Privacy Policy

1. Introduction

This Privacy Policy explains how Pixapi collects, uses, shares, stores, and protects information when you visit our website, create an account, manage API keys, purchase credits or subscriptions, call supported model APIs, view usage records, or contact support.

Pixapi is built for developers and product teams that need unified access to multiple AI model providers through a consistent model catalog, API key system, usage tracking, and credit-based billing. Public website pages may be viewed without an account. API keys, billing, credit management, usage history, and support tickets require an account.

2. Information We Collect

We collect information you provide directly, information generated by your use of the Service, and technical information needed to operate, secure, and bill the API platform.

Account and authentication data

When you create or use an account, we may collect:

• Email address, name, profile image, user ID, email verification status, password authentication data, and password reset activity.
• OAuth identifiers and profile details from Google or GitHub if you choose to sign in with those providers.
• Session, security, locale, IP, referral, and campaign metadata when available in the active database schema.

API keys and developer settings

When you create API keys, we generate and show the full key only at creation time. Depending on the active database schema, we store either the key hash and key prefix, or a legacy key value. We also store key title, status, creation time, and deletion status.

Credits, subscriptions, and billing

We store credit balance records, credit grants and consumption records, reward claims, order records, subscription records, checkout session identifiers, provider names, transaction metadata, plan names, product names, currency, amounts, and related accounting fields.

Payment details are processed by payment providers such as Stripe, Creem, Alipay, or WeChat Pay when configured. Pixapi does not store full payment card numbers on its own servers.

API requests, model usage, and outputs

When you use Pixapi APIs, we may process and store information needed to route the request, return a result, calculate usage, and support your account, including:

• API endpoint, model ID, request parameters, prompts, messages, input asset URLs, files, or other payload fields that you intentionally submit to a supported model.
• Provider response metadata, task status, error messages, result URLs or result metadata, token usage, asset usage, credit cost, timestamps, and request identifiers.
• Usage records associated with your account or API key so you can review consumption and so Pixapi can maintain billing and abuse-prevention records.

The exact payload depends on the model and endpoint you choose.

Support content

If you open a support ticket, we store the ticket title, message content, attachments, status, replies, timestamps, and the account associated with the ticket.

Technical, security, and analytics data

We may collect IP address, user agent, browser and device data, request logs, rate-limit signals, error logs, performance data, cookies, local storage, and analytics events. If configured, Pixapi may use analytics tools such as Google Analytics or Plausible.

3. How We Use Information

We use information to:

• Provide, authenticate, secure, and maintain Pixapi accounts and sessions.
• Create, validate, list, rotate, revoke, and audit API keys.
• Route API requests to supported upstream model providers and return normalized responses.
• Track model usage, calculate credit consumption, maintain usage history, and enforce plan limits or rate limits.
• Manage credits, subscriptions, orders, reward claims, payment status, and accounting records.
• Send account emails, verification emails, password reset emails, billing notices, and service-related messages when email providers are configured.
• Provide customer support and investigate account, billing, API, or reliability issues.
• Prevent fraud, abuse, spam, unauthorized access, credit bypass, service misuse, and security incidents.
• Debug errors, improve reliability, measure product usage, and understand aggregate product performance.
• Comply with legal, tax, accounting, payment, and compliance obligations.

4. Sharing and Third-Party Providers

We do not sell your personal information. We share information only as needed to operate Pixapi, including with:

• Hosting, database, infrastructure, storage, CDN, monitoring, logging, and security providers.
• Upstream AI model providers that process API payloads, model parameters, and related request data to provide model results.
• Payment providers and payment networks to process checkout, subscriptions, webhooks, callbacks, refunds, fraud checks, and accounting records.
• Authentication providers such as Google or GitHub when you choose social sign-in.
• Email providers used for verification, password reset, transactional, billing, or support emails.
• Analytics providers when analytics are enabled.
• Legal, tax, compliance, or government authorities when required by law or necessary to protect rights, safety, security, or property.
• Successors or advisers in connection with a merger, acquisition, financing, restructuring, or sale of assets, subject to appropriate confidentiality obligations.

5. Data Retention

We retain information for as long as reasonably necessary to provide the Service, maintain security, resolve disputes, enforce agreements, and satisfy legal, tax, accounting, and compliance obligations.

• Account records are generally retained while your account remains active.
• API key records may remain as active or deleted records so we can authenticate active keys and audit deleted keys.
• Credit, order, subscription, reward, and payment records may be retained for accounting, fraud prevention, tax, and compliance purposes.
• API request metadata, usage records, provider response metadata, and error logs may be retained to support billing, reliability, debugging, abuse prevention, and customer support.
• Support tickets and replies may be retained to provide customer support and keep an audit trail of account requests.
• Security logs, rate-limit data, and diagnostic logs are retained for a period appropriate to protect and operate the Service.

6. Your API Content

You retain ownership of prompts, messages, parameters, input files, URLs, support attachments, and other content you submit through the Service. By using Pixapi, you authorize us to host, store, copy, process, transform, transmit, display, and use that content as needed to provide, secure, debug, maintain, and improve the Service, including routing requests to upstream model providers and returning model outputs to you.

You are responsible for ensuring that you have the rights and permissions needed to submit, upload, link, or use any content with Pixapi.

7. Cookies and Similar Technologies

Pixapi uses cookies, local storage, and similar technologies for authentication, session management, locale preferences, security, feature operation, and analytics. You can configure your browser to block cookies, but account features, sign-in, checkout, dashboard, and API key workflows may not work correctly without them.

8. Security

We use reasonable technical and organizational safeguards, including HTTPS, authentication controls, access controls, hashed API key storage where supported by the database schema, rate limiting, monitoring, and operational review. No internet service is completely secure, and we cannot guarantee absolute security.

9. Your Choices and Rights

Depending on your location, you may have rights to access, correct, export, restrict, object to, or delete personal information. You can manage some information through account settings, API key management, billing pages, usage records, and support tickets.

To request access, correction, deletion, or other privacy assistance, contact us at privacy@pixapi.ai. We may need to verify your identity before completing certain requests. Some information may be retained where required for security, payment, legal, tax, accounting, or abuse-prevention reasons.

10. Children's Privacy

Pixapi is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us so we can take appropriate action.

11. International Processing

Pixapi, its infrastructure providers, payment processors, model providers, storage providers, and other service providers may process information in countries other than where you live. Those countries may have data protection laws that differ from your jurisdiction.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the date shown on this page and may provide additional notice where appropriate.

13. Contact

For privacy questions or requests, contact us at privacy@pixapi.ai.