Last updated April 1st, 2025

Privacy and Security

Your privacy is important to us. We respect your privacy regarding the personal data we may process and collect.

PixieBrix Privacy and Security Policy

This privacy and security policy ("Privacy and Security Policy") explains how PixieBrix, Inc. ("PixieBrix" or "We") collects and processes personal data from users of the website and software applications (collectively "Services"). PixieBrix's Services include the:
  • Web browser extension (the "Extension")
  • Web application located at app.pixiebrix.com (the "Web Application")
  • Documentation located at docs.pixiebrix.com (the "Documentation")
  • Website located at www.pixiebrix.com (the "Website")

What data we transmit and store

This section enumerates what data we transmit and store. The Third-party service providers section details which third-party service providers we use to deliver our services.

Name and email address
When you register with the Web Application, we collect your name and email address from the identity provider you use to authenticate. We use this information to 1) send you account-related communication, such as team invitations, onboarding, and billing, and 2) provide customer support.

Additionally, you may opt-in to newsletters and marketing information with your email address. We do not share or sell this information with third parties; you may opt-out at any time.

Account settings
Extension settings are stored locally in the Extension. Web Application settings are stored in the Web Application.

Brick and integration configurations
The Web Application stores the definitions of mods you create so that you can access them on any browser. Additionally, it stores any brick and integration configurations you choose to make public or share with your team.

Error telemetry
The Web Application and Extension report error telemetry with your account email, IP address, operating system, browser version, and sanitized error details. You can disable error telemetry by visiting the Settings screen in the Extension.

Product telemetry
The Web Application and Extension report product usage telemetry/events with your account email, IP address, operating system, browser version, and event details. The event details do not include information about your browsing history. You can disable extension product telemetry by visiting the Settings screen in the Extension Console.

API Gateway calls
If you choose to use the cloud/team integration configuration features, API calls will be transmitted through the Web Application's API Gateway. The API Gateway does not capture or log any data sent or received from those API calls. It does, however, log request metadata such as call frequency for billing and to prevent abuse.

User-Generated Content
If you choose to use mods that make use of a personal/team database, data from the mod is stored by the Web Application.

How we protect your data

We are dedicated to protecting your information and have put in place electronic and procedural safeguards.

Procedures
We use Two Factor Authentication (2FA), password managers, and limit administrative access to PixieBrix Services.

Runtime controls
The PixieBrix framework provides fine-grained control over which website features can run on, and which calls an integration configuration can authenticate.

Encryption
Web Application data is encrypted at rest with AES-256, block-level encryption. All internal traffic, as well as between the Extension and Web Application is encrypted during transit with TLS/SSL.

Web application protection
The Web Application is protected by a Web Application Firewall (WAF) and Application Security Monitoring (ASM).

Vulnerability scanning
We automatically monitor PixieBrix’s software dependencies for security disclosures. Additionally, we run static analysis tools as part of our development and continuous integration processes.

Third-party review
PixieBrix performs a 3rd party penetration test at least annually. PixieBrix completes the Google Cloud Application Security Assessment (CASA) annually. Each version of the Extension published in the Chrome Web Store is reviewed by Google prior to distribution. See Chrome Developers: Frequently Asked Questions for more information on their review process.

Extension permissions

When you install the Extension, you will be prompted to accept the required permissions. We try to minimize the set of permissions the Extension requests, subject to browser technical limitations.

The use of browser permissions are reviewed by the Google Chrome Web Store team prior to distribution.

Required permissions

Permission
Reason
storage
The Extension stores account settings and configuration locally
tabs
The Extension uses the tabs API in conjunction with the Web Navigation API for three purposes:

1. Load the content script into pages

2. Notify the content script on Single Page Applications (SPAs) of navigation events

3. For multi-tab workflows, track relationship between parent/child tabs

By default, the Extension does not record/modify any information about tabs or their URLs.
activeTab
The activeTab permission allows you to temporarily grant access to a tab in order to develop a new brick using the developer panel tools.
webNavigation
The Extension uses the Web Navigation API to detect page navigation events on Single Page Applications (SPAs).

By default,the Extension does not automatically store the navigation event data.
contextMenus
The Extension does not add any context menus by default. However, it supports creating new context menu items.
https://*.pixiebrix.com/*
The Extension communicates with the Web Application to sync the service token and provide a seamless mod activation experience from the Marketplace.
<all_urls>
Allows PixieBrix to display the floating action button, action menu, and to activate mods on any page.
identity
Enables OAuth2 authentication flows with integrations.


Optional permissions

Permission
Reason
clipboardWrite
Improved support for mods that copy information to your clipboard.

Third-party service providers

The following table enumerates the third-party service providers we use to provide our services:
Service
Purpose
Data Processed / Stored
Web Application Hosting
Web Application data, network requests
Web Application Hosting
Static content, user-generated content/media
Cloudflare
Content delivery network (CDN)
Network requests
Super Publishing Co.
Documentation and career page hosting
Network requests
Datadog
Performance, Error, and Application Security Monitoring
Email address, IP address, request metadata, error telemetry
Sumo Logic
Cloud Log Management
IP address, request/response metadata (e.g., response status code)
Twilio
Sendgrid
System and account management emails
System and account management emails
Google
Authentication, browser extension distribution, font/media asset hosting
Authentication, web store reviews
Mixpanel
Product analytics, license monitoring
Email address, product telemetry
Microsoft
Authentication
Authentication


Other Service Providers

PixieBrix may use the following subprocessors to perform other Service functions:
Service
Purpose
Data Processed / Stored
Atlassian Statuspage
Service status page
Contact email for alerts
Stripe
Payment processing
Account identifier, payment information
Zoom
End-to-end encrypted customer support calls
Information you provide to Zoom
Thinkific
Certification learning management system
Information you provide, certification responses
Hubspot
Account onboarding, marketing, support, and billing communication
Email address, account communication
Hotjar
Website analytics
Website analytics
GitHub
Source code hosting, continuous integration
Information you provide via Issues
Slack
Community chat
Information you provide to Slack

Third-party integration privacy

The use of Third-Party Integrations with PixieBrix is optional. PixieBrix only transmits to Third-Party Integration Providers if you configure that provider for use with a mod you activate. The data transmitted, stored, and shared is limited to the data required for mod operation.

Sign in with Google

When you use Sign in with Google to authenticate with PixieBrix, Google provides your name, email address, and profile picture. PixieBrix uses this information to authenticate you. We do not share or sell this information to other third-party tools (such as AI models).

The use of Sign in with Google is optional. To opt out of using Sign in with Google, use Sign in Microsoft or enter your email to receive a registration/login link.

Google Cloud APIs

When you use a Google Cloud API integration, e.g., the Google Translation API, PixieBrix transmits the request to Google. We do not share or sell the information you provide to other third-party tools (such as AI models).

PixieBrix’s use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

The use of Google Cloud APIs is optional. To opt out of transmitting data to Google Cloud, do not create or use a mod that utilizes a Google Cloud API.

Google Drive

When you use the Google Drive integration, PixieBrix transmits data to/from Google Drive to display available files and/or perform file operations for the mods you activate. We do not share or sell the information transmitted you provide to third-party tools (such as AI models).

PixieBrix’s use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

The use of Google Drive is optional. To opt out of transmitting data to/from Google Drive, do not configure the Google Drive integration.

Microsoft: Sign in with Microsoft, Microsoft APIs

PixieBrix only shares information with Microsoft if you use Sign in with Microsoft, or configure Microsoft for use with a mod you activate. Data shared with Microsoft is limited to data required for authentication and/or mod operation.

PixieBrix’s use and transfer of information received from Microsoft APIs to any other app will adhere to Microsoft APIs Terms of Use.

OpenAI/ChatGPT

PixieBrix’s use of the OpenAI APIs is subject to their API Data Privacy Policy. Data and metadata transmitted to the OpenAI APIs are not used for training.

Artificial Intelligence (AI) policy

By default, PixieBrix does not transmit or share your browsing data or API calls with AI models. You may opt in to using AI by activating or creating a mod that calls an AI model provider.

Cookie policy

PixieBrix uses cookies for several reasons, including essential functionality, e.g., authentication, and marketing purposes. For more information, and to learn how to opt out, please refer to our Cookie Policy.‍

Responsible disclosure

If you believe you have discovered a vulnerability in one of our products, please email us at [email protected]. We will respond within 3 business days to create a remediation plan.

The following systems and services are in scope:


Any other systems and services, e.g., our third-party service providers, are excluded from scope and not authorized for testing. Please refer to their policies, and report any vulnerabilities directly to them.

Additionally, the following activities and test methods and not authorized:

  • Revealing the vulnerability to others before it has been resolved
  • Taking advantage of the vulnerability, e.g., by downloading or deleting other user's data beyond what is necessary to demonstrate the vulnerability
  • Network denial of service (DoS or DDoS) tests or other tests that impair access to or damage a system or data
  • Physical testing (e.g. office access), social engineering (e.g. phishing), or any other non-technical vulnerability testing

We do not currently offer monetary compensation for reporting vulnerabilities, but will recognize you in the public vulnerability disclosure (unless you desire otherwise).

Minors

We created PixieBrix for the exclusive use of adults (18 and older). We don’t knowingly collect or solicit personal information from children. If you are a child under 18, please do not attempt to register for PixieBrix’s products or send any personal information to us.

Changes to this policy

We will continue to update our policies and practices as needed. We will notify you of any changes to our Privacy and Security Policy by posting any changes here. If we do, you’ll see that the date at the top of this Privacy and Security Policy has changed.

How to contact us

If you have any questions about our privacy policies and practice, please contact us at [email protected].
2025 PixieBrix, Inc.
Developers
Personal customization
Documentation
Mod Template Gallery
Business
Enhancing automation
Security
Intelligent automation
Product
Web app customization
How it works
Integrations
Customization uses
Use Cases
AI Detector
AI Image Generator
AI Writing
Announcements
ChatGPT Sidebar
Checklists
Decision Trees
Embed RPA
Enterprise AI Search
Image to Text
Process Intervention
Smart Bookmarks
Snippet Manager
Translation
Resources
Become a Partner
Marketplace
Quick start guide
Blog
Guides
About
Join Us
Contact
Media
Terms
Privacy
Cookie Policy
Glossary