Effective Date: 5 August 2025

Last Updated: 7 August 2025

This Privacy Policy explains how PixelForge (“we”, “us”, “our”) collects, uses, discloses, and protects personal data of users (“you”) in connection with your use of our website and services, and your rights under the GDPR and other applicable EU laws. Our practices are modelled on the Envato Privacy Policy principles.

1. Controller, DPO, and EU Representative

PixelForge is the Data Controller for your personal data.

Data Protection Officer (DPO):

📧 dpo@pixelforge.eu

EU Representative:

PixelForge OÜ, Sepapaja 6, 15551 Tallinn, Estonia

2. Data We Collect

2.1 Information you provide:

  • Account registration: name, email, billing address, VAT ID (if applicable).
  • Transactions: order history, payment tokens (via payment processor), support communications.
  • User-generated content: reviews, comments, feedback.

2.2 Information collected automatically:

  • Device/browser data, IP address, geolocation (approximate), log-ins, activity logs.
  • Usage analytics (via cookies and third-party services — see our Cookie Policy).

2.3 Third-party sources:

  • Payment processors (e.g., Stripe, PayPal) for transaction validation.
  • Support platforms (e.g., ticketing systems) when you submit inquiries.

3. Purpose and Legal Basis Table

Category Purpose Legal Basis (Art. 6 GDPR)
Account data To provide your account, enable login, manage orders Performance of contract (Art. 6(1)(b))
Transaction/payment info Fulfill purchases, issue invoices, fraud prevention Legal obligation (Art. 6(1)(c)); Legitimate interest (Art. 6(1)(f))
Analytics & usage data Improve site and products; monitor engagement Legitimate interest (Art. 6(1)(f)); Consent (Art. 6(1)(a))
Marketing preferences Email campaigns, newsletters Consent (Art. 6(1)(a))
Customer support records Respond to requests, assist with purchases Performance of contract (Art. 6(1)(b))
Cookies Functional, analytical, and marketing tracking Consent for non-essential cookies (Art. 6(1)(a))

4. How We Use Your Data

We use personal data to:

  • Create and manage your account.
  • Process transactions and deliver digital products.
  • Respond to support inquiries.
  • Send essential service updates and security alerts.
  • Analyze and improve site performance and template offerings.
  • Comply with legal obligations, including taxation and anti-fraud.

5. Retention Periods

We retain your data only as long as necessary for each purpose:

  • Account and profile data: 5 years after your last purchase.
  • Financial and invoicing records: 10 years (required by EU tax law).
  • Support communications: 2 years from last contact.
  • Marketing preferences (with consent): Until withdrawal of consent.

6. Sharing Your Data

We only share data with third-party service providers necessary for operations. These include:

  • Payment gateways (Stripe, PayPal)
  • Hosting and cloud providers (e.g. Vercel, AWS)
  • Email and communication platforms (e.g., MailerLite)
  • Analytics platforms (e.g., Google Analytics)

We do not sell, rent, or trade your personal data.

Data may be shared when legally required or in response to lawful government requests.

7. Data Transfers

Some processors operate outside the EU. When data is transferred internationally, we use:

  • Standard Contractual Clauses approved by the European Commission; or
  • Other legally valid mechanisms ensuring equivalent data protection.

8. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase your data (“right to be forgotten”)
  • Restrict or object to data processing
  • Data portability
  • Withdraw your consent at any time (e.g., via cookie banner or by emailing privacy@pixelforge.eu)
  • Not be subject to automated decision-making, including profiling, with legal or similarly significant effects
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at privacy@pixelforge.eu.

9. Automated Decision-Making

PixelForge does not engage in automated decision-making or profiling that produces legal effects or similarly significant consequences for individuals.

10. Cookies and Tracking

We use cookies and similar technologies for essential site functionality, analytics, and marketing (with your consent). See our full Cookie Policy for details and opt-out mechanisms.

You can manage or withdraw cookie consent via the “Cookie Settings” button available on every page.

11. Security Measures

We implement appropriate technical and organizational safeguards to protect your personal data, including:

  • SSL/TLS encryption
  • Secure infrastructure and access control
  • Role-based user access
  • Routine vulnerability checks
  • Data minimization and strict processor contracts

While we aim for robust security, no system is immune to threats.

12. Data Breach Notification

In the event of a personal data breach, we will assess the risk and notify the relevant supervisory authority within 72 hours, and affected users without undue delay where required by law.

13. Minors

PixelForge is not intended for use by individuals under the age of 16. If we become aware that a child has submitted personal data without parental consent, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy occasionally. The revised version will be posted here with a new effective date.

For material changes, we will notify you by email or through a site-wide alert at least 30 days before changes take effect.

15. Dispute Resolution

For out-of-court resolution, you may use the EU Online Dispute Resolution platform (ODR):

🔗 https://ec.europa.eu/odr

16. Contact Information

To exercise your rights or ask questions, please contact us:

  • Email: privacy@pixelforge.eu
  • Data Protection Officer: dpo@pixelforge.eu
  • Business Address: PixelForge OÜ, Sepapaja 6, 15551 Tallinn, Estonia
  • EU Representative: PixelForge OÜ, Sepapaja 6, 15551 Tallinn, Estonia