Privacy Policy for PixelDiary

Data controller

The data controller is the creator of PixelDiary. For privacy-related inquiries, contact: privacy@pixeldiary.app.

Data we process

• Account data: user identifier and data provided by the login provider (Google OAuth) via Supabase Auth.
• Content data: categories, values, daily entries, optional notes, and modifiers stored locally and synced to the database.
• Technical data: information needed to keep your session active (login tokens stored locally by Supabase).

Authentication and session

Authentication is handled via Google OAuth (Supabase Auth). The user session is stored locally to enable automatic sign-in after restarting the app.

Local storage

The app stores data on the device (localStorage on web and WebView storage on mobile). This includes entries, categories, onboarding status, and the offline sync queue.

Synchronization and database

Data is synced with the Supabase backend (Postgres). Entry content is encrypted on the server side (pgcrypto). Only synchronization metadata is stored in plaintext (e.g., user identifier, date, update timestamp).

Data sharing

Data is processed by Supabase (database hosting and authentication) and the login provider (Google). We do not share data with advertisers and do not sell personal data.

Data deletion

Users can delete app data or their account from the settings screen. Deleting the account removes data stored in Supabase. Local data is removed when the app storage is cleared or after a data reset.

Account deletion instructions are available at pixeldiary-iota.vercel.app/account-deletion.

Policy updates

If this policy changes, we will update the date at the top of this page.