This privacy policy explains how ToggleKit Ltd (trading as “The Pixel House”, “we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you use our website at thepixelhouse.co.uk and our visual regression testing services (collectively, the “Service”).
ToggleKit Ltd is a company registered in England and Wales. We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR) where applicable.
1. Information we collect
We collect the following categories of personal data:
Account information: your name, email address, and authentication credentials when you create an account. If you sign in via GitHub OAuth, we receive your GitHub username and email address.
Billing information: payment details are processed securely by Stripe. We do not store your full card number. We retain your billing address and transaction history for accounting purposes.
Usage data: information about how you use the Service, including API requests, screenshot captures, comparison results, and feature usage. This helps us improve the Service and provide support.
Technical data: IP address, browser type, operating system, and device information collected automatically when you access our website or API.
Screenshot content: the URLs you submit and the resulting screenshots and visual diffs generated by the Service. These are stored as part of your project data.
Communications: any correspondence you send to us, including support requests and feedback.
2. How we use your information
We use your personal data for the following purposes:
To provide, operate, and maintain the Service
To authenticate your identity and manage your account
To process payments and manage subscriptions
To send transactional emails (account confirmations, billing receipts, alert notifications)
To monitor and improve the performance, security, and reliability of the Service
To respond to your support requests and communications
To comply with legal obligations and enforce our terms of service
To detect and prevent fraud, abuse, and security incidents
We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling.
3. Legal basis for processing
We process your personal data under the following legal bases as defined by the UK GDPR and EU GDPR:
Contract: processing necessary to perform our contract with you (providing the Service, managing your account, processing payments).
Legitimate interests: processing necessary for our legitimate interests, such as improving the Service, ensuring security, and preventing fraud, provided these interests are not overridden by your rights.
Legal obligation: processing necessary to comply with applicable laws, including tax and accounting regulations.
Consent: where we rely on your consent (for example, for optional marketing communications), you may withdraw consent at any time.
4. Data storage and security
Your data is stored on servers located within the European Union. We use Cloudflare infrastructure and Neon Postgres databases with data residency in the EU. Screenshots and visual diffs are stored in Cloudflare R2 object storage.
We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. API keys are hashed before storage.
5. Data retention
We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:
Account data: retained for the lifetime of your account and for up to 30 days after account deletion to allow for recovery.
Screenshots and diffs: retained according to your plan’s retention period (7 days to 1 year). You may delete project data at any time.
Billing records: retained for 7 years to comply with UK tax and accounting obligations.
Server logs: retained for up to 90 days for security and debugging purposes.
6. Third-party processors
We share your data with the following categories of third-party processors, all of whom are bound by data processing agreements:
Cloudflare: hosting, CDN, R2 storage, and browser rendering (EU data centres)
Neon: database hosting (EU region)
Stripe: payment processing
Resend: transactional email delivery
GitHub: OAuth authentication (if you choose to sign in with GitHub)
We do not transfer your personal data outside the European Economic Area or the United Kingdom unless adequate safeguards are in place, such as Standard Contractual Clauses or an adequacy decision.
7. Your rights
Under the UK GDPR and EU GDPR, you have the following rights:
Access: request a copy of the personal data we hold about you
Rectification: request correction of inaccurate or incomplete data
Erasure: request deletion of your personal data (subject to legal obligations)
Restriction: request that we restrict processing of your data in certain circumstances
Portability: receive your data in a structured, machine-readable format
Objection: object to processing based on legitimate interests
Withdraw consent: where processing is based on consent, withdraw it at any time
To exercise any of these rights, please contact us at privacy@thepixelhouse.co.uk. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk if you believe we have not handled your data appropriately.
8. Cookies
We use strictly necessary cookies to manage authentication sessions. These cookies are essential for the Service to function and cannot be disabled. We do not use third-party tracking cookies or advertising cookies.
If we introduce any non-essential cookies in the future, we will update this policy and obtain your consent before setting them.
9. Children
The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.
10. Changes to this policy
We may update this privacy policy from time to time. We will notify you of material changes by email or by posting a notice on our website. The “Last updated” date at the top of this page indicates when the policy was last revised.
11. Contact us
If you have any questions about this privacy policy or our data practices, please contact us: