Privacy and Cookie Policy
This policy describes how we collect, use, and protect your personal information.
1. Introduction
This privacy policy describes how PixelAdmin ApS (“we”, “us”, or “our”) collects, uses, and discloses personal data when you use our services (“the Service”). We are committed to protecting your privacy and treating your data in an open and transparent manner.
By using the Service, you acknowledge that you have read and understood this privacy policy. This policy is an integral part of our Terms of Service.
2. Data Controller
The entity responsible for processing your personal data is:
PixelAdmin ApS
CVR: 45447588
Falkoner Allé 90
2000 Frederiksberg
Denmark
PixelAdmin is not legally obligated to appoint a Data Protection Officer (DPO) under GDPR Art. 37, as our core activities do not consist of regular and systematic monitoring of data subjects on a large scale or processing of special categories of personal data on a large scale. However, we have appointed a dedicated privacy contact point that coordinates all inquiries regarding this policy, sub-processors, security incidents, and data subject requests. You can reach our privacy contact point at privacy@pixeladmin.com. As PixelAdmin is established in an EU member state, we are not required to appoint an EU representative under GDPR Art. 27.
3. Information We Collect and How We Use It
PixelAdmin is a multi-sided platform: we serve studios (our direct customers), the studios' brand clients (who access a Customer Portal), and end-recipients of delivered assets via share links. Different data categories are processed on different legal grounds depending on who you are and how you use the Service. Below is a breakdown of each category, what information is collected, why it is processed, and the legal basis.
3.1. Marketing Site Visitors & Cookies
When you visit pixeladmin.com, we process technical data such as your IP address, browser details, and referrer, and we use cookies to ensure website functionality and collect analytics. This helps us understand user interaction and improve our Service.
For users in the European Economic Area (EEA), the legal basis for processing essential cookies is our legitimate interest (GDPR Art. 6(1)(f)) in providing a functional website. For all other cookies (e.g., analytics, marketing), the legal basis is your consent (GDPR Art. 6(1)(a)). See Section 4 for full cookie information.
Specifically, the following third-party tools are loaded on the marketing site, and only when you have given the appropriate consent: Google Analytics 4 and Microsoft Clarity for statistics (requires statistics consent), as well as Meta Pixel and LinkedIn Insight Tag for conversion tracking and remarketing (requires marketing consent). Google Analytics runs in Google Consent Mode v2, meaning the script is always present to respect your consent choice but does not set identifying cookies or perform full measurement until consent is granted.
We do not use third-party CRM, marketing automation, or data enrichment platforms on the marketing site. Specifically, we do not use HubSpot, Salesforce, Pipedrive, Marketo, ZoomInfo, Apollo, Clearbit, or similar tools to enrich or profile visitors, nor do we purchase supplemental contact data from external source data providers.
3.2. Inquiries
When you contact us via email, phone, our contact form, or by booking a demo, we process the personal data you provide (e.g., name, email, phone number, company, message content) to respond to your inquiry. For EEA users, the legal basis is our legitimate interest (GDPR Art. 6(1)(f)) in handling relevant inquiries. We retain this data until it is clarified whether you will become a customer, up to a maximum of 24 months from the last contact.
The contact form and demo booking feature on pixeladmin.com send your input directly to our internal Azure Communication Services-based email backend, hosted by Microsoft Ireland Operations Ltd in EU regions (cf. Section 5.1). We do not use an external booking service like Calendly or Cal.com, and your inquiry is not routed to a third-party CRM platform.
3.3. Studio Operator Data (Our Direct Customers)
Studios enter into a subscription agreement with us and become our direct customers. To set up and manage the studio's account, we process names, email addresses, phone numbers, job titles, company details, and payment information for the individuals representing the studio (administrators, billing contacts, end-users of the studio panel). This processing is necessary for the performance of our contract with the studio (GDPR Art. 6(1)(b)) and to comply with legal obligations (GDPR Art. 6(1)(c)).
To authenticate studio users, we use Microsoft Entra ID as our identity platform. Microsoft acts as our data processor, processing login-related information (email, password hash, MFA factors, session tokens, login IP, and device fingerprint) upon our instruction. The Microsoft Entra ID for the studio panel is strictly separated from the Azure AD B2C used for the brand portal (see 3.4).
For the content a studio uploads to the Service on behalf of its brand clients—including photos, customer details, product data, and workflow data—the studio is the Data Controller, and PixelAdmin acts as the Data Processor. Our respective obligations are detailed in our Data Processing Agreement (DPA).
3.4. Brand Portal User Data (Customer Portal)
The Customer Portal (portal.pixeladmin.com) allows the studios' brand clients to review, approve, comment on, and download deliverables—and, on paid tiers, trigger omnichannel distribution. Brand portal users fall into two subcategories with different legal bases:
- Invited Portal Users (Free Tier): Users invited by a studio on behalf of a brand. We process name, email, job title, phone number (optional), brand affiliation, and the inviting studio. The legal basis is the inviting studio's legitimate interest (GDPR Art. 6(1)(f)) in collaborating with existing clients in a secure and traceable manner. The studio has conducted a Legitimate Interest Assessment (LIA), documented prior to the invitation, which factors in the pre-existing client or vendor relationship between the studio and the brand. You have the right to object to this processing, as detailed in Section 7.
- Self-Signup Portal Users (Pro/Business/Enterprise): Users who create an account themselves and enter into a paid brand subscription with PixelAdmin. We process name, email, job title, company details, billing address, payment information, and account settings. The legal basis is contract performance (GDPR Art. 6(1)(b)), and here PixelAdmin acts as an independent Data Controller toward the portal user—not as a data processor for a studio.
To authenticate brand portal users, we use Azure AD B2C, a customer identity service provided by Microsoft. Azure AD B2C processes login-related information (email, password hash or social login claims from federated providers, MFA factors, session tokens, login IP, and device fingerprint) upon our instruction as a data processor. The Azure AD B2C tenant for the brand portal is logically and contractually separated from the Microsoft Entra ID tenant for the studio panel, and user accounts and credentials do not cross between the two.
If you log into the brand portal via a federated identity provider (e.g., Google or Microsoft Account), Azure AD B2C receives the claims sent by the federated provider (typically email, name, and a stable user identifier). In this context, the federated provider acts as an independent data controller for its own profile processing.
3.5. Product Catalog and Asset Metadata
As part of normal use of the Customer Portal and studio panel, we process product data (SKUs, product names, variants, descriptions, categories), asset metadata (filenames, dimensions, formats, EXIF data, AI-generated tags, manual tags, approval status), and workflow data (comment threads, approvals, deliverables). This data may contain limited personal information, such as when comments include names or when EXIF data contains photographer details.
For data uploaded by a studio on behalf of a brand, the studio is the data controller and PixelAdmin is the data processor. For data uploaded or edited directly by a brand portal user on a paid self-serve subscription, PixelAdmin is a joint controller with the branded company. In both cases, the data is used exclusively to deliver the requested features.
3.6. AI Processing Data
PixelAdmin offers optional AI features, including automated image tagging, visual search, and ad hoc image transformations (e.g., background removal and contextual edits). When a studio admin or brand portal user enables or triggers an AI feature, we send the relevant inputs—typically the image file, a short text prompt, and contextual metadata—to Google Cloud Vertex AI Gemini, hosted in the europe-west4 region (Netherlands) by Google Ireland Ltd. as our data processor.
PixelAdmin has configured the integration to run in "no-training mode": neither prompts, images, nor model outputs are used by Google to train, fine-tune, or improve Gemini's foundation models or any other Google services. Input data is not cached beyond the inference itself, and there is no persistent storage of our transmitted data at Google. The resulting output (tags, embeddings, transformed image) is returned to our platform and processed according to the retention policy described in Section 6.
The legal basis depends on who triggers the AI feature. When a studio activates AI features on behalf of a brand, the studio is the data controller (GDPR Art. 6(1)(b) or (f)) and PixelAdmin is the data processor; this usage is covered in the DPA. When a brand portal user on a paid self-serve subscription triggers an AI feature, PixelAdmin is the data controller based on contract performance (Art. 6(1)(b)). You can always choose not to enable AI features; see Section 9 for further transparency and opt-out details.
3.7. Usage Analytics (Portal Events)
Inside the Customer Portal and studio panel, we log technical events to ensure stability, troubleshoot, measure feature adoption, and fulfill audit requirements. Examples include page views, button clicks, asset downloads, login timestamps, API calls, IP address, user agent, and product ID. This data is tied to an authenticated user account. The legal basis is our legitimate interest (GDPR Art. 6(1)(f)) in operating and improving the Service and meeting security and compliance obligations.
Usage analytics data is not exported to third-party analytics partners outside our Azure environment (see Section 5) and is not linked to marketing cookies; this means portal events are intentionally isolated from the analytics and advertising cookies active on the marketing site.
3.8. Share Link Recipients
Studios and brand portal users can generate public share links (share.pixeladmin.com/[token]) to grant recipients without an account access to view or download specific deliverables. When a recipient opens such a link, we log technical data: the link's token ID, IP address, user agent (browser and OS), timestamp, and which assets were accessed or downloaded. No account is created, and we do not ask for a name or email.
The sole purpose is auditing, security, and abuse detection on behalf of the studio or brand that generated the link. The legal basis is our and the sender's legitimate interest (GDPR Art. 6(1)(f)) in tracking access and detecting unauthorized resharing. Activity logs are retained for 90 days and are never used for marketing or profiling.
3.9. Billing Data for Brand Subscriptions
For brand portal users on paid subscriptions (Pro, Business, Enterprise), we process billing data: company name, billing address, VAT number, billing contact person, payment method token, transaction ID, subscription period, and invoice history. This data is necessary to perform the subscription agreement (GDPR Art. 6(1)(b)) and to comply with Danish bookkeeping and VAT legislation (Art. 6(1)(c)).
The actual card and account details are processed directly by our PCI-DSS-certified payment provider; PixelAdmin only stores payment method tokens and cannot see full card numbers.
3.10. Newsletter Subscribers
If you subscribe to our newsletter, we process your email address and name to send you marketing communication based on your explicit consent. You can withdraw your consent at any time via the unsubscribe link in every email. For EEA users, the legal basis is GDPR Art. 6(1)(a).
3.11. Accounting
We are obligated to retain accounting records, such as invoices, which may contain personal data, to comply with legal obligations. For EEA users, this is based on the Danish Bookkeeping Act (GDPR Art. 6(1)(c)). See Section 6 for retention periods.
3.12. Job Applicants
When you apply for a job with us, we process the information you provide in your application based on your consent (GDPR Art. 6(1)(a)). You can withdraw your consent at any time by contacting us. If you do so, we will no longer be able to evaluate your application.
We retain your application for up to 6 months after the recruitment process has concluded, after which it is deleted. Unsolicited applications are retained for up to 6 months, after which they are deleted, unless we agree otherwise with you.
Job applications are received either directly via email at job@pixeladmin.com or via the recruitment tool specified at any given time in the specific job posting. We do not use profiling or automated screening in the recruitment process, and all applications are reviewed by a human.
3.13. Special Categories of Personal Data and Biometrics
We do not intentionally process special categories of personal data as defined in GDPR Art. 9 (e.g., health data, racial or ethnic origin, religious beliefs, trade union membership, sexual orientation, or biometric data for the unique identification of natural persons) or data relating to criminal convictions (Art. 10) as part of the normal operation of the Service. Studio and brand portal users are contractually obligated via our Acceptable Use Policy and Data Processing Agreement not to upload such data unless an appropriate basis has been explicitly agreed upon.
Our AI features (auto-tagging, visual search, image transformations) do not perform facial recognition, biometric identification, or biometric categorization of natural persons within the meaning of GDPR Art. 9(1) and EU AI Act Art. 5. The model generates descriptive tags and general visual embeddings, and does not link an output to the identity of a specific person. If a studio nevertheless wishes to use portrait photography of identifiable models or employees, it is the studio's own responsibility to secure a lawful basis for the processing, in which case PixelAdmin can assist with a Data Protection Impact Assessment (DPIA) under Art. 35.
3.14. Children
PixelAdmin is a business-to-business (B2B) service. The Service is not directed at individuals under 16, and we do not knowingly collect personal data about children under 16. If we become aware that a minor has provided personal data via the marketing site, contact form, or a portal account without valid consent from the holder of parental responsibility, we will delete the data without undue delay. If you are a parent or guardian and believe your child has provided personal data to us, please contact privacy@pixeladmin.com.
5. Data Processors and Third-Party Disclosure
We engage trusted third-party service providers (Data Processors) to perform certain functions on our behalf. We have entered into Data Processing Agreements with these providers to ensure the protection of your data, and they may only process data according to our documented instructions. Where we share data with a third party that independently determines the purposes and means, that third party acts as an independent Data Controller—this is detailed separately in 5.2.
For a detailed list of data processors used for analytics and advertising cookies on the marketing site, please refer to Section 4.
5.1. Core Platform Sub-Processors
Our core platform (studio panel, Customer Portal, asset storage, AI features, and self-serve subscription billing) is built on three underlying sub-processors. Microsoft Ireland Operations Ltd and Google Ireland Ltd are established in the EU and process data exclusively in EU regions; for these two, Standard Contractual Clauses (SCCs) are not required for the direct transfer between PixelAdmin and the sub-processor. Stripe Payments Europe Ltd is also established in Ireland but operates a global payment processing network, so SCCs and a Transfer Impact Assessment are in place for operations where Stripe's non-EU/EEA affiliates may be involved.
| Sub-Processor | Role and Purpose | Location | Transfer Mechanism |
|---|---|---|---|
| Microsoft Ireland Operations Ltd | Cloud hosting (Azure), databases, storage, authentication (Microsoft Entra ID for the studio panel and Azure AD B2C for the brand portal), and operational logs. Processes essentially all personal data flowing through the Service. | EU (primarily West Europe / North Europe), Ireland | Not required (EU-to-EU) |
| Google Ireland Ltd | AI inference via Vertex AI Gemini for auto-tagging, visual search, and image transformations. Only processes images, prompts, and contextual metadata specifically sent as input to an AI feature. Runs in no-training mode with no persistent storage. | europe-west4 (Netherlands) | Not required (EU-to-EU) |
| Stripe Payments Europe Ltd | Payment processing and subscription billing for brand portal users on Pro, Business, and Enterprise tiers: card payments, SEPA direct debit, invoice handling, renewals, refunds, and chargeback management. Stripe acts as an independent data controller for card data collected in Stripe's payment forms, and as a data processor for PixelAdmin regarding subscription metadata. PCI-DSS Level 1 certified. PixelAdmin does not store card data. | EU (Ireland), with supplementary global infrastructure for payment processing | Stripe DPA + SCC (Module 2 and Module 3) for global payment processing |
Microsoft Ireland Operations Ltd, Google Ireland Ltd, and Stripe Payments Europe Ltd are all legally established in Ireland and subject to EU data protection laws. Microsoft and Google have published commitments regarding EU data residency for the specific services we use, and PixelAdmin has entered into the relevant Data Processing Agreements. For Stripe, Stripe's Data Processing Agreement applies alongside associated Standard Contractual Clauses (Module 2 and Module 3), covering global payment processing stages where data may potentially be accessed outside the EU/EEA.
An updated list of approved sub-processors, including any future additions, is provided as an appendix to our Data Processing Agreement (DPA), and studios will be notified of material changes in advance in accordance with the DPA.
5.2. Independent Data Controllers (Omnichannel Recipients)
Business and Enterprise brand portal users can enable omnichannel distribution, pushing approved assets and product data to external sales and marketing platforms of their choice. When data leaves PixelAdmin and is handed over to such a platform, our role as a data processor ends, and the receiving platform processes the data as an independent data controller (or as a processor to the brand) based on the agreements the brand has established directly with the recipient.
Examples of recipient platforms that brands can choose to connect with PixelAdmin include:
- Shopify (Shopify International Ltd): E-commerce platform receiving product data, images, and variants for webshop display.
- Zalando (Zalando SE): Marketplace receiving product data and images for onboarding articles into the Zalando catalog.
- Other PIM, ERP, E-Commerce, and Marketplace Systems that the brand configures via the PixelAdmin integration catalog (e.g., Akeneo, Magento, BigCommerce, Amazon Seller Central, Boozt, About You). The full list depends on the active subscription and the integrations the brand has opted into.
PixelAdmin executes these transfers strictly according to the brand's documented instructions (typically via an active integration selected in the portal). We do not independently disclose data to these recipients for commercial or marketing purposes, nor do we receive any compensation from them. The brand is responsible for ensuring a lawful basis for its own data transfers and for establishing any required agreements with the recipient (e.g., controller-to-controller agreements or their own data processing agreements).
We encourage brand portal users to read each recipient's privacy policy to understand how they subsequently process data. These policies can be accessed directly on their respective websites.
5.3. Other Recipients
In addition to the above, we may disclose personal data to public authorities when legally required (e.g., requests from tax authorities, police, or courts), as well as to professional advisors (auditors, lawyers) bound by confidentiality, when necessary to protect our legitimate interests.
6. Data Retention
We only retain personal data for as long as necessary to fulfill the purposes for which it was collected, including meeting any legal, accounting, or reporting requirements. The specific retention period for each data category is determined by its purpose and our legal obligations, and is summarized in the table below.
| Data Category | Retention Period | Notes |
|---|---|---|
| Studio-Uploaded Customer Data (Assets, Comments, Workflow) | Per the primary DPA between PixelAdmin and the studio | The studio is the data controller and determines retention; upon DPA termination, data is deleted or returned according to the studio's instructions. |
| Brand Portal Free (Invited Users, No Subscription) | 12 months from last login + 30 days advance notice + 90-day recovery window | We provide 30 days notice before expiration and a 90-day window to reactivate the account by upgrading. Afterwards, data is permanently deleted. |
| Brand Portal Pro / Business / Enterprise (Paid Subscription) | Unlimited during the subscription period; 90-day recovery after subscription termination | Data is retained as long as the subscription remains active. Upon termination, there is a 90-day recovery period, after which all content data is deleted. |
| Identity Data (Account Name, Email, Profile) | As long as the account is active + 12 months post-termination | Applies to both Microsoft Entra ID (studio panel) and Azure AD B2C (brand portal). The 12-month period is maintained for support, billing, and dispute resolution purposes. |
| Billing Data (Invoices, Payment Records) | 5 years from the end of the financial year the invoice relates to | Statutory requirement under § 12 of the Danish Bookkeeping Act and VAT regulations. |
| Audit Logs / Security Logs | 12 months | Login events, administrative actions, integration calls. Used for abuse detection, troubleshooting, and compliance with PixelAdmin's internal security controls and standard industry practices for log retention. |
| AI Prompts and Outputs (Vertex AI Gemini) | Not stored by sub-processor; retained by PixelAdmin alongside the associated asset | Google Cloud Vertex AI is configured for zero retention/no-training mode. AI outputs (e.g., tags, transformed images) are stored by us as standard asset metadata, subject to the same rules as the underlying asset. |
| Share Link Activity Logs (share.pixeladmin.com) | 90 days | IP, user agent, asset ID, timestamp. Used for auditing and abuse detection. Automatically deleted after 90 days. |
| Usage Analytics (portal events) | 13 months | Aggregated reporting is retained longer without personally identifiable information. |
| Inquiries (contact form, email, demo bookings) | 24 months from last contact | Shorter upon explicit request for deletion. |
| Newsletter | Until consent is withdrawn | Unsubscribe link in every email. |
| Job Applications | Up to 6 months after the recruitment process ends | Automatically deleted thereafter, unless otherwise agreed. |
Where legislation requires longer retention (e.g., for legal claims or audits), the period is extended accordingly. Upon deletion, industry-standard secure deletion procedures are applied, including the cryptographic erasure of encryption keys in cases where data cannot be immediately removed from backups.
7. Your Data Protection Rights
Depending on your location, you may have certain rights regarding your personal data. We are committed to upholding these rights.
To exercise any rights you may have, please contact us at privacy@pixeladmin.com. We may require you to verify your identity before responding to such requests.
7.1. Rights for EEA Residents (GDPR)
If you are a resident of the European Economic Area (EEA), you have the following rights under the GDPR:
- The right to access: You have the right to request a copy of the personal data we hold about you.
- The right to rectification: You have the right to request the correction of inaccurate or incomplete data.
- The right to erasure (“right to be forgotten”): You have the right to request the deletion of your personal data under certain conditions.
- The right to restrict processing: You have the right to request the restriction of processing of your personal data under certain conditions.
- The right to data portability: You have the right to receive your data in a structured, commonly used, and machine-readable format.
- The right to object: You have the right to object to the processing of your personal data under certain conditions.
- The right to withdraw consent: Where the processing is based on your consent, you have the right to withdraw it at any time.
You also have the right to lodge a complaint with a supervisory authority. In Denmark, the competent authority is Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, phone +45 33 19 32 00, email dt@datatilsynet.dk. Further information on the complaints procedure, including an online complaint form, can be found at www.datatilsynet.dk. If you reside in another EEA country, you may similarly lodge a complaint with the competent supervisory authority in your home country.
7.2. Rights for US Residents
This section supplements the information contained in our Privacy Policy and applies solely to all visitors, users, and others who reside in certain US states that have adopted their own privacy laws, such as California (CCPA), Virginia (VCDPA), Colorado (CPA), and others. We adopt this notice to comply with these laws.
Depending on your state of residence, you may have the following rights:
- Right to Know and Access: The right to request information about the categories and specific pieces of personal information we have collected about you.
- Right to Deletion: The right to request the deletion of your personal information, subject to certain exceptions.
- Right to Correction: The right to request the correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: You have the right to opt out of the “sale” or “sharing” of your personal information. While we do not sell your data for money, our use of third-party advertising cookies may be considered “sharing” under certain US state privacy laws. You can exercise your right to opt out of this activity by declining advertising cookies via our cookie consent manager.
To exercise these rights, please contact us at privacy@pixeladmin.com. We will not discriminate against you for exercising any of your privacy rights.
7.3. Rights for Residents of the UK and Switzerland
If you are a resident of the United Kingdom, you have essentially the same rights as under the EU GDPR, as the UK GDPR and the Data Protection Act 2018 apply. Complaints can be lodged with the Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom (ico.org.uk).
If you are a resident of Switzerland, your personal data is protected by the revised Swiss Federal Act on Data Protection (revFADP), which largely corresponds to the GDPR. Complaints can be lodged with the Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, Switzerland (edoeb.admin.ch). For transfers from Switzerland to the US, we use Standard Contractual Clauses adapted to Swiss conditions, supplemented by our Transfer Impact Assessments (TIAs).
7.4. Processing Data Subject Requests
We respond to data subject requests without undue delay and no later than one month after receipt, cf. GDPR Art. 12(3). This deadline may be extended by a further two months if the request is complex or if we receive many simultaneous requests; in such cases, we will inform you of the extension and the reasons for it within the first month. Processing is free of charge unless your request is manifestly unfounded or excessive—in which case we may either charge a reasonable fee or refuse the request, providing written justification.
For security reasons, we may request reasonable proof of your identity before disclosing or altering personal data. We will strive not to collect more identity documentation than strictly necessary. If you are a user of the studio panel or brand portal, many requests (access, rectification, export) can be fulfilled via self-service through the profile page in the respective portal.
Where PixelAdmin acts as a data processor for a studio or another data controller (e.g., for images, comments, or workflow data uploaded to the studio panel), we will forward the request to the relevant data controller without undue delay and assist to the extent necessary under our DPA. In such cases, the data controller is obligated to make a decision regarding the request.
8. Data Security
Protecting your data is our top priority. We have implemented comprehensive technical and organizational security measures designed to safeguard your personal information against accidental or unlawful destruction, loss, alteration, and unauthorized access.
Our platform is built on enterprise-grade infrastructure, and our security practices are continuously reviewed and updated to meet the latest industry standards. We treat your data with the utmost care and are committed to its protection.
We comply with GDPR Art. 25 on data protection by design and by default. In practice, this means that new features undergo a privacy review before release; default configurations minimize the amount of personal data processed and limit who has access to what; internal access is governed by need-to-know and least-privilege principles; encryption and pseudonymization techniques are used wherever practical; and logging and monitoring are enabled by default to quickly detect security incidents.
Where a processing activity initiated by a studio or brand portal user is likely to result in a high risk to the rights and freedoms of natural persons—for example, large-scale processing of identifiable models in portrait photography—we assist the data controller in carrying out a Data Protection Impact Assessment (DPIA) under GDPR Art. 35, including by providing technical and organizational documentation about the Service.
If we detect a personal data breach, we follow a defined incident response procedure. When PixelAdmin is the data controller, we notify the Datatilsynet without undue delay and, where feasible, no later than 72 hours after having become aware of it, cf. GDPR Art. 33, and we notify the data subjects directly if the breach is likely to result in a high risk to their rights, cf. Art. 34. When PixelAdmin is a data processor, we notify the data controller without undue delay in accordance with our DPA.
While we employ industry-leading security practices, it is important to acknowledge that no digital system can be guaranteed to be 100% invulnerable. However, we are dedicated to maintaining a secure and reliable environment for your data.
For our customers where we act as a data processor under the GDPR, further details regarding our data protection measures are outlined in our Data Processing Agreement (DPA).
9. AI Features and Automated Processing
PixelAdmin offers a range of optional AI features designed to help studios and brand portal users work faster with large volumes of visual content. These features are activated at the user's initiative and can be disabled at any time. This section explains what the AI features do, where data is sent, the legal assessment we have conducted, and how you can opt out.
9.1. Which AI Features We Offer
- Auto-tagging: The model analyzes an uploaded image and suggests descriptive tags based on the visual content (e.g., product type, color, material, scene). Tags are reviewed by the user before final application.
- Visual Search: The model generates a numerical representation (embedding) of an image, allowing users to find similar assets across the library.
- Ad Hoc Image Transformations: The model performs specific edits on demand, such as background removal, inpainting, upscaling, or contextual adjustments described via a text prompt.
9.2. Model Provider and Data Processing
Our AI features are powered by Google Cloud Vertex AI Gemini, provided by Google Ireland Ltd. Inference runs in the europe-west4 region (Netherlands). When an AI feature is triggered, we send the image or embedding, along with a short text prompt and contextual metadata, to Vertex AI. PixelAdmin has disabled data caching, prompt logging, and human review (zero data retention) for our Vertex AI project.
Neither images, prompts, nor model outputs are used to train, fine-tune, or improve Google Gemini's foundation models or other Google services. This is confirmed in our Data Processing Agreement with Google Ireland Ltd and is technically enforced via Vertex AI's configuration. Outputs (tags, embeddings, transformed images) are returned to the PixelAdmin platform and stored by us following the same retention rules as the associated asset (see Section 6).
We do not share AI inputs with other AI vendors, nor do we use outputs from the AI features for commercial profiling or marketing directed at individual users.
9.3. Assessment Under GDPR Art. 22 (Automated Decision-Making)
The AI features in PixelAdmin do not constitute automated decisions producing legal effects or similarly significantly affecting individuals within the meaning of GDPR Art. 22. The features generate suggestions (tags, similar images, edited versions) that are always subject to human review, editing, and final approval by the studio or brand portal user before they take practical effect. Therefore, Art. 22 does not apply to these features.
9.4. Transparency Under EU AI Act Art. 50
The Artificial Intelligence Act (Regulation (EU) 2024/1689, the “EU AI Act”) enters into force in stages. The transparency obligations in Art. 50 apply from August 2, 2026, and require, among other things, that users are informed when they interact with or receive content generated by an AI system. PixelAdmin complies with these obligations by:
- Clearly labeling all AI-generated tags and suggestions in the user interface as “AI-generated”.
- Marking AI-performed image transformations with metadata (C2PA-compliant provenance, where technically feasible) and a visible label in the platform.
- Identifying the model provider (Google Vertex AI Gemini) in this policy so users know who is technically delivering the AI model.
- Making this section available as our binding transparency notice, which also applies to brand portal users and share link recipients who interact with AI-generated images.
9.5. Opt-Out and Deactivation
AI features are never required to use PixelAdmin. Studios can disable AI features for their entire organization under “Settings → AI Features”, and brand portal users can choose not to trigger AI features during upload or editing. If AI features are disabled, no images or prompts will be sent to Vertex AI for that account. Previously AI-generated tags and outputs are not affected by the deactivation but can be deleted upon request as part of the standard rights described in Section 7.
10. International Data Transfers
PixelAdmin is established in Denmark, and our primary data processing takes place within the European Union. Our two key sub-processors—Microsoft Ireland Operations Ltd and Google Ireland Ltd—are both Irish companies, and the services we use run in EU regions (primarily Microsoft Azure West/North Europe and Google Vertex AI europe-west4). Therefore, the transfer itself between PixelAdmin and these sub-processors does not trigger a third-country transfer issue under GDPR Chapter V.
We recognize, however, that the parent companies (Microsoft Corporation in the US and Alphabet/Google LLC in the US) may in certain situations be obliged to disclose data under US law, including the CLOUD Act, if their US entities can access the data. We mitigate this risk through a combination of technical, contractual, and organizational measures:
- Encryption keys for customer assets are managed by PixelAdmin via Azure Key Vault in the EU. Sub-processor platform administrators cannot easily decrypt plaintext content without our active participation.
- EU Data Boundary commitments from Microsoft and data residency guarantees from Google for the specific services ensure that the storage and processing of customer data take place in the EU.
- Standard Contractual Clauses (SCC) from 2021 are included in our agreements as an extra safeguard to cover any potential residual transfers to the US, supplemented by Transfer Impact Assessments (TIA).
- Both Microsoft and Google have publicly committed to legally scrutinizing all government requests, notifying customers where lawful, and challenging unwarranted requests.
If we engage a sub-processor established outside the EU/EEA in the future, we will first enter into SCCs, conduct a TIA, and notify studios in accordance with the DPA. Brand portal users will be informed via an update to this policy. If you have questions about a specific transfer, you can contact us at privacy@pixeladmin.com.
11. Changes to this Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Last Updated” date.
You are advised to review this policy periodically for any changes.
12. Language and Interpretation
This Privacy Policy is provided in multiple languages for your convenience. The Danish version of this Privacy Policy is the governing version.
In the event of any discrepancies between the Danish version and a translated version, the Danish version shall prevail, except where prohibited by law. For provisions applying exclusively to US residents, the English version shall govern.
13. Contact Us
If you have any questions about this Privacy Policy, please contact us at privacy@pixeladmin.com.