Data Handling &
Digital Boundaries
We operate on a principle of radical clarity regarding your data. At our studio in Bogotá, we view privacy not as a legal obligation to obscure, but as a structural constraint to design around. This document outlines exactly what we capture, why we capture it, and the specific boundaries we enforce to keep your digital identity distinct from your operational needs.
Unlike agencies that bury policy in jargon, we treat this as a schematic. If you interact with our portfolio, request a quote, or sign a contract, we collect specific identifiers. We do not sell this data. We do not harvest secondary profiles. We treat your information as a project constraint: minimal, purposeful, and protected.
Visual: Data Isolation
"We collect only what allows us to build better web experiences. Anything else is noise."
Information Architecture
A detailed breakdown of data points we process, their purpose, and retention timelines. This matrix is live-updated with our current protocol.
- • Name, Email, Phone (when submitting forms)
- • Purpose: Project proposals, communication, invoicing
- • Retention: Duration of client relationship + 1 year
- • IP Address, Browser Type, OS (via analytics)
- • Purpose: Security, site performance optimization
- • Retention: 30 days (logs), 12 months (aggregated)
- • Invoice data, Tax ID, Billing Address
- • Purpose: Compliance with Colombian tax law (DIAN)
- • Retention: 10 years (legal requirement)
- • Email threads, WhatsApp logs (business account)
- • Purpose: Project scope, feedback, change requests
- • Retention: Active project lifecycle
- • Brand assets, screenshots, wireframes (client provided)
- • Purpose: Portfolio execution, reference, archiving
- • Retention: Per contract terms or 2 years
- • Consent records, opt-in timestamps
- • Purpose: Proof of GDPR/Habeas Data adherence
- • Retention: 5 years or until withdrawal
Storage & International Transfers
All data collected via pixlixa.company resides on secure servers located within the European Union (Frankfurt, Germany) via our infrastructure partner. This jurisdiction provides robust protections under GDPR. However, as a studio operating from Calle 93B #13-44, Bogotá, we maintain local backups for tax and operational continuity purposes, stored in encrypted vaults in Colombia.
We do not transfer data outside of these two regions. If you are accessing our portfolio from outside Colombia or the EU, your interaction is routed through our EU gateway to ensure highest-grade protection. No third-party marketing platforms are fed your data. We use a strict "zero-knowledge" approach with our analytics provider—meaning your session is anonymized before it hits our dashboard.
Key Takeaway
Your data crosses borders only once: from your browser to our EU server. It does not get shared, sold, or synchronized with ad networks. The only exception is legal compulsion by Colombian or EU courts.
Exercising Control
Under Colombian Habeas Data Law (Law 1581 of 2012) and GDPR, you hold specific rights. We are legally and ethically bound to honor them within 15 business days.
Backup Integrity: While you may request deletion, technical backups may retain encrypted fragments for up to 90 days due to our disaster recovery protocol.
Request a full export of your data (JSON format) via email. We will verify identity and send a secure link within 72 hours.
Spot an error in your invoice or contact details? We can correct specific data points without nuking the whole record.
The "Right to be Forgotten." Request full erasure of non-essential data. We keep only what tax law demands.
Studio HQ
Calle 93B #13-44
Bogotá, Colombia
Data Governance Inquiry
Have a specific question about your data, retention, or compliance? Send a message directly to our privacy officer.