// Trust & Security Report
Pixlr Pte. Ltd. (Designs.ai by Pixlr)
Designs.ai all-in-one AI content creation platform (branding/logo, image, video, chat/copy, slides, audio) under the Pixlr Group
Certifications held
4
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on designs.ai“No mention of SOC 2 on the vendor's home, security, privacy, or terms pages. Security page is a vulnerability disclosure policy only.”
Verify on designs.ai“Privacy Policy demonstrates an active GDPR-compliance posture: it maps every processing purpose to a GDPR legal basis (e.g. 'Art. 6(1)(b) of the GDPR'), names an EU representative RIVACY GmbH (Mexikoring 33, 22297 Hamburg, Germany) and a UK representative RIVACY Ltd. (West Sussex), provides a designated Data Protection Officer at dpo@pixlr.com, enumerates full data-subject rights (access, rectification, erasure, restriction, objection, portability, complaint to a supervisory authority), and applies standard contractual clauses / binding corporate rules to EEA transfers. This reflects a demonstrable GDPR alignment, not an independently audited certification, so it is recorded as regulatory alignment rather than a SOC 2 / ISO-style attestation.”
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not stated
Data region
Data controller is Pixlr Pte. Ltd., Singapore (36 Robinson Road, City House). Privacy policy states Personal Data 'may be transferred outside the European Economic Area (EEA)' with safeguards 'including binding corporate rules or standard data protection clauses adopted by the European Commission'. No fixed/single data residency guarantee offered.
No explicit statement that user content trains AI models. Terms clause 7 states content 'may be retained by us for a reasonable period of time for the purposes of: (i) improving or enhancing the Website and Services... (ii) analysing and measuring the effectiveness of the Website and Services', which is ambiguous and could imply service/model improvement but does not clearly say models are trained on user inputs. Biometric data is explicitly protected: 'We do not store, collect or use your facial features for any other purposes' and 'facial geometry will not be shared to any third parties.' No dedicated AI/data-use or DPA page was found.
// Security controls
Vulnerability disclosure policy
Self-managed, email-based (not HackerOne/Bugcrowd). 'please immediately send it to us by emailing Sylvester@designs.ai.' Accepts reports with CVSS 4.0 severity >= 6; in scope '*.designs.ai'; 90-day confidentiality window. No paid bug-bounty platform.
designs.aiPenetration testing
Referenced only as an example security measure in the privacy policy, not as a documented/attested program: 'appropriate securities measures (such as firewalls, penetration testing and etc)'. No pentest report, cadence, or third-party named.
designs.aiEncryption
Limited. Privacy policy mentions an 'encrypted password' at registration and 'reasonable steps to protect or secure this data'. No explicit statement of encryption in transit (TLS) or at rest for stored content.
designs.aiData deletion / retention
Account data deleted within 30 days of account closure: 'we will delete your Personal Data and information within thirty (30) days', subject to legal-retention exceptions. Account deletion requires written notice to info@designs.ai.
designs.aiEnterprise-readiness claim (unverified)
Marketing claims 'Secure and Enterprise-Ready... secure infrastructure and governance controls that protect your data and assets', but no trust center, certifications, or audit evidence backs this claim.
designs.ai// Products & data scope
data: Account profile (name, email, country, encrypted password), optional billing/company details, browsing/usage data, user-uploaded content and prompts. Optional biometric/facial-geometry data when users upload images, used solely to produce AI output and not stored or shared.
Multi-LLM platform that routes to multiple third-party language and creative models ('We bring leading language and creative models into Designs.ai'). User content may pass to third-party model/IT providers; review subprocessor exposure for sensitive inputs.
data: Personal Data may be shared with 'other Pixlr Pte. Ltd. companies within the European Economic Area (EEA)' for internal administrative/accounting purposes.
Designs.ai is operated by Pixlr Pte. Ltd. ('Designs.ai by Pixlr'); security/disclosure policy is branded 'PIXLR GROUP'. Data governance is shared across the Pixlr corporate group.
// What to watch
- No enterprise security certifications (SOC 2 / ISO 27001 / HIPAA) on any vendor-owned page.
- No trust center or security/compliance documentation portal.
- Marketing claims 'Secure and Enterprise-Ready' and 'governance controls' with zero supporting evidence (no certs, no audits, no trust center) — procurement should challenge this.
- Bug bounty is email-only (Sylvester@designs.ai), not a managed HackerOne/Bugcrowd program.
- No public DPA found; AI-training-on-user-content stance is ambiguous (Terms allow retention to 'improve or enhance the Service').
- Encryption in transit/at rest not explicitly stated for stored user content.
- Multi-LLM architecture routes user prompts/content to multiple third-party models — subprocessor data-handling is not enumerated.
// At a glance
Pricing model
Subscription (monthly/yearly, auto-renewing) with monthly usage Credits that expire and do not roll over; separately Purchased Credits valid 1 year; all fees in USD. No free-forever enterprise tier documented.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Pixlr Pte. Ltd. (Designs.ai by Pixlr)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
designs.ai