Privacy Policy
Last Updated: 1st September 2025
Data Processing Agreement (DPA)
This Data Processing Agreement ("Agreement") is entered into between Titan Ventures Ltd., trading as PixelFlow ("Processor"), and the customer identified in the applicable Terms of Service ("Controller"). This Agreement forms part of the Terms of Service and governs the processing of personal data carried out by PixelFlow on behalf of the Controller.
subject to the exclusive jurisdiction of the courts of Ireland.
Contents
1. Definitions
2. Subject Matter & Purpose
3. Categories of Data Processed
4. Controller Responsibilities
5. Processor Responsibilities
6. Subprocessors
7. International Data Transfers
8. Data Retention & Deletion
9. Security Measures
10. Assistance with Compliance
11. Governing Law and Jurisdiction
Definitions
Controller: The entity which determines the purposes and means of processing personal data.
Processor: The entity which processes personal data on behalf of the Controller.
Subprocessor: Any third party engaged by the Processor to process personal data.
Personal Data: Any information relating to an identified or identifiable natural person.
Applicable Law: All data protection and privacy legislation applicable to the processing, including the GDPR and the ePrivacy Directive.
2. Subject Matter and Purpose
PixelFlow provides server-side tracking and analytics services. In connection with these services, PixelFlow processes Personal Data as instructed by the Controller. Processing is limited to what is necessary to provide the agreed services, including event forwarding, deduplication, and reporting.
3. Categories of Data Processed
Depending on configuration by the Controller, PixelFlow may process the following categories of Personal Data:
IP addresses (processed for event transmission and deduplication; anonymized or hashed where possible)
Browser and device information (e.g., user agent, operating system)
Referrer URLs and page activity data
Event metadata (e.g., purchase value, order ID, or other parameters defined by the Controller)
PixelFlow does not process sensitive categories of data and does not use Personal Data for its own marketing, profiling, or resale.
4. Controller Responsibilities
The Controller is responsible for:
Ensuring that Personal Data is collected and processed lawfully, fairly, and transparently.
Providing all required notices and obtaining valid consents (e.g., through a cookie banner).
Managing data subject rights requests.
Ensuring that only necessary Personal Data is sent to PixelFlow.
5. Processor Responsibilities
PixelFlow shall:
Process Personal Data solely on the documented instructions of the Controller.
Implement appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful processing, accidental loss, destruction, or damage.
Assist the Controller, within reasonable limits, in fulfilling its obligations regarding data subject rights, security, and breach notifications.
Ensure that persons authorised to process Personal Data are subject to confidentiality obligations.
6. Subprocessors
PixelFlow engages the following subprocessors:
Amazon Web Services (AWS) – infrastructure and hosting
MongoDB Atlas – database services
Framer – hosting of marketing website
Stripe – payment processing for customer accounts (not visitor tracking)
Meta (Facebook Conversion API) – event forwarding, when configured by the Controller
PixelFlow will maintain an up-to-date list of subprocessors. The Controller will be notified of material changes in accordance with Applicable Law.
7. International Data Transfers
Where Personal Data is transferred outside the EU/EEA, PixelFlow ensures that such transfers are subject to appropriate safeguards, including the use of the European Commission’s Standard Contractual Clauses (SCCs).
8. Data Retention and Deletion
In regards to data retention and deletion of data:
Customer account data is retained until the Controller deletes the account.
Event data is retained only for as long as required to provide analytics and reporting.
Upon termination of services, or upon request, PixelFlow will delete or return all Personal Data, unless retention is required by law.
9. Security Measures
PixelFlow implements industry-standard security measures, including:
Encryption of data in transit (TLS/HTTPS)
Access control and authentication mechanisms
Segregation of customer data within databases
Regular data backups and recovery procedures
Secure hosting with reputable vendors
10. Assistance with Compliance
PixelFlow will provide reasonable assistance to the Controller in demonstrating compliance with Applicable Law, including support with:
Responding to data subject rights requests
Conducting data protection impact assessments (DPIAs)
Managing security incidents and breach notifications
11. Governing Law and Jurisdiction
This Agreement is governed by the laws of Ireland. Any disputes arising from or in connection with this Agreement shall be
