Privacy policy

PixelRetriever (“we”, “us”, “Pixel”) is a reverse-image-search service for photographers, operated by Wouter Vellekoop (wouter.studio), based in the Netherlands. For the purposes of the EU General Data Protection Regulation (GDPR), we are the data controller for the account data described below. You can reach us any time at hello@pixelretriever.com.

We keep our footprint deliberately small. We process:

• Account data — your email address, and authentication details handled by our auth provider. We use magic links and optional social sign-in (Google, Microsoft).
• Photo metadata — file names, paths, dimensions, dates and a 64-bit perceptual hash (pHash) of each photo. This is what lets Pixel recognise your image elsewhere without storing the image itself.
• Temporary previews — a downscaled copy (max 1024px) of a photo, created only when needed for a scan and to show you a thumbnail in your dashboard. Originals are deleted immediately after scanning.
• Connected-source tokens — the OAuth access/refresh tokens for the cloud you connect, stored encrypted (AES-256-GCM). We request read-only access and never modify, move or delete your files.
• Match results — the URLs, domains, titles and similarity scores Pixel finds across the web, and your review decisions on them.
• Billing data — handled by Paddle (see below). We never see or store your full card details.
• Operational data — basic logs and error reports to keep the service running and secure.

• We don’t permanently store your original photos.
• We don’t sell, rent or trade your personal data.
• We don’t use advertising or third-party tracking cookies.
• We don’t claim any ownership of, or rights to, your photographs.

• To provide the service (performance of a contract) — connecting your source, scanning, and showing you matches.
• To take payment (performance of a contract / legal obligation) — via Paddle.
• To keep things secure and improve reliability(legitimate interests) — logging, error monitoring, abuse prevention.
• To send you the newsletter (consent) — only if you opt in, and you can unsubscribe at any time.

We rely on a small set of trusted providers to run PixelRetriever. Each processes data only on our instructions:

• Supabase — database and authentication.
• Vercel — hosting (EU region).
• Cloudflare R2 — temporary preview storage during scans.
• SerpApi — performs the reverse image search (Google Lens) on the temporary preview.
• Paddle — payments and subscription billing (merchant of record).
• Resend — transactional and notification email.
• Sentry — error and performance monitoring.
• Google, Microsoft, Dropbox — only the cloud you choose to connect, for read-only access to the folder you pick.

Some of these providers may process data outside the EU. Where that happens, we rely on appropriate safeguards such as the EU Standard Contractual Clauses.

We keep your account data and match history for as long as your account is active. Temporary previews are deleted right after a scan. When you delete your account, we erase your account, photos, hashes, matches and connected-source tokens. Some records (e.g. invoices held by Paddle) may be retained where the law requires it.

Under the GDPR you can access, correct, export or delete your data, and object to or restrict certain processing. You can delete your account and everything tied to it yourself from Settings → Danger zone, or email us and we’ll handle it. You also have the right to complain to your local data protection authority (in the Netherlands, the Autoriteit Persoonsgegevens).

Source tokens are encrypted at rest with AES-256-GCM. We request read-only scopes, use signed OAuth state to prevent CSRF, and keep your original images out of our systems by design. No system is perfectly secure, but minimising what we hold is our first line of defence.

If we make material changes to this policy, we’ll update the date above and, where appropriate, let you know by email.