Privacy Policy
Last updated: June 2026
This Privacy Policy explains how Pixelair collects, uses, stores, shares, and protects personal data when you access or use the Pixelair platform, website, applications, APIs, and related services (collectively, the “Services”).
Please read this Privacy Policy carefully before using the Services.
1. Who we are
The Services are operated by:
HELIXIUM TECH LIMITED, company number SC891664, registered in Scotland, trading as Pixelair. Registered address: 5 South Charlotte Street, Edinburgh, Scotland, EH2 4AN.
For the purposes of applicable data protection laws, including the UK GDPR and Data Protection Act 2018, HELIXIUM TECH LIMITED acts as the data controller for personal data processed through the Services unless stated otherwise.
If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact us at support@pixelair.live. We will respond to requests in accordance with Applicable Law.
2. Scope of this Privacy Policy
This Privacy Policy applies to personal data collected through:
- the Pixelair website;
- user Accounts;
- AI generation services;
- uploads and prompts;
- payments and billing;
- APIs and integrations;
- customer support;
- communications and marketing;
- analytics and security systems.
This Privacy Policy does not apply to third-party services, websites, or platforms that may integrate with or link to the Services.
3. Personal data we collect
Depending on how you use the Services, we may collect the following categories of personal data.
3.1 Account information
- name;
- username;
- email address;
- account credentials;
- authentication information;
- profile details.
3.2 Payment and billing information
Payments are processed by third-party payment providers. We do not store complete payment card numbers or CVV/CVC security codes on our own systems. We may receive limited billing and transaction information, including:
- billing name;
- billing address;
- payment status;
- transaction identifiers;
- payment method metadata;
- VAT-related information;
- fraud prevention indicators.
3.3 Inputs and generated content
We may process:
- prompts;
- uploads;
- text submissions;
- images;
- video;
- audio;
- generated Outputs;
- generation history.
3.4 Device and technical information
We may automatically collect technical information including:
- IP address;
- browser type;
- operating system;
- device identifiers;
- usage logs;
- access timestamps;
- referral URLs;
- language settings;
- crash reports;
- diagnostic information.
3.5 Usage and analytics information
We may collect information regarding:
- feature usage;
- generation activity;
- session interactions;
- credit usage;
- engagement metrics;
- performance analytics;
- moderation and abuse-prevention signals.
3.6 Communications
If you contact us, we may collect:
- support requests;
- emails;
- feedback;
- survey responses;
- communications history.
4. How we use personal data
We may process personal data for the following purposes:
4.1 Providing the Services
- create and manage Accounts;
- provide AI generation functionality;
- process uploads and Outputs;
- process transactions;
- provide customer support;
- maintain generation history.
4.2 Security and fraud prevention
- verify Accounts;
- prevent abuse and fraud;
- detect suspicious activity;
- enforce our Terms;
- maintain platform integrity;
- investigate misuse.
4.3 Service improvement
- improve reliability and performance;
- debug technical issues;
- analyse feature usage;
- maintain operational security;
- optimise infrastructure.
4.4 Communications
- send service notifications;
- provide support responses;
- communicate legal or operational updates;
- send marketing communications where permitted by law.
You may opt out of marketing communications at any time by:
- using the unsubscribe link contained within marketing emails;
- updating communication preferences within your Account, where available;
- contacting us directly.
Opting out of marketing communications does not affect service-related, transactional, security, or legally required communications necessary for operation of the Services.
4.5 Legal and regulatory compliance
- comply with Applicable Law;
- respond to lawful requests;
- enforce legal rights;
- maintain records required by law.
5. Legal bases for processing
Under the UK GDPR, we rely on the following legal bases for processing personal data:
5.1 Contract performance
Processing necessary to:
- provide the Services;
- manage Accounts;
- process payments;
- fulfil contractual obligations.
5.2 Legitimate interests
Processing necessary for our legitimate interests, including:
- platform security;
- fraud prevention;
- operational analytics;
- service improvement;
- enforcement of Terms;
- business administration.
We ensure that such interests are balanced against your rights and freedoms.
5.3 Legal obligations
Processing necessary to comply with:
- tax obligations;
- accounting requirements;
- regulatory obligations;
- legal requests;
- fraud-prevention obligations.
5.4 Consent
Where required by law, we rely on consent for:
- certain marketing communications;
- optional cookies or tracking technologies;
- optional integrations.
You may withdraw consent at any time where consent is the legal basis.
6. Automated decision-making
We may use automated systems, classifiers, moderation technologies, fraud detection systems, and security tools to help identify:
- abuse or misuse of the Services;
- suspicious or fraudulent activity;
- harmful or prohibited content;
- security threats;
- violations of our Terms or policies.
These systems may temporarily restrict, flag, moderate, prioritise, or block certain activity or content.
However, we do not make decisions producing legal or similarly significant effects based solely on automated processing of personal data.
Where reasonably necessary, human review may be applied in connection with moderation, fraud prevention, security, compliance, or enforcement decisions.
7. AI inputs, outputs, and model training
We do not use your prompts, uploads, Inputs, or Outputs to train proprietary AI models.
Your content may be processed solely for purposes reasonably necessary to:
- provide generation functionality;
- maintain account history;
- improve reliability and security;
- detect abuse or fraud;
- comply with legal obligations;
- enforce our Terms.
You acknowledge that certain Inputs and Outputs may be processed through third-party AI model providers and cloud infrastructure services in order to provide the Services.
We strongly discourage uploading:
- highly sensitive personal data;
- confidential legal documents;
- medical records;
- payment card data;
- government identification documents;
- protected biometric information;
- regulated financial information,
unless you are legally authorised to do so and appropriate safeguards are in place.
8. User responsibility for uploaded data
You are solely responsible for ensuring that you have a lawful basis to upload, submit, process, or otherwise provide personal data belonging to yourself or third parties through the Services.
Where you upload personal data relating to another individual, you represent and warrant that you have obtained all necessary rights, permissions, consents, authorisations, or other lawful grounds required under Applicable Law.
You must not upload personal data, confidential information, or regulated information where doing so would violate Applicable Law, contractual obligations, confidentiality obligations, or third-party rights.
9. Payments, PSD2, and Strong Customer Authentication
Payments are processed through authorised third-party payment providers.
Payment providers may process personal data in accordance with:
- PSD2 requirements;
- the UK Payment Services Regulations 2017;
- anti-money laundering obligations;
- fraud prevention obligations;
- PCI-DSS security standards.
Transactions may require:
- Strong Customer Authentication (SCA);
- multi-factor authentication;
- banking verification;
- fraud screening;
- biometric verification.
We do not control independent decisions made by payment providers, banks, or fraud-prevention systems.
11. Sharing personal data
We may share personal data with:
- cloud infrastructure providers;
- AI model providers;
- payment processors;
- analytics providers;
- authentication providers;
- security and fraud-prevention services;
- professional advisers;
- regulators or authorities where legally required.
Categories of service providers may include:
- cloud hosting providers;
- AI model providers;
- payment processors;
- customer support platforms;
- analytics providers;
- fraud prevention and security providers;
- email and communication providers;
- infrastructure and monitoring providers.
We do not sell personal data.
We do not share personal data for third-party advertising purposes unrelated to the Services.
12. International data transfers
Your personal data may be processed in countries outside the United Kingdom.
Where personal data is transferred internationally, we implement safeguards reasonably designed to protect personal data, including:
- adequacy regulations;
- contractual safeguards;
- technical and organisational security measures.
You acknowledge that international processing may be necessary to provide cloud-based AI and infrastructure services.
13. Data retention
We retain personal data only for as long as reasonably necessary to:
- provide the Services;
- comply with legal obligations;
- resolve disputes;
- enforce agreements;
- maintain security and fraud-prevention records.
Retention periods may vary depending on:
- the nature of the data;
- operational requirements;
- legal obligations;
- dispute or enforcement needs.
We may retain limited information after Account closure where reasonably necessary for compliance, security, fraud prevention, or legal purposes.
If you request deletion of your Account, we will take reasonable steps to delete or anonymise personal data that is no longer required for:
- legal compliance;
- security purposes;
- fraud prevention;
- accounting or tax obligations;
- dispute resolution;
- enforcement of our agreements or policies.
Certain information may be retained where required or permitted under Applicable Law.
14. Your rights
Subject to Applicable Law, you may have rights to:
- access personal data;
- correct inaccurate data;
- request deletion;
- restrict processing;
- object to processing;
- request portability;
- withdraw consent where applicable.
Certain rights may be limited where processing is necessary for:
- legal compliance;
- security;
- fraud prevention;
- enforcement of legal claims;
- protection of others.
Requests may be submitted using the contact details below.
15. Security
We implement technical and organisational measures reasonably designed to protect personal data against:
- unauthorised access;
- misuse;
- loss;
- destruction;
- alteration;
- disclosure.
However, no internet-based service or electronic storage system can be guaranteed completely secure.
You are responsible for maintaining the confidentiality of your Account credentials and devices.
16. Children
The Services are not directed toward children under the minimum legal age required to use the Services.
We do not knowingly collect personal data from children in violation of Applicable Law.
If we become aware that personal data has been collected unlawfully from a child, we may delete such information and suspend associated Accounts.
17. Third-party services
The Services may contain links to or integrations with third-party services.
We are not responsible for the privacy practices, content, or security of third-party services.
Your interactions with third-party services are governed by their own terms and privacy policies.
18. Changes to this Privacy Policy
We may update this Privacy Policy periodically.
Updated versions become effective upon publication on the Website or Platform unless otherwise stated.
Where appropriate, we may provide additional notice of material changes.
Your continued use of the Services following publication of revised policies constitutes acknowledgement of the updated Privacy Policy.
19. Contact us
Questions, requests, or concerns regarding this Privacy Policy or personal data processing may be directed to:
HELIXIUM TECH LIMITED
Trading as: Pixelair
Email: support@pixelair.live
Registered Address: 5 South Charlotte Street, Edinburgh, Scotland, EH2 4AN