PixTagger

Privacy Policy

Last updated: 2026-05-09

Summary (in plain language)

  • Your photos and videos are used only to generate keywords and descriptions for you.
  • Your photos and videos are never used to train AI models— neither by us, nor by OpenAI (per OpenAI's API data policy).
  • Your photos and videos are deleted from our servers immediately after processing — typically within seconds. We do not keep permanent copies.
  • We do not sell your data. We do not run advertising networks.

1. Who We Are

PixTagger is operated from the Republic of Serbia. The data controller for the purposes of EU GDPR and similar laws is the owner identified at jokic.milos@gmail.com.

2. What We Collect

We collect the minimum data required to operate the Service:

  • Uploaded files (photos, video clips). Held in temporary storage only for the duration of one tagging request, then deleted.
  • Optional "Shoot notes" text you provide as context. Held only for the duration of the request.
  • Account information (email, hashed password or OAuth identifier) — once user accounts are introduced.
  • Operational logs — request timestamp, IP address, browser user-agent, billing events. Retained for fraud prevention, dispute (chargeback) defense, and compliance for up to 24 months.

3. How We Use It

We use the data only to:

  • Generate metadata (titles, descriptions, keywords).
  • Operate, secure, and improve the Service.
  • Process payments and prevent fraud.
  • Comply with legal obligations.

We do not use uploaded content to train any AI model.

4. Third-Party Processors

Your uploads are sent to OpenAI(gpt-4o-mini) for AI inference. OpenAI's policy states that API inputs and outputs are not used to train OpenAI models. See OpenAI API data usage policies.

Future versions of the Service may use additional processors (e.g. Cloudflare R2 for temporary upload storage with 24-hour auto-deletion, Paddle for payment processing). This page will be updated when those are introduced.

5. Data Retention

  • Uploaded files: deleted from our temporary storage immediately after processing — typically within seconds, never longer than 24 hours under any circumstance.
  • Generated metadata (titles, descriptions, keywords): returned to you and not stored on our servers. (Once accounts are introduced, you will be able to opt-in to history.)
  • Account and billing records: retained as long as your account is active, and for up to 24 months after closure for accounting and dispute resolution.

6. Your Rights (GDPR / similar)

If you are in the EU, UK, or another jurisdiction with similar laws, you have the right to access, correct, export, or delete your personal data. To exercise these rights, email jokic.milos@gmail.com from the address associated with your account. We respond within 30 days.

7. Security

All traffic is encrypted in transit (HTTPS). API keys and credentials are stored as encrypted environment variables. Access to operational systems is limited to the owner. No system is perfectly secure; in the event of a breach affecting personal data we will notify affected users without undue delay.

8. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from children.

9. Changes to This Policy

Material changes will be posted here with an updated "Last updated" date. Continued use of the Service after changes are posted constitutes acceptance.

10. Contact

Questions, requests, or complaints can be sent to jokic.milos@gmail.com.