Pixaroa logo Pixaroa

Our Commitment to Your Privacy

At Pixaroa, we believe that trust is the foundation of every great partnership. Our privacy policy is not a legal document buried in fine print—it's a clear, actionable guide to how we handle your information with the same care we apply to our craft.

This policy outlines our data practices for visitors to our studio website. For clients engaged in active projects, we supplement this with a dedicated Data Processing Agreement that details project-specific data handling, including GDPR compliance, hosting locations, and data retention schedules tailored to your engagement.

Read the Details Contact Our DPO
Workspace with laptop and code editor
Paris, France

What We Collect and Why

We limit data collection to what is strictly necessary for functionality, security, and service improvement. Here’s a transparent breakdown.

Contact Forms

When you submit a contact inquiry or a newsletter subscription, we collect your name, email address, and any message content. This is used solely to respond to your request or send the newsletter you opted into. We use a double opt-in process for subscriptions.

LEGAL BASIS: Consent

Website Analytics

We use a self-hosted analytics solution (not Google Analytics) to understand general user behavior—page views, session duration, and referral sources. All data is anonymized, IP addresses are truncated, and no personally identifiable information is stored. Cookies are only used for basic session functionality.

LEGAL BASIS: Legitimate Interest

Technical & Security Data

For security and functionality, we automatically log technical information such as browser type, operating system, and timestamps. This data is essential for debugging issues, ensuring our site renders correctly across devices, and protecting our systems from malicious activity. It is retained for 30 days in a secure log.

LEGAL BASIS: Legitimate Interest EC2 Server / Paris

Your Rights & Controls

Under the GDPR and CCPA, you have specific rights regarding your personal data. We have designed our processes to make exercising these rights straightforward.

1.

Access & Portability

Request a copy of the personal data we hold about you. We will provide it in a common, machine-readable format.

2.

Correction

Update any inaccurate or incomplete information. We verify changes to maintain data integrity.

3.

Deletion & Right to be Forgotten

Request the deletion of your personal data. We will comply unless we have a legal obligation to retain it (e.g., for tax records).

4.

Object to Processing

Object to the processing of your data for direct marketing purposes. You can unsubscribe from newsletters via the link in every email.

How to Exercise Your Rights

To make any request related to your data, please contact our designated Data Protection Officer (DPO) directly. We will respond within 30 days, with an explanation if the request is complex or we need to verify your identity.

Email: [email protected]
Address: 25 Rue de Charonne, 75011 Paris, France
Phone: +33 1 43 71 60 55
Hours: Mon-Fri, 9:00 - 18:00 CET

Sharing & Third Parties

We do not sell your data. We only share it with trusted partners under strict confidentiality agreements and only when necessary.

Secure server infrastructure

Infrastructure Partners

Our website hosting (e.g., Vercel, Netlify) and analytics services are hosted within the EU (typically France or Germany). These providers act as data processors under our instructions and are compliant with GDPR. We do not use analytics platforms that transfer data outside the EU/EEA.

Key Partners

  • Hosting: Vercel (EU)
  • Email: ProtonMail (Switzerland)
  • Newsletter: Mailcoach (EU)

No Cross-Border Sales

We do not transfer personal data to countries without adequate data protection standards (as defined by the EU Commission). Any future change to this will be reflected here with 30 days' notice.

Data Retention & Security

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected.

30

Technical Logs

Deleted automatically after 30 days.

24

Newsletter Data

Retained for the duration of your subscription + 24 months after unsubscription (for compliance audits).

10

Client Data

Per project contract + 10 years for tax/legal obligations.

Security First

We implement industry-standard security measures including HTTPS/TLS encryption, regular software updates, and access controls. However, no method of transmission over the internet is 100% secure. We use breach notification procedures in the unlikely event of a data incident.

Policy Updates

This policy was last updated on 2026-04-15. We will notify subscribers of material changes via email or by posting a prominent notice on our website. Your continued use of our site constitutes acceptance of the updated policy.

"Transparency in data handling is a fundamental aspect of professional design. It builds the trust that allows for creative freedom and a strong collaborative partnership."

— Pixaroa Studio Principle