Data Consent, Collection & Deletion Policy
Effective: 2026-03-10 · v1.0
Data Consent, Collection & Deletion Policy
Document ID: PX-POL-DATA Version: 1.0 Effective Date: 2026-03-10 Organization: PixMuse AI Compliance Framework: ISO 9001:2015, ISO/IEC 27001, ISO/IEC 40500:2012, IT Act 2000 (India)
1. Purpose
This policy defines how PixMuse obtains user consent for data collection, the scope of data collected, and the mechanisms available for users to manage and delete their data.
2. Scope
This policy applies to all PixMuse users and governs the collection, processing, and deletion of personal and platform-generated data.
3. Consent
By creating an account and using PixMuse, users consent to the collection and processing of necessary operational data as outlined in this policy and the Privacy Policy.
Consent Mechanisms
- Account creation — Users consent to essential data collection during registration
- Platform usage — Continued use constitutes ongoing consent for operational data processing
- Optional features — Separate consent is obtained for optional data uses (e.g., marketing communications)
Users may withdraw consent at any time by deleting their account or contacting PixMuse.
4. Data Collection Principles
PixMuse follows data minimization practices consistent with ISO/IEC 27001 standards:
- Only data required for platform functionality is collected
- Data is processed for specified, legitimate purposes only
- Collection is proportionate to the services provided
- Data accuracy is maintained through user-accessible profile management
Categories of Data Collected
| Category | Examples | Purpose |
|---|---|---|
| Account Data | Name, email | Authentication, communication |
| Payment Data | Transaction IDs | Billing, subscription management |
| Usage Data | Prompts, generated images | Service delivery, platform improvement |
| Technical Data | IP address, device info | Security, analytics |
5. Data Retention
Data may be retained for:
- Operational purposes — As long as the user account is active
- Security monitoring — Logs retained for a reasonable period for threat detection
- Regulatory compliance — As required by applicable law, including the IT Act 2000
- Dispute resolution — As necessary for resolving legal claims
Retention Periods
- Active account data — Duration of account activity
- Payment records — As required by financial regulations
- Security logs — Up to 12 months
- Deleted account data — Removed within 30 days, except where legally required
6. User Data Deletion
Users may request deletion of:
- Account information and profile data
- Stored prompts and generation history
- Generated images stored on the platform
Deletion Process
- Submit a deletion request through account settings or contact channels
- PixMuse will verify the request and the user's identity
- Deletion is processed within 30 days of verification
- Confirmation is provided upon completion
7. Data Export
Users may request a copy of their personal data in a portable format. Export requests are processed within a reasonable timeframe.
8. AI Training Data Usage
PixMuse may use anonymized and aggregated data to improve AI models. Individual user data is not used for model training without explicit consent.
9. Exceptions to Deletion
Certain data may be retained when required by:
- Applicable law or regulatory obligations
- Ongoing fraud or abuse investigation
- Active legal proceedings or disputes
- Financial record-keeping requirements
10. Roles and Responsibilities
| Role | Responsibility |
|---|---|
| Platform Operator | Enforce data collection and deletion policies |
| Users | Manage consent and submit data requests |
| Security Team | Ensure secure data handling and monitoring |
| Compliance Officer | Review regulatory adherence |
11. Review and Updates
This policy is reviewed annually or upon significant regulatory changes. Updates are communicated to users through the platform.
PixMuse policies are developed in accordance with internationally recognized standards including ISO 9001:2015 Quality Management Systems, ISO/IEC 27001 Information Security practices, ISO/IEC 40500:2012 Web Accessibility Guidelines (WCAG 2.0), and applicable provisions of the Information Technology Act, 2000 (India).