Privacy Policy

This Privacy Policy explains how we process personal data when you use:

• pixaverse.art / www.pixaverse.art
• play.pixaverse.art

1) Controller

Pixaverse Chronicle
Paul Aurich
c/o IP-Management #9102
Ludwig-Erhard-Straße 18
20459 Hamburg
Germany
Email: support@pixaverse.art

2) Categories of data we process

We process only the data needed to operate Pixaverse and the features you actively choose to use.

A. Website and game access; hosting and security

When you access our sites, technical access and connection data is processed, such as your IP address, date and time, requested page or file, referrer, browser and device information, and similar server or network event data. We use this data to deliver the sites, maintain stability, detect and prevent abuse, troubleshoot faults, and defend against attacks.

B. On-device storage (Local Storage)

We use browser storage for essential functions such as local game saves, settings, and consent or preference states. This storage is used to provide features you explicitly request and to remember your choices on your device.

C. Optional cloud features (sign-in, Cloud Save, Wishlist Sync)

If you enable optional cloud features and sign in, we process an account identifier and, depending on the sign-in method, your email address. We also process the data needed to provide the feature you selected, such as a cloud save snapshot, basic sync metadata, and wishlist item identifiers used to restore or sync your selected data across devices.

Cloud features are optional. You can use the core game without Cloud Save or Wishlist Sync.

D. Optional newsletter (Pixaverse Chronicle)

If you opt in to our newsletter, we process your email address, subscription status, and consent-related information such as opt-in time, source, and compliance versioning where applicable. If email tracking is enabled for a campaign, we may also process opening and click information associated with the newsletter.

E. Optional support and bug reports

If you submit a support or bug report, we process the information you provide, such as your message and limited technical context needed to investigate the issue, for example time, affected page, or similar diagnostic context. Please do not include passwords or other highly sensitive information in bug reports.

F. External resources and links used on our sites

Some pages may load or connect to third-party resources or services that are part of the user experience. At the time of this policy, this includes Google Fonts on pages that load those fonts and links or preconnects to Displate on pages that present external print-shop content. When such resources are loaded or connected, the relevant provider may receive technical connection data such as your IP address, browser information, and the page request required to establish the connection.

3) Purposes and legal bases

We process personal data for the following purposes and legal bases:

• Operating, securing, and improving the sites and game (delivery, stability, error diagnosis, fraud and abuse prevention, defense against attacks): Art. 6(1)(f) GDPR. Our legitimate interests are the secure, stable, and reliable operation of Pixaverse and the protection of our service, infrastructure, users, and legal position.
• Providing requested optional features such as sign-in, Cloud Save, and Wishlist Sync: Art. 6(1)(b) GDPR.
• Sending the newsletter: Art. 6(1)(a) GDPR (consent). You can withdraw consent at any time with effect for the future, for example via the unsubscribe link in an email or by contacting us.
• Handling support and bug reports: Art. 6(1)(f) GDPR. Our legitimate interests are troubleshooting, quality assurance, service integrity, and support handling.

4) Recipients and service providers

We use selected service providers that process personal data on our behalf or as part of the services you request. At the time of this policy, these include:

• Vercel for hosting and delivery.
• Google Firebase / Google for optional sign-in and cloud data features.
• MailerLite for newsletter delivery and subscriber management.
• Google Fonts / Google on pages that load those fonts.
• Displate on pages that link to or preconnect to that external service.

We do not sell personal data.

5) International data transfers

Depending on the provider and the relevant processing scenario, personal data may be processed outside the European Economic Area. Where required, we rely on lawful transfer mechanisms such as an adequacy decision, the EU-U.S. Data Privacy Framework, the UK extension and Swiss extension where applicable, Standard Contractual Clauses, or comparable safeguards recognized under applicable data protection law.

At the time of this policy, Vercel publicly states EU-U.S. Data Privacy Framework certification and publishes transfer-related legal documentation. Google publishes privacy and transfer information for Firebase and Google services, including Data Privacy Framework information and Standard Contractual Clauses. MailerLite publishes its legal documentation, including its Data Processing Addendum. Information about the safeguards relevant to your case, and where applicable how to obtain a copy of them, can be requested from us at support@pixaverse.art. Public provider documentation may also be available from the respective provider.

6) Storage duration

We keep personal data only for as long as necessary for the purposes described in this policy, subject to legal retention duties, documentation needs, defense of legal claims, and security requirements.

• Access and security data: retained for the period made available through our active hosting, logging, and security configuration, and then deleted, overwritten, or kept longer only where needed to investigate abuse, security incidents, or legal claims.
• Browser storage data: remains on your device until you delete it, clear your browser storage, or overwrite it through continued use.
• Cloud feature data: retained while the relevant cloud feature or account linkage remains active and, after a verified deletion request, only as long as reasonably required to complete deletion workflows, backup rotation, prevent abuse, or meet legal obligations.
• Newsletter data: retained until you unsubscribe or we otherwise stop sending the newsletter. Records necessary to document consent, unsubscribe status, and suppression from future mailings may be retained for as long as necessary to demonstrate compliance and prevent further unwanted mailings.
• Support and bug reports: retained until the relevant issue is resolved or the report is no longer needed for support, security, product integrity, or legal documentation purposes.

7) Whether you must provide data

You are not legally required to provide personal data merely to browse the public parts of our sites. However, certain technical data and essential browser storage are necessary to deliver the site and the game in your browser.

Sign-in, Cloud Save, Wishlist Sync, newsletter subscription, and support submissions are optional. If you choose not to provide the relevant data, the corresponding optional feature cannot be provided, but the core browser experience generally remains available.

8) Device storage and consent (Germany)

We use browser storage primarily for features you explicitly request, such as local saves, settings, and consent states. Under German law, storing or reading information on your device generally requires consent unless it is strictly necessary to provide the service you explicitly requested. If we introduce non-essential tracking or similar technologies in the future, we will request consent before activating them.

9) Your rights

Subject to the legal requirements, you have rights of access, rectification, erasure, restriction, objection, and data portability. You also have the right to withdraw consent at any time with effect for the future where processing is based on consent, and the right to lodge a complaint with a supervisory authority.

To exercise your rights, contact support@pixaverse.art. To protect user accounts and prevent abuse, we may ask for reasonable proof of identity or account ownership before acting on a request.

10) Automated decision-making

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you.

11) Changes to this policy

We may update this Privacy Policy to reflect legal, technical, or product changes. The “Last updated” date shows the most recent revision.