Privacy Policy
Status: 07/05/2026
1) Controller
MR IT Manuel Reschke
c/o Online-Impressum #6825
Europaring 90
53757 Sankt Augustin
Germany
Email: [email protected]
Data Protection Officer: No data protection officer has been appointed, as the legal requirements for such an appointment do not apply.
2) Overview: What We Process and Why
We process personal data in order to:
provide the website,
operate user accounts,
enable images to be uploaded and delivered,
prevent abuse and spam,
process payments, where applicable,
communicate with you, for example for support or transactional emails.
The legal bases are, in particular:
Art. 6(1)(b) GDPR — contract, account, upload,
Art. 6(1)(f) GDPR — legitimate interests: operation, IT security, abuse prevention,
Art. 6(1)(a) GDPR — consent, for example for non-essential cookies/tracking,
Art. 6(1)(c) GDPR — legal obligations, for example retention obligations.
3) Hosting — IONOS, Germany
Our website and servers are operated by IONOS. In this context, technical log data is processed, among other things; see Section 4. Where required, a data processing agreement pursuant to Art. 28 GDPR is concluded with IONOS.
Recipient: IONOS SE, processor.
4) Server Log Files — Website Access
Each time the website is accessed, the web server typically processes:
IP address,
date and time,
requested URL,
referrer, if applicable,
user agent,
status codes and error data.
Purpose: delivery of the website, stability/error analysis, IT security, detection of abuse and attacks.
Legal basis: Art. 6(1)(f) GDPR.
Retention period: generally 7–30 days; longer in the event of security incidents until clarification.
5) Account / Registration
When an account is created and used, we process:
email address,
username,
password, stored only as a hash,
timestamps, such as registration and last login,
status or plan information, if applicable, for example “Supporter”.
Purpose/legal basis: performance of a contract, Art. 6(1)(b) GDPR; security and abuse prevention, Art. 6(1)(f) GDPR.
6) Image Uploads, Storage and Delivery
When images are uploaded and hosted, we may process:
image file and technical metadata, such as file size and MIME type,
hash/checksum, for example for duplicate detection,
upload time,
assignment to the user account,
selected visibility, public/private,
EXIF or other metadata, if included in the image, for example camera data; location data may also be included if you leave it in the image.
Purpose/legal basis: provision of image hosting, Art. 6(1)(b) GDPR; abuse prevention and security measures, Art. 6(1)(f) GDPR.
Note: If you do not want location data to be shared, remove EXIF GPS data before uploading.
Retention period: until deletion by you or account deletion; deletion from backups may be delayed.
7) CDN & Protection — Cloudflare
For faster and more secure delivery, including caching, DDoS protection and WAF, we use Cloudflare. In particular, IP addresses and technical connection/header data are processed in order to deliver content via the Cloudflare network.
Legal basis: Art. 6(1)(f) GDPR — secure and performant delivery.
Cloudflare provides a Data Processing Addendum, DPA, for this purpose.
Third-country transfers: Depending on configuration and service, data may also be processed outside the EU. Cloudflare describes, among other things, the processing of metadata in data centers in the United States and Europe.
8) Email Delivery — Mailgun
We use Mailgun, Sinch Email, for transactional emails, for example confirmations, login notifications and support messages. Depending on the type of email, the following data may be processed:
recipient address,
email content, for example confirmation links,
sending time,
technical delivery data, logs.
Legal basis: Art. 6(1)(b) GDPR, contractual communication, and/or Art. 6(1)(f) GDPR, operation/security.
Mailgun provides information on GDPR and includes a DPA in its contractual terms.
9) Payments / Memberships — Patreon and Stripe
Patreon, memberships/support:
If you use Patreon for monetization, data for payment and membership management is processed by Patreon, for example name, email address, payment status and transaction details, depending on the Patreon flow. Patreon provides a Creator Data Processing Agreement, “Creator Privacy Promise”, / DPA.
Stripe, direct payments:
If you offer direct payments via Stripe, Stripe processes payment and transaction data. Stripe provides a Data Processing Agreement, DPA, and describes SCCs as a transfer mechanism.
Legal basis: Art. 6(1)(b) GDPR, performance of the contract/payment; Art. 6(1)(c) GDPR, tax and commercial law obligations where relevant.
10) Cookies / Consent — TDDDG
We use:
technically necessary cookies, for example session/login and security functions — no consent is required where these are strictly necessary,
non-essential cookies/tracking, for example marketing/analytics where used — only with consent via a consent banner pursuant to Section 25 TDDDG.
You can withdraw or change your consent at any time via [cookie settings link].
11) Chrome Extension “Easy Screenshot by PixelFox.cc”
We provide a Chrome extension that allows users to upload screenshots and image files directly to their PixelFox.cc account.
The extension processes data only when the user actively triggers a function, for example by creating a screenshot, selecting an image file or starting an upload.
In particular, the following data may be processed:
screenshot or image files uploaded by the user,
technical file data such as file name, file size and MIME type,
upload time,
assignment to the PixelFox.cc account,
metadata contained in the image, if applicable, for example EXIF data,
the API token or login status stored by the user,
local extension settings, for example upload options.
The API token and local settings are stored in the user’s browser in order to provide the upload function. These data are not used for advertising, tracking or profiling.
The extension uses browser permissions exclusively for the following purposes:
activeTab: access to the currently active tab only after an explicit user action, for example to create a screenshot.
scripting: execution of small scripts in the active tab only where necessary and after a user action, for example to support the screenshot or upload function.
clipboardWrite: writing the generated PixelFox link to the clipboard after a successful upload or after clicking a copy function. The extension does not read clipboard contents.
storage: local storage of settings, API token and upload preferences.
Host permission for https://pixelfox.cc/*: communication with the PixelFox.cc API for authentication, upload and retrieval of the upload result.
The extension does not collect browser history, passwords, form contents or any other page contents that are not required for the upload function. The data are not used for advertising purposes, are not sold, and are not disclosed to third parties for marketing purposes.
Processing takes place in order to provide the upload function requested by the user on the basis of Art. 6(1)(b) GDPR, and for security and abuse prevention on the basis of Art. 6(1)(f) GDPR.
12) Recipients / Processors
Depending on usage, we disclose data to the following categories:
Hosting: IONOS, processor.
CDN/security: Cloudflare, processor.
Email: Mailgun/Sinch Email, processor.
Payments: Patreon, Stripe — generally independent controllers or, depending on the setup, processors or subprocessors; details can be found in their DPA/privacy documents.
13) Third-Country Transfers
Depending on the service, in particular Cloudflare, Mailgun, Patreon and Stripe, processing may take place outside the EU/EEA. In such cases, appropriate safeguards, for example Standard Contractual Clauses, are used where required. Stripe expressly refers to SCCs in connection with transfers.
14) Retention Period
Account data: until the account is deleted; statutory retention obligations remain unaffected.
Images: until deleted by you; deletion from backups may be delayed.
Logs: generally 7–30 days; longer in security cases.
Payment data: in accordance with legal requirements, for example commercial and tax law, where you store such data yourself.
15) Your Rights
Under the GDPR, you have the right of access, rectification, erasure, restriction of processing, data portability and the right to object to processing based on Art. 6(1)(e) or Art. 6(1)(f) GDPR. You may withdraw consent at any time with effect for the future. You also have the right to lodge a complaint with a data protection supervisory authority.
16) Data Security
We implement technical and organizational measures, including TLS encryption, access restrictions, password hashing, monitoring and rate limits.
17) Changes
We update this Privacy Policy whenever functions or services used by us change.