Trusting Pixels Inc. – Privacy Policy

Last updated: 23 July 2025

1. Who We Are

Trusting Pixels Inc. ("Trusting Pixels", "we", "our") is a British Columbia corporation located at 1285 W Broadway, Suite 600, Vancouver BC V6H 3X8, Canada. We provide software that analyses publicly available social‑media content to detect retouched or modified imagery and to audit compliance with retouch‑disclosure laws.

For privacy enquiries please contact info@trustingpixels.com.

2. Data We Collect

We may collect the following categories of personal data:

• Client contact data – first/last name, company, email, phone, billing address.
• Account credentials – username and password (hashed).
• Payment data – limited card details processed via Stripe (we do not store full PAN).
• Support communications – emails, tickets, surveys.
• Website analytics – IP address, device/browser info, usage events (Google Analytics).
• Social‑media content drawn from public platforms:
  • Images & videos (including visible faces);
  • Captions, hashtags, timestamps;
  • Public profile data (username, bio, follower counts);
  • Image metadata (camera, lens, colour profile, etc.);
  • Inferred attributes (e.g., hair colour, retouch score).

3. How We Collect Data

• Directly from you when you create an account, complete forms or correspond with us.
• Automatically via cookies, server logs and Google Analytics when you visit our website.
• From publicly available social‑media posts that we crawl or that you specify for audit.
• From service providers such as Stripe (payments) and Microsoft 365 Outlook/Excel (email/document storage).

4. Purposes & Lawful Bases

We process personal data only when a lawful basis applies:

• Legitimate Interests (Art 6 (1)(f) GDPR)
  • Crawl and analyse public social‑media content to generate retouch scores.
  • Train, benchmark and improve detection models.
  • Prevent fraud, secure and debug the Services.
• Contract Performance (Art 6 (1)(b))
  • Deliver dashboards, reports and APIs you purchase.
  • Process payments and provide customer support.
• Consent (Art 6 (1)(a))
  • Send newsletters or marketing communications where you opt‑in.

5. Retention

• Raw images & videos with faces (pseudonymised): retained as long as we have a continuing legitimate business or research need, reviewed at least every 24 months. Social‑media handles, retouch scores and other direct identifiers are removed or hashed; access is restricted to authorised R&D personnel.
• Account & billing data: kept for the life of the customer relationship plus seven (7) years for tax and audit.
• Support and analytics logs: deleted or anonymised after twenty‑four (24) months.
• Data‑subject erasure, objection and other rights are honoured unless an Article 89 research exemption applies.

6. Security Measures

We apply technical and organisational measures appropriate to risk, including:

• ISO 27001/SOC 1/2/3‑certified AWS facilities.
• TLS 1.2+ encryption in transit and AES‑256 encryption at rest.
• Role‑based IAM with enforced multi‑factor authentication and CloudTrail audit logs.
• Daily encrypted backups with cross‑Region replication.

7. Sub‑processors

• Amazon Web Services (AWS) – cloud hosting (Canada Central; may migrate to EU (Paris)).
• Stripe – payment processing.
• Google Analytics – website analytics.
• Microsoft 365 Outlook / Excel – email and document storage.

We sign Data Processing Agreements with all sub‑processors and publish updates at https://trustingpixels.com/legal/subprocessors.

8. International Transfers

EU‑sourced personal data is currently hosted in Canada, which benefits from an EU adequacy decision. We may migrate hosting to France (OVH Cloud) or another EEA location and will ensure equivalent safeguards under GDPR Chapter V.

9. Your Rights (GDPR Articles 15‑21)

You may request:

• Access to your personal data;
• Rectification of inaccurate data;
• Erasure (“right to be forgotten”);
• Restriction or objection to processing;
• Data portability.

Contact info@trustingpixels.com. We will respond within one (1) month. You also have the right to lodge a complaint with your local supervisory authority.

10. California Residents (Shine the Light & CCPA/CPRA)

California consumers may request, free of charge once per year, disclosure of:

• The categories of personal information (PI) collected in the preceding 12 months;
• The categories of sources and purposes;
• The categories of third parties with whom we shared PI.

You have the right to request deletion, correction and to opt‑out of any “sale” or “sharing” of PI (we do not sell personal data). Submit requests to info@trustingpixels.com. We will verify your identity before responding.

11. Children

The Services are not directed to individuals under 16 years of age. We do not knowingly collect data from children under 16.

12. Changes

We may modify this Privacy Policy from time to time. If we make material changes we will post the updated version and change the “Last updated” date. Continued use after posting constitutes acceptance.

13. Contact

Questions about this Privacy Policy? Email info@trustingpixels.com or write to Trusting Pixels Inc., 1285 W Broadway #600, Vancouver BC V6H 3X8, Canada.