// Trust & Security Report
Pixlr Pte. Ltd. (part of Inmagine Group)
Browser-based AI photo/video/audio editing suite: Pixlr Editor (layer-based editor), Pixlr Express (quick edits/filters), Pixlr Agent (AI instruct editor), plus AI Image Generator, AI Video Generator, AI Audio Generator, AI Face Swap, and Background Remover. Free consumer tier plus paid "Pixlr Suite" subscription from $1.99/month; no dedicated enterprise/API tier found.
Certifications held
1
Maturity
Growth
Trains on your data
Yes
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on pixlr.com“"Our Children's Privacy Policy is in accordance with ... the European Union's General Data Protection Regulation ('GDPR')" and the policy cites Article 6 legal bases; EU representative listed as "RIVACY GmbH, at: info@rivacy.eu ... Mexikoring 33, 22297 Hamburg, Germany"; a named Data Protection Officer is reachable at dpo@pixlr.com.”
> Show 7 unconfirmed / not-held certifications
source: pixlr.comno public evidence. Not referenced on pixlr.com (privacy policy, terms of use, cookie policy, license agreement, or about page). A third-party vendor-risk aggregator (Nudge Security) displays a 'SOC 2 Compliant' badge with no linked source document or vendor confirmation; this is not vendor-domain proof and is treated as unverified/likely templated.
source: pixlr.comno public evidence. Not mentioned anywhere on pixlr.com. Same third-party aggregator badge issue as SOC 2 above; no vendor-domain corroboration found.
source: pixlr.comno public evidence. Pixlr is a consumer creative tool with no BAA offering or healthcare-specific data handling described anywhere on pixlr.com. Third-party aggregator lists a 'HIPAA Compliant' badge with no source; not corroborated by the vendor and not credible given the product's consumer-facing, ad-supported nature.
source: pixlr.comno public evidence of a PCI DSS attestation. The privacy policy states 'We do not store credit card details,' implying payments are handled by a third-party processor, but no PCI DSS certification is claimed or documented on pixlr.com.
source: pixlr.comno public evidence. Not applicable/relevant to a consumer web tool; no mention on pixlr.com. Only appears as an unsourced badge on a third-party aggregator page.
source: pixlr.comno public evidence. Not mentioned on pixlr.com; only appears as an unsourced badge on a third-party aggregator page.
source: pixlr.comno public evidence of an AI governance certification. Not referenced anywhere on pixlr.com.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Not offered
Data region
Not specified. No data-residency or storage-region commitment found on pixlr.com; company is a Singapore entity with an EU GDPR representative in Hamburg, Germany.
The License and Services Agreement grants Pixlr a 'non-exclusive, sublicensable, worldwide, perpetual, royalty-free and irrevocable right to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense and distribute the AI Input You have provided and the AI Output produced,' with no opt-out mechanism described for AI Services. Separately, the Privacy Policy makes one narrow carve-out: 'We hereby confirm that we will not use any data obtained through the Google Workspace APIs for the purpose of developing, improving, or training generalized artificial intelligence (AI) or machine learning (ML) models' -- this exclusion applies only to Google Workspace API-sourced data, not to images/prompts users upload directly to Pixlr's own tools. Net: broad rights to reuse user content exist and a specific 'no AI training' promise is not made for general product usage. No paid-tier vs free-tier AI-training distinction is documented.
// Security controls
Encryption in transit
Not documented on pixlr.com. No TLS/encryption commitment found in privacy policy, terms, or cookie policy.
pixlr.comPayment card data handling
"We do not store credit card details" -- implies use of a third-party PCI-scoped payment processor, but no PCI DSS attestation is cited.
pixlr.comData retention / deletion
"If you choose to close the account or if your account is closed, We will delete your Personal Data and information within thirty (30) days," except records required for legal/transactional obligations.
pixlr.comGeneral security commitment
"We will take reasonable steps to protect or secure this data" -- generic best-effort language, no specifics on controls, audits, or incident response.
pixlr.comFacial/biometric data
"Notwithstanding this, facial geometry will not be shared to any third parties" (relevant to the AI Face Swap feature).
pixlr.com// Products & data scope
data: User-uploaded images processed client/server-side; subject to broad content-license grant in ToS/License Agreement.
Free tier available; part of same account/data model as other Pixlr products.
data: Same as Pixlr Editor.
Consumer-oriented, no separate compliance posture found.
data: Prompts and images sent to third-party AI model providers (Flux, Kling, Recraft, Google Veo, Qwen, Stable Diffusion, Seedance, Seedream, Grok Imagine, PixVerse, LTX Video, Vidu, ImagineArt, Wan AI, ElevenLabs, ACE-Step, MiniMax) named on the homepage.
No subprocessor list, DPAs, or per-model-provider security posture disclosed on pixlr.com; users effectively share content with multiple third-party AI vendors.
data: Processes facial geometry data.
Only feature with an explicit no-third-party-sharing commitment for a specific data type (facial geometry).
data: Same data model as free tier; adds ad-free editing, more AI credits, priority queue, private mode, template library.
"Private mode" is marketed but not defined in privacy policy/terms with respect to data retention or AI training; treat as unverified marketing claim, not a documented data-handling guarantee.
// What to watch
- OVER-CLAIM RISK (third party, not vendor): a third-party vendor-risk aggregator (Nudge Security / security-profiles.nudgesecurity.com) displays badges claiming Pixlr is 'SOC 2 Compliant, ISO 27001 Compliant, HIPAA Compliant, PCI Compliant, GDPR Compliant, FedRamp Compliant, and CSA Star Level 1 Compliant' with no linked evidence, no source documents, and non-functional 'Security Page'/'Security Portal'/'Bug Bounty' links -- consistent with generic/templated placeholder badges rather than verified facts. None of these certs are corroborated anywhere on pixlr.com. Do NOT surface these claims on AIFOXX; they were not used to grade any cert held=true.
- AI-training posture is ambiguous and leans unfavorable: the License and Services Agreement grants Pixlr broad, perpetual, irrevocable rights to reuse AI inputs/outputs with no opt-out, while the Privacy Policy's only 'no AI training' promise is narrowly scoped to Google Workspace API data -- these two documents could read as contradictory to an average user and should be flagged in the listing.
- 'Private mode' (paid tier marketing term) is not defined anywhere in the privacy policy or terms with respect to actual data handling -- treat as unverified marketing language.
- No data-residency or storage-region commitment disclosed despite processing images/facial data of users worldwide.
- Multiple third-party AI model providers (Flux, Kling, Veo, ElevenLabs, etc.) are named as processing user content, but no subprocessor list or DPA chain is documented.
// At a glance
Pricing model
Freemium consumer SaaS; paid Pixlr Suite subscription starts at $1.99/month; free for education.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Pixlr Pte. Ltd. (part of Inmagine Group)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
pixlr.com