This Privacy Policy explains how CoolBeeAI LLC ("we", "us") collects, uses, shares and safeguards personal data when you use XPixel (the "Service"). For questions, contact [email protected].
1. Data Controller
The data controller for processing described in this Policy is CoolBeeAI LLC. You may reach our privacy team at [email protected].
2. Information We Collect
2.1 Information You Provide
Account data (name, email, password hash), billing information processed by our payment processor, content you submit to the Service, and communications you send us.
2.2 Information We Collect Automatically
Usage data (pages visited, features used, approximate location derived from IP), device data (browser, OS, screen size), product analytics events, and error/diagnostic data. Cookies and similar technologies are used as described in our Cookie Policy.
2.3 Information From Third Parties
If you sign in with an OAuth provider we receive the profile fields you authorize. Payment processors share transaction status, but never raw card numbers.
3. How We Use Information
We process personal data to:
- Provide and maintain the Service;
- Bill subscriptions and prevent fraud;
- Diagnose errors and ensure service reliability;
- Send transactional and, with consent, marketing emails;
- Measure product usage where you have given analytics consent;
- Comply with legal obligations.
4. Legal Bases (GDPR)
For users in the European Economic Area, United Kingdom and Switzerland, our legal bases are: performance of contract, legitimate interest, consent (for optional analytics, session replay and marketing) and legal obligation.
5. Sharing of Information
We share personal data with vetted service providers acting on our behalf under data processing agreements, in the following categories:
- Infrastructure and hosting providers — for compute, storage, and network delivery of the Service;
- AI model inference providers — for image processing;
- Payment processors — for billing and subscription management;
- Email delivery providers — for transactional messages such as account verification and receipts.
We may also disclose data to comply with law, enforce our Terms, or in connection with a corporate transaction, in which case the acquirer must honour this Policy.
We do not sell or rent personal data to third parties for their own advertising purposes.
6. International Transfers
Your data may be processed in countries outside your own, including the United States. Where required, we rely on the EU Standard Contractual Clauses or equivalent mechanisms to safeguard transfers.
7. Data Retention
We retain account data for as long as your account is active and up to 30 days after deletion, except where longer retention is required by law (e.g. tax and accounting records typically retained for 7 years). Backup copies are expired on a rolling schedule.
8. Your Rights
Depending on your jurisdiction you may have the right to: access, rectify, delete, restrict or object to processing, portability, withdraw consent and lodge a complaint with a supervisory authority. California residents have the rights described in the CCPA/CPRA, including the right to know, delete, correct and opt out of "sharing".
To exercise any of these rights, email [email protected]. We will respond within 30 days.
9. Children
The Service is not directed to children under 13 years old. We do not knowingly collect personal data from them; if we learn we have, we will delete the data.
10. Security
We use industry-standard technical and organisational measures to protect personal data, including encryption in transit and at rest, access controls, and ongoing reviews. No system is perfectly secure; we will notify affected users and regulators of material breaches as required by law.
11. Changes
We will post any changes to this Policy on this page and update the "last updated" date. Material changes will be announced in-product or by email.
12. Contact
For questions about these terms or to exercise your rights, contact us at:
- Support: [email protected]
- Legal / Privacy: [email protected]