Effective date: 1 April 2025 Last updated: March 2026
Pixovia ("we", "our", or "us") is operated by TF Globe Pte. Ltd., a company incorporated in Singapore (UEN: 202223582W). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use Pixovia as an event host or as a guest.
As a Singapore-incorporated company, our primary compliance framework is the Singapore Personal Data Protection Act 2012 (PDPA) and the advisory guidelines issued by the Personal Data Protection Commission (PDPC). We also comply with applicable data protection laws in the other Southeast Asian markets we serve: the Personal Data Protection Act 2010 (Malaysia), the Personal Data Protection Law (Indonesia, UU No. 27/2022), and the Personal Data Protection Act B.E. 2562 (Thailand).
1. Who We Are
TF Globe Pte. Ltd. Registered in Singapore UEN: 202223582W Registered address: [Singapore registered address]
Data Protection Officer (DPO): Email: privacy@pixovia.app
Singapore law requires organisations that handle personal data to designate a Data Protection Officer. Our DPO is responsible for ensuring Pixovia's compliance with the PDPA and handling all data protection enquiries and complaints.
2. Data We Collect
2.1 Event Hosts (registered accounts)
When you create a Pixovia account, we collect:
- Full name and email address — provided during signup
- Authentication data — if you sign in with Google or Facebook, we receive your name, email, and profile picture from that provider. We do not receive or store your social media password
- Payment information — processed by Stripe. We store only your Stripe Customer ID. We never store your card number, CVV, or bank account details
- Account preferences — settings you configure in your dashboard
- Usage data — events created, photos uploaded, plan history, feature usage
2.2 Event Guests (no account required)
When you join an event as a guest, we collect:
- Photos and videos you upload — stored in our Singapore-based systems and associated with the event
- Display name — if you voluntarily provide one when uploading
- IP address and device information — collected automatically for security, rate limiting, and abuse prevention
- Upload timestamps — when each photo was uploaded
Guests are not required to create an account. We do not knowingly collect personal data from guests beyond what is described above.
2.3 Automatically collected data
For all users:
- Browser type and version, operating system, screen resolution
- Pages visited and actions taken within the app
- Referral source
- Error logs and performance data (anonymised where possible)
Pixovia is ad-free. We do not use third-party advertising trackers.
3. How We Use Your Data
We collect and use personal data only for purposes that a reasonable person would consider appropriate in the circumstances, in line with the Singapore PDPA's purpose limitation principle.
| Purpose | Legal Basis (SG PDPA) |
|---|---|
| Provide and operate the Pixovia service | Contractual necessity |
| Process payments via Stripe | Contractual necessity |
| Send transactional emails (magic links, payment receipts, event notifications) | Contractual necessity |
| Prevent fraud, spam, and abuse | Legitimate interests |
| Improve and debug the app | Legitimate interests |
| Comply with Singapore and applicable SEA legal obligations | Legal obligation |
| Send product updates and tips (optional) | Consent (you may opt out at any time) |
We do not sell your personal data. We do not use your data to train AI models.
4. Photos & Content
Who owns your photos?
You retain full ownership of all photos and videos you upload to Pixovia. We do not claim any intellectual property rights over your content.
By uploading to Pixovia, you grant us a limited, non-exclusive, royalty-free licence to store, process, display, and serve your content solely for operating the event gallery. This licence ends when the content is deleted from our systems.
Photo visibility
- Photos are visible to anyone with the event link (and PIN, if the host has set one)
- If a host enables the photo reveal timer, photos are hidden from all viewers — including the host — until the scheduled reveal time
- Hosts can hide or delete individual photos at any time
- Event hosts are responsible for ensuring content in their events complies with applicable laws, including obtaining consent from identifiable persons where required
Photo retention and deletion
Photos are automatically deleted after the plan's storage period from the event creation date:
| Plan | Storage Period |
|---|---|
| Free | 30 days |
| Basic | 60 days |
| Standard | 90 days |
| Premium | 365 days |
| Pro | Until manually deleted |
You will receive an email reminder 7 days before your event's photos expire. When an event is deleted by the host, all associated photos are permanently removed from our systems within 7 days.
5. Data Storage & International Transfers
Pixovia's primary data storage is located in Singapore (AWS ap-southeast-1), operated by Supabase. As a Singapore company, this is our home jurisdiction — your data is not transferred outside Singapore for primary storage.
We use the following third-party service providers, each bound by data processing agreements:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database and file storage | Singapore (AWS ap-southeast-1) |
| Stripe | Payment processing | United States |
| Vercel | Application hosting and CDN | Global edge network |
| OAuth authentication (if used) | United States | |
| Meta (Facebook) | OAuth authentication (if used) | United States |
Transfers to the United States: Data shared with Stripe, Google, and Meta is transferred to the United States. These transfers are safeguarded by Standard Contractual Clauses (SCCs) and/or the providers' binding corporate rules, providing a level of protection comparable to the Singapore PDPA.
6. Your Rights Under Singapore PDPA
As a data subject, you have the following rights:
| Right | Description | How to exercise |
|---|---|---|
| Access | Request a copy of personal data we hold about you | Email privacy@pixovia.app |
| Correction | Request correction of inaccurate or incomplete data | Email privacy@pixovia.app |
| Withdrawal of consent | Withdraw consent for non-essential data uses (e.g. marketing emails) | Email privacy@pixovia.app or unsubscribe link |
| Data portability | Receive your data in a machine-readable format (where technically feasible) | Email privacy@pixovia.app |
We will respond to all requests within 10 business days as required by the Singapore PDPA. For complex requests, we may extend by a further 20 business days with notice.
Deleting your account: Go to Dashboard → Settings → Danger Zone → Delete Account. This permanently removes your profile, all events, and all photos associated with your account within 30 days.
For users in Malaysia, Indonesia, and Thailand, we extend equivalent access and correction rights in line with your local PDPA.
Pixovia uses minimal cookies:
| Cookie | Purpose | Duration |
|---|---|---|
sb-auth-token | Supabase authentication session | Session / 7 days |
pixovia_prefs | UI preferences | 1 year |
We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies. No cookie consent banner is required beyond this disclosure.
8. Children's Privacy
Pixovia is not intended for persons under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account or uploaded content without parental consent, contact privacy@pixovia.app and we will delete the data within 7 days.
9. Security
We protect your personal data using industry-standard security measures including TLS 1.3 encryption in transit, AES-256 encryption at rest, and database-level row-level security (RLS) policies. See our Security page for full details.
10. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will notify registered hosts by email at least 14 days before the changes take effect, as recommended by the PDPC. Continued use of Pixovia after that date constitutes acceptance of the updated policy. Previous versions are available on request.
11. Contact & Complaints
Data Protection Officer TF Globe Pte. Ltd. Email: privacy@pixovia.app Address: [Singapore registered address]
If you are dissatisfied with our response to a privacy complaint, you may lodge a complaint with:
- Singapore: Personal Data Protection Commission (PDPC) — pdpc.gov.sg — the primary authority
- Malaysia: Department of Personal Data Protection (JPDP) — pdp.gov.my
- Indonesia: Ministry of Communication and Information Technology — kominfo.go.id
- Thailand: Office of the Personal Data Protection Committee — pdpc.or.th