No 40-page click-through. Here is exactly what PixelYeah collects, how we use it, and what rights your visitors have.
When your visitor loads the PixelYeah script we receive: hashed IP, user-agent, referrer, the page URL, and a session-scoped first-party identifier. We resolve those signals against our identity graph and return a person record to you if (and only if) a confident match exists. We do not collect form contents, keystrokes, mouse movements, or session recordings.
We act as a processor on your behalf. You are the controller for visitors on your site. Our co-op and graph data is sourced under consent (B2C) and legitimate-interest business-contact directories (B2B), refreshed and pruned continuously against opt-out lists.
PixelYeah does not set cookies on your domain. We do not use cross-site tracking cookies. Our identity resolution happens server-side off hashed signals, not via shared third-party cookies.
If a person asks to be removed from our graph (GDPR Article 17 / CCPA right to delete), email privacy@pixelyeah.com from any address — we suppress the matching identity across all customer payloads within 30 days and keep a permanent suppression record.
We use AWS (hosting), Cloudflare (edge + DDoS), Stripe (billing), and Postmark (transactional email). All sub-processors are GDPR-compliant and bound by DPAs.
Customer data may be processed in the US, EU, and UK. We use the EU Standard Contractual Clauses (2021) and the UK IDTA for transfers out of the EEA/UK.
Identified events are retained for 90 days by default and then purged. Customers on Unlimited can configure retention from 7 to 365 days. Aggregated metrics are retained indefinitely.
Questions: privacy@pixelyeah.com. Postal: PixelYeah, Inc., 548 Market St #62588, San Francisco, CA 94104, USA.