What we collect, why, how long.

We collect only what we need to run the service: process your order, deliver your scans, and keep your account secure. This section lists every category of data we hold, named by the system that holds it, so you can audit us against the policy.

Account and authentication data. When you create an account, our auth provider Supabase stores your email address, your role (consumer, admin, or partner), an optional partner_id if you were invited by a referral partner, and timestamps for account creation and last sign-in. We use email-based magic links for sign-in, so we never store a password.

Order data. When you place an order, our Postgres database stores your order line items (formats and quantities of film rolls, paintings, prints, or other originals), the turnaround you selected, your name, email, and phone, your shipping address if you chose ship-to-us inbound or ship-to-me return, any free-text notes you added, and a stream of status timestamps as the order moves through paid, received, scanning, and ready-for-download.

Payment data. Card data never touches our servers. Stripe handles all card entry through Stripe Elements, which is PCI-DSS Level 1 compliant. We store the Stripe customer ID and payment intent ID associated with your order so that webhook events from Stripe can be matched to the right order, and we log webhook deliveries themselves for idempotency. Those webhook payloads may include payment metadata such as the amount, card brand, or last four digits, but never full card numbers.

Uploaded files. Reference files you upload during checkout and the master output files we produce are stored in AWS S3 in the us-east-2 region. Files are organized under paths that include your order ID but not your name or email. S3 versioning is enabled so that accidental overwrites can be recovered, and a lifecycle rule deletes noncurrent versions after 90 days.

Email logs. Transactional emails (order confirmation, status updates, partner invites) are sent through Resend. Resend retains delivery logs for 30 days under its default policy so we can investigate bounces or deliverability issues.

Rate-limit and abuse-prevention data. To stop scripted abuse of sign-in and order endpoints, we use Upstash Redis to store short-lived rate-limit counters keyed by a hash of your IP address plus the endpoint being called. These keys expire within seconds to hours and are not joined to your account record.

Request metadata. Our hosting provider Vercel records standard server access logs for every request: IP address, user agent, timestamp, requested URL, and response code. Retention follows Vercel's default log retention. We read the x-vercel-forwarded-for header at the application layer to feed the rate limiter described above.

Audit trail data. Every order status change writes an immutable row to an order_status_history table, and every partner application decision writes to partner_application_review_history. Each row captures who acted (a user, an admin, or the Stripe webhook), the role they acted in, the from-status, the to-status, the timestamp, and an optional note. We keep this trail so that you and we can reconstruct what happened to your order if a question ever comes up.

We use the data above to operate the service you've engaged us for. Nothing in this section describes advertising, behavioral profiling, or data brokerage, because we don't do any of that.

Order fulfillment. We use your name, email, phone, shipping address, order items, and notes to receive your originals, scan or reproduce them, return your originals, and deliver your digital files. Admins on our team see this data while working on your order.

Account access. We use your email and Supabase auth records to send you magic-link sign-in codes and to keep your session active while you use the site.

Transactional communication. We use your email to send order confirmations, status updates (received, scanning, ready for download, shipped), and operational messages such as a request to clarify an unclear note. If you are a partner, we email you about referrals and payouts.

Customer support. When you email hello@pyxartis.com, we read your message alongside your order record so we can answer accurately. We do not push support content to outside CRMs or marketing platforms.

Abuse prevention and security. We use IP-based rate limiting, audit logs, and Stripe's fraud signals to detect and prevent automated abuse, payment fraud, and unauthorized access. We do not use this data to build behavioral profiles.

Legal and tax compliance. We retain order and payment records long enough to meet US tax record-keeping conventions and to respond to legitimate legal requests.

We share data only with the vendors we depend on to run the service (subprocessors) and only to the extent each vendor needs to do its job. We do not share your data with advertisers, data brokers, or analytics platforms, and we will never sell it.

Supabase. Hosts our authentication system and our Postgres database. Operates in US regions. Holds account data, order data, and audit trail data described above.

Stripe. Processes all payments. Receives the card data you enter at checkout directly through Stripe Elements, plus the billing details Stripe needs to charge the card. We receive only the Stripe customer ID, payment intent ID, and webhook event metadata in return. Stripe is PCI-DSS Level 1 certified.

AWS S3. Stores your uploaded reference files and our master output files in the us-east-2 region under our account.

Resend. Sends our transactional email. Receives your email address and the message contents we send to you, and stores delivery logs for 30 days.

Upstash. Hosts the Redis instance our rate limiter writes to. Receives hashed IP-plus-endpoint keys with short TTLs; does not receive your account or order data.

Vercel. Hosts the website and our server-side code. Receives standard request metadata (IP, user agent, URL, status) in its access logs.

Legal requests. We will disclose data when we are compelled to by a valid subpoena, court order, or other lawful process, and we will narrow our response to what the request actually requires. Where the law allows, we will notify the affected customer.

Business transfers. If pyxartis is acquired, merges with another company, or transfers assets in a comparable transaction, customer data may move to the acquiring entity. Any successor would be bound by terms at least as protective as these.

You have rights over the data we hold about you, and we'll honor them whether or not the law in your state requires us to. Email hello@pyxartis.com from the address on your account to make any of the requests below; we'll respond within 30 days.

Right to access. You can ask for a copy of the personal data we hold about you, including your account record, your order history, and the audit trail rows that reference your orders. We'll deliver it in a portable format (CSV or JSON).

Right to correct. If anything we hold is wrong — a misspelled name, the wrong shipping address — tell us and we will fix it. Most fields are also editable from your account page.

Right to delete. You can ask us to delete your account and the data we hold about you. We will honor the request except for records we are required to retain for tax or legal-compliance reasons, in which case we will retain the minimum data necessary and delete the rest.

Right to portability. We will provide your order history and account data in a machine-readable format on request.

Right to opt out of sale. We do not sell personal information, so there is nothing to opt out of. We list this right explicitly because California law expects us to.

Right to non-discrimination. We will not refuse service, charge you more, or degrade your service because you exercised any of these rights.

Different categories of data have different retention windows. We keep what we need, for as long as we need it, and not longer.

Order records. Order line items, customer details, shipping addresses, and status history are retained for seven years after order completion. Seven years is the conventional US tax record-keeping horizon and lets us answer disputes long after delivery.

Account data. Your Supabase account record is retained until you ask us to delete it. Inactive accounts are not automatically purged in v1, because customers sometimes return years later to reorder additional copies from past scans.

Uploaded reference files and master output files. Files in S3 are deleted within 30 days of order completion under our existing lifecycle rule, unless you have purchased extended storage as part of the order. Noncurrent versions (from accidental overwrites) auto-delete after 90 days.

Email delivery logs. Resend retains delivery logs for 30 days under its default policy. We do not extend that.

Rate-limit keys. Upstash entries expire within seconds to hours; nothing is retained beyond the active rate-limit window.

Audit trail rows. order_status_history and partner_application_review_history rows are retained for as long as the order or partner record they reference exists. They are immutable once written; we cannot rewrite history without leaving evidence.

Server access logs. Vercel retains request logs under its default retention; we do not import them into longer-term storage.

We use the security controls that match the data we hold. Card data never touches our servers, and the rest of your data is protected with the standard practices below.

Encryption in transit. All traffic to pyxartis.com runs over HTTPS with modern TLS. Internal calls to Supabase, Stripe, AWS, Resend, and Upstash use TLS by default.

Encryption at rest. Supabase encrypts the database at rest. AWS S3 encrypts objects at rest using server-side encryption. We do not manage our own keys for these systems in v1.

Database row-level security. Our Postgres database uses Supabase Row Level Security policies so that one customer's queries cannot read or write another customer's rows. Server-side admin operations use a service-role client with audited write paths.

Backups and versioning. S3 versioning is enabled so that accidental overwrites or deletes can be recovered. Supabase manages database backups.

Audit trail immutability. Status-change history rows are append-only. We cannot edit past entries; we can only add new ones. This protects both you and us if there's ever a dispute about what happened when.

Rate limiting. Sensitive endpoints (sign-in, order submission, partner application) are rate-limited via Upstash Redis to slow scripted abuse.

Payment data isolation. We do not see or store full card numbers, CVCs, or expiration dates. Stripe handles all card entry in their own iframes via Stripe Elements.

No system is perfectly secure. We work to protect your data using the controls above, but no method of transmission or storage is fully secure, and we cannot guarantee absolute security. If we ever experience a breach affecting your personal data, we will notify affected customers as required by law.

We use a small number of cookies and one localStorage entry. None of them are for advertising or analytics tracking. We do not embed Google Analytics, Meta Pixel, Mixpanel, or any comparable behavioral-tracking SDK.

Supabase auth session cookie. Set by our authentication system to keep you signed in across page loads. Strictly necessary for the site to work. Expires when your session expires.

pyxartis_ref cookie. Records the partner referral code, if any, from the first time you arrived on the site, so we can attribute your future order to the correct partner. Expires 30 days after it's set.

pyxartis_order_draft localStorage entry. Stores your in-progress order form on your device so you don't lose your work if you close the tab. Lives entirely in your browser; it is never transmitted to our servers. Cleared automatically when you complete checkout.

Standard browser controls. You can clear cookies and localStorage at any time using your browser's settings. Clearing the Supabase auth cookie will sign you out; clearing the order-draft entry will lose any in-progress form data.

If you are a California resident, the California Consumer Privacy Act gives you specific rights regarding your personal information. We honor those rights for every customer who asks, regardless of where they live, but this section spells out the California-specific framing.

Categories of personal information collected. In the past twelve months, we have collected the following CCPA categories: identifiers (name, email, phone, IP address, account ID), customer records (shipping address, order history), commercial information (records of products purchased), and limited internet or network activity information (server access logs). We do not collect biometric information, geolocation beyond IP-level, professional or employment information, education information, or sensitive personal information as those terms are defined under CCPA. We do not draw inferences about California consumers for marketing purposes.

Sources of personal information. We collect this information directly from you (when you create an account, place an order, or contact us), automatically from your device (server logs, rate-limit signals), and from Stripe (payment metadata returned after a charge).

Business purposes for which we use it. Order fulfillment, customer support, transactional communication, fraud and abuse prevention, security, and legal or tax compliance. These purposes are described in detail in the How we use your data section.

Sale and sharing of personal information. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. We have not done so in the past twelve months and have no plans to start.

Right to know, delete, correct, and portability. California residents may request to know what personal information we have collected about them, to have it deleted, to have it corrected, or to receive a portable copy. The Your rights section above describes the process; it applies equally to California residents.

Right to opt out of sale or sharing. Because we do not sell or share personal information for cross-context behavioral advertising, there is nothing to opt out of. We will update this page if that ever changes.

How to make a request. Email hello@pyxartis.com from the address on your account, or call (+1) 303.951.6893. You may also designate an authorized agent in writing; we will require proof of the agent's authority and may verify your identity directly before fulfilling the request. We respond within 45 days; if we need an extension, we will tell you in writing within that window.

Right to non-discrimination. We will not deny service, charge a different price, or provide a different level of quality because you exercised any of these rights.

Our service is intended for adults purchasing scanning, reproduction, or insurance documentation for fine-art originals. It is not directed to children under 13.

We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account or placed an order, please email hello@pyxartis.com and we will delete the account and any associated data on confirmation.

If you are between 13 and 18 and you are a customer, please involve a parent or guardian before submitting personal information or originals of significant value.

We will update this policy as our practices change, as the systems we use change, or as the law requires. The date at the top of this page reflects the most recent update.

Non-material updates. Editorial clarifications, typo fixes, and reorganizations that do not change what data we collect or how we use it will be reflected in the LAST_UPDATED date but not announced separately.

Material changes. If we change what we collect, how we use it, who we share it with, or how long we retain it, we will email active account holders at least 14 days before the change takes effect. We will also flag the change visibly on this page.

Your continued use. Continuing to use the service after a material change takes effect indicates your acceptance of the updated policy. If you do not agree, you can request account deletion under the Your rights section above.

Questions, requests, or complaints about this policy should reach a real person. We answer every inquiry.

Email. hello@pyxartis.com. This is the fastest route for privacy requests and is monitored on business days.

Phone. (+1) 303.951.6893. Please leave a message if we don't pick up; we return calls within one business day.

Mailing address. Written privacy requests can be sent to: pyxartis, 209 Kalamath St Unit 1, Denver, CO 80223, USA.

Response timing. We acknowledge privacy requests within 7 days and complete them within 30 days for most rights and 45 days for California-specific requests, consistent with applicable law.