Privacy Policy

Last Updated: January 2, 2026

This Privacy Policy describes how PixieDust Tech Ltd. (doing business as PixieLabs, "PixieLabs", "we", "us", "our") collects, uses, discloses, and protects information when you access or use our websites and web based platform (the "Platform"), including any related software, features, tools, integrations, APIs, and services (collectively, the "Services").

This Privacy Policy applies to individuals who visit our websites, create an account, use the Services, or otherwise interact with us ("you"). If you use the Services on behalf of an organization or a workspace (a "Customer"), the Customer may control certain information and settings for the workspace.

1) Who We Are, How to Contact Us

• Legal entity: PixieDust Tech Ltd. (Ontario, Canada)
• Address: 213 Sterling Rd., Unit 100, Toronto, Ontario, M6R 2B2, Canada
• Privacy contact: info@pixielabs.ca
• Support: support@pixielabs.ca

2) Scope and Roles (Controller, Processor)

Privacy laws use different terms for who "controls" personal information.

• PixieLabs as Controller: We act as a controller (or equivalent) for personal information we process to operate our business and Services, for example account administration, billing administration, marketing, analytics, and security.
• PixieLabs as Processor: When a Customer uses PixieLabs to create and manage projects, prompts, and generated outputs for its users, PixieLabs may process personal information on behalf of that Customer. In those cases, the Customer is typically the controller, and PixieLabs is the processor (or service provider) for that information.

3) Information We Collect

We collect information from (a) what you provide, (b) what is collected automatically, and (c) third parties and integrations.

3.1 Information You Provide

Account and workspace information

• Name, email address, password (stored as a secure hash), role, team or workspace name, and account settings.

Billing and transaction information

• Billing contact details, billing address, tax related details where required, subscription plan details, invoices, and payment status.
• Payment card details are collected and processed by our payment processor (Stripe). We do not typically store full payment card numbers.

Content you submit to the Services ("User Content")

• Prompts, scripts, text, images, audio, video, files, brand assets, character assets, project settings, and other content you upload or submit, including content generated by the Services ("Outputs").
• Collaboration content, for example comments, shared projects, and workspace activity.

Communications

• Support requests, emails, survey responses, and feedback you send to us.

3.2 Information Collected Automatically

Usage and analytics data

We use PostHog and similar tools to collect product analytics such as events and interaction data, feature usage, timestamps, and performance diagnostics, to understand how the Services are used and to improve reliability and user experience.

Log and security data

Our systems may process basic log and security information necessary to operate the Services, protect against abuse, and maintain reliability. This can include network and request data (for example IP address or similar identifiers) that are commonly processed by hosting and security infrastructure. We aim to minimize this data and retain it only as needed for operational and security purposes.

3.3 Information From Third Parties

We may receive information from:

• Payment processors (for example, confirmation of payment, card brand, last four digits, billing status),
• Identity and authentication providers (for example, Supabase, Auth0, if used),
• Analytics providers (for example, PostHog),
• Advertising and marketing partners (for example, Meta, LinkedIn, Google, depending on your cookie choices),
• Integrations you enable (when you connect third party services, we receive data necessary to provide the integration).

4) How We Use Information

We use information to operate, maintain, and improve the Services, including:

• Provide and operate the Services – Create and manage accounts, authenticate users, enable collaboration, process User Content to generate Outputs, and provide customer support.
• Billing and payments – Manage subscriptions, invoicing, payment confirmations, refunds where applicable, fraud prevention, and accounting.
• Improve and develop the Services – Debugging, product analytics, performance monitoring, and feature improvement.
• Safety, security, and integrity – Detect, prevent, and investigate abuse, fraud, and security incidents, enforce policies and terms, and protect the Services and users.
• Communications – Service related messages, security notices, billing updates, and support responses. Marketing communications where permitted, you can opt out as described below.
• Legal compliance – Comply with applicable laws and regulations, respond to lawful requests, and protect rights, safety, and property.

5) Generative AI and Content Specific Disclosures

PixieLabs includes features that generate content using machine learning and generative AI. This section explains how content is processed and your choices.

5.1 Processing User Content to Produce Outputs

To provide the Services, we process User Content you submit (for example prompts, scripts, images, audio, or video) to generate Outputs. This may involve routing your inputs through PixieLabs systems and selected model providers, applying transformations, and storing project artifacts you choose to save.

5.2 Use of User Content to Improve Models and Services (Opt Out Available)

Unless you (or your organization) opts out, PixieLabs may use User Content and Outputs to improve the Services, including to improve model performance, safety, and quality. This may include automated processing and, in limited cases, human review as described below.

How to opt out (email only):

You (or your workspace admin) may opt out by emailing info@pixielabs.ca and requesting an "AI training and improvement opt out" for your account or workspace.

Important notes:

• Opt out may not apply to data we must retain for security, abuse prevention, or legal compliance.
• We may still use aggregated or de-identified usage statistics (for example feature counts, performance metrics) to improve reliability and operations.

5.3 Enterprise, Bring Your Own API Key (BYO Key)

Enterprise Customers may be allowed to provide their own API keys for certain third party model providers and manage separate legal relationships with those providers. If you use BYO key:

• Requests may be sent to the model provider under your own account and under that provider's terms,
• PixieLabs may not control how that provider processes data, beyond what is described in the provider's documentation and your agreement with them,
• You are responsible for ensuring you have the rights and permissions to submit content to the provider and for configuring provider settings consistent with your compliance obligations.

5.4 Human Review

We may review content (including by trained personnel) in limited situations, such as:

• Responding to support requests you initiate (for example troubleshooting),
• Investigating suspected abuse, fraud, or security incidents,
• Enforcing our terms and policies,
• Improving safety and quality, consistent with your opt out choice where applicable.

Access to content is restricted and subject to confidentiality and access controls.

5.5 Output Accuracy and Responsibility

Generative AI outputs can be inaccurate, incomplete, misleading, or unsuitable for your purposes. You are responsible for:

• Reviewing and validating outputs before use,
• Ensuring compliance with applicable laws and regulations,
• Ensuring you have rights to use inputs you provide and outputs you publish, including rights related to privacy, publicity, and intellectual property.

PixieLabs does not provide legal, medical, financial, or professional advice through outputs.

5.6 Sensitive Data

We do not intentionally collect or request sensitive personal information (for example government issued IDs, precise health records, or biometric identifiers). Please do not submit sensitive personal information through the Services unless it is necessary and you have a lawful basis. If you submit such information, you remain responsible for compliance with applicable laws and obtaining any required consents.

6) Cookies, Pixels, and Similar Technologies

We use cookies and similar technologies for:

• Essential functions (authentication, security, session management),
• Preferences (language, settings),
• Analytics (understanding product usage, performance),
• Advertising and marketing (for example Meta Pixel, LinkedIn Insight Tag, Google Ads), where enabled.

Where required by law, we will present cookie consent controls. You can also control cookies through your browser settings, but disabling some cookies may affect functionality.

7) How We Share Information

We do not sell personal information. We do not share personal information for cross context behavioral advertising in jurisdictions where doing so would be considered a "sale" or "sharing" under applicable law, except where permitted and subject to your cookie choices.

We share information only as needed to provide the Services and operate our business, including:

• Service providers (processors) – Hosting and infrastructure (AWS), Authentication (Supabase, Auth0), Payments and billing (Stripe), Analytics (PostHog), Marketing and advertising partners (Meta, LinkedIn, Google), subject to your cookie choices, AI model and media providers (including OpenAI, Runway, ElevenLabs, Hedra, RunComfy, Replicate), as required to provide the features you use.
• Workspace sharing – If you are part of a team or workspace, workspace admins and authorized users may be able to view and manage content and activity within that workspace, including project content, prompts, and outputs, depending on workspace settings.
• Integrations you enable – If you connect third party services, we share data as needed to provide the integration.
• Legal, safety, and enforcement – To comply with law, respond to valid legal requests, protect rights and safety, and enforce our terms and policies.
• Business transfers – If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be disclosed or transferred as part of that transaction, subject to applicable law.

8) International Data Transfers

PixieLabs may process and store information in Canada, the United States, and the European Union, and other locations where our providers operate. Cross border transfers may occur.

Where required, we use appropriate safeguards for international transfers, such as contractual protections and other measures consistent with applicable law.

9) Data Retention and Deletion

9.1 While Your Account Is Active

By default, we retain User Content and Outputs until you delete them through the Services. You can delete projects, prompts, and outputs in the Platform.

9.2 After Cancellation

If you cancel:

• You may continue using remaining tokens for up to 60 days after cancellation,
• After that, your account may be placed into "deep freeze" for an additional 90 days (limited access, intended to allow recovery or reactivation),
• After the deep freeze period, we remove the account and associated content.

9.3 Exceptions and Legal Retention

We may retain certain information longer where necessary for:

• Billing, tax, accounting, and audit requirements,
• Security and abuse prevention,
• Legal claims and dispute resolution,
• Compliance with law.

10) Security

We implement administrative, technical, and organizational measures designed to protect information, including access controls, encryption in transit where appropriate, and monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11) Your Rights and Choices

Depending on where you live, you may have rights such as:

• Access to personal information,
• Correction and updating,
• Deletion,
• Objection to certain processing, and restriction,
• Data portability,
• Withdrawal of consent (where processing is based on consent),
• Opt out of marketing communications,
• Opt out of certain targeted advertising, where applicable.

To exercise rights, contact info@pixielabs.ca. We may request verification.

11.1 Marketing Opt Out

You can opt out of marketing emails using the unsubscribe link in the message or by contacting us at info@pixielabs.ca. You will still receive important service and billing communications.

11.2 Region Specific Notes (Non Exhaustive)

Canada (PIPEDA and provincial laws)

You may request access and correction. We respond consistent with applicable Canadian law.

EEA, UK, Switzerland (GDPR and UK GDPR)

You may have additional rights and the right to lodge a complaint with your data protection authority.

United States (including California and other state privacy laws)

You may have rights to know, access, delete, and correct, and to opt out of certain uses such as targeted advertising, depending on applicable state law. We do not discriminate for exercising rights.

12) Children's Privacy

The Services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact info@pixielabs.ca and we will take appropriate steps to delete it.

13) Third Party Sites and Services

The Services may link to third party websites or services. Their privacy practices are governed by their own policies. PixieLabs is not responsible for third party practices.

14) Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version and update the "Last Updated" date. If changes are material, we will provide additional notice where required.