Initializing

Legal

Data Processing Agreement

Last updated: February 11, 2026

1. Parties and scope

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Pixli ("Processor") and you, the customer ("Controller"). It applies to the processing of personal data that Pixli performs on your behalf when providing the analytics service.

By using Pixli, you enter into this DPA automatically. No separate signature is required.

2. Definitions

•Personal data — any information relating to an identified or identifiable natural person, as defined in Article 4 of the GDPR
•Processing — any operation performed on personal data, including collection, storage, analysis, and deletion
•Data subject — the individual whose personal data is processed (i.e., visitors to the Controller's website)
•Sub-processor — a third party engaged by the Processor to assist in processing personal data

3. Roles and responsibilities

Controller (you)

•Determines the purposes and means of processing visitor data
•Ensures a valid legal basis for processing (e.g., legitimate interest)
•Maintains a privacy policy that discloses the use of analytics
•Responds to data subject requests (with Processor assistance)

Processor (Pixli)

•Processes personal data only on documented instructions from the Controller
•Implements appropriate technical and organizational security measures
•Assists the Controller in responding to data subject requests
•Notifies the Controller of personal data breaches without undue delay
•Deletes or returns all personal data upon termination of the service

4. Scope of processing

Categories of data subjects

Visitors to the Controller's website(s).

Types of personal data processed

Data type	Processing details
IP address	Hashed on ingestion with daily-rotating salt. Raw IP never stored.
User agent	Used for device/browser detection and session hashing. Stored as parsed components.
Page URLs	Stored for analytics. May contain personal data if the Controller uses PII in URLs.
Referrer URLs	Stored for traffic source analysis.
Geo location	Country and city derived from IP before hashing. Approximate only.
Interaction events	Clicks, scrolls, custom events. No PII unless Controller sends it via custom events.
Session recordings	DOM snapshots with automatic PII masking (passwords, emails, phones, credit cards).
Web Vitals	Performance metrics (LCP, CLS, INP). No personal data.

Purpose of processing

To provide web analytics, heatmaps, session recordings, funnel analysis, A/B testing, traffic quality scoring, and related features as described in the Service documentation.

Duration of processing

For the duration of the service agreement. Upon termination, data is deleted within 30 days.

5. Security measures

Pixli implements the following technical and organizational measures:

Technical measures

•Encryption in transit (TLS) for all data transfers
•Encryption at rest for session recording storage
•IP address hashing with daily-rotating salt
•Automatic PII masking in session recordings
•Database access restricted to authorized services only
•Regular security updates and patching
•Rate limiting and DDoS protection

Organizational measures

•Access to customer data limited to essential personnel
•Personnel bound by confidentiality obligations
•Incident response procedures for data breaches
•Regular review of security practices

6. Sub-processors

Pixli uses the following categories of sub-processors to provide the Service:

Category	Purpose	Location
Infrastructure provider	Hosting servers and databases	EU
Object storage	Session recording storage	EU
Payment processor	Billing and payment processing	EU/US
Email delivery	Transactional emails to account holders	EU/US

We will notify the Controller of any new sub-processors at least 30 days before they begin processing data. The Controller may object to a new sub-processor by contacting us within 30 days. If we cannot accommodate the objection, the Controller may terminate the service.

7. Data subject requests

Pixli will assist the Controller in responding to data subject requests (access, rectification, erasure, portability, restriction, objection) as required under GDPR Articles 15-22.

Due to Pixli's privacy-by-design approach (IP hashing, no cookies, no direct identifiers), it is typically not possible to identify a specific individual's data in the analytics dataset. This means data subject requests for access or deletion may not be applicable in most cases.

8. Data breach notification

In the event of a personal data breach, Pixli will:

•Notify the Controller without undue delay, and no later than 72 hours after becoming aware
•Provide details of the breach: nature, categories of data, approximate number of records affected
•Describe the measures taken or proposed to mitigate the breach
•Cooperate with the Controller in notifying supervisory authorities and data subjects if required

9. International data transfers

Pixli stores and processes data primarily within the European Union. Where data is transferred outside the EU (e.g., to sub-processors), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

10. Audit rights

The Controller has the right to audit Pixli's compliance with this DPA. Audits may be conducted:

•By requesting relevant documentation and certifications
•By appointing an independent third-party auditor (at the Controller's expense)
•With reasonable advance notice (at least 30 days)
•No more than once per 12-month period, unless required by a supervisory authority

11. Termination and data deletion

Upon termination of the service agreement, Pixli will:

•Delete all personal data processed on behalf of the Controller within 30 days
•Provide confirmation of deletion upon request
•Not retain any copies except as required by applicable law

12. Contact

For questions about this DPA, data processing, or to exercise audit rights, contact us at [email protected].