Privacy Policy - PiiBlur
PiiBlur

Privacy Policy

Last updated: March 16, 2026

1. Introduction

PiiBlur is operated by PiiBlur, an unregistered company based in England. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. It applies to all users of the PiiBlur website and service.

2. Data We Collect

Account data

When you create an account, we collect your name, email address, and a hashed version of your password. If you enable two-factor authentication, we store encrypted secrets and recovery codes.

Billing data

We store your team name, Stripe customer ID, and the type and last four digits of your payment method. Full payment card details are handled entirely by Stripe and never touch our servers.

Media data

We process the files you upload and store metadata including original filename, file size, detected PII categories, the obfuscation method used, and processing status. Original files are deleted according to your team's retention setting (see Data Retention below).

Usage data

We track processing counts — images processed and video minutes processed — per billing period.

Technical data

We automatically collect your IP address, browser user agent, and session data when you use the service.

3. How We Use Your Data

  • To provide and operate the service
  • To process payments and manage subscriptions
  • To communicate account-related information
  • To monitor usage against your plan limits
  • To improve the service

We do not use your data for marketing purposes or sell it to third parties.

4. Analytics & Cookies

We use Google Analytics and Firebase to understand how users interact with our site. These services use cookies. Our application also sets a session cookie required for the service to function. We do not use advertising cookies.

Cookie Preferences

Current setting: Not set

5. Sub-processors

Your data may be processed by the following third-party services:

  • Stripe — payment processing (USA)
  • Cloudflare R2 — file storage (distributed)
  • Modal.com — AI processing (USA)
  • Google Analytics / Firebase — analytics (USA)

6. Data Retention

  • Original uploads are deleted according to your team's chosen retention setting. Options include: delete immediately after processing, 24 hours after processing, 7 days after processing, 30 days after processing, or never. This can be configured in your dashboard settings. The default is to delete immediately after processing.
  • Processed outputs are retained until you delete them or close your account
  • Account data is retained while your account is active and deleted upon closure
  • Usage records are retained for billing and audit purposes
  • Sessions expire automatically

7. Your Rights (UK GDPR)

Under UK GDPR, you have the right to access, correct, delete, or export your personal data. To exercise any of these rights, contact us at [email protected].

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect, use, and disclose
  • Right to request deletion of your personal information
  • Right to opt out of the sale of personal information — we do not sell personal information
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at [email protected]. We will respond within 45 days as required by law.

9. Security

We take reasonable measures to protect your data. Passwords are hashed, two-factor authentication secrets are encrypted, and API keys are stored as hashes only. Payment data is handled by PCI-compliant Stripe. All traffic is served over HTTPS.

10. Children

PiiBlur is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email. Continued use of the service after changes take effect constitutes acceptance of the revised policy.

Contact

If you have questions about this policy or want to exercise your data rights, contact us at [email protected].