JustPix logo

Privacy Policy

Effective Date: April 8, 2026 Last Updated: April 8, 2026

The Marketing Department Inc., operating as JustPix® ("JustPix," "we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at justpix.com (the "Site"), use our services, place orders, or participate in our artist marketplace or creator program (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1. Information We Collect

1.1 Information You Provide Directly

Account Information. When you create an account, we collect your email address and password. You may optionally provide your name.

Order and Checkout Information. When you place an order (including as a guest without an account), we collect your name, email address, phone number, shipping address (street, city, province/state, postal/zip code, country), and billing address.

Payment Information. We use Stripe as our payment processor. Your credit or debit card details are collected and processed directly by Stripe and never touch our servers. We receive only a payment confirmation, transaction amount, and currency from Stripe.

Gift Card Information. If you purchase or redeem a gift card, we collect the associated email address and transaction details.

Artist Marketplace Information. If you apply to or participate in our artist marketplace, we collect your artwork and images, PayPal email address (for payout processing), Instagram handle and follower count, social media profile links, and space photos submitted as part of your application.

Creator Program Information. If you apply to our creator program, we collect the information described above, plus your agreement to our five content usage terms (detailed in our Terms and Conditions).

Support and Feedback Information. If you contact support or submit a bug report, we may collect your browser, operating system, and device information, as well as screenshots or screen recordings you voluntarily submit through our feedback widget.

Newsletter. If you subscribe to our newsletter, we collect your email address.

1.2 Information Collected Automatically

Device and Usage Data. When you visit the Site, we automatically collect your IP address, browser type and version, operating system, user agent string, and referring URL.

Cookies and Similar Technologies. We use the following cookies and tracking technologies:

  • Session Cookie. A JSON Web Token (JWT) cookie that maintains your logged-in session for up to 30 days.
  • Referral Cookie. If you arrive via a creator referral link, a cookie is set to attribute your purchase to the referring creator. The duration of this cookie is configured by the creator's settings.
  • Meta Pixel. We use the Meta (Facebook) Pixel, which places cookies on your browser to track page views and browsing activity. See Section 3 for details on data shared with Meta.

We do not use Google Analytics, Hotjar, Mixpanel, or session replay tools.

Geolocation Data. We use third-party services (ipinfo.io and ipapi) to determine your approximate geographic location from your IP address, for the purpose of automatically detecting your preferred currency (CAD or USD) and determining applicable shipping zones.

1.3 Information from Third-Party Login Services

If you sign in using Google, GitHub, or Discord, we receive a limited set of profile information (such as your name and email address) from the provider, along with an authentication token. We do not receive or store your password for those services.

2. How We Use Your Information

We use personal information for the following purposes:

Providing and Fulfilling Orders. Processing your purchases, generating shipping labels, coordinating delivery with our carrier (FedEx), communicating order confirmations, shipping notifications, and delivery updates, and processing returns or refunds under our Happiness Guarantee.

Account Management. Creating and maintaining your account, authenticating your identity (including two-factor authentication), and managing password resets and email changes.

Marketplace and Creator Program. Evaluating artist and creator applications, processing monthly PayPal payouts for earned commissions, displaying your artwork on the Site, attributing referral sales to creators, and communicating program updates.

Improving Our Services. Validating shipping addresses via Google Maps, optimizing search results using AI-generated embeddings (via OpenAI and Cohere), reproducing and resolving bugs using submitted feedback reports, and improving site functionality and user experience.

Communications. Sending transactional emails (order confirmations, shipping updates, password resets) via Amazon SES, and sending marketing newsletters if you have opted in. You may unsubscribe from marketing emails at any time.

Security and Fraud Prevention. Monitoring login attempts, rate limiting to prevent abuse, and maintaining an email suppression list for bounced or complained addresses.

Advertising and Analytics. Measuring the effectiveness of advertising campaigns through Meta Pixel and Meta Conversions API. See Section 3 for full details.

Legal Compliance. Retaining order records as required for tax, accounting, and legal purposes.

Automated Decision-Making. We use automated systems in limited contexts: artwork uploaded to the marketplace may be processed through automated content moderation before human review, artist tier assignments are calculated automatically based on rolling 90-day sales data, and our fraud detection systems may automatically flag or decline transactions that match suspicious patterns. In all cases, you may contact support@justpix.com to request a manual review of any automated decision that affects you.

3. Third-Party Services and Data Sharing

We share personal information with the following categories of third-party service providers, solely to the extent necessary for the purposes described below. We do not sell your personal information.

3.1 Payment Processing — Stripe

Stripe processes all payment card transactions on our behalf. Your card number, expiration date, and security code are collected directly by Stripe and are never stored on our servers. Stripe is PCI DSS compliant. For more information, see Stripe's Privacy Policy.

3.2 Shipping — FedEx

To fulfill your order, we share your recipient name, email address, phone number, full shipping address, and package details (weight and dimensions) with FedEx. For international orders, we also share customs declaration information. See FedEx's Privacy Policy.

3.3 Advertising — Meta (Facebook)

We use Meta's advertising tools to measure and optimize our ad campaigns:

  • Meta Pixel (client-side): Tracks page views on every page of our Site.
  • Meta Conversions API (server-side): Sends the following events to Meta: ViewContent, Search, AddToCart, InitiateCheckout, AddPaymentInfo, Purchase, and CompleteRegistration.

Data shared with Meta includes: your email address (SHA-256 hashed), phone number (SHA-256 hashed), IP address, and user agent string. Meta uses this data for ad targeting, measurement, and optimization.

You can opt out of Meta's targeted advertising by adjusting your settings at Facebook Ad Preferences or by using the opt-out mechanisms described in Section 7.

3.4 Cloud Infrastructure — Amazon Web Services (AWS)

Our Site and Services are hosted using AWS infrastructure located in the United States (us-east-1 region). Specifically:

  • Amazon S3 stores all user-uploaded images.
  • AWS Lambda processes image transformations (resizing, format conversion).
  • Amazon CloudFront delivers images via a content delivery network using time-limited signed URLs.
  • Amazon SES sends all transactional emails on our behalf.

3.5 Database Hosting — MongoDB Atlas

All application data, including account information, order records, and marketplace data, is stored on MongoDB Atlas, a cloud-hosted database service.

3.6 Address Validation — Google Maps

When you enter a shipping address, we send it to Google Maps for validation and to calculate shipping distances and zones. See Google's Privacy Policy.

3.7 Geolocation — ipinfo.io and ipapi

Your IP address is sent to these third-party services to determine your approximate geographic location for currency detection and shipping zone determination.

3.8 AI Services — OpenAI and Cohere

Artwork descriptions and metadata may be processed by OpenAI (for generating search embeddings) and Cohere (for AI/LLM capabilities) to improve search relevance. No personally identifiable information is intentionally sent to these services.

3.9 Payout Processing — PayPal

For marketplace artists and creators, we share your PayPal email address with PayPal to process monthly earnings payouts.

3.10 Internal Notifications — Slack

We use Slack for internal business notifications and alerts. No customer personal information is intentionally transmitted through Slack.

4. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by law.

Data Category Retention Period Reason
Order records Indefinite Tax, accounting, and legal compliance
Gift card records Indefinite Active financial instruments
User accounts (deleted) Soft-deleted (marked as deleted; email freed for reuse) Account recovery; legal obligations
Login attempt logs 30 days Security monitoring (auto-deleted)
Tracking data (IP, user agent) 90 days Analytics and security (auto-deleted)
Referral click data 90 days Creator attribution (auto-deleted)
Stripe webhook events 7 days Payment reconciliation (auto-deleted)
Authentication tokens Until expiry (typically 24 hours) Account security (auto-deleted)
Email send logs Indefinite Delivery monitoring and troubleshooting
Email suppression list Indefinite Bounce and complaint management
Artist earnings records Indefinite Financial reporting and tax compliance
Artwork and uploaded files Until deleted by the user Marketplace display and order fulfillment
Newsletter subscriptions Until you unsubscribe Marketing communications
Two-factor authentication records Indefinite (soft-deleted if removed) Security audit trail

5. Data Security

We implement reasonable technical and organizational measures to protect your personal information, including:

  • Passwords are cryptographically hashed and never stored in plain text.
  • Two-factor authentication (2FA) secrets are encrypted using AES-256-GCM. Backup codes are separately hashed.
  • Payment data is handled exclusively by Stripe (PCI DSS Level 1 compliant) and never stored on our servers.
  • OAuth tokens from third-party login providers are excluded from default database queries.
  • Rate limiting is applied on both a per-IP and per-user basis to prevent brute-force attacks.
  • Signed URLs with time-limited expiration are used for image delivery through CloudFront.
  • Claim tokens provide secure, tokenized access for guest order lookups.

While we strive to use commercially acceptable means to protect your personal information, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Your Privacy Rights

6.1 Rights Under Canadian Privacy Law (PIPEDA and Provincial Laws)

If you are a Canadian resident, you have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete personal information.
  • Withdraw consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions.
  • Request data portability — receive your personal information in a structured, machine-readable format (CSV or JSON).
  • File a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.

Accountability. The person responsible for JustPix's privacy compliance is our Privacy Officer, who may be reached at support@justpix.com. The Privacy Officer is accountable for ensuring that our practices comply with PIPEDA and applicable provincial privacy legislation.

6.2 Rights Under California Law (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose about you.
  • Delete your personal information, subject to certain exceptions. We may retain personal information where necessary to complete a transaction you requested, for tax, accounting, or legal record-keeping obligations (including order records required to be retained for at least 7 years), to maintain our email suppression list to honour your opt-out requests, to detect, prevent, or investigate security incidents or fraud, and to exercise or defend legal claims.
  • Correct inaccurate personal information.
  • Opt out of the sale or sharing of personal information. We do not sell personal information. However, our use of Meta Pixel and Conversions API may constitute "sharing" of personal information for cross-context behavioral advertising under the CPRA. You may opt out by enabling the Global Privacy Control (GPC) signal in your browser (which we honour as a valid opt-out), by contacting us at support@justpix.com, or by using the mechanisms described in Section 7.
  • Request data portability — receive your personal information in a structured, machine-readable format.
  • Non-discrimination. We will not discriminate against you for exercising any of these rights.

Verification. To protect your privacy, we will verify your identity before processing access, deletion, or correction requests. You may be asked to confirm your email address and provide information that matches our records.

Response Timeline. We will acknowledge your request within 10 business days and provide a substantive response within 45 calendar days, extendable by an additional 45 days with notice.

6.3 How to Exercise Your Rights

To make a privacy request, contact us at:

Email: support@justpix.com Mail: The Marketing Department Inc. o/a JustPix®, 2967 Dundas St. W. #604D, Toronto, ON M6P 1Z2, Canada

You may also manage certain preferences directly through your account:

  • Update or delete your account information in your account settings.
  • Unsubscribe from marketing emails using the link in any newsletter.
  • Remove your artwork from the marketplace through your artist dashboard.

7. Your Choices and Opt-Out Options

Marketing Emails. You may unsubscribe from marketing emails at any time by clicking the "unsubscribe" link at the bottom of any marketing email. Transactional emails (order confirmations, shipping updates, security alerts) are not affected by unsubscribing.

Meta Tracking. You can limit Meta's use of your data for ad targeting by visiting Facebook Ad Preferences, enabling the Global Privacy Control signal in your browser, or contacting us to opt out of data sharing with Meta.

Cookies. You can configure your browser to refuse cookies or alert you when cookies are being sent. Note that disabling cookies may affect the functionality of the Site, including your ability to remain logged in.

Do Not Track. Some browsers transmit "Do Not Track" signals. We currently do not respond to Do Not Track signals, but we honour the Global Privacy Control (GPC) signal as a valid opt-out of sharing under the CPRA.

8. Cross-Border Data Transfers

JustPix is based in Ontario, Canada. Our infrastructure, including our servers, databases, and cloud services, is primarily hosted in the United States (AWS us-east-1 region).

If you are located in Canada, your personal information may be transferred to and processed in the United States by our service providers (including AWS, Stripe, Meta, Google, OpenAI, Cohere, and PayPal). These transfers are necessary to provide the Services and fulfill your orders.

By using our Services, you consent to the transfer of your personal information to the United States, where data protection laws may differ from those in your jurisdiction. We take reasonable steps to ensure that your personal information is treated securely and in accordance with this Privacy Policy, including relying on our service providers' data processing agreements, security certifications (such as SOC 2 and ISO 27001 where applicable), and contractual commitments to protect personal information.

9. Children's Privacy

Our Services are intended for individuals who are at least 18 years of age. We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have collected personal information from a person under 18, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@justpix.com. We will delete the account and associated personal information within 30 days of verification.

10. Canada's Anti-Spam Legislation (CASL)

We comply with Canada's Anti-Spam Legislation (CASL). We will only send you commercial electronic messages (such as marketing newsletters) if you have provided express or implied consent. Every commercial electronic message we send includes our contact information, a clear identification of the sender, and a functioning unsubscribe mechanism. We process unsubscribe requests within 10 business days as required by CASL.

11. Third-Party Links

The Site may contain links to third-party websites or services that are not operated by us (for example, links to artist social media profiles). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policy of any third-party site you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email or through a notice on the Site.

Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

The Marketing Department Inc. o/a JustPix® Email: support@justpix.com Mailing Address: 2967 Dundas St. W. #604D, Toronto, ON M6P 1Z2, Canada

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.