– Analytics: Google Analytics (with IP anonymisation)

We do not sell, rent, or trade your personal data. Disclosures may occur when legally required or in response to lawful requests.

7. International Transfers

Where processors are located outside the EU/EEA, we use Standard Contractual Clauses approved by the European Commission or other valid safeguards to ensure an equivalent level of protection.

8. Retention Periods

– Account and profile data: 5 years after your last purchase
– Financial and invoicing records: 10 years (EU tax law)
– Support communications: 2 years from last contact
– Marketing preferences (with consent): until consent is withdrawn
– Cookie consent logs: 5 years (accountability)

9. Your Rights (GDPR)

You have the right to access, rectify, erase, restrict, object, and port your data. You may withdraw consent at any time (e.g., via the Cookie Settings on every page or by emailing privacy@pixelforgeteam.com). You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (aki.ee).

10. Cookies and Tracking

We use essential cookies and, with your consent, analytics/marketing cookies. No non-essential cookies are set before consent. Your cookie choices are logged (date/time, IP, browser, policy version). See our Cookie Policy for categories, providers, and opt-out tools.

11. Security Measures

We implement SSL/TLS encryption, secure infrastructure and access control, role-based user access, regular vulnerability checks, data minimisation, and strict processor contracts. Payment data is processed via a PCI DSS Level 1 provider; see our Payment Security Statement. We do not store full card numbers, track data, or CVV/CVC.

12. Data Breach Notification

In the event of a personal data breach, we assess risk and notify the supervisory authority within 72 hours, and affected users without undue delay, where required by law (GDPR Art. 33–34). See our Incident Response & Data Breach Policy.

13. Minors

PixelForge is not intended for users under 16. If we learn that a child’s data was submitted without parental consent, we delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy. Material changes will be announced by email or site-wide alert at least 30 days in advance, with the Effective Date updated above.

15. Dispute Resolution

See our Online Dispute Resolution & ADR Notice for current out-of-court options. We encourage contacting us first at disputes@pixelforge.eu to seek a prompt resolution.

16. Contact Information

Privacy inquiries: privacy@pixelforgeteam.com
DPO: dpo@pixelforgeteam.com
Support: support@pixelforgeteam.com
Security: security@pixelforgeteam.com
Disputes: disputes@pixelforge.eu
Address: COMPANY_NAME, ADDRESS_COMPANY
EU Representative: COMPANY_NAME, same address