Privacy Policy

1. Introduction

Pixie ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (trypixie.com) and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

• Account Information: Name, email address, phone number, business name, business type, and state
• Children's Information: Full names, birthdates, roles/job titles, and Social Security Numbers (SSN) of children you document work for
• Job Records: Job titles, descriptions, hours worked, pay rates, work dates, payment status, and photos of completed work
• Financial Information: Wage amounts, contribution amounts, brokerage names, and contribution dates
• Payment Information: Payment method details (processed securely by Stripe; we do not store full credit card numbers)
• Communications: Messages you send us through email or contact forms

2.2 Information Collected Automatically

When you access the Service, we automatically collect certain information, including:

• Usage Data: Pages visited, features used, time spent on pages, clicks, and navigation paths
• Device Information: IP address, browser type and version, device type, operating system, and unique device identifiers
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to track activity and store certain information (see Section 8 for details)
• Analytics Data: We use Google Analytics and Vercel Analytics to understand how users interact with our Service

2.3 Information from Third Parties

• Authentication Providers: If you sign up using a third-party service (e.g., Google), we receive basic profile information from that provider
• Payment Processors: Stripe provides us with payment confirmation and subscription status information

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide the Service: To create and manage your account, store your job records, generate reports, and provide core functionality
• Process Payments: To process subscription payments and manage billing
• Communicate with You: To send account notifications, trial expiration reminders, tax deadline alerts, product updates, and respond to your inquiries
• Improve the Service: To analyze usage patterns, identify bugs, develop new features, and enhance user experience
• Security and Fraud Prevention: To detect and prevent fraud, abuse, and unauthorized access
• Legal Compliance: To comply with legal obligations, respond to lawful requests, and protect our rights
• Marketing: To send you information about features, tips, and updates (you can opt out at any time)

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Hosting: Vercel (infrastructure and hosting)
• Database: Supabase (data storage and authentication)
• Payment Processing: Stripe (subscription billing and payment processing)
• Email Services: Resend (transactional emails)
• Analytics: Google Analytics and Vercel Analytics (usage analytics)
• File Storage: Supabase Storage (for photos and documents)

These service providers are contractually required to use your information only to provide services to us and are prohibited from using it for their own purposes.

4.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government agencies).

4.3 Business Transfers

If Pixie is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Children's Privacy

COPPA Compliance: The Service is not directed to children under 13 years of age, and we do not knowingly collect personal information directly from children under 13. The Service is intended for use by parents and guardians who are at least 18 years old.

Information About Children: Parents and guardians may enter information about their children (including minors under 18) as part of documenting work and managing Roth IRA contributions. This information is entered by the parent/guardian, not by the child. Parents and guardians are responsible for the accuracy of information they provide about their children.

Sensitive Information: We understand that children's Social Security Numbers and other personal information are highly sensitive. We implement strict security measures to protect this data (see Section 7).

If we learn that we have collected personal information directly from a child under 13 without parental consent, we will delete that information as quickly as possible. If you believe we have collected information from a child under 13, please contact us at hello@trypixie.com.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Active Accounts: We retain your data while your account is active
• After Cancellation: If you cancel your subscription, we retain your data for 30 days to allow you to download your records. After 30 days, we may delete your data unless you reactivate your account
• After Account Deletion: If you delete your account, we will delete your personal information within 30 days, except for information we must retain for legal or regulatory purposes
• Backup Retention: Deleted data may persist in backup systems for up to 90 days before being permanently removed
• Tax Records: We recommend you download and retain your own copies of tax-related records for at least 7 years, as required by IRS guidelines

7. Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: Data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption
• Access Controls: Strict access controls limit who can access your data internally
• Authentication: Secure authentication mechanisms protect your account
• Monitoring: We monitor for suspicious activity and potential security threats
• Regular Audits: We conduct regular security assessments and updates
• Data Isolation: Row-level security ensures users can only access their own data

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information. Cookies are small data files stored on your device.

Types of Cookies We Use:

• Essential Cookies: Required for the Service to function (e.g., authentication, session management)
• Analytics Cookies: Help us understand how you use the Service (Google Analytics, Vercel Analytics)
• Preference Cookies: Remember your settings and preferences

Managing Cookies:

Most web browsers allow you to control cookies through their settings. However, disabling essential cookies may prevent you from using certain features of the Service.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

9.1 General Rights (All Users)

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Data Portability: Request a copy of your data in a structured, machine-readable format
• Opt-Out of Marketing: Unsubscribe from marketing emails using the link in any email or through your account settings

9.2 GDPR Rights (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, you have additional rights under GDPR:

• Right to Restrict Processing: Request restriction of processing in certain circumstances
• Right to Object: Object to processing of your personal information
• Right to Withdraw Consent: Withdraw consent at any time where we rely on consent
• Right to Lodge a Complaint: File a complaint with your local data protection authority

9.3 CCPA Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information we have collected
• Right to Opt-Out of Sale: We do not sell personal information
• Right to Non-Discrimination: You will not be discriminated against for exercising your rights

How to Exercise Your Rights:

To exercise any of these rights, please contact us at hello@trypixie.com. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

We primarily use service providers based in the United States. If you are located outside the United States, please be aware that information we collect will be transferred to and processed in the United States.

For EEA/UK users, we ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission.

11. Third-Party Links

The Service may contain links to third-party websites or services (e.g., links to brokerage firms for Roth IRA information). We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending you an email notification for material changes

Your continued use of the Service after any changes constitutes your acceptance of the new Privacy Policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: hello@trypixie.com

For GDPR-related inquiries, please include "GDPR Request" in your subject line.

For CCPA-related inquiries, please include "CCPA Request" in your subject line.