Privacy Policy

1. Introduction

Pixi, owned and operated by Maas Technologies LLC ("we," "us," "our," or "Company"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, and authentication credentials when you create an account
• Profile Data: Teacher and student information, class details, and user preferences
• Voice Data: Real-time audio input during voice sessions (processed locally via Vosklet and in-memory; not permanently stored)
• Classroom Content: Keywords, vocabulary lists, and educational materials you create

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, session duration, and interactions within the application
• Device Information: Browser type, operating system, device type, and IP address
• Cookies and Similar Technologies: Authentication tokens, session identifiers, and user preferences

2.3 Google OAuth Data

When you sign in using Google OAuth, we collect and store:

• Your email address
• Your profile name and picture
• Your unique Google ID

Limited Scope: We request access to:

• Your profile and email information (for authentication)
• Access to files you create/open with Pixi in Google Drive (drive.file) - used only when you explicitly import documents into Pixi. We do not access, store, or share the contents of your Google Drive files without your consent.

We do not request access to your Calendar, Gmail, or other sensitive data.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve the Pixi voice learning experience
• Authentication: To verify your identity and manage your account securely
• Real-Time Processing: To process voice input during sessions for keyword extraction and image retrieval
• Communication: To send service updates, support emails, and account notifications
• Improvement: To analyze usage patterns and optimize application performance (aggregated and anonymized)
• Legal Compliance: To comply with applicable laws and enforce our Terms of Service

What We Do NOT Do: We do not sell, rent, lease, or disclose your personal data to any third party for their own commercial purposes.

4. Data Sharing and Third-Party Integrations

We use the following third-party services to deliver our product. Your data is processed by these providers only to the extent necessary for service delivery:

4.1 Cloud Infrastructure & Storage

• AWS (Amazon Web Services): Application hosting, database (Neon PostgreSQL), object storage (S3), and email service (SES)
• MinIO (Local Development): Local object storage alternative for development environments

4.2 AI and Language Processing

• OpenRouter API: Provides access to the Mistral AI model (devstral-2512:free) for real-time keyword extraction. Important: Your voice is processed locally in your browser using Vosklet (in-browser WASM) and does NOT leave your device. Only the extracted keywords are sent to OpenRouter for image search enhancement. Raw voice data is never transmitted to our servers or third-party services.

4.3 Image Search

• Unsplash API: Retrieves publicly available images to display during lessons. No personal data is shared with Unsplash beyond your keyword queries.

4.4 Authentication

• Google OAuth: Third-party identity verification. Google's use of your information is governed by Google's Privacy Policy.
• Better Auth: Authentication middleware that manages session tokens securely.

4.5 Background Job Processing

• Inngest: Manages asynchronous background tasks (e.g., email delivery, data processing). Data shared is limited to what's necessary for task execution.

4.6 Data Protection

All third-party service providers are contractually required to:

• Use your data only to provide the services we request
• Implement appropriate security measures
• Not disclose your information to others without authorization

5. Data Retention

• Account Data: Retained for as long as your account is active. Upon account deletion, your personal information is removed from our primary systems within 30 days.
• Voice Data: Processed in real-time and held in memory only during the session. Not permanently stored in our database.
• Usage Logs: Retained for up to 90 days for debugging, security, and performance analysis purposes.
• Backup Data: Backup copies may be retained for up to 180 days for disaster recovery purposes.
• Legal Requirements: We may retain data longer if required by applicable law.

6. Data Security

We implement industry-standard security measures to protect your information:

• HTTPS encryption for all data in transit
• Encrypted data storage at rest
• Secure authentication via OAuth and session tokens
• Access controls and role-based permissions
• Regular security monitoring and updates

Note: No security system is impenetrable. While we strive to protect your information, we cannot guarantee absolute security.

7. AI and Language Model Processing

Important Disclosures:

• Voice Processing: Your voice is processed entirely in your browser using Vosklet (in-browser WASM technology). Your raw voice data NEVER leaves your device and is not transmitted to our servers or any third-party AI services.
• Keyword Extraction: Only the extracted keywords (short text snippets) from your voice are sent to OpenRouter/Mistral AI for enhanced processing. These keywords are used immediately for this session only.
• No Training Use: Your personal data (name, email, account information) is NOT used for training or fine-tuning any AI model. Voice data and extracted keywords are not retained for model training purposes.
• No Permanent Retention: Voice data and session keywords are not stored permanently in our database.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct inaccurate or incomplete data
• Deletion: Request that we delete your personal information (subject to legal retention requirements)
• Portability: Request your data in a portable format
• Opt-Out: Opt out of non-essential communications

To exercise any of these rights, please contact us at the address provided in Section 10.

9. Children's Privacy

Pixi is designed for educational use with children under supervision. We comply with the Children's Online Privacy Protection Act (COPPA):

• We do not knowingly collect personal information from children under 13 without verifiable parental consent
• Teachers and parents are responsible for managing student accounts
• We do not use children's data for marketing purposes

10. Data Processing and Regional Operations

Pixi operates from and is primarily designed for users in the United States. Our services are hosted on US-based AWS infrastructure. If you are located outside the United States and choose to use Pixi, you understand that your data may be processed and stored in the United States.

For comprehensive privacy information applicable to different regions, please refer to our complete Privacy Policy or contact us for region-specific guidance.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact Maas Technologies LLC (operating as Pixi):

Email: support@getpixi.co

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date above. Your continued use of the Service constitutes your acceptance of the updated Privacy Policy.