Pixelflare

Appearance

Privacy Policy

Effective Date: 8 December 2025 Last Updated: 8 December 2025

About This Policy

This privacy policy applies to Pixelflare instances operated by Alicia Sykes. If you're using a self-hosted instance operated by someone else, please refer to that operator's privacy policy.

Data Controller

Pixelflare is operated by:

  • Alicia Sykes (Individual)
  • Jurisdiction: United Kingdom
  • Contact: See "Contact Us" section below

Data We Collect

Authentication Data

When you sign in via GitHub OAuth, we collect:

  • GitHub username
  • Email address (from GitHub)
  • GitHub user ID
  • Cloudflare Access subject identifier (cf_sub)

Image Data

When you upload images, we store:

  • Image files
  • Filename and metadata (dimensions, size, content type)
  • Upload timestamp
  • Album and tag associations
  • Optional alt text and license information

Automatically Collected Data

  • Image view counts (anonymous)
  • Bandwidth usage per image
  • Geographic distribution of requests (country-level only)
  • Last access timestamp

How We Use Your Data

We use your data solely to:

  • Authenticate your account
  • Store and serve your uploaded images
  • Provide analytics about your images
  • Enable organization features (albums, tags, search)

Data Sharing

We do not sell, rent, or share your personal data with third parties. Your data is only accessible to:

  • You (the account owner)
  • Cloudflare infrastructure (as our hosting provider)

Data Storage

All data is stored in Cloudflare's infrastructure:

  • Images: Cloudflare R2 (object storage)
  • Database: Cloudflare D1 (SQLite at the edge)
  • Cache: Cloudflare KV
  • Analytics: Cloudflare Analytics Engine

Data is stored in Cloudflare's global network and may be replicated across multiple data centers.

Data Retention

  • Active images: Stored indefinitely until you delete them
  • Deleted images: Moved to recycle bin for 30 days, then permanently deleted
  • Account data: Retained while your account is active
  • Analytics data: Retained indefinitely for historical tracking

Your Rights (GDPR)

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Export your data (data portability)
  • Object to processing
  • Withdraw consent at any time

To exercise these rights, contact us using the details below.

Account Deletion

You can delete your account at any time through the settings page. This will:

  • Immediately disable access to your account
  • Mark all images for deletion
  • Permanently delete all data after the 30-day retention period

Cookies

We use minimal cookies strictly necessary for authentication:

  • Session cookies (to maintain login state)
  • Cloudflare Access cookies (for SSO)

We do not use tracking cookies or third-party analytics cookies.

Security

We implement appropriate technical and organizational measures to protect your data:

  • HTTPS encryption for all connections
  • Cloudflare's security features (DDoS protection, WAF)
  • Rate limiting and bot protection
  • Regular security updates

However, no method of transmission over the internet is 100% secure.

Children's Privacy

Pixelflare is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, please contact us.

International Transfers

Data may be transferred to and processed in countries outside the UK/EEA as part of Cloudflare's global infrastructure. Cloudflare maintains appropriate safeguards for international data transfers.

Changes to This Policy

We may update this privacy policy from time to time. We will notify users of significant changes by updating the "Last Updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

Self-Hosted Instances

If you deploy your own Pixelflare instance, you become the data controller and are responsible for:

  • Creating your own privacy policy
  • Ensuring GDPR compliance
  • Handling user data requests
  • Maintaining appropriate security measures

This policy does not apply to self-hosted instances operated by others.

Contact Us

For privacy-related questions, data requests, or concerns:

For data subject requests under GDPR, please provide:

  • Your GitHub username
  • The specific request (access, deletion, export, etc.)
  • Any relevant details to help us locate your data

Released under the MIT License.

Copyright © 2025-present Alicia Sykes