Legal

Privacy Policy

Last updated: 25 April 2026

PIXAM Ltd (“we”, “us”, “our”) operates the DigInto platform at diginto.tech. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Maltese data protection law.

1. Data Controller

The data controller is PIXAM Ltd, registered in Malta. You can contact us regarding data protection matters via our Contact page.

2. Data We Collect

When you register or use the platform we collect:

  • Identity data: your name and email address, obtained from your Google or Microsoft account at login.
  • Authentication data: your OAuth provider subject identifier (Google ID / Microsoft ID), used solely to link your social login to your account.
  • Usage data: pages visited, timestamps, IP address, browser type, operating system, and approximate geolocation (country/city) derived from your IP address.
  • Forum & community content: posts and replies you submit on the platform.
  • MQTT credentials: usernames and topic assignments generated automatically when MQTT access is provisioned.
  • File upload data: files you upload via conversion tools (stored temporarily and automatically deleted after 6 hours).

We do not collect passwords — authentication is handled entirely by Google or Microsoft.

3. Legal Basis for Processing
Purpose Legal Basis (GDPR Art.)
Account creation and authenticationContract — Art. 6(1)(b)
Platform security, rate limiting, fraud preventionLegitimate interest — Art. 6(1)(f)
Usage analytics and platform improvementLegitimate interest — Art. 6(1)(f)
Compliance with legal obligationsLegal obligation — Art. 6(1)(c)
4. How We Use Your Data
  • To create and manage your account and authenticate you on the platform.
  • To provide access to platform features (forums, tutorials, GNSS tools, Konversion).
  • To monitor and protect platform security and detect abuse.
  • To analyse usage patterns in order to improve the platform.
  • To comply with applicable legal obligations.
5. Data Sharing & Third Parties

We do not sell your personal data. We may share data with:

  • Google LLC / Microsoft Corporation — solely for OAuth authentication. Their own privacy policies apply to data processed by their platforms.
  • ip-api.com — your IP address is sent to this service to derive approximate geolocation (country, city) at login. Only anonymised results are stored.
  • Legal authorities — if required by applicable EU or Maltese law.

All data is stored on servers located within the European Union.

6. Data Retention
  • Account data: retained for as long as your account is active. Deleted within 30 days of account deletion request.
  • Login & traffic logs: retained for 14 days for security purposes, then automatically purged.
  • Uploaded files: automatically deleted after 6 hours.
  • Forum content: retained until you request deletion or your account is removed.
7. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access (Art. 15): request a copy of the data we hold about you.
  • Right to rectification (Art. 16): request correction of inaccurate data.
  • Right to erasure (Art. 17): request deletion of your personal data (“right to be forgotten”).
  • Right to restriction (Art. 18): request that we restrict processing of your data.
  • Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): object to processing based on legitimate interest.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights please contact us via our Contact page. We will respond within 30 days as required by GDPR.

8. Cookies & Session Data

We use a single authentication cookie (.DigintoAuth) to maintain your session across our subdomains. This cookie is strictly necessary for the platform to function and does not require consent under ePrivacy rules. It expires after 7 days of inactivity. We do not use third-party advertising or tracking cookies.

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including HTTPS encryption, rate limiting, and access controls. However, no method of transmission over the internet is 100% secure.

10. Children's Privacy

The platform is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has registered, please contact us and we will delete the account.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page with a revised date. Material changes will be communicated to registered users.

12. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner (IDPC) of Malta at idpc.org.mt, or with the supervisory authority in your EU member state.