Privacy Policy

Introduction

PixelPai ApS (“PixelPai,” “we,” “us,” or “our”) is committed to protecting your personal data and ensuring your privacy rights are upheld. This Privacy Policy explains how we collect, use, share, protect, and retain personal data when you interact with PixelPai, including when you browse our website, use our services, connect a blockchain wallet, participate in the Rebirth Engine, receive Rebirth Credits, or convert credits into RLY (Reality+) or other supported utility tokens.

This policy applies whether you are a website visitor, a registered user, a wallet-connected user, an applicant, or a participant in our Legal Expert Network.

 

1. Who We Are

PixelPai ApS is a Danish company, company number 44479397, with registered address:

Applebys Plads 7, 2
1411 Copenhagen K, Denmark

PixelPai ApS is a registered Virtual Asset Service Provider (VASP) with the Danish Financial Supervisory Authority and is preparing for full CASP operations under the EU Markets in Crypto-Assets Regulation (MiCA). PixelPai aligns its operations with GDPR, AML/KYC requirements, FATF guidance, and relevant EU and international regulatory standards.

 

2. Scope of This Policy

This Privacy Policy applies to personal data collected from:

• Website visitors
• Registered and wallet-connected users
• Users of the Rebirth Engine and token services
• Customers and business partners
• Applicants (e.g. Legal Network, Careers)
• Suppliers and professional counterparties

 

3. Personal Data We Collect

Depending on your interaction with PixelPai, we may collect the following categories of data.

 

3.1 Website Visitors

• IP address
• Device and browser information
• Cookies and analytics data
• Usage and access logs

 

3.2 Service and Platform Users

• Name, email address, and contact details
• Account identifiers and credentials
• Profile and preference data
• Payment-related metadata (where applicable)
• Platform usage logs and activity records

 

3.3 Blockchain, Wallet & Token Data

When you connect a wallet or use Rebirth or token services, we may process:

• Public blockchain wallet addresses
• Blockchain transaction hashes and timestamps
• Token burn events and associated metadata
• Rebirth Credits balances and conversion history
• RLY or partner token issuance and transfer records
• Cryptographic signatures used for authentication

Blockchain data is publicly available by design. Where such data is linked to an identifiable user for compliance or service provision purposes, it is treated as personal data under GDPR.

 

3.4 Custodial Wallet Data

To enable compliant service flows, PixelPai may generate a platform-linked custodial wallet associated with a user profile. Related data may include:

• Custodial wallet address
• Internal account identifiers
• Balance and transaction metadata
• Compliance flags, screening results, and audit logs

 

3.5 Applicants, Suppliers & Partners

• CVs, resumes, professional profiles
• Contact and contractual information
• Invoicing and accounting data

We may also receive data from trusted third parties such as analytics providers, identity verification services, payment processors, and blockchain monitoring tools.

 

4. How and Why We Use Your Data

We process personal data in accordance with GDPR principles of lawfulness, fairness, transparency, purpose limitation, and data minimization.

Purposes and Legal Bases

Purpose	Legal Basis
Account creation and service delivery	Contract
Wallet connection and authentication	Contract
Rebirth Credits issuance and token conversions	Contract
AML, KYC, sanctions screening	Legal obligation
Transaction monitoring and fraud prevention	Legal obligation / legitimate interest
Regulatory reporting	Legal obligation
Platform security and integrity	Legitimate interest
Customer communication and support	Contract
Marketing communications	Consent
Recruitment and applications	Legitimate interest / consent

.

5. Blockchain Data & Immutability

Blockchain records are immutable and outside PixelPai’s control. PixelPai does not alter or delete onchain data.

Where onchain activity is linked to a user identity for compliance or service provision, that linkage is retained only for as long as required under applicable law. Off-chain personal data may be deleted upon request unless legal obligations require continued retention.

 

6. Custodial Wallets, Screening & Withdrawals

When a user connects a wallet, PixelPai performs automated wallet screening and sanctions checks in line with AML, FATF, and EU regulatory requirements.

To support regulated flows, PixelPai may generate a custodial wallet linked to the user profile. This wallet is used to temporarily hold Rebirth Credits, RLY, or other supported assets within the platform.

Withdrawals to external non-custodial wallets may require identity verification (KYC) depending on jurisdiction, transaction thresholds, and legal requirements.

Custody and wallet infrastructure may be supported by specialized third-party providers operating under equivalent security and compliance standards.

 

7. Data Sharing

We may share personal data with:

• Identity verification and AML/KYC providers
• Custodial wallet and blockchain infrastructure providers
• Analytics and monitoring service providers
• Auditors, legal advisors, and professional consultants
• Regulators or law enforcement authorities where required by law

Data shared outside the EEA is protected using Standard Contractual Clauses or equivalent safeguards.

 

8. Data Security

PixelPai implements technical and organizational security measures, including:

• Encryption at rest and in transit
• Role-based access control and least-privilege policies
• Secure hosting environments
• Monitoring, audits, and vulnerability assessments
• Incident response and breach management procedures

 

9. Data Retention & Deletion

Data Type	Retention Period
Customer and transaction data	Minimum 5 years (AML compliance)
Financial and tax data	6 fiscal years + current year
Applicant data	Up to 2 years (unless extended by consent)
Supplier & partner data	Duration of engagement + legal retention
Anonymized analytics data	Indefinite

Deletion requests may be submitted to data@pixelpai.com. Requests are acknowledged within 5 business days and completed within 30 calendar days unless legal retention obligations apply.

 

10. Your Rights Under GDPR

You have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure (subject to legal obligations)
• Restrict processing
• Data portability
• Object to processing (including marketing)

 

11. Cookies and Tracking

PixelPai uses cookies and similar technologies to support platform functionality, wallet sessions, analytics, and performance monitoring. Disabling cookies may affect certain features. Details are available in our Cookie Policy.

 

12. Children’s Privacy

PixelPai services are not intended for individuals under 18. If we become aware that personal data of a minor has been collected, it will be deleted promptly.

 

13. Policy Updates

This Privacy Policy may be updated periodically. The latest version will always be published on our website.

 

14. Contact

Email: data@pixelpai.com
Address: Applebys Plads 7, 2, 1411 Copenhagen K, Denmark