Privacy Policy
Last updated March 16, 2026
This Privacy Policy explains what data pxdiff collects, how we use it, and who we share it with. pxdiff.com is operated by pxdiff (“we”, “us”, “our”).
Data We Collect
Account data
GitHub OAuth login — when you sign in with GitHub, we receive and store: your GitHub user ID, login (username), email address, display name, and avatar URL. We request read:user and user:email scopes only. We do not request access to your repositories or code.
Magic link login — when you sign in via magic link, we collect and store only your email address.
Usage data
Screenshots — PNG images you upload via the CLI, SDK, plugins, or capture worker. These are stored content-addressed by SHA-256 hash in AWS S3.
Capture and diff metadata — branch name, commit SHA, viewport dimensions, snapshot names, timestamps, approval status, and diff results (changed/unchanged/added/removed counts).
Billing records — credit balances, deposit amounts, Stripe payment intent IDs, charge records (credits consumed per operation), and billing period boundaries.
Analytics data (PostHog)
We use PostHog for product analytics. PostHog is configured with persistence: "memory", which means no cookies, localStorage, or persistent identifiers are stored on your device. All analytics data is processed in-memory during your browser session.
Analytics data is proxied through r.pxdiff.com to PostHog’s US servers. We collect:
- Pageviews — page URL and referrer.
- Web vitals — Largest Contentful Paint (LCP), Cumulative Layout Shift (CLS), and Interaction to Next Paint (INP).
- Exceptions — JavaScript errors (error message and stack trace, no user input).
PostHog is configured with person_profiles: "identified_only", meaning server-side user profiles are created only for logged-in users. When you log in, we send PostHog your email, GitHub username, and display name via an identify call.
Legal basis: Legitimate interest in understanding product usage to improve the Service.
Session replays (opt-in only)
pxdiff supports PostHog session replays, but they are not enabled by default. Users who opt in via their account settings will have session replays activated. When enabled, PostHog records DOM snapshots, mouse movements, clicks, scrolls, and input interactions. You can opt out at any time through your settings.
Live chat (Crisp)
We use Crisp for live chat support. The Crisp widget is configured with autoload: false and Total Privacy Mode enabled, meaning:
- No Crisp cookies are set until you actively open the chat widget.
- No tracking occurs before or outside of a chat session.
See the Cookie Policy for details on Crisp cookies.
Where Data Is Stored
- Metadata — Neon Postgres database in AWS
us-east-1(Virginia). - Images — AWS S3 in
us-east-1, encrypted at rest with S3-managed encryption (SSE-S3). - Analytics — PostHog US servers (proxied through
r.pxdiff.com).
Third-Party Processors
We share data with the following third-party services, each acting as a data processor:
| Processor | Purpose | Data shared |
|---|---|---|
| AWS | Infrastructure (S3, Lambda, SQS, CloudFront) | Screenshots, metadata, all service data |
| Neon | Managed Postgres hosting | All database records |
| Stripe | Payment processing | Email, deposit amounts, payment method (handled by Stripe, not stored by us) |
| PostHog | Product analytics, opt-in session replays | Pageviews, vitals, exceptions; email/username for identified users; DOM snapshots if opted in |
| Resend | Transactional email (magic links, invites) | Email addresses |
| GitHub | OAuth authentication, App integration (CI checks) | GitHub user ID, login, email; repository metadata for check runs |
| Crisp | Live chat support | Messages you send in chat; email if you provide it |
We do not sell your data to anyone.
Data Retention
| Data type | Retention |
|---|---|
| Session tokens | 30 days from last use |
| Magic link tokens | 15 minutes |
| S3 noncurrent object versions | 2 days |
| Hosted sites (Storybook/Ladle) | 7 days |
| Branch data (inactive branches) | 30 days after last activity |
| Branch data (deleted branches) | 14 days after deletion |
| Protected branch baselines | Retained indefinitely |
| Billing records | Retained indefinitely for accounting purposes |
| Account data | Retained until account deletion is requested |
Security
- Tokens — session tokens and API keys are stored as SHA-256 hashes. Raw tokens are never persisted.
- Transit — all data transmitted over TLS (HTTPS).
- Screenshots — content-addressed by SHA-256 hash, providing deduplication and integrity verification.
- Logs — no personally identifiable information (PII) is written to application logs. Structured logging via AWS Lambda Powertools.
Client-Side Storage
pxdiff stores a single session token in your browser’s localStorage under the key pxdiff_session_token. This is required for authentication and is removed when you log out.
PostHog is configured with persistence: "memory" and does not use cookies or localStorage. See the Cookie Policy for full details on client-side storage.
Data Subject Requests
To request access to, correction of, or deletion of your personal data, email us at privacy@pxdiff.com. We will respond within 30 days.
We are committed to building self-serve data export and deletion tools. In the interim, all requests are handled manually via email.
Children
pxdiff is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, contact us at privacy@pxdiff.com and we will delete it.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification. The “last updated” date at the bottom of this page reflects the most recent revision.
Contact
For privacy-related questions, email us at privacy@pxdiff.com.
Last updated: March 16, 2026