1. Introduction
PixaGlow ("we", "us") provides an embeddable AI before & after simulation widget for cosmetic and aesthetic businesses. This Privacy Policy explains what data we collect, how we use it, and the strict limits we apply — particularly to patient photos.
2. Patient Photos Are Never Stored
Patient selfies uploaded through the PixaGlow widget are processed in real time and never stored on our servers. We do not write patient images to any database, storage bucket, log, or backup. Images exist only in the patient's browser and briefly in transit (over TLS) to our AI provider for the simulation step. Once the simulated result is returned to the browser, no copy remains on our infrastructure.
We do not use patient photos to train AI models, and we do not share them with any third party other than the AI provider performing the real-time simulation.
3. Not HIPAA / Not a Medical Device
PixaGlow is a marketing and lead-generation tool for cosmetic/aesthetic businesses. It is not a medical device, not a diagnostic tool, and is not designed for the storage or transmission of Protected Health Information (PHI) under HIPAA. We have not entered into Business Associate Agreements with our sub-processors. Spas must not use PixaGlow for clinical consultation, diagnosis, or any workflow that involves PHI.
4. Data We Collect
- Patient Imagery (Not Stored): Images uploaded for AI simulation are used solely for real-time processing. They are transmitted over TLS to our AI provider and are never written to a database, storage bucket, log, or backup on our infrastructure.
- Spa Account Data: We collect owner email addresses, business names, and encrypted billing identifiers provided by our Merchant of Record, Paddle.com, to manage account access and subscriptions.
- Lead Contact Info: When a visitor submits the booking form, their name, email, and phone number are stored securely and shared only with the spa they submitted to.
- Technical Security Data: To combat bot activity and maintain system integrity, we process hashed IP addresses for rate-limiting. This data is used strictly for security purposes and is not linked to personal identities.
- Usage Analytics: We collect anonymized, aggregate data (such as total scans per day) to provide clinic owners with performance insights.
5. How We Use Data
- Deliver the AI simulation to the visitor.
- Forward submitted lead contact info to the spa it was submitted to.
- Bill subscribers and prevent fraud (via Paddle as Merchant of Record).
- Operate, secure, and improve the Service in aggregate, non-identifying ways.
6. Sub-processors
We rely on a small number of vetted sub-processors:
- Supabase — secure database management for account, lead, and analytics data. Patient images are not stored in Supabase.
- Google Gemini — AI image processing for the real-time simulation step.
- Paddle — Merchant of Record for payments, billing, and tax.
We do not sell data to third parties.
7. Cookies & Analytics
We use minimal first-party cookies for authentication and may use Google Analytics for aggregate site metrics. We do not build advertising profiles.
8. Your Rights (GDPR / CCPA)
Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data, and to object to certain processing. To exercise these rights, contact privacy@pixaglow.com. Because patient photos are never stored on our servers, there is nothing to delete on our side — image deletion is automatic by design.
9. Children's Privacy
The Service is intended for adults and licensed cosmetic/aesthetic businesses. We do not knowingly collect data from children under 16. If you believe a minor has used the Service, contact us and we will promptly delete the associated data.
10. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the dashboard or email and reflected in the "Last Updated" date above.
11. Contact
Privacy questions: privacy@pixaglow.com. General support: support@pixaglow.com.