Pixel Auctions

Effective Date: June 26, 2025

Pixel Auctions ("we", "us", or "our") operates a free-to-use online auction platform based in Saskatoon, Saskatchewan, Canada. We are committed to protecting your privacy and ensuring the security of your personal information in compliance with applicable Canadian privacy laws including the Personal Information Protection and Electronic Documents Act (PIPEDA). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

1. Information We Collect

1.1 Account & Registration Data

User Account Information: First name, last name, email address, and encrypted password (using PHP password_hash function) when creating your account
User Profile Data: Total ratings received, average rating score (scale 0-5), and profile update history
Authentication Data: Login session tokens, password reset requests, and account status information

1.2 Auction & Marketplace Data

Auction Listings: Item names, detailed descriptions, categories (Electronics, Fashion, Home, Books, Other), colors, condition assessments (Great, Good, Okay, Poor), starting prices, reserve prices, auction duration settings, and status (pending, approved, rejected)
Item Images: Uploaded photographs stored locally on our servers or via ImgBB image hosting service (imgbb.com)
Administrative Data: Admin approval/rejection notes, review timestamps, reviewer IDs, and moderation history

1.3 Bidding & Transaction Data

Bid Information: Bid amounts, precise timestamps of bids, bidding history, highest bid tracking, and bid validation data
Auction Participation: Items you've bid on, auctions you've won, transaction completion status
Watchlist Activity: Items added to your watchlist, watchlist timestamps, and removal history

1.4 Ratings & Trust System

User Ratings: Ratings you provide for other users (scale 0-5) with associated item IDs and transaction context
Received Ratings: Ratings received from other users, aggregated rating statistics, and rating trends
Trust Metrics: Calculated reputation scores and seller/buyer performance indicators

1.5 Technical & System Data

Server Logs: IP addresses, HTTP request headers, browser user agents, referring URLs, and access timestamps
Session Management: PHP session IDs, login/logout timestamps, session duration, and authentication status
Error Tracking: Database query logs, email delivery logs, and system error reports
Performance Data: Page load times, database query performance, and system resource usage

1.6 Communications & Notifications

Email Communications: Registration confirmations, auction approval/rejection notifications, bidding confirmations, auction completion notices, and support correspondence
System Messages: In-platform notifications, alert preferences, and communication history
Support Interactions: Customer service requests, technical support queries, and feedback submissions

2. How We Use Your Information

2.1 Core Platform Functions

Creating and managing user accounts with secure authentication
Processing auction listings, including admin approval workflows
Facilitating bidding processes and maintaining bid histories
Managing watchlists and user preferences
Processing and displaying user ratings for trust and safety
Connecting auction winners with sellers for transaction completion

2. How We Use Your Information

2.1 Core Platform Operations

Account Management: Creating and maintaining user accounts, authentication, password management, and user profile updates
Auction Processing: Publishing auction listings, managing bidding processes, tracking auction status, and facilitating buyer-seller connections
Administrative Review: Admin approval/rejection of auction listings, content moderation, and platform quality control
Transaction Facilitation: Processing bids, determining auction winners, managing post-auction communications, and enabling rating exchanges
Watchlist Management: Saving user preferences, tracking interested items, and providing personalized auction recommendations

2.2 Communications & Notifications

Transactional Emails: Account confirmation, auction status updates (approval/rejection), successful bid notifications, auction completion alerts, and rating reminders
Platform Updates: System maintenance notifications, policy changes, feature announcements, and security alerts
Customer Support: Responding to user inquiries, technical support, account assistance, and dispute resolution
Marketing Communications: Promotional emails about platform features (with opt-out options)

2.3 Platform Security & Integrity

Fraud Prevention: Detecting suspicious bidding patterns, preventing fake accounts, and identifying potential scams
System Security: Monitoring for unauthorized access, protecting against cyber attacks, and maintaining data integrity
Content Moderation: Reviewing auction listings for compliance, removing inappropriate content, and enforcing community guidelines
Performance Optimization: Analyzing system usage, optimizing database performance, and improving user experience

2.4 Analytics & Improvement

Usage Analytics: Understanding user behavior patterns, popular auction categories, and platform engagement metrics
Feature Development: Identifying needed improvements, testing new features, and enhancing platform functionality
Quality Assurance: Monitoring system performance, tracking error rates, and ensuring platform reliability

3. Information Sharing & Disclosure

3.1 Within Platform Users

Public Auction Data: Approved auction listings (item details, photos, current bids) are visible to all platform users
Winner Information: Auction sellers receive winner contact details (name and email) for transaction completion
Rating System: User ratings and average scores are publicly displayed for trust-building purposes
Bidding Activity: Current highest bidder information (first name and last initial) is shown during active auctions

3.2 Third-Party Service Providers

Hosting Infrastructure: InMotion Hosting (Virginia, USA) hosts our servers and databases, processing user data as part of service delivery
Email Services: SMTP providers receive recipient email addresses and message content for delivery
Image Hosting: ImgBB (imgbb.com) receives uploaded auction photos and metadata for storage and content delivery
Technical Infrastructure: System administrators and developers access data for platform maintenance, security, and support purposes

3.3 Legal & Regulatory Compliance

Legal Requirements: Information disclosed when required by Canadian federal/provincial law, court orders, or regulatory investigations
Law Enforcement: Cooperation with police investigations involving suspected fraud, theft, or criminal activities
Safety Protection: Disclosure to protect rights, property, or safety of Pixel Auctions, users, or the public
Terms Enforcement: Information sharing to investigate Terms of Service violations or platform abuse

3.4 Business Operations

Corporate Changes: In merger, acquisition, or asset sale events, user information may transfer to the new entity
Professional Services: Accountants, lawyers, consultants may access information for business operations (under confidentiality agreements)
Authorized Personnel: System administrators, developers, and support staff access data for platform operations

3.5 What We Don't Do

No Data Sales: We do not sell, rent, or lease personal information to marketers, advertisers, or data brokers
No Spam: We do not share email addresses with third parties for unsolicited marketing
No Unauthorized Access: We do not provide user data to unauthorized parties or for unrelated purposes

4. Data Storage, Security & Cross-Border Transfer

4.1 Data Location & Infrastructure

Primary Hosting: All platform data is hosted by InMotion Hosting in secure data centers located in Virginia, United States
Database Security: MySQL databases protected with encryption at rest, access controls, and regular security patches
Server Environment: LAMP stack (Linux, Apache, MySQL, PHP) with current security configurations and monitoring
Data Center Standards: SOC 2 Type II certified facilities with 24/7 monitoring, redundant power, and environmental controls

4.2 Cross-Border Data Transfer

U.S. Hosting: Since our servers are located in the United States, Canadian personal information is transferred across the border
Legal Implications: Data may be subject to U.S. federal and state laws, including potential access by U.S. government authorities under legal circumstances (PATRIOT Act, FISA, etc.)
Hosting Provider Access: InMotion Hosting technical staff may access server logs and metadata as part of service delivery and support
Data Protection: We require hosting providers to maintain appropriate security standards and confidentiality measures

4.3 Security Measures

Transmission Security: All data transmission protected by SSL/TLS encryption (HTTPS throughout platform)
Password Protection: User passwords hashed using PHP's password_hash() function with strong algorithms and salts
Access Controls: Administrative database access restricted to authorized personnel with unique credentials
Session Management: Secure PHP session handling with proper timeout and regeneration protocols
Input Validation: SQL injection prevention through prepared statements and input sanitization
File Security: Image uploads validated for type and size, stored with restricted access permissions
Email Security: SMTP communications use authenticated, encrypted channels

4.4 Third-Party Security

ImgBB Image Hosting: Images uploaded to imgbb.com are subject to their privacy policy and security practices
Email Providers: SMTP services process email content according to their security protocols
Vendor Assessment: We select third-party services based on their security standards and data protection practices

4.5 Security Limitations & User Responsibilities

No Absolute Security: Despite robust security measures, no electronic system is 100% secure against all threats
User Account Security: Users responsible for maintaining strong passwords, secure login practices, and device security
Incident Response: We maintain incident response procedures and will notify users of significant security breaches as required by law
Regular Updates: Platform security continuously updated with patches, monitoring improvements, and threat assessments

5. Data Retention & Deletion

5.1 Active Account Data Retention

Account Information: First name, last name, email, and password hash retained as long as account remains active
Current Auctions: Active auction data, bids, and watchlist items retained throughout auction lifecycle
Rating System: User ratings (both given and received) retained permanently to maintain platform trust and integrity
Session Data: Authentication sessions expire after inactivity and are regularly purged from system

5.2 Historical Data Retention

Completed Auctions: Auction details, final bid amounts, and winner information retained for 7 years for legal compliance and dispute resolution
Transaction Records: All bidding history, payment coordination data, and seller-buyer communications retained for 7 years
Email Communications: System-generated emails and customer support correspondence retained for 3 years
Server Logs: IP addresses, access logs, and technical data retained for 1 year for security monitoring and system optimization
Administrative Records: Auction approval/rejection decisions and admin notes retained for 5 years

5.3 Inactive Account Management

Inactivity Definition: No login activity for 24 consecutive months constitutes account inactivity
Retention Warning: After 18 months of inactivity, users receive email notification about potential account closure
Automatic Deletion: After 36 months of inactivity, personal account data may be automatically deleted
Historical Preservation: Completed auction data may be anonymized and retained for platform integrity rather than deleted

5.4 User-Requested Deletion

Account Closure: Users may request complete account deletion by contacting auctions@pixelauctions.org
Deletion Process: Account information deleted within 30 days of verified request
Legal Retention: Some data may be retained if required for legal compliance, fraud prevention, or ongoing disputes
Anonymization: Historical auction participation may be anonymized rather than deleted to preserve marketplace integrity
Third-Party Data: Images on ImgBB and emails sent through SMTP providers must be deleted separately according to their policies

5.5 Legal & Compliance Retention

Legal Holds: Data subject to legal proceedings, investigations, or disputes retained until resolution
Regulatory Requirements: Financial transaction records retained per Canadian anti-money laundering and tax regulations
Fraud Prevention: Data related to fraudulent or suspicious activity may be retained longer for security purposes

6. Your Rights & Privacy Controls

6.1 Access Rights

Data Access: You have the right to request and receive a copy of all personal information we hold about you
Account Information: Access your account details, auction history, bid records, and ratings through your user dashboard
Transaction History: View complete records of your bidding activity, won auctions, and seller interactions
Data Portability: Request your data in a structured, commonly-used format for transfer to other services

6.2 Correction & Update Rights

Profile Updates: Modify your name, email address, and other account information through account settings
Error Correction: Request correction of inaccurate or incomplete personal information
Auction Listings: Edit or update your auction listings before approval and during active periods
Communication Preferences: Update email notification settings and communication preferences

6.3 Deletion Rights

Account Deletion: Request complete removal of your account and associated personal information
Selective Deletion: Request removal of specific data types (subject to legal and operational requirements)
Right to be Forgotten: Request anonymization of your historical platform activity
Limitations: Some data may be retained for legal compliance, fraud prevention, or platform integrity

6.4 Communication Controls

Email Preferences: Opt out of promotional emails while maintaining essential transaction notifications
Notification Settings: Control which types of platform activities trigger email notifications
Marketing Opt-Out: Unsubscribe from marketing communications at any time through email links or account settings
Essential Communications: Some system emails (security alerts, transaction confirmations) cannot be disabled

6.5 Privacy Control Mechanisms

Watchlist Privacy: Your watchlist is private and not visible to other users or auction sellers
Bidding Anonymity: Only first name and last initial displayed during active bidding
Contact Information: Email address only shared with auction sellers after winning
Rating Visibility: Option to discuss rating privacy concerns with customer support

6.6 Exercising Your Rights

Contact Method: Submit privacy requests to auctions@pixelauctions.org
Identity Verification: Requests require verification of account ownership for security purposes
Response Timeline: Most requests processed within 30 days of verification
Appeal Process: If unsatisfied with our response, you may file complaints with the Privacy Commissioner of Canada

7. Cookies, Tracking & Session Management

7.1 Essential Cookies & Sessions

PHP Sessions: Server-side session cookies (PHPSESSID) maintain user authentication and login state
Authentication Cookies: Secure cookies store login status and prevent unauthorized access
Form Security: CSRF tokens prevent cross-site request forgery attacks
Session Duration: Sessions expire after inactivity periods or when users log out

7.2 Functional Cookies

User Preferences: Remember display settings, language preferences, and interface customizations
Watchlist State: Maintain watchlist contents between sessions for logged-in users
Search History: Temporarily store recent searches to improve user experience
Form Data: Preserve form inputs during multi-step processes (auction creation, registration)

7.3 Analytics & Performance Tracking

No Third-Party Analytics: We do not currently use Google Analytics, Facebook Pixel, or similar tracking services
Server-Side Analytics: Internal tracking of page views, auction performance, and platform usage patterns
Performance Monitoring: Database query timing and system performance metrics for optimization
Error Tracking: Anonymous error logs for debugging and system improvement

7.4 Third-Party Cookies

ImgBB Integration: Image hosting service may set cookies when uploading auction photos
Email Service Tracking: Email delivery services may use tracking pixels in sent emails
External Links: Third-party websites may set cookies when accessed through our platform
Future Integrations: Additional third-party services may introduce cookies with notice and consent

7.5 Cookie Management

Browser Controls: Users can manage cookies through browser settings and preferences
Essential Cookie Notice: Some cookies are necessary for platform functionality and cannot be disabled
Consent Withdrawal: Users may clear cookies or adjust browser settings to limit tracking
Impact of Blocking: Disabling essential cookies may affect login, bidding, and other core platform features

8. Children's Privacy Protection

8.1 Age Restrictions

Minimum Age: Pixel Auctions is not intended for children under 13 years of age
Teen Users (13-17): Users aged 13-17 should obtain parental consent before registering
Parental Responsibility: Parents/guardians are responsible for monitoring their minor children's online activities
Account Verification: We may request age verification if we suspect underage usage

8.2 Data Collection from Minors

No Knowing Collection: We do not knowingly collect personal information from children under 13
Immediate Deletion: If we discover information from a child under 13, we will delete it immediately
Parental Notification: Parents who believe their child has provided information may contact us for immediate removal
Account Termination: Accounts created by users under 13 will be permanently deleted

8.3 Reporting & Contact

Parent Reporting: Parents may report suspected underage accounts to auctions@pixelauctions.org
Evidence Required: Reports should include account details and evidence of underage usage
Response Time: We investigate and respond to child privacy concerns within 48 hours
Legal Compliance: Our practices align with Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) requirements for children's data

9. Third-Party Links & External Services

9.1 External Website Links

Third-Party Content: Our platform may contain links to external websites, resources, or services
No Responsibility: We are not responsible for the privacy practices, content, or security of external websites
Independent Policies: Third-party sites have their own privacy policies and terms of service
User Caution: Review privacy policies of external sites before providing personal information

9.2 Integrated Third-Party Services

ImgBB Image Hosting: Image uploads processed through imgbb.com - subject to their privacy policy and data handling practices
SMTP Email Services: Email delivery through configured SMTP providers (mail.pixelauctions.org and potential backup services)
InMotion Hosting: Server infrastructure provided by InMotion Hosting in Virginia, USA - subject to their security and privacy standards
Payment Processors: Future payment integration may involve third-party payment processors with separate privacy policies

9.3 Social Media & Sharing

No Social Login: We do not currently integrate with Facebook, Google, or other social media login systems
Manual Sharing: Users may manually share auction links on social media (subject to those platforms' policies)
Future Integration: Any social media integration will be clearly disclosed with appropriate privacy notices
Contact Information: Our official social media accounts (if any) are separate from platform data collection

9.4 Service Provider Relationships

Data Processing Agreements: Third-party service providers operate under data processing agreements when handling user information
Privacy Standards: We select vendors based on their privacy and security practices
Limited Access: Third parties only access information necessary for their specific service functions
User Awareness: Significant new third-party integrations will be disclosed through policy updates

10. Privacy Policy Changes & Updates

10.1 Policy Modification Process

Regular Review: This Privacy Policy is reviewed and updated annually or when significant changes occur to our data practices
Material Changes: Significant modifications to data collection, usage, or sharing practices will be clearly highlighted
Version Control: Policy versions maintained with effective dates and change summaries for transparency
Legal Updates: Policy updated to reflect changes in Canadian privacy law, regulations, or best practices

10.2 User Notification

Email Notification: Registered users receive email notification of significant privacy policy changes
Website Notice: Prominent notice displayed on the platform when important changes are made
Advance Notice: Material changes communicated at least 30 days before implementation
Continued Use: Continued platform usage after policy changes constitutes acceptance of updated terms

10.3 Change Documentation

Change Log: Detailed record of all policy modifications maintained for user reference
Effective Dates: Clear indication of when policy changes take effect
Impact Assessment: Analysis of how changes affect existing user data and privacy rights
Historical Versions: Previous policy versions available upon request for comparison

10.4 User Options After Changes

Opt-Out Rights: Users who disagree with policy changes may request account deletion before changes take effect
Grandfathering: In some cases, existing users may be offered grandfathered terms for specific practices
Feedback Process: Users may provide feedback on proposed policy changes during comment periods
Contact for Clarification: Questions about policy changes addressed through our support channels

11. Legal Compliance & Regulatory Framework

11.1 Canadian Privacy Law Compliance

PIPEDA Compliance: Our practices align with the Personal Information Protection and Electronic Documents Act and applicable provincial privacy legislation
Consent Requirements: Personal information collected with appropriate consent for identified purposes
Data Minimization: We collect only information necessary for stated platform functions
Accuracy Obligation: Reasonable efforts made to ensure personal information accuracy and currency

11.2 Cross-Border Data Transfer Compliance

U.S. Hosting Disclosure: All user data processed and stored on servers located in Virginia, United States
PIPEDA Requirements: Cross-border transfer conducted with appropriate safeguards and user awareness
U.S. Legal Framework: Data may be subject to U.S. federal and state laws, including government access provisions
Hosting Provider Standards: InMotion Hosting maintains industry-standard security and privacy protections

11.3 Industry Standards & Best Practices

Security Standards: Implementation of reasonable security safeguards appropriate to data sensitivity
Privacy by Design: Platform development incorporates privacy considerations from inception
Transparency Principles: Clear communication about data practices and user rights
Accountability: Designated privacy officer responsible for policy implementation and compliance

11.4 Regulatory Cooperation

Privacy Commissioner: Cooperation with Privacy Commissioner of Canada investigations and recommendations
Law Enforcement: Appropriate response to lawful requests from Canadian and international authorities
Legal Compliance: Adherence to court orders, subpoenas, and regulatory investigations
Incident Reporting: Breach notification procedures aligned with applicable legal requirements

12. Contact Information & Privacy Inquiries

12.1 Privacy Contact Details

Primary Contact: auctions@pixelauctions.org
Subject Line: Include "Privacy Inquiry" in email subject for priority handling
Mailing Address: Pixel Auctions Privacy Officer, Saskatoon, Saskatchewan, Canada
Response Time: Privacy inquiries acknowledged within 48 hours, full response within 30 days

12.2 Types of Privacy Requests

Access Requests: Request copies of personal information we hold about you
Correction Requests: Report inaccurate information and request corrections
Deletion Requests: Request removal of personal information (subject to legal limitations)
Complaint Resolution: Report privacy concerns or potential policy violations
General Inquiries: Questions about our privacy practices and data handling

12.3 External Privacy Resources

Privacy Commissioner of Canada: www.priv.gc.ca - Independent oversight of federal privacy legislation
Provincial Privacy Commissioners: Contact information varies by province for local privacy law questions
Privacy Rights Organizations: Canadian Internet Policy and Public Interest Clinic (CIPPIC) and similar advocacy groups
Legal Resources: Consult qualified privacy lawyers for complex rights questions or disputes

12.4 Business Information

Legal Entity: Pixel Auctions operates as a web-based platform service
Jurisdiction: Canadian federal and Saskatchewan provincial law governs our privacy practices
Platform Status: Free-to-use online auction marketplace (non-commercial transaction facilitation)
Data Controller: Pixel Auctions acts as data controller for all personal information collected through the platform

Acknowledgment: By creating an account and using Pixel Auctions, you acknowledge that you have read, understood, and agree to this Privacy Policy and our data handling practices as described herein.

This Privacy Policy was last updated on June 26, 2025, and reflects our current data practices and legal obligations.