Pixtor AI
TermsHomeOpen studio
Legal / Data handling

Privacy, explained without the fog.

This policy describes what Pixtor AI collects, why we need it, who receives it, how long we keep it, and the choices available to you.

Effective July 17, 2026Applies to pixtorai.com and Pixtor services
On this page1. Overview2. Information we collect3. API keys4. How we use information5. AI and service providers6. How information is shared7. Data retention8. Security9. Your choices and rights10. Cookies and analytics11. International transfers12. Children13. Changes14. Contact

Plain-language summary: we collect the information needed to operate your account, process creative jobs, secure the service, and handle billing. Saved provider API keys are encrypted and are not returned to your browser. Prompts and media are sent only to the providers needed to complete your request. We do not sell your personal information.

1. Overview

This Privacy Policy applies to the Pixtor AI website, web application, API, command-line tools, MCP integrations, and related services (collectively, the “Service”). “Pixtor,” “we,” “us,” and “our” refer to the operator of the Service. “You” refers to a visitor, account holder, or authorized workspace user.

By using the Service, you acknowledge the data practices described here. If you use Pixtor for an organization, that organization may control workspace content and account administration.

2. Information we collect

CategoryExamplesWhy we collect it
Account informationEmail address, password hash, account identifier, profile and preferencesAuthentication, account management, communication, and personalization
Creative contentPrompts, negative prompts, uploaded references, images, video, audio, links you approve, generated outputs, project names, and job historyTo perform generations, edits, research you request, storage, organization, and delivery
Provider credentialsAPI keys you choose to save for supported third-party AI providersTo submit authorized requests on your behalf using bring-your-own-key workflows
Billing informationPlan, credit balance and ledger, Stripe customer and subscription identifiers, checkout and payment statusCheckout, subscriptions, top-ups, fraud prevention, accounting, and support. Pixtor does not store full payment card numbers
Usage and device dataIP address, browser and device type, timestamps, feature activity, request identifiers, errors, security and session eventsService operation, troubleshooting, abuse prevention, reliability, and security
CommunicationsSupport messages, feedback, survey responses, and records of requestsSupport, service improvement, and resolving disputes

We receive information directly from you, automatically through your use of the Service, and from service providers such as payment processors and AI generation providers.

3. How provider API keys are handled

If you save a provider API key, Pixtor encrypts it before database storage. Saved plaintext keys are not sent back to the browser or displayed in account responses. The server decrypts a key only when it is needed to submit an authorized generation request to the applicable provider.

Access to saved credentials is scoped to the authenticated account. We use server-side authorization checks, session protections, and restricted data access policies to reduce unauthorized access. You can replace or delete a saved key in Settings. You remain responsible for permissions, spending limits, and security settings in the provider account that issued the key.

4. How we use information

  • Provide, maintain, personalize, and improve the Service.
  • Authenticate users and keep accounts, projects, assets, and billing records separated.
  • Process prompts, media, model requests, job status, and output delivery.
  • Provide requested prompt enhancement, link research, routing, and creative direction.
  • Calculate generation quotes, deduct or credit service credits, and process subscriptions and top-ups.
  • Detect fraud, abuse, compromised sessions, policy violations, and security incidents.
  • Monitor reliability, debug errors, develop features, and understand aggregate service usage.
  • Communicate about transactions, security, support, and material service changes.
  • Comply with law, enforce agreements, and protect users, Pixtor, and others.

Where required, we rely on consent; otherwise, processing may be necessary to perform our contract with you, pursue legitimate service and security interests, or meet legal obligations.

5. AI models and other service providers

When you ask Pixtor to create or edit content, we send the information necessary for that job—such as your prompt, selected settings, reference media, and request identifier—to the AI provider selected by you or by the routing setting you approve. That provider processes the data under its own terms and privacy policy.

Depending on your configuration, providers may include image, video, language, storage, hosting, database, email, observability, and payment services. Provider availability changes over time. We encourage you to review a provider’s retention, training, and content policies before using it for sensitive material, particularly when you bring your own key.

6. How information is shared

We do not sell your personal information. We may disclose information:

  • To processors and vendors that operate infrastructure, databases, payments, support, security, analytics, and AI generation for us, subject to appropriate contractual restrictions.
  • At your direction when you share, export, download, publish, or connect content to another service.
  • For legal and safety reasons when reasonably necessary to comply with law, respond to valid process, enforce our terms, or protect rights, safety, and service integrity.
  • In a business transaction such as financing, merger, acquisition, reorganization, or sale of assets, with appropriate confidentiality safeguards.
  • In aggregated or de-identified form where information is not reasonably capable of identifying you.

7. Data retention

We keep account and workspace data while your account is active and as needed to provide the Service. Deleted content and credentials are removed from active systems according to our operational processes, but limited copies may remain temporarily in protected backups, security logs, provider systems, or records required for fraud prevention, accounting, dispute resolution, and legal compliance.

Retention periods vary by data type, purpose, provider requirements, workspace settings, and law. When information is no longer reasonably needed, we delete or de-identify it.

8. Security

We use administrative, technical, and organizational measures designed to protect information, including transport encryption, password hashing, encrypted provider credentials, server-side authorization, session and CSRF protections, restricted secrets, logging controls, and database access policies.

No online service can guarantee absolute security. Protect your password, provider credentials, and devices; use provider-side spending restrictions when available; and contact us promptly if you believe an account or key has been compromised.

9. Your choices and privacy rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to, or receive a portable copy of certain personal information, and to withdraw consent where consent is the basis for processing. You may also have a right to appeal a denied request or complain to a data protection authority.

You can update account settings, delete provider keys, and request export or account deletion through the Service where available. We may verify your identity and retain limited information when required by law or legitimate security needs. Authorized agents may submit requests where local law permits.

10. Cookies, sessions, and analytics

Pixtor uses cookies or comparable local mechanisms that are necessary for authentication, session security, preferences, checkout continuity, and abuse prevention. If we introduce non-essential analytics or advertising technologies, we will provide any notice and choices required by applicable law. Blocking essential cookies may prevent sign-in or other core features from working.

11. International data transfers

Pixtor and its providers may process information in countries other than the one where you live. Where required, we use recognized transfer safeguards and take steps intended to protect information consistently with this policy.

12. Children’s privacy

The Service is not directed to children under 13, and users must meet the minimum age required by law in their country to consent to online services. We do not knowingly collect personal information from a child who cannot lawfully use the Service. Contact us if you believe a child has provided such information.

13. Changes to this policy

We may update this policy as the Service, providers, or law changes. We will publish the revised version with a new effective date and provide additional notice when a change is material and law requires it. Continued use after an update takes effect means the updated policy applies to later activity.

14. Contact us

Questions about privacy or a data request can be sent to support@pixtorai.com. Include enough detail for us to understand and verify the request, but never email passwords or provider API keys.

© 2026 Pixtor AI
HomeTermsOpen studio