Privacy Policy

1. Introduction

Pixy ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered personal assistant service, including our website, mobile application, and related services (collectively, the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with these practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account and use Pixy, you may provide:

• Email address and name
• Username or handle
• Phone number
• Timezone and locale preferences
• Profile preferences and settings
• Text inputs, voice commands, and uploaded images
• Feedback and support correspondence

2.2 Information from Integrations

When you connect third-party services through OAuth or other authorization methods, we may receive:

• Google: Gmail messages, Calendar events, and associated metadata
• Notion: Pages, databases, and workspace content you authorize
• Strava: Activity data, workout history, and fitness metrics
• Other integrations: Data from additional services you choose to connect, as described at the time of authorization

We only access the data scopes you explicitly authorize and do not access more than what is necessary to provide the Service.

2.3 Information Collected Automatically

When you use our Service, we automatically collect:

• Device information (device type, operating system, browser type)
• IP address and approximate location
• Usage data (features used, interaction patterns, session duration)
• Cookies and similar tracking technologies
• Web beacons and pixel tags in emails

3. How We Use Your Information

We use the information we collect to:

• Provide and operate the Service: Deliver personalized AI-generated interfaces, responses, and recommendations
• Personalize your experience: Use your data and preferences to tailor Pixy's contextual stream to your needs
• Improve and develop the Service: Analyze usage patterns and feedback to enhance features and fix issues
• Provide customer support: Respond to your inquiries and resolve technical issues
• Ensure security: Detect, prevent, and address fraud, abuse, and security threats
• Communicate with you: Send service-related notices, updates, and promotional communications (with your consent)
• Comply with legal obligations: Meet applicable legal, regulatory, and compliance requirements

4. Data We Store

To provide Pixy's personalized experience, we store the following types of data:

• User profiles: Account information, preferences, and settings
• Conversations: Your interactions with Pixy, including text and voice inputs
• Memories: Contextual information Pixy learns about you over time to provide better assistance
• Calendar events: Synced calendar data from connected services
• Email extractions: Relevant information extracted from connected email accounts
• Custom apps and interfaces: Personalized screens and tools generated for you
• Voice and image logs: Voice command recordings and uploaded images processed by the Service

5. Service Providers

We work with trusted third-party service providers to operate and improve Pixy. These providers are contractually obligated to protect your data and may only use it for the purposes we specify. Categories of service providers include:

• Authentication providers: For secure account sign-in and identity verification
• Cloud infrastructure and database providers: For hosting, data storage, and processing
• AI and machine learning providers: For powering Pixy's natural language understanding, generation, and reasoning capabilities
• Voice synthesis providers: For text-to-speech and voice interaction features
• Image generation providers: For creating visual content within the Service
• Email delivery providers: For sending transactional and service-related emails
• Error monitoring and analytics providers: For identifying issues, measuring performance, and improving the Service

6. Disclosure and Sharing

We do not sell your personal information. We may share your information in the following circumstances:

• Service providers: As described in Section 5, to operate and improve the Service
• Legal requirements: When required by law, legal process, or government request
• Protection of rights: To enforce our Terms, protect our rights, privacy, safety, or property, or that of our users or the public
• Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, in which case your data may be transferred to the successor entity
• With your consent: When you explicitly authorize us to share your information with a specific third party

7. Children's Privacy

Pixy is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected information from a child under 13, we will take steps to delete that information as soon as possible.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

8. Your Choices

You have control over your data and can make the following choices:

• Manage integrations: Connect or disconnect third-party services at any time through your account settings
• Email preferences: Opt out of promotional emails by clicking the unsubscribe link in any marketing email or adjusting your notification settings
• Cookie preferences: Manage cookie settings through your browser or our cookie settings (where available)
• Analytics opt-out: Opt out of certain analytics tracking through your device or browser settings

9. Accessing and Deleting Your Data

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete personal data
• Deletion: Request deletion of your personal data, subject to certain legal exceptions

When you request account deletion, we initiate a complete data removal process that includes your profile, conversations, memories, integration data, and all associated records. Some data may be retained as required by law or for legitimate business purposes (e.g., fraud prevention) for a limited period.

To exercise these rights, contact us at [email protected].

10. Your Privacy Rights by Jurisdiction

10.1 California (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Opt out of the sale or sharing of your personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights
• Correct inaccurate personal information
• Limit the use and disclosure of sensitive personal information

10.2 Nevada

Nevada residents may opt out of the sale of certain personal information. We do not currently sell personal information as defined under Nevada law. If you are a Nevada resident and wish to submit an opt-out request, please contact us at [email protected].

10.3 Washington (My Health My Data Act)

If you are a Washington state resident, you may have additional rights regarding health-related data. To the extent Pixy processes any health-related data (such as fitness or wellness information from connected integrations), we do so in accordance with the Washington My Health My Data Act. You may request access to or deletion of such data by contacting us.

10.4 EEA/UK (GDPR)

If you are located in the European Economic Area or the United Kingdom, our legal bases for processing your personal data include:

• Consent: Where you have given explicit consent for processing
• Contract: Where processing is necessary to perform our contract with you (i.e., providing the Service)
• Legitimate interest: Where processing is necessary for our legitimate interests, such as improving the Service, provided these are not overridden by your rights
• Legal obligation: Where processing is necessary to comply with legal requirements

You have additional rights including the right to data portability, the right to restrict processing, and the right to object to processing. For international data transfers, we implement appropriate safeguards such as Standard Contractual Clauses.

11. Do Not Track and GPC Signals

Some browsers transmit "Do Not Track" (DNT) or Global Privacy Control (GPC) signals. We honor GPC signals as a valid opt-out request where required by applicable law. Currently, there is no industry-standard interpretation of DNT signals, and we do not alter our data practices in response to DNT signals alone.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security monitoring and vulnerability assessments
• Employee training on data protection practices

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

13. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

By using the Service, you consent to the transfer of your information to the United States and other countries. We take appropriate steps to ensure that your data is treated securely and in accordance with this Privacy Policy, including implementing Standard Contractual Clauses or other approved transfer mechanisms where required.

14. Cookie Policy

We use cookies and similar technologies to operate and improve the Service:

• Session cookies: Essential for authentication and maintaining your login state. These expire when you close your browser.
• Persistent cookies: Store your preferences and settings across sessions. These remain on your device until they expire or you delete them.
• Web beacons: Small electronic images used in emails and on the Service to measure engagement and track delivery.

Managing cookies: You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling cookies may affect the functionality of the Service.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or through a prominent notice within the Service.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: [email protected]