Legal
Privacy Policy
Contents
1. Who we are
Fix Pixies is a compliance and security auditing service for software products, operated from Finland, European Union. We are subject to the EU General Data Protection Regulation (GDPR).
Contact: fixpixies@gmail.com
2. What data we collect
We collect only what is necessary to provide the service. Here is a precise breakdown:
| Data | When | Why |
|---|---|---|
| URL of the site you audit | When you run a free audit | To perform the compliance scan |
| Login credentials (username + password) | Only if you use the authenticated audit option | To access pages behind a login wall during the audit session; never stored |
| Email address | When you unlock your audit report or join the waitlist | To send you the report and follow up on your request |
| Product description, company stage | When you submit a waitlist or deep-check request | To scope and prioritise your deep compliance check |
| Audit results (pass/fail report) | When you enter your email to unlock the report | Archived in our admin email inbox for product improvement and business intelligence; also used for follow-up communications |
| Analytics data (pages visited, session duration, referral source) | Only if you accept analytics cookies | To understand how visitors use the site and improve it (Google Analytics) |
Login credentials: If you submit a username and password for an authenticated audit, those credentials are loaded into an isolated browser session, used to log into your product, and then discarded. They are never written to any database or log file.
3. How we use it
Compliance audit
The URL you submit is visited by our automated browser. The browser collects publicly visible information from the page — HTTP headers, cookies, DOM content, links, scripts, forms, and accessibility data. This evidence is then sent to OpenAI's models to produce the compliance verdict. See Section 4 for details on OpenAI.
Audit results are returned to you in the browser session. They are not stored in a database. However, when you unlock your report by providing your email address, the full audit results (pass/fail summary and individual check outcomes) are forwarded to us as an internal notification email. They are retained in our email inbox for product improvement and business intelligence purposes.
Email collection (report unlock)
When you enter your email to unlock a report, your email address, the URL you audited, a timestamp, and the audit results are sent to us as an internal notification. We use this to follow up with compliance tips and product updates, and to analyse common compliance issues across audited sites. You can unsubscribe at any time by replying to any email from us.
Waitlist & deep-check requests
Information you submit via the waitlist or deep-check booking form (name, email, product description, stage) is sent to us as an internal notification. We use it to scope your deep compliance check and contact you within reasonable time. We do not add you to any third-party marketing list.
Legal basis (GDPR)
- Contract Audit data processing is necessary to deliver the service you requested.
- Legitimate interest Archiving audit results for product improvement and business intelligence when you unlock a report.
- Legitimate interest Sending you the audit report and follow-up compliance information.
- Consent Google Analytics — only loaded after you click "Accept Analytics" in the cookie banner.
- Consent Joining the waitlist or submitting a deep-check request.
4. Third-party processors
We use a minimal set of third-party services. We do not sell data to anyone.
| Service | Purpose | Data sent |
|---|---|---|
| OpenAI (USA) | AI analysis of compliance evidence | Publicly visible content from the audited website (headers, cookies, DOM summary, body text sample). No personal data from Fix Pixies users is sent to OpenAI. |
| Google (Gmail SMTP) | Sending internal notification emails to Fix Pixies admins | Your email address, audited URL, and audit results, when you unlock a report or submit a form |
| Google Analytics (USA) | Website usage analytics | Anonymised usage data (pages visited, session duration, referral source). Only activated after you accept analytics cookies. No personal data or audit data is sent to Google Analytics. |
OpenAI data processing: The content of the website you submit for auditing (DOM, cookies, scripts, body text) is sent to OpenAI for analysis. This is content that is publicly accessible to any browser. OpenAI's privacy policy applies to that processing: openai.com/privacy.
Google Analytics: If you accept analytics cookies, anonymised usage data is sent to Google Analytics (Google LLC, USA). This data does not include your email address, audited URLs, or any audit findings. Google's privacy policy applies: policies.google.com/privacy. You can opt out via the cookie consent banner at any time.
Fix Pixies does not use Facebook Pixel, Hotjar, or any advertising trackers on its own website.
5. Data from audited websites
When you submit a URL for auditing, our headless browser visits that URL and collects the following publicly available information:
- HTTP response headers
- Cookies set on page load (names, domains, security attributes)
- DOM content: page title, headings, links, images, forms, iframes, scripts, video elements
- A sample of the page body text (up to 6,000 characters)
- Accessibility scan results (via axe-core)
- DNS records (SPF and DMARC) for the domain
- Whether tracking scripts load before or after consent interaction
This data is used solely to produce the compliance report. It is passed to OpenAI for analysis and then discarded — it is not stored in our systems after the audit completes.
You must only submit URLs you are authorised to audit. See Terms of Service for details.
6. Data retention
| Data | Retained for |
|---|---|
| Audit results and evidence (browser session only) | Not stored in a database — processed in-memory and returned to your browser session only |
| Audit results (report unlock email) | When you unlock your report, the full audit results are forwarded to our admin email inbox. Retained until manually deleted; used for product improvement and business intelligence. |
| Login credentials | Not stored — used only within the browser session, then discarded |
| Email address + audited URL (report unlock) | Retained in our email inbox until manually deleted; used for follow-up communications |
| Analytics data (Google Analytics) | Retained by Google Analytics per their data retention settings (default 26 months). Only collected if you accept analytics cookies. |
| Waitlist / deep-check form submissions | Retained in our email inbox until the engagement is complete or you request deletion |
To request deletion of your data, email us at fixpixies@gmail.com with the subject "Data deletion request".
7. Cookies & tracking on this website
Fix Pixies uses a minimal set of cookies. A consent banner is shown on your first visit so you can make an informed choice before any analytics cookies are set.
| Cookie / Storage | Type | Purpose | Expires |
|---|---|---|---|
| cookieConsent | Essential (localStorage) |
Stores your cookie preference (accepted / declined) so we don't ask again | Until manually cleared |
| _ga, _ga_* | Analytics (Google Analytics) |
Distinguishes users; helps us understand how visitors use the site (pages visited, session length, referral source). Only set after you accept analytics cookies. | 2 years (_ga) / 2 years (_ga_*) |
There are no advertising cookies, no retargeting pixels, and no social media tracking scripts on this site.
If you decline analytics cookies (or do nothing), no Google Analytics cookies are set. You can change your choice at any time by clicking "Manage preferences" in the cookie banner at the bottom of the page, or by clearing cookieConsent from your browser's localStorage.
8. Your rights under GDPR
If you are in the European Economic Area (EEA), you have the following rights over your personal data:
- Access — you can ask what data we hold about you.
- Rectification — you can ask us to correct inaccurate data.
- Erasure — you can ask us to delete your data ("right to be forgotten").
- Restriction — you can ask us to stop processing your data while you contest its accuracy or our right to process it.
- Portability — you can ask for your data in a structured, machine-readable format.
- Objection — you can object to processing based on legitimate interest.
- Withdraw consent — where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, email fixpixies@gmail.com. We will respond within 30 days.
9. Contact
For any privacy-related questions, data requests, or complaints:
fixpixies@gmail.com
We will update this policy when our practices change. The effective date at the top of this page reflects the latest revision. Continued use of the service after a policy update constitutes acceptance.