Back to Home

Privacy Policy

Last updated: April 5, 2026

This Privacy Policy explains how Pix-Vu ("we", "us", "our"), operated by Sentinel Holdings, collects, uses, stores, and protects your personal data when you use our AI-powered Facebook advertising management platform at pix-vu.com ("Service"). We are committed to protecting your privacy and complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR 2016/679), and the Data Protection Act 2018.

1. Data Controller

The data controller responsible for your personal data is:

As a small organisation, we are not required to appoint a Data Protection Officer (DPO) under Article 37 of the GDPR. However, you may contact us at support@pix-vu.com for any data protection queries and we will respond promptly.

2. Categories of Data We Collect

Account Information

  • Email address (used for authentication and communication)
  • Name (if provided during registration)
  • Account preferences and settings

Facebook/Meta Data

When you connect your Facebook Ad Account via OAuth, we collect and process:

  • Facebook OAuth access tokens
  • Ad account identifiers and metadata
  • Campaign, ad set, and ad performance data (impressions, clicks, conversions, spend, ROAS)
  • Audience and targeting information
  • Ad creative content (text and images)
  • Pixel and conversion data

Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card number, CVV, or full payment details on our servers. We receive and store your Stripe customer ID and subscription status.

Usage Data

  • Pages visited and features used within the Service
  • Campaign actions taken (creation, modification, pausing)
  • Timestamps and session information
  • IP address and approximate geographic location
  • Browser type and device information

3. Legal Basis for Processing

Under the UK GDPR and EU GDPR, we process your personal data on the following legal bases:

  • Performance of a contract (Article 6(1)(b)): Processing your account information, Facebook data, and payment data is necessary to provide the Service you have subscribed to. This includes managing your advertising campaigns, generating AI creatives, and processing your subscription payments.
  • Legitimate interests (Article 6(1)(f)): We process usage data to improve the Service, maintain security, prevent fraud, and analyse how users interact with the platform. Our legitimate interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests.
  • Consent (Article 6(1)(a)): Where we use non-essential cookies or send marketing communications, we do so only with your explicit consent. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Legal obligation (Article 6(1)(c)): We retain certain billing and transaction records as required by UK tax and accounting regulations.

4. How We Use Your Data

We use your data to:

  • Provide the Service: Manage your Facebook advertising campaigns, generate AI ad creatives, optimise budgets, and display performance data.
  • Authenticate your account: Verify your identity and manage access to the Service.
  • Process payments: Manage your subscription billing through Stripe.
  • Improve the Service: Analyse usage patterns to improve features, performance, and user experience.
  • Communicate with you: Send service-related emails, including billing confirmations, important updates, and support responses.
  • Comply with legal obligations: Maintain records as required by law and respond to lawful requests from authorities.

We do not sell your personal data. We do not use your data for purposes unrelated to providing and improving the Service.

5. Third-Party Processors

We share data with the following third-party data processors, solely to provide the Service. Each processor is bound by data processing agreements in accordance with Article 28 GDPR:

  • Supabase (US)— Authentication and database storage. Your account data and campaign information are stored in Supabase's infrastructure. See Supabase Privacy Policy.
  • Stripe (US)— Payment processing. Stripe handles all credit card transactions and subscription billing. See Stripe Privacy Policy.
  • Meta / Facebook (US)— Advertising platform. We access your ad account via the Meta Marketing API to manage campaigns on your behalf. See Meta Privacy Policy.
  • OpenAI (US)— AI-powered ad copy generation. Campaign context and targeting information may be sent to OpenAI to generate ad creative text. No personal end-user data is sent. See OpenAI Privacy Policy.
  • Fireworks AI (US)— AI image generation for ad creatives. Campaign context may be used to generate ad imagery. See Fireworks AI Privacy Policy.
  • Vercel (US)— Website hosting and deployment. Your requests to our website pass through Vercel's infrastructure. See Vercel Privacy Policy.
  • Resend (US)— Transactional email delivery. Your email address is transmitted to Resend to send service-related messages such as login codes, billing confirmations, and account notifications. See Resend Privacy Policy.

6. International Data Transfers

Several of our third-party processors are based in the United States. When your personal data is transferred outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs):We rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) as the primary safeguard for data transfers to third countries.
  • Adequacy decisions: Where applicable, we transfer data to countries that have received an adequacy decision from the UK Secretary of State or the European Commission.
  • Processor commitments: All our processors maintain data protection commitments consistent with GDPR requirements.

You may request a copy of the safeguards we have in place by contacting us at support@pix-vu.com.

7. Data Retention

We retain your data only for as long as necessary to fulfil the purposes described in this policy. Specific retention periods:

  • Account data: Retained for the duration of your active subscription. Deleted within 30 days of account deletion.
  • Campaign performance data and generated creatives: Deleted within 30 days of account deletion.
  • Facebook OAuth access tokens: Revoked and deleted immediately upon disconnection or account deletion.
  • Billing and transaction records: Retained for up to 7 years as required by UK tax and accounting regulations (HMRC requirements).
  • Usage and analytics data: Retained for up to 26 months, then anonymised or deleted.
  • Support correspondence: Retained for up to 3 years after your last contact.

We may retain anonymised, aggregated data that cannot identify you for analytical and statistical purposes indefinitely.

8. Your Rights

Under the UK GDPR and EU GDPR, you have the following rights regarding your personal data:

  • Right of access (Article 15): Request a copy of the personal data we hold about you. We will provide this in a commonly used electronic format.
  • Right to rectification (Article 16): Request correction of inaccurate or incomplete data without undue delay.
  • Right to erasure (Article 17):Request deletion of your personal data ("right to be forgotten") where there is no compelling reason for its continued processing.
  • Right to data portability (Article 20): Request an export of your data in a structured, commonly used, and machine-readable format (such as CSV or JSON).
  • Right to restrict processing (Article 18): Request that we limit how we use your data in certain circumstances.
  • Right to object (Article 21): Object to the processing of your personal data where we rely on legitimate interests as the legal basis, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Right not to be subject to automated decision-making (Article 22): See Section 11 below.

To exercise any of these rights, contact us at support@pix-vu.com. We will respond to your request within one calendar month. In complex cases, we may extend this by a further two months, and will inform you of any such extension within the first month. There is no fee for exercising your rights, unless requests are manifestly unfounded or excessive.

9. Cookies

We use cookies and similar technologies on our website. For full details on the cookies we use, how to manage them, and your choices, please see our Cookie Policy.

In summary:

  • Essential cookies: Required for the Service to function (authentication, security). These do not require consent under the Privacy and Electronic Communications Regulations 2003 (PECR).
  • Functional cookies: Remember your preferences and settings. Set only with your consent.
  • Analytics cookies: Help us understand how visitors use our website. Set only with your consent.

10. Data Security

We implement appropriate technical and organisational measures to protect your data in accordance with Article 32 of the GDPR, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Encrypted storage of OAuth access tokens
  • Regular security reviews and updates
  • Access controls limiting data access to authorised personnel and systems
  • Regular testing and evaluation of security measures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and will inform you without undue delay where the breach is likely to result in a high risk to your rights and freedoms.

11. Automated Decision-Making

Our Service uses AI and automated systems to:

  • Generate ad creatives: AI generates ad copy and images based on your campaign parameters. You review and approve all creatives before they are published.
  • Optimise campaign budgets: AI automatically adjusts budget allocation and bidding across your ad sets based on performance data. This affects how your advertising budget is spent but does not make decisions that produce legal effects or similarly significant effects concerning you as an individual.
  • Audience testing: AI tests different audience combinations to identify high-performing segments.

These automated processes relate to the management of your advertising campaigns (which you have opted into) and do not constitute solely automated decision-making that produces legal effects concerning you within the meaning of Article 22 GDPR. You maintain control over your campaigns and can override, pause, or modify any automated decisions at any time through the Service.

12. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

13. Right to Complain

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with a supervisory authority:

  • UK: Information Commissioner's Office (ICO) — ico.org.uk/make-a-complaint — Telephone: 0303 123 1113
  • EU: You may lodge a complaint with the supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement. A list of EU supervisory authorities is available at edpb.europa.eu.

We would appreciate the opportunity to resolve your concerns before you approach a supervisory authority, so please contact us first at support@pix-vu.com.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days in advance via email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically.

15. Contact

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your data, please contact us at: