Privacy Policy
Last updated: May 18, 2026
The AffPixel service ("Service") is operated by Cao Cu Quoc Cuong ("we"), which is the data controller for the personal data described in this policy.
1. Data we collect
- Account information: email, encrypted password, display name.
- Postback data received from affiliate networks: order ID, conversion value, sub_id, click ID (fbclid, gclid, ttclid).
- Payment information processed by a third-party partner (Paddle). We do not store card numbers.
- Technical logs: IP address, user-agent, access time for security and anti-abuse purposes.
2. Purposes & legal basis
- Provide and operate the Service, forward conversions according to your configuration — basis: contract performance.
- Send transactional emails (invoices, technical alerts, plan changes) — basis: contract performance.
- Security, fraud detection, technical logging — basis: legitimate interests.
- Compliance with legal obligations (accounting, tax, requests from authorities) — basis: legal obligation.
- Email marketing (if any) — basis: consent, you can withdraw at any time.
3. Data sharing
We do not sell personal data. Data is only shared with:
- Infrastructure providers (hosting, database) under data processing and security agreements.
- Paddle.com Market Limited — our Merchant of Record, processing payments, managing subscriptions, invoices, and tax compliance.
- Advertising platforms (Google, Meta, TikTok) according to your set configuration.
- Professional advisors (legal, accounting) when necessary.
- Law enforcement agencies when legally required.
4. Data retention
- Account data: stored for the duration of the account's activity and 30 days after account closure, then deleted or anonymized.
- Postback / conversion data: stored for a maximum of 13 months for reporting and reconciliation.
- Technical and security logs: stored for a maximum of 90 days
- Invoices and payment documents: stored according to legal accounting requirements (minimum 10 years).
5. Cookies
We use technical cookies (session, login) and localStorage to store settings (language, timezone). We do not use third-party advertising cookies.
6. Your rights
Depending on the applicable law, you have the right to: access, correct, delete, restrict processing, data portability, object to processing, withdraw consent, and lodge a complaint with a competent data supervisory authority. To exercise these rights, please contact us through the Contact page. We respond within 30 days.
7. Security
Data is transmitted over HTTPS, passwords are hashed, and tokens are stored encrypted. Database access is restricted by Row-Level Security and role-based access control.
8. Policy changes
Any changes will be posted on this page. Continued use of the Service after the policy changes signifies your acceptance of the new policy.