pixiro logo pixiro

Studio Policy

Our commitment to your data is rooted in transparency.

We designed this privacy policy not as a legal shield, but as a clear map of how we handle your information. It’s built on a simple premise: you own your data, and we’re its temporary steward.

Cookie Policy Terms of Service
Data flow blueprint
POLICY

Principle 1

We collect only what’s necessary to deliver and improve our services. No excess.

Principle 2

Your data never leaves our trusted systems for marketing or third-party sale.

Principle 3

You can request access or deletion at any time, with a guaranteed 48-hour response.

How We Handle Your Information

Think of our data flow like a studio workshop: tools are brought out for a specific task, cleaned, and put back. We don’t leave materials lying around.

Information We Collect

We process two primary categories of data, each with a distinct purpose and retention period.

  • Technical Data: IP address, browser type, and session cookies. Used exclusively for site security and performance optimization. This data is anonymized within 72 hours and logs are automatically purged after 30 days.
  • Communication Data: Name, email, project details submitted via forms or email. Stored securely on encrypted servers in Bogotá, Colombia. Used to provide estimates, deliver work, and manage client relationships.
"We built our project management tools to protect client confidentiality. If we don't need it to solve your problem, we don't request it."

Our Processing Legal Basis

Every data action aligns with a specific legal foundation under GDPR and Colombian Law 1581 of 2012:

Contractual Necessity

When you engage our services, we process contact and project data to fulfill our contractual obligations.

Legitimate Interest

Analyzing anonymized site traffic to improve user experience and site performance.

Consent

For newsletter subscriptions or non-essential cookies. We never bundle consent with service delivery.

Legal Obligation

For record-keeping related to invoicing and tax compliance, as required by law.

Your Rights & Controls

You have specific, actionable rights regarding your personal data. We've built our systems to honor them transparently.

Access & Portability

Request a complete copy of your data in a structured, machine-readable format (JSON/CSV).

Correction

Update incomplete or inaccurate data through your client portal or direct request.

Deletion

"Right to be forgotten" – we delete your data upon request, except where legal retention applies.

Object & Restrict

Pause or restrict how we process your data for specific purposes (e.g., analytics).

Method Note

We evaluate our privacy practices against a three-factor framework:

  • Risk: Annual third-party security audit focusing on data leak scenarios.
  • Robustness: Automated data backup with end-to-end encryption. Server redundancy in two Bogotá data centers.
  • Limits: We cannot guarantee security for data you voluntarily publish publicly (e.g., comments on a blog).

What Would Change Our View

A new data transfer framework with international partners, or a significant legislative change in Colombian data protection law.

Data Sharing & Security

We act as a data controller, not a data marketplace.

Limited Sharing

  • Email hosting (for client communication)
  • Cloud storage (for project files)
  • Payment processing (for invoices)
  • Never for advertising or profiling

All partners are vetted for GDPR compliance and contractual data protection clauses.

Security Measures

  • TLS 1.3 encryption in transit
  • AES-256 at-rest encryption
  • Role-based access controls
  • Annual penetration testing

We employ a defense-in-depth strategy, layering technical and administrative controls.

Assumptions & Constraints

Assumption

Users provide accurate information when filling out forms.

Constraint

We cannot guarantee 100% uptime or security against state-sponsored actors.

View Shift

If a client requires data residency outside Colombia, we establish a dedicated, compliant infrastructure.

Have Questions About Your Data?

Our designated Data Protection Officer reviews all requests regarding privacy, access, and deletion.

Email Our DPO Or visit our Contact page

We respond to all legitimate privacy inquiries within 48 hours, in accordance with Colombian data protection law.