Privacy Policy

Pixl ("Pixl", "we", "us", or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, share, and protect information in connection with our identity verification platform, website at pixl.ai, and all associated services (collectively, the "Services").

Please read this policy carefully. By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms described here, please do not use our Services.

Pixl is an intelligent identity infrastructure company providing AI-powered identity verification, biometric authentication, KYC/KYB compliance, and fraud prevention solutions to regulated enterprises globally.

Data Controller:

• Company: Pixl (PixDynamics Pvt. Ltd.)
• Registered Address: Unit No. III A-2, 3rd Floor, Phase II, Carnival Infopark, Kakkanad, Kochi - 682 042, Kerala, India
• Privacy Email: privacy@pixl.ai
• General Contact: connect@pixl.ai
• Phone: +91 79944 31839

Depending on how you interact with our Services - whether as a website visitor, API integration partner, or an end user being verified - we may collect the following categories of data:

We use personal data only for the purposes described below and only to the extent necessary for those purposes:

We do not sell your personal data to third parties. We do not use personal data for automated decision-making that produces legal or similarly significant effects without human oversight.

Where GDPR or equivalent legislation applies, we rely on the following legal bases for processing your personal data:

• Contract Performance (Art. 6(1)(b) GDPR): Processing necessary to fulfil our contractual obligations to business clients and their end users.
• Legal Obligation (Art. 6(1)(c) GDPR): Processing required to comply with applicable laws and regulatory requirements, including AML and KYC obligations.
• Legitimate Interests (Art. 6(1)(f) GDPR): Processing necessary for fraud prevention, platform security, and service improvement, balanced against data subject rights.
• Explicit Consent (Art. 6(1)(a) & Art. 9(2)(a) GDPR): For biometric and special category data, and for optional communications such as marketing newsletters.
• Vital Interests / Public Task: In exceptional circumstances where processing is necessary to protect a person's vital interests or assist law enforcement.

For users in California, we comply with the CCPA and its amendment, the CPRA. We do not sell or share personal information as defined under the CCPA.

We do not sell, rent, or trade your personal data. We may share data with the following categories of recipients under strict contractual obligations:

• Business Clients (Data Controllers): Verification results and associated data are shared with the business client that initiated the verification request.
• Technology Sub-Processors: Trusted cloud infrastructure providers who process data solely on our instructions and under Data Processing Agreements (DPAs).
• Regulatory & Law Enforcement Authorities: Where we are legally compelled to disclose data by applicable law, court order, or regulatory mandate.
• Professional Advisors: Lawyers, auditors, and accountants bound by confidentiality obligations.
• Business Transfers: In a merger, acquisition, or sale of assets, data may be transferred to the acquiring entity subject to the same protections.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal or regulatory requirements.

When data reaches its retention limit, it is permanently deleted or anonymised so it can no longer be linked to an individual.

Pixl is headquartered in India and operates globally. Personal data may be transferred to and processed in countries outside your country of residence, including India, the EEA, the United Kingdom, and the United States.

When transferring personal data across borders, we ensure adequate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to countries without an adequacy decision.
• UK International Data Transfer Agreements (IDTAs) for transfers from the United Kingdom.
• Adequacy Decisions issued by the European Commission or the UK Secretary of State where applicable.
• Compliance with India's Digital Personal Data Protection Act, 2023 (DPDPA) for processing personal data of Indian residents.

Depending on your jurisdiction, you may have some or all of the following rights. Contact us at privacy@pixl.ai to exercise them.

We will respond to all legitimate requests within 30 days. We may need to verify your identity before processing your request.

If you are an end user verified through one of our business clients, please direct your request to that client in the first instance, as they are the Data Controller.

Pixl is ISO 27001:2022 certified and implements a comprehensive Information Security Management System (ISMS). Our technical and organisational security measures include:

• AES-256 encryption for data at rest; TLS 1.2+ for all data in transit.
• Role-based access control (RBAC) and multi-factor authentication (MFA) for all internal systems.
• Continuous security monitoring, intrusion detection, and automated threat response.
• Regular penetration testing and independent third-party security audits.
• Strict data minimisation - we collect only what is necessary for the stated purpose.
• Employee security training and background checks for personnel with access to sensitive data.
• Documented incident response and breach notification procedures aligned with GDPR Article 33.

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse site usage. Cookies are small text files stored on your device.

You can manage your cookie preferences at any time using our Cookie Settings panel accessible from the cookie icon on this page.

Pixl's Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child without appropriate consent, we will take immediate steps to delete that information.

If you are a parent or guardian and believe your child has provided personal data to us, please contact us immediately at privacy@pixl.ai.

Where our business clients use our platform for age verification purposes, the collection of data from minors is governed by the business client's own legal basis and consent framework.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:

• Update the Last Updated date at the top of this page.
• Notify active business clients via email or in-dashboard notification at least 30 days before the changes take effect.
• Where required by law, seek renewed consent for any new processing activities.

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please reach out. We are committed to resolving any privacy concerns promptly and transparently.

You also have the right to lodge a complaint with your local supervisory authority. In India, this is the Data Protection Board of India. In the EU/EEA, this is your national Data Protection Authority (DPA).