Last Update: January, 2021
Introduction and Definitions
Pixton Comics Inc. is committed to maintaining the security, confidentiality and privacy of your Personal Information.
“Account” means an account created on the Site.
“Content” means any expression fixed in a tangible medium and includes, without limitation, ideas, text, graphics, avatars, designs, presets (including but not limited to: backgrounds, scene configurations, characters, outfits, body poses, facial expressions, color filters, overlays, effects), combinations of presets, drawings, logos, images, trademarks, copyrights, information, software, and any intellectual property therein, any of which may be created, submitted, or otherwise made accessible on or through the Site and/or Services.
“Pixton Content” means all Content that is not User Generated Content.
“Services” means creation of avatars, characters and scenes with accompanying text for a comic strip accessed through the Site, as well as access to preset Content including but not limited to: backgrounds, scene configurations, characters, outfits, body poses, facial expressions, color filters, overlays and effects.
“Site” means www.pixton.com, app.pixton.com, and other affiliated subdomains of pixton.com.
“User” means someone who signs up for an Account on the Site.
“User Generated Content” or “UGC” means any material whatsoever, including comics, that a user, including you, submits, creates, transfers or otherwise makes available by access to the Site or through the Services, including but not limited to ideas, information, images, data, text, graphics, designs, drawings posted in any area within the Site or through the Services.
Acceptance of Terms and Revisions
Pixton is compliant with the requirements of Canadian and US privacy laws including the Personal Information Protection and Electronic Documents Act, and the Personal Information Protection Act within British Columbia. Pixton also intends for its data privacy and security practices to be consistent with the EU General Data Protection Regulation (“GDPR”).
Types of Information We Collect
There are two types of information we may collect through your access to and use of the Site and/or Services:
“Personal Information” means information about an identifiable individual (including any “Personal Information” as such term is defined in the applicable privacy statute). Personal Information may include, but is not limited to, a person’s first and last name, an email address, persistent identifiers such as IP address or device number, or any anonymous information combined with a persistent identifier or other Personal Information.
“Non-Personal Information” means information that does not identify you and cannot be used to identify you personally and may include your browser and operating system descriptor, gender, and non-precise geolocation information (e.g., your city). Non-Personal Information also includes “Usage Data” which is anonymous data associated with your computer that includes activities and time on the Site, when not linked to any persistent identifier or other Personal Information.
Collection of Information
We may collect information (including Personal Information) as follows:
Information you provide to us upon registration. If you choose to register, complete a sign-up form or group register form, open an Account or become a member with us, request support, or in any other way take steps that require the submission of information, we may collect Personal Information such as your email address, your full name and the name of your company.
Purchases. If you choose to subscribe to the Site and/or Services, our payment processor, Stripe, will collect your credit card information. We do not collect or store your credit card information.
Information you submit to us. If you choose to submit your information to us for any other reason in any other form, we will collect such information and use it for the purposes for which you submitted it.
Visiting our Site. We will not collect any Personal Information from you simply by virtue of your visiting the Site; we only collect Personal Information if you choose to submit it to us. We do, however, collect Non-Personal Information such as Usage Data, whenever you use the Site and/or Services. If prohibited in your jurisdiction, such Non-Personal Information is not combined with Personal Information.
Browser privacy preference. We will use reasonable efforts to comply with the privacy preference setting in any browser, but generally do not comply with any Do-Not-Track requests on browsers.
Email messages. We may collect Non-Personal Information through emails we send you which contain code that allows us to track whether the message was opened and/or links were clicked.
Cookies. In connection with the foregoing collection of information, we may also use “cookies” or similar technologies (small amounts of data that are stored on your computer's hard drive when you use or access the Site and/or Services that identify your computer and may store information about you such as behavioural data). Should you choose to submit Personal Information to us, we may link cookie information to such Personal Information. If you do not wish to accept cookies, you have the option of blocking or disabling cookies. However, please be aware that some of the Site and/or Services will not function properly if you do so and you may lose access to Services you purchased.
Third party advertisers. No third-party advertising is permitted on the Site.
We strongly advise you not to submit Personal Information as part of UGC, comics or other content you create. However, if you do, the Personal Information will be stored in our database and treated the same as other Personal Information collected from you.
Public Disclosure of User Generated Content and Other Internet Activity
Use of Your Information
We may use your information (including Personal Information) for the following purposes:
to provide you with any services or functionality you have requested, including the Services;
to improve the Site and/or Services, and to inform the creation of future Services;
to send you information related to the Site and/or Services, including confirmations, Site news, technical notices, updates, security alerts, and support and administrative messages;
to process transactions for the Services;
to manage your Account with Pixton;
to respond to customer service inquiries;
to troubleshoot problems with the Site and/or Services;
to protect against unlawful activities or other misuse of the Site and/or and Services or for other security reasons;
to compile statistics;
to invite you to participate in Pixton surveys, contests or special events;
to allow you to share your User Generated Content with your colleagues, friends or family;
to authenticate your identity; and
to integrate third-party authentication, including Google, Microsoft, and Facebook single sign-on.
SPECIFIC THIRD-PARTY SERVICES
The Site makes use of the following third-party services:
Hubspot.com is a customer communication tool that allows us to send email and in-application messages to users. We use it to segment users for more specific messaging; to organize messages; and to communicate product updates such as feature releases. This service collects limited Personal Information, such as name and email address.
Stripe.com is a payment processor, which we use to collect credit card payments from users. This service collects limited Personal Information, such as name and credit card information.
Google, Microsoft, or Facebook facilitate single sign-on to the Site. We use them to authenticate users and to retrieve the name and/or email address of the user, for the purposes of provisioning and then enabling access to a Pixton account. These services collect and pass to Pixton limited Personal Information (name and email address).
Amazon Web Services is a set of cloud-based web hosting services. We use it to host the Site, including the database where user data are stored. This service does not collect Personal Information, although it may store (in an encrypted format) such data as collected and stored by Pixton.
Disclosure of Information
Protection of Your Information
Pixton has implemented reasonable physical and technical measures to protect the information we collect or are provided with from unauthorized access and against loss, misuse or alteration by third parties, including but not limited to:
- Containment of database(s) inside a Virtual Private Cloud (VPC), access to which is extremely restricted;
- Encryption of database data in transit and at rest;
- Use of SSL / HTTPS for all data transmission over the Internet;
- Multifactor authentication on administrator-level access;
- Code reviews and scans to monitor for security vulnerabilities;
- Firewalls, private keys, anti-virus protection, IP address whitelists, and encrypted local hard drives.
Further, while we attempt to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party “hackers” from illegally obtaining access to this information. We do not warrant or represent that your information will be protected against, loss, misuse, or alteration by third parties. No method of transmission over the Internet, or method of electronic storage, is 100% secure.
PIXTON STRIVES TO EXCEED COMMERCIALLY REASONABLE EFFORTS TO PROTECT YOUR PERSONAL INFORMATION, HOWEVER, TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE EXPRESSLY DISCLAIM ANY GUARANTEE OF SECURITY IN CONNECTION WITH YOUR PERSONAL INFORMATION.
For further information on how we safeguard information we collect or are provided with, contact us via email at email@example.com.
Incident Response Plan
If we ever discover or receive reports of a security breach, we will take the following steps to address it:
- The staff member who detects or receives a report of a breach will forward all details to Pixton's privacy officer at firstname.lastname@example.org.
- The privacy officer will:
- Determine the severity of the potential impact. Is it real or perceived? Is it still in progress? What data is threatened and how critical is it? What is the impact on the business should the attack succeed – minimal, serious, or critical?
- If the breach is real, determine the system(s) being targeted, along with all relevant details such as the attacker's IP address.
- Determine how the incident can be contained, and contain it. This may involve changing passwords, encryption keys, or other system access information.
- Determine what data has been compromised, and who should be notified about the incident.
- Notify affected parties by email, including relevant details such as: the data that was compromised; the measures being taken to prevent any future such incidents.
- Document the incident, including date detected, date occurred, notifications issued, and response.
- Consider how the intrusion could have been prevented, and make changes to systems and/or policies accordingly.
Retention of Your Information
The data and information that we collect will be stored and maintained by Pixton or our third-party service providers until you delete it or instruct us to delete it, or until your Account is terminated by us. We will retain data and information we collect for a period of 60 days after your Account is terminated. We will only retain data for as long as is reasonably necessary to fulfill the purpose for which the information was collected.
If you have not logged into your Pixton account for more than 365 days, we reserve the right to terminate it.
Currently, Pixton or our third-party service providers retain and store information collected by, or provided to, us in the cloud and on secure servers in Canada. You hereby consent to Pixton storing any Personal Information you provide to us on secure servers in Canada.
If you access the Site and/or use any of the Services, you are responsible for protecting the confidentiality of your Account password and elected codes, and for restricting access to your computer and you agree to accept responsibility for all activities that occur under your Account. Please notify us immediately if you detect suspected misuse of your Account via email at: email@example.com.
Access and Accuracy
Pixton will use commercially reasonable efforts to provide you access to your Personal Information (to the extent we are in possession of any) if you submit your request for access via firstname.lastname@example.org. Pixton may charge you a reasonable fee for doing so. Subject to applicable law, Pixton reserves the right to deny access to your Personal Information on any of the following grounds:
when denial of access is required by law;
when granting you access is reasonably likely to negatively impact other people's privacy;
when granting access is, in our judgement and acting reasonably, cost prohibitive; or
when we have reason to believe that such requests are frivolous or made in bad faith.
You are responsible for ensuring that all information created through your access to and use of the Site and/or Services is accurate, reliable and complete and you acknowledge and accept that the use of such information is at your own risk. We can only provide accurate Services if we are in possession of your current and accurate information, therefore, we ask that you keep any Personal Information that you provide to us current and accurate. You represent and warrant that all Personal Information you provide us is true and accurate and relates to you and not to any other person. If you believe that the Personal Information maintained by Pixton about you is inaccurate or incomplete, you may notify us by describing in detail any inaccuracies or omissions via email at email@example.com. Following receipt of a properly submitted notice, we will, within a reasonable time period and acting in our sole discretion, use commercially reasonable efforts to either: (a) amend or correct your Personal Information to reflect corrected or additional information provided by you, or (b) in connection with your Personal Information, make note of any claimed inaccuracies or omissions reported in the notice submitted by you.
Our Policy Regarding Children
Pixton recognizes the privacy interest of children and we encourage parents/guardians to take an active role in their children’s use of the Site and/or Services. Users under the age of majority in their local jurisdiction may NOT use Pixton PRO.
If Pixton discovers or if a Parent becomes aware that a User under the age of majority in their local jurisdiction has accessed the Site and/or Services on their own and without the proper consent required in their jurisdiction, or provided us with information without the proper consent, please contact us at firstname.lastname@example.org. We will delete such information from our files within a reasonable time and within the timeframe required by applicable laws.
QUESTIONS OR COMMENTS
Pixton Comics Inc.
Attention: Privacy Officer