PixelAdmin Logo
Acceptable Use Policy

Acceptable Use Policy

Shared rules for studio operators, brand portal users, and share-link recipients. This policy protects platform operations, our customers, and the content processed through PixelAdmin.

Last updated:May 2, 2026

1. Introduction and Scope

This Acceptable Use Policy (“AUP”) outlines the conduct and content requirements for anyone using the PixelAdmin platform, desktop client, brand portal, sharing links, APIs, and associated services (collectively the “Service”). Issued by PixelAdmin ApS, CVR No. 45447588, Falkoner Allé 90, 2000 Frederiksberg, Denmark, this policy applies globally, regardless of the user's or customer's location.

This AUP supplements and is an integral part of our other legal documents, including our SaaS Subscription Agreement, Subscription Terms, EULA, Data Processing Agreement and our Privacy Policy. In the event of a conflict between the AUP and a specific contract, the specific contract takes precedence, unless the AUP enforces a stricter standard on a given point. In such cases, the stricter provision prevails to uphold the highest standard of legal and responsible use.

This AUP applies at all times while using the Service—every time you log in, upload, edit, comment, approve, distribute, or access content via a sharing link, integration, or API key. Ignorance of this policy does not exempt you or your organization from liability; organization administrators are expected to communicate the core tenets of this policy to all employees, freelancers, and partners accessing the Service.

PixelAdmin is a SaaS solution for commercial content production and is not an intermediary service providing public hosting or public forums for user-generated content. We assess that we do not qualify as an “information society service” acting as a “hosting service provider for public dissemination” under Regulation (EU) 2021/784 (TCO Regulation), nor are we an “online platform” under the Digital Services Act (DSA) Article 3(i)–(j). The brand portal’s sharing links constitute closed distribution to a defined audience, not public dissemination. Nevertheless, we take reports of illegal content seriously and act swiftly, as detailed in the procedures in Sections 14 and 16.

When PixelAdmin reviews content, logs, or behavior to enforce this AUP, personal data is processed based on legitimate interest (GDPR Article 6(1)(f)) and, where applicable, legal obligation (Article 6(1)(c)). This processing is proportionate and strictly limited to what is necessary to assess violations, protect other users, and comply with legal requirements. The distribution, labeling, and automated processing of AI-generated content comply with EU Regulation 2024/1689 (AI Act), including the transparency requirements in Article 50.

2. User Categories and Who This Policy Applies To

This AUP applies to four categories of users, with specific obligations scaled according to each category's access level and role. The responsible organization must ensure that each category is familiar with the relevant sections of the policy.

  • Studio Administrators and Operators: Employees, freelancers, and partners at a photo studio or in-house production team using the core platform and desktop client for planning, capture, processing, approval, and distribution. This group carries the most extensive responsibility, including configuring roles, MFA, share link policies, and integrations in compliance with this AUP.
  • Studio End Users: Photographers, retouchers, art directors, and production coordinators without administrative privileges. These users are responsible for the content they upload, edit, or approve, and must not use AI, integrations, or export features in violation of this policy.
  • Brand portal users: Employees of the studio's brand and e-commerce clients who access the brand portal to review deliverables, provide feedback, approve assets, or distribute content to their own sales channels. Brand portal users must not use the portal to scrape, index, or redistribute anything other than the deliverables their organization has received, and they must independently comply with the rules of the third-party channels they distribute to.
  • Share Link Recipients: Anyone—logged in or not—who accesses content via a sharing link (e.g., share.pixeladmin.com/[token]) or similar restricted distribution. Recipients accept this AUP by accessing the link and may only use the content for the purposes specified by the owner, adhering to prohibitions against systematic downloading, bypassing passwords or expirations, and unauthorized redistribution.

The subscribing organization (the customer) is contractually liable to PixelAdmin for AUP compliance by its own employees, freelancers, invited brand users, and link recipients. This means the studio administrator must be able to document who was invited with what permissions, which share links were issued with what expiration dates, and which third-party integrations are active.

3. General Conduct Requirements

You must comply with all applicable laws at all times, including Danish law, EU law, and the laws of the jurisdictions where you, your counterparts, or your recipients are located. This includes the General Data Protection Regulation (GDPR) and the Danish Data Protection Act, copyright law, trademark law, design law, marketing practices law, e-privacy regulations, the Danish Criminal Code (especially §§ 232, 235, 264 d, 266 b, 267, 279, and 290), bookkeeping and relevant tax laws, anti-money laundering laws, and EU regulations covering areas like AI, sanctions, and digital services.

You must conduct yourself professionally and respectfully toward other users, clients, models, talent, and PixelAdmin staff. This requires maintaining an objective tone in comments, review rounds, approvals, and notifications; respecting the confidentiality of business information accessed through the Service—even after your employment or affiliation with the granting organization ends; and refraining from harassment, bullying, or discriminatory language in collaboration features.

You must not use the Service in any way that damages, hinders, overloads, or degrades the experience for other users. This applies to direct actions (e.g., deleting others' work, altering metadata, or inexplicably revoking approvals) as well as indirect behavior (e.g., uploading massive amounts of irrelevant material that slows down or clutters the platform, or creating numerous small jobs to bypass capacity limits).

You are responsible for securing the necessary rights, consents, and release agreements for all content you upload or process—including model releases, property releases, location releases, and licenses for music, fonts, and overlay graphics. You must not use the Service to circumvent obligations you have agreed to with third parties (such as geographic or time-limited usage agreements with a model), even if the platform technically allows it.

4. Prohibited Content

You must not upload, store, process, distribute, or share content via the Service that is illegal or otherwise unacceptable. This prohibition covers original files, edited versions, exports, deliverables, style guides, reference images, mood boards, comments, metadata, file names, alt texts, and any other form of content you place on the platform.

Specifically prohibited content includes:

  • Child Sexual Abuse Material (CSAM): Any depiction—including AI-generated, drawn, animated, hyper-realistic, manipulated, or partially blurred—that sexualizes minors or appears to depict minors. PixelAdmin has a strict zero-tolerance policy: such material will be removed without notice, the account will be immediately suspended, and the matter will be reported to the Danish National Police's NC3 (or NCMEC for cases with US ties) alongside technical evidence, per Section 235 of the Danish Criminal Code. Hashes may be shared with relevant hash databases (e.g., NCMEC, IWF) to prevent re-uploading.
  • Non-Consensual Intimate Imagery (NCII): Intimate, sexual, or nude images of individuals who have not given free, informed, and explicit consent to the specific processing and distribution taking place via the Service—including so-called revenge porn and deepfake pornography. Such actions are criminal offenses under Section 264 d of the Danish Criminal Code and will be removed as quickly as possible upon receipt of a report.
  • Terrorism and Violence-Promoting Content: Content that incites, plans, glorifies, or facilitates terrorism, murder, severe physical harm, or other serious crimes against individuals or groups, including propaganda from groups listed on EU or UN terror watchlists. While PixelAdmin is not considered a hosting service provider for public dissemination under Regulation (EU) 2021/784, material of this nature will be removed and reported to relevant authorities as quickly as possible and within indicative rapid-response guidelines.
  • Hate Speech: Content that threatens, mocks, or degrades a group based on race, skin color, national or ethnic origin, religion, sexual orientation, gender identity, gender expression, or disability, per Section 266 b of the Danish Criminal Code and the EU Code of conduct on countering illegal hate speech online.
  • Defamatory and Libelous Content: Statements, image manipulations, or productions making false accusations capable of damaging a person's or company's honor or reputation, per Sections 267 and 268 of the Danish Criminal Code.
  • Copyright, Trademark, and Design Infringement: Images, designs, logos, fonts, music, 3D models, or other material you do not have the right to use, edit, or distribute—including competitors' product images, unlicensed stock images, choreographies, models, or talent without a valid release. PixelAdmin follows a notice-and-takedown process, detailed in Section 14 and in EULA.
  • Misuse of Trade Secrets: Content acquired, used, or published in violation of the Trade Secrets Act (implementing Directive 2016/943)—including leaked product samples, unreleased collections, price lists, source code, or AI models not intended for sharing within the Service.
  • Privacy-Infringing Content: Personal data without a valid processing basis, images of identifiable persons (especially minors) without consent from them or their guardian, and special categories of personal data (health, religion, political beliefs, etc.) without legal authority.
  • Deceptive or Misleading Content: Product images that mislead consumers about a good's properties, origins, certifications (e.g., “ecolabel”, “Fair Trade”, “CE”), sustainability claims, or price, in violation of the Marketing Practices Act, the Consumer Contracts Act, and Directive (EU) 2024/825 on empowering consumers for the green transition.
  • Counterfeits and Forgeries: Content that markets or facilitates the sale of counterfeit goods, knock-offs, replicas, or pirated media.
  • Sanctioned Content: Production, distribution, or documentation that directly or indirectly serves the interests of individuals or entities subject to EU or UN sanctions, or pertains to export-controlled goods lacking the necessary permits—see section 10 for details.

PixelAdmin is not obligated to—and does not proactively—manually review all customer content. However, we reserve the right to review, remove, quarantine, block, or hash-flag content that violates this section based on reasonable suspicion, automated signals, or user reports. Where appropriate and lawful, we will notify the responsible organization admin of any action taken and provide a brief explanation to allow for the correction of false positives.

5. Restricted Industry and Business Categories

PixelAdmin is a B2B platform for commercial product photography, fashion, lifestyle, and e-commerce content. The service is not designed for—and may not be used to support—industries or business types where our risk profile, supply chain (including our payment and AI providers), or compliance obligations cannot accommodate the activity. This list aligns with standard restrictions adopted by leading SaaS and payment providers.

The service may not be used for the production, editing, approval, distribution, or marketing of content primarily related to:

  • Adult and Pornographic Content: Explicitly sexual content, escort services, strip clubs, sugar dating, cam platforms, or physically explicit products. Sensual or fashion-oriented productions with limited skin exposure for legitimate fashion, lingerie, swimwear, or beauty brands are permitted, provided participants are adults and have signed a release.
  • Gambling and Betting: Online casinos, sports betting, poker rooms, lottery and bingo services, real-money social casinos, and skin betting. Content for regulated Danish gaming providers may be accepted by exception under a separate written agreement with PixelAdmin.
  • Firearms, Ammunition, and Weapon Accessories: Production photography of firearms, ammunition, suppressors, automatic components, military-grade rifle scopes, or strictly regulated self-defense weapons. Legal hunting, fishing, and outdoor equipment without weapon characteristics are permitted.
  • Cannabis, Narcotics, and Psychedelic Products: Marketing and product content for cannabis (regardless of state or jurisdictional legality), psychedelics, smart drugs, or analogous products. Legal CBD content below EU thresholds may be accepted following prior due diligence.
  • Tobacco, E-Cigarettes, and Covert Nicotine Marketing: Content marketing tobacco, e-cigarettes, or nicotine products in violation of the Danish Act on the Prohibition of Tobacco Advertising or Directive 2014/40/EU.
  • Prescription Medication, Telemedicine, and Unauthorized Medical Devices: Production for unapproved online pharmacies, counterfeit supplements with medical claims, unauthorized CE-marked medical devices, or products marketed with unsubstantiated health claims violating Regulation (EC) No 1924/2006.
  • Crypto Assets, ICOs, and High-Risk Financial Products: Marketing content for ICOs, memecoins, crypto wallet services without a MiCA license, binary options, multi-level marketing, pyramid schemes, or other high-risk investment structures.
  • Political Campaigns and Targeted Political Advertising: Production of targeted political advertising for political parties, candidates, or advocacy groups during an election period violating Regulation (EU) 2024/900 on the transparency and targeting of political advertising. General CSR communication outside of an election context is permitted.
  • Hate Merchandise and Extremist Material: Product content featuring hateful, racist, Nazi, or extremist symbols, or content targeting these demographics.

If you are unsure whether your business falls under a restricted category, contact legal@pixeladmin.com prior to onboarding or expanding your current usage. PixelAdmin may—following specific due diligence and potential custom contract terms—opt to permit an otherwise restricted area.

6. Security-Related Prohibitions

You must not compromise or attempt to compromise the security, integrity, or confidentiality of the Service, its infrastructure, its supply chain, or other users' data. PixelAdmin takes security threats extremely seriously, maintains a 24/7 incident response process, and collaborates with authorities and CERTs when applicable.

  • Penetration Testing and Scanning: You must not perform penetration tests, vulnerability scans, port scans, fuzzing, brute-force attempts, or similar security tests against the production environment without prior written consent from the PixelAdmin security team (security@pixeladmin.com). An active agreement for customer penetration testing of your own tenant must be arranged separately and limited strictly to your own resources.
  • Vulnerability Exploitation and Responsible Disclosure: If you discover a vulnerability, report it responsibly to security@pixeladmin.com—do not exploit it, disclose it publicly, or use it to access data you do not own. PixelAdmin responds to reports as quickly as possible, confirms receipt within one business day, and offers safe harbor to security researchers acting in good faith within our responsible disclosure guidelines.
  • Malware and Malicious Code: It is strictly prohibited to upload viruses, worms, Trojan horses, ransomware, keyloggers, macro bombs, executable scripts hidden in image files (polyglot files), infected ICC profiles, or any other malicious code.
  • Phishing and Social Engineering: You may not use the Service—including comments, share links, email notifications, @mentions, Brand Portal messages, or other communication channels—to impersonate others, spoof PixelAdmin's own messaging, or trick users into revealing information, clicking malicious links, or opening infected attachments.
  • Unauthorized Access: Attempting to access accounts, projects, organizations, share links, or data you have not been explicitly granted access to is prohibited—even if technically possible due to a misconfiguration. Such misconfigurations must instead be reported to security@pixeladmin.com.
  • Sharing credentials: Login credentials, API keys, personal tokens, and MFA codes are strictly personal. Account sharing is prohibited and constitutes a distinct violation, regardless of whether harm has occurred. Functional accounts for integrations must be set up as dedicated service accounts provisioned with role-based access.
  • Multi-factor authentication (MFA): Where MFA is available, organization admins and privileged users (owners, admins, billing roles, integration managers) must enable and enforce it. Actively disabling MFA on a privileged account or attempting to bypass SSO configurations mandated by your administrator violates this policy.
  • Reverse Engineering and Supply Chain Integrity: You may not decompile, disassemble, or otherwise attempt to derive the source code, models, prompt templates, or trade secrets underlying the Service, except where expressly permitted by mandatory law—such as the limited interoperability exceptions under Articles 5–6 of Directive 2009/24/EC on the legal protection of computer programs. Similarly, tampering with the update channel or desktop client signatures is prohibited.

7. Misuse of AI Features and AI-Generated Content

PixelAdmin offers AI-powered features—including automated image processing, background removal, retouching, tagging, description and alt-text generation, translation, and content moderation—built on models like Vertex AI Gemini and other subprocessor technologies. These capabilities are intended for legitimate commercial product photography workflows and must not be abused. This AUP supplements the AI Addendum to the Data Processing Agreement.

  • Deepfakes and Synthetic Content of Real People: You must not use AI features to generate, manipulate, face-swap, or composite realistic images or videos of identifiable individuals (models, talent, public figures, colleagues, minors, etc.) without their documented, freely given, and specific consent for that exact processing. Doing so is a criminal offense under Section 264(d) of the Danish Penal Code, and pornographic deepfakes are strictly prohibited without exception.
  • Misleading Content Involving Public Figures and Elections: You must not generate AI content depicting politicians, officials, candidates, journalists, or other public figures saying or doing things they did not, where such content is liable to mislead the public or influence elections, referendums, or democratic processes.
  • Labeling of AI-Generated Content: Article 50 of Regulation (EU) 2024/1689 (the AI Act) mandates that AI-generated or manipulated content be labeled accordingly. You must not remove, alter, or obscure C2PA credentials, watermarks, EXIF flags, IPTC DigitalSourceType data, or any other technical markers we embed to indicate AI processing. When publishing AI-generated or modified content publicly, you must ensure the final output carries a visible or machine-readable label as required by the AI Act.
  • Human Oversight Before Publication: AI outputs—including descriptions, translations, alt texts, categorizations, and automated exports—must undergo substantive human review before publication or distribution to consumers. The Service may not be used for fully automated publishing without human oversight of material content.
  • Prohibited AI Practices Under Article 5 of the AI Act: Using AI features for purposes explicitly banned under Article 5 of the AI Act (subliminal manipulation, social scoring, emotion recognition in workplace or educational settings, real-time biometric identification in public spaces, predictive policing, etc.) is strictly prohibited.
  • High-Risk Use Cases Without Explicit Agreement: You must not use AI capabilities in a high-risk context as defined in Annex III of the AI Act (e.g., employment, credit scoring, access to public services, law enforcement, migration, critical infrastructure, or HR evaluations) without a separate written agreement with PixelAdmin addressing Chapter III requirements.
  • Automated Decisions Significantly Impacting Individuals: You must not use the AI features to make decisions that have legal effects concerning or similarly significantly affecting natural persons, cf. GDPR Article 22, without an independent legal basis and without appropriate human intervention.
  • Authoritative medical, legal, or financial advice: AI-generated text must not be presented as authoritative medical, legal, or financial advice without proper professional qualification, liability insurance, and a lawful basis.
  • Circumvention of IP rights via AI: It is prohibited to use AI to recreate a competitor's product image, a protected design, a named artist's signature style, or other copyrighted material with cosmetic alterations in an attempt to bypass licensing fees or release requirements.
  • Prompt injection and model abuse: You must not attempt to bypass the platform's security filters via prompt injection, jailbreak techniques, adversarial inputs, multi-turn social engineering, or systematic attempts to force outputs that violate the AUP or the providers' own policies.

Certain AI providers' terms impose additional obligations on us, which we pass on to you as a customer. You agree to comply with these downstream terms, including any category-based prohibitions (e.g., explicit content, biometrics, political advertising) specified by the provider.

8. Misuse of Integrations and API

Our API and integrations (Shopify, Zalando, About You, Amazon, PIM and ERP systems, DAM connectors, etc.) are designed to support legitimate distribution and automation needs for content production. Abuse of these interfaces can harm PixelAdmin's infrastructure, expose other customers' data, and jeopardize our customers' accounts with third-party platforms.

  • Circumvention of rate limits and subscription limits: You must not bypass documented rate limits, storage, AI credit, or user limits by rotating IP addresses, issuing multiple API keys for the same purpose, parallelizing requests across accounts, creating multiple tenants for the same legal entity, or otherwise fragmenting traffic to avoid restrictions or billing tiers.
  • Competitor and platform scraping: It is prohibited to use the API to retrieve data that does not relate to your own or your organization's content – including any systematic extraction or benchmarking of other PixelAdmin customers' projects, deliverables, users, or pricing.
  • Training competing models or services: You must not use outputs from the Service (generated texts, embeddings, taxonomies, model responses, automation rules, user flow data) to train, fine-tune, evaluate, or otherwise develop competing AI models, content operations platforms, or scrapers – not even as benchmark input for an internal “buy versus build” assessment.
  • Unauthorized destinations: Data retrieved via the API may only be forwarded to destinations and purposes anticipated in your SaaS agreement or explicitly approved by your customer administrator. You must not pipe data to public buckets, open CDNs, third-party AI training datasets, or public indexing services.
  • Compliance with third-party AUPs: When distributing content to Shopify, Zalando, About You, Amazon, or other channels via our integrations, you must comply with the receiving channel's own policies regarding content, image standards, and brand guidelines. Violations that lead to our integration being suspended may trigger liability for damages.
  • Secrecy of API keys: API keys must be stored securely. You must not commit them to public Git repositories, share them in ticket systems, or embed them in client-side code exposing them to end users. If you discover an exposed key, you must rotate it immediately and notify security@pixeladmin.com.
  • Fake or automated accounts: You must not create automated, fake, or misleading accounts, register users without their knowledge, or use systematic email aliasing to bypass user limits.

10. Export Controls and Sanctions

PixelAdmin is a Danish company and complies with Danish and EU export control and sanctions legislation, including Regulation (EU) 2021/821 on dual-use items and applicable EU sanctions regimes, as well as – where relevant – US export control and sanctions rules administered by the US Department of Commerce (BIS) and the US Department of the Treasury (OFAC). As a user, you agree not to use the Service in violation of these rules.

Specifically, the Service must not be used by or for the benefit of: (i) persons or entities listed on the EU consolidated sanctions list or UN sanctions lists; (ii) persons or entities listed on the US Department of the Treasury's OFAC SDN list or the US Entity List; (iii) persons residing in, or companies established in, jurisdictions subject to comprehensive sanctions regimes (at the time of drafting this policy, this includes Cuba, Iran, North Korea, Syria, and the Russian-occupied and annexed areas of Ukraine); or (iv) for purposes related to the development, production, stockpiling, or distribution of weapons of mass destruction, military end-use in sanctioned destinations, or other uses requiring an export license that has not been obtained.

If you change your organizational affiliation or geographic location in a way that brings you within the scope of the above, you must immediately cease using the Service and notify your organization administrator and PixelAdmin at legal@pixeladmin.com. PixelAdmin may at any time screen customers and users against relevant sanctions lists and may suspend or terminate access if the screening reveals an unmitigable risk.

11. Automated Access and Scraping

Automated access to the Service is only permitted via our documented official APIs, supported SDKs, and our supplementary desktop client for tethered capture, and only using valid credentials issued to an actively subscribed organization. Use of headless browsers, unofficial clients, scraping frameworks, or automations against the web UI or share link domain is prohibited.

When developing integrations, you must:

  • Identify your client with a descriptive User-Agent (e.g., “AcmeStudio-PixelAdminSync/1.4 (contact: dev@acme.com)”).
  • Respect all returned rate limit headers and implement exponential backoff on 429 and 5xx responses.
  • Cache responses where practical, to avoid repeatedly fetching the same data within a short timeframe.
  • Adhere to robots.txt on all current and future publicly accessible surfaces (e.g., share.pixeladmin.com), whether your tool is a web crawler, an AI training pipeline, or a human-driven automation.
  • Keeping the integration updated to use the latest security patches and deprecation adjustments within the notices we communicate.

Training generative AI models, classifiers, or embeddings databases on data retrieved from the Service – whether the data is your own, someone else's, or a combination – is not permitted without a separate written agreement with PixelAdmin. Similarly, using automated access to bypass geographical restrictions or access barriers imposed by our customers is prohibited.

12. Spam, Bulk Messaging, and Phishing

PixelAdmin sends emails, push notifications, and share link messages on behalf of customers to support the production workflow (review requests, deliverables, status updates, briefs, and brand portal invitations). These channels must be used exclusively for legitimate, transactional purposes connected to specific jobs and not for general marketing or broad distribution.

Specifically, the following are prohibited: (i) adding recipients who are not real stakeholders in a job simply to send them marketing messages; (ii) using comment and review features to distribute ads or external links unrelated to the job; (iii) abusing email templates to impersonate PixelAdmin or other brands; (iv) repeated notifications designed to pressure the recipient (e.g., “resend 50 times” patterns); (v) sending to lists acquired or scraped without a legal basis; and (vi) using the Service to bypass recipient spam filters, e.g., by sending from unintended sender domains.

You must comply with the Marketing Practices Act, including § 10 on unsolicited electronic communication, and e-privacy/spam regulations for any communication you initiate via the Service. If the recipient has not given consent to marketing or does not have an existing customer relationship providing a soft opt-in basis, the Service's channels must not be used to contact them. PixelAdmin may – without notice – pause sendings from an account if we observe signs of spam patterns, high bounce rates, or complaints via feedback loops at email providers.

13. Disruption of Platform Operations

You must not take actions that improperly burden or disrupt the operation of the Service, either with malicious intent or through disproportionate resource consumption. This applies whether the actions are technically within allowed limits, and whether they are performed manually or via automation.

  • Denial of Service: Targeted DoS or DDoS attacks against the platform's endpoints, share link domains, API gateways, or integration deliveries are prohibited and trigger immediate suspension and potential reporting to authorities, cf. Penal Code § 293(1).
  • Resource Exploitation: Agreed consumption quotas (storage space, AI credits, export jobs, user seats) must be used within the spirit of the subscribed plan. Deliberate exploitation of bugs or race conditions to inflate consumption beyond the agreed limits is a violation and may result in retroactive billing.
  • AI Credit Loops: Constructing automations or workflows that repeatedly call AI functions without real production value (e.g., to inflate consumption on a “credit-included” plan or benchmark models) is prohibited.
  • Redundant uploads and storage padding: It is prohibited to fill storage with duplicates, empty files, padding data, or files unrelated to actual content production as a way to bypass tier limits.
  • Performance testing of third-party integrations: You must not use our integrations to performance test third parties (Shopify, Zalando, ERPs, etc.), as this could trigger blocks against PixelAdmin's entire integration footprint.

14. Reporting Abuse and Confidential Disclosures

If you notice content or behavior that violates this policy—or have a reasonable suspicion thereof—please report it as soon as possible. We treat all reports confidentially and protect the reporter's identity wherever possible and legal.

Reports are sent to abuse@pixeladmin.com. A good report includes:

  • A clear description of the observed behavior or the offending content.
  • Timestamp, URL, project ID, share-link token, or other identifiers that help us locate the issue.
  • Any screenshots or log files – without downloading or redistributing illegal content yourself; information about CSAM or terrorist material must be exclusively described, not attached.
  • Your contact information for follow-up questions, and whether you are reporting on behalf of an organization or a rights holder.
  • Where relevant, a good-faith declaration that the information is correct and that you are authorized to act on behalf of the listed rights holder.

PixelAdmin aims to acknowledge receipt of a report within one business day and make an initial assessment within five business days. Urgent cases (CSAM, NCII, active security incident, terrorist-related content, critical exposure of personal data) are handled without delay and 24/7 via an internal escalation team.

Copyright infringements follow a separate notice-and-takedown procedure, detailed further in our EULA. We do not proactively publish transparency reports, but can upon request provide customers with an aggregated overview of enforcement actions taken on their tenant.

If you report in good faith – regardless of whether you are a user, employee, customer, or third party – PixelAdmin will not subject you to retaliation as a result of the report, and we support the protective rules deriving from the Whistleblower Protection Act and Directive (EU) 2019/1937 where applicable.

15. Investigations, Law Enforcement Cooperation, and Evidence Preservation

PixelAdmin may launch an internal investigation when there is reasonable cause to believe the AUP, subscription agreement, or applicable law has been violated. The investigation is conducted on a proportionate basis and is limited to the log files, metadata, and content necessary to assess the matter. Personal data is processed on the basis of GDPR Article 6(1)(c) and (f), and disclosure to third parties only occurs to the extent legally required or explicitly agreed.

While an investigation is underway, PixelAdmin may – as a preservation measure – temporarily suspend accounts, share links, integrations, or specific features. Suspension is not in itself an expression of guilt, and the customer is generally given the opportunity to provide an explanation and remedy the situation. However, in cases involving a risk of ongoing harm (e.g., dissemination of CSAM, NCII, active malware, or significant leakage of customer data), access is suspended without prior hearing.

We cooperate with domestic and international law enforcement, customs, and regulatory authorities, as well as rights holders who require illegal content to be removed or preserved. Disclosure of customer or user data to authorities occurs solely on a valid legal basis—e.g., court order, legal request, subpoena, or mandatory statutory provision. Where legally permitted, we notify the affected customer so they can exercise their rights, and we always assess whether the disclosure is proportionate and limited strictly to the necessary information.

In cases involving suspected criminal offenses or civil claims, we may preserve relevant data (logs, content, metadata, model prompts, transaction data) in a forensic state for a reasonable period, regardless of standard retention periods. Once the case is closed, or when the legal basis for retention expires, the data is deleted or anonymized in accordance with our retention policy.

16. Consequences, Enforcement Escalation, and Appeals

The consequences of a violation depend on its nature, severity, duration, whether it is a repeated offense, and whether the customer cooperates to resolve the issue. PixelAdmin strives to act proportionally and choose the least intrusive measure that effectively ends the violation and prevents recurrence. However, PixelAdmin reserves the right—without prior notice where the situation demands it—to implement one or more of the following measures.

Our enforcement framework typically consists of the following steps, which may be combined or bypassed depending on the severity of the violation:

  • 1) Written Warning: For minor or unintentional violations, we typically issue a warning to the relevant user and their organization administrator. This includes a description of the issue, a reference to the relevant AUP provision, and a deadline for remediation.
  • 2) Feature Restriction: We may temporarily restrict access to specific features (e.g., AI, integrations, share link generation, exports, or bulk uploads) where the violation is limited to that area.
  • 3) Suspension of Users or Content: We may suspend individual user accounts, quarantine specific content, or disable specific share links while we investigate or await remediation.
  • 4) Tenant Suspension: The entire organization tenant may be suspended for severe violations or a lack of cooperation until the matter is resolved.
  • 5) Permanent Termination and Ban: For severe or repeated violations, we may terminate the subscription agreement, delete associated accounts, and ban the organization and its affiliates from all future PixelAdmin services.

Certain severe violations entitle PixelAdmin to proceed directly to suspension or permanent termination without prior escalation. This applies in particular to: CSAM, NCII, and terrorism-related content; active security attacks against the platform or other customers; sanctions and export control violations; fake or fraudulent account registrations; and any violation posing an immediate risk to other users, models, talents, or minors.

In all cases—and regardless of the current enforcement step—PixelAdmin may implement the following accompanying measures:

  • Evidence Preservation: Relevant data (logs, content, metadata, model prompts, transaction data) may be preserved in a forensic state, cf. Section 15.
  • Cooperation with Authorities: We report illegal content (especially CSAM, terrorism, NCII, and hate crimes) to the relevant authorities and cooperate with court orders, data requests, and similar lawful processes, cf. Section 15.
  • Cost Recovery: If a violation incurs costs for PixelAdmin—including additional infrastructure usage, legal fees, fines, or third-party compensation—we may seek recovery from the responsible organization according to the underlying subscription agreement.
  • Notification to Affected Parties: We may notify other customers, Brand Portal users, or share link recipients if their interests are affected—e.g., if content has been compromised or needs to be recalled.

These measures can be combined and are normally applied proportionally. PixelAdmin is not liable for losses incurred by the customer or its partners due to legitimate enforcement actions.

A customer who finds an enforcement measure unjustified or disproportionate may request an internal reassessment within 30 days of the notification by submitting a written appeal to legal@pixeladmin.com. The appeal must include the case reference, an explanation of why the decision is considered incorrect, and any new material. PixelAdmin will conduct a reassessment by an employee who was not involved in the original decision and provide a written response within 20 business days. Until the appeal is resolved, enforcement measures remain in effect unless explicitly agreed otherwise. The customer also retains the right to bring the matter before the ordinary courts or, where relevant, lodge a complaint with supervisory authorities, cf. the subscription agreement's governing law and jurisdiction provisions.

17. Changes to This Policy

PixelAdmin may update the AUP to reflect changes in legislation, new functionality, vendor requirements, or lessons learned from enforcement. The current version is always available on this page, with the latest update date clearly indicated at the top.

For material changes (e.g., new categories of prohibited actions, new restricted industries, or stricter consequences), we will notify organization administrators via email and/or in-product notifications at least 30 days before they take effect, unless the change is required for legal or security reasons and must take effect immediately.

Previous versions of this policy can be requested by contacting legal@pixeladmin.com. Continued use of the Service after an update takes effect constitutes acceptance of the modified policy. If a customer cannot accept a material change, they may cancel their subscription without further commitment periods in accordance with the subscription agreement's termination rules.

18. Contact

Reports of abuse and violations of this policy should be sent to: abuse@pixeladmin.com. Urgent cases regarding CSAM, NCII, terrorism-related content, or active security incidents must be clearly marked with "URGENT" in the subject line and are handled 24/7.

Vulnerability reports and security inquiries should be sent to: security@pixeladmin.com.

General legal questions, copyright notices, appeals of enforcement measures, and contractual inquiries should be directed to: legal@pixeladmin.com.

Our physical address for legal notices is:

PixelAdmin ApS
Att.: Legal
Falkoner Allé 90
2000 Frederiksberg
Danmark
Company Registration No. 45447588