Pixroll

    Privacy Policy

    Last updated: May 1, 2026

    1. Introduction

    Pixroll ("we", "our", "us") operates the website pixroll.co.il and provides a professional photography management platform. This Privacy Policy explains how we collect, use, and protect your personal data when you use our services.

    We comply with the General Data Protection Regulation (GDPR), the Israeli Privacy Protection Law (5741-1981), and its regulations.

    2. Data We Collect

    2.1 Account Data

    • Name, email address, phone number
    • Business name and contact details
    • Profile photo (optional)
    • Payment information (processed via secure third-party providers)

    2.2 Usage Data

    • Log data: IP address, browser type, pages visited, time and date
    • Device information: hardware model, operating system, browser version
    • Cookies and similar tracking technologies (see Section 7)

    2.3 Content Data

    • Photos and images uploaded to galleries
    • Client information and contacts you add to the CRM
    • Documents and files you create or upload

    3. Legal Basis for Processing

    We process your data based on the following legal grounds:

    • Contract performance: Processing necessary to provide the service you subscribed to
    • Legitimate interests: Analytics, fraud prevention, service improvement
    • Consent: Marketing communications and cookies (where consent is required)
    • Legal obligation: Compliance with applicable laws

    4. How We Use Your Data

    • Provide, maintain, and improve our services
    • Process payments and manage subscriptions
    • Send transactional emails (account confirmation, invoices, password reset)
    • Send marketing communications (with your consent)
    • Respond to support requests
    • Prevent fraud and abuse
    • Comply with legal obligations

    5. Data Sharing

    We do not sell your personal data. We may share data with:

    • Service providers: Hosting (cloud servers), payment processors, email services — under strict data processing agreements
    • Analytics providers: Google Analytics (anonymized, with IP masking)
    • Legal authorities: When required by law or court order

    All third-party providers are contractually bound to protect your data and may not use it for their own purposes.

    6. Data Retention

    • Account data: Retained for the duration of your account plus 2 years after deletion
    • Gallery photos: Retained according to your plan (7–180 days after expiry), unless you delete them earlier
    • Invoices and billing records: 7 years (legal requirement)
    • Log data: 90 days

    7. Cookies

    We use the following types of cookies:

    • Essential cookies: Required for the service to function (login session, CSRF protection) — cannot be disabled
    • Analytics cookies: Understand how users use the platform (Google Analytics) — requires consent
    • Preference cookies: Remember your language preference — requires consent

    You can manage cookie preferences via our cookie consent banner or your browser settings. Withdrawing consent does not affect the lawfulness of prior processing.

    8. Your Rights (GDPR)

    Under GDPR, you have the following rights:

    • Access: Request a copy of the personal data we hold about you
    • Rectification: Correct inaccurate or incomplete data
    • Erasure: Request deletion of your data ("right to be forgotten")
    • Portability: Receive your data in a machine-readable format
    • Restriction: Request we limit processing in certain circumstances
    • Objection: Object to processing based on legitimate interests
    • Withdraw consent: Withdraw consent for consent-based processing at any time

    To exercise these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

    9. Data Security

    We implement industry-standard security measures including TLS encryption, secure password hashing, access controls, and regular security audits. However, no transmission over the internet is 100% secure.

    10. International Transfers

    Our servers are located in the EU/EEA and Israel (recognized as adequate by the EU Commission). If we transfer data outside these regions, we ensure appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

    11. Children's Privacy

    Our service is not directed to children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us.

    12. Changes to This Policy

    We may update this policy from time to time. We will notify you of significant changes via email or a prominent notice on our website. The "Last updated" date at the top reflects the most recent revision.

    13. Contact Us

    For privacy-related inquiries or to exercise your rights:

    Pixroll

    Email: [email protected]

    Website: pixroll.co.il