Privacy Policy
Last updated: July 2026
What we collect
When you register, we store your email address and a hashed password. We never store raw passwords or raw API keys.
When you upload images, we store the image file in Cloudflare R2 and metadata (file size, dimensions, MIME type, upload date) in our database.
What we don't do
- We don't sell your data.
- We don't use your images for training AI models.
- We don't track you across the web.
- We don't use tracking cookies, cross-site trackers, or ad networks.
Analytics
We use Cloudflare Web Analytics to understand aggregate traffic. It is privacy-first: no cookies, no client-side state, and no fingerprinting, and it stores no personal data in your browser — so PixelVault needs no cookie-consent banner. The only thing we store in your browser is a login token (when you sign in), which is strictly necessary to keep you signed in.
Where your data lives
Your images and core account data are stored at rest in the European Union: image files in Cloudflare R2 (EU jurisdiction) and your account details and image metadata in our Neon PostgreSQL database (EU region). Our application runs on Cloudflare's global edge network, so each request is processed at the location nearest you. A couple of subprocessors (below) — transactional email and aggregate analytics — may process limited data outside the EU under standard data-protection safeguards.
Subprocessors
We rely on a small set of infrastructure providers, each under a data processing agreement:
- Cloudflare — image storage (R2, EU), CDN, edge compute, and cookieless analytics.
- Neon — PostgreSQL database (EU region) for account and image metadata.
- Plunk — transactional email (e.g. verification, password reset).
Data deletion
You can delete any image via the API. To delete your entire account, contact us at privacy@pixelvault.dev.
Contact
Questions about privacy? Email privacy@pixelvault.dev.