1. Introduction
Pixli ("we", "us", "our") provides a web analytics platform designed with privacy as a core principle. This Privacy Policy explains how we collect, use, and protect data when you use our service at pixli.io and related subdomains.
We act as a data processor on behalf of our customers (website owners) who are the data controllers. This policy covers both how we handle data about our customers (account holders) and how we process visitor data on behalf of our customers.
2. Data we collect about you (account holders)
Account data
- •Email address (for authentication and communication)
- •Password (hashed, never stored in plain text)
- •Billing information (if on a paid plan)
- •Site domains you register for analytics
Usage data
- •Dashboard interactions (for improving the product)
- •API request logs (for security and debugging)
3. Data we process on behalf of our customers (website visitors)
When a website owner installs the Pixli script, we collect analytics data about their visitors. This section describes what we collect and how we handle it.
What we DO collect
- •Page URLs and referrer URLs
- •Browser type, OS, device type, screen size
- •Country and city (derived from IP, then IP is discarded)
- •Page interaction events (clicks, scrolls, custom events)
- •Web Vitals performance metrics (LCP, CLS, INP, FCP, TTFB)
- •Session recordings (DOM snapshots with automatic PII masking)
- •Heatmap data (click coordinates, scroll depth)
What we DO NOT collect
- •No cookies — we do not set any cookies. Sessions are resolved server-side using a hash of the visitor IP address and user agent with a 30-minute sliding window.
- •No raw IP addresses — IP addresses are hashed on ingestion using a daily-rotating salt. The raw IP is never stored in our databases.
- •No fingerprinting for identification — we do not use browser fingerprinting to identify or track visitors across sessions.
- •No cross-site tracking — we do not track visitors across different websites.
- •No personal data in recordings — session recordings automatically mask passwords, email addresses, phone numbers, credit card numbers, and elements marked with
data-pixli-mask.
4. How we use data
- •To provide analytics dashboards and reports to our customers
- •To generate heatmaps and session recordings
- •To calculate traffic quality scores and detect bot traffic
- •To process A/B test results and funnel analytics
- •To send automated alerts when configured thresholds are met
- •To improve and maintain the Pixli platform
- •To communicate with account holders about their service
We do not sell, rent, or share analytics data with third parties. We do not use visitor data for advertising purposes.
5. Data storage and security
- •Analytics data is stored in ClickHouse on EU-based infrastructure
- •Account data is stored in PostgreSQL on EU-based infrastructure
- •Session recordings are stored in object storage (R2/S3) with encryption at rest
- •All data in transit is encrypted via TLS
- •Database access is restricted to authorized services only
6. Data retention
| Data type | Retention period |
|---|
| Analytics events | 3-5 years depending on plan |
| Session recordings | Plan-dependent: 30, 90, or 365 days |
| Heatmap data | Same as analytics events |
| Account data | Until account deletion |
| Server logs | 30 days |
When a customer deletes their account or site, all associated analytics data is permanently deleted within 30 days.
7. Your rights
Depending on your jurisdiction, you may have the right to:
- •Access, correct, or delete your personal data
- •Export your data in a portable format
- •Object to or restrict processing
- •Withdraw consent (where applicable)
- •Lodge a complaint with a supervisory authority
For data subject requests, contact us at [email protected].
8. Cookies
Pixli does not use cookies for analytics tracking. Our tracking script sets zero cookies on visitor browsers. Sessions are resolved entirely server-side.
The Pixli dashboard (app.pixli.io) uses a session cookie for authentication purposes only. This is a strictly necessary cookie and does not require consent under GDPR.
9. Third-party services
We use the following third-party services to operate Pixli:
- •Infrastructure providers for hosting (EU-based)
- •Payment processors for billing (Stripe, cryptocurrency processors)
- •Email delivery services for transactional emails
We do not use any third-party analytics, advertising, or tracking services on our website or dashboard.
10. Children's privacy
Pixli is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at [email protected].
11. Changes to this policy
We may update this Privacy Policy from time to time. We will notify account holders of material changes via email. The "Last updated" date at the top of this page reflects the most recent revision.
12. Contact
For questions about this Privacy Policy or data processing, contact us at [email protected].