Privacy policy — Pixelstreet
(01)Privacy policy

Privacy policy

How Pixelstreet handles personal data under the GDPR / AVG. We try to collect as little as possible, never sell data, and give you full control of what you share.

Last updated · 12 May 2026

01 — Who we are

Pixelstreet is the trading name for the creative studio operated by HXTN Studios B.V., a private limited company registered in the Netherlands Chamber of Commerce (KvK) under number 90454324 and based in Rotterdam, the Netherlands.

For the purposes of the General Data Protection Regulation (GDPR / AVG), HXTN Studios B.V. acts as the data controller for personal data collected through this website.

Contact: roderick@pixelstreet.co · +31 6 1084 6897 · Rotterdam, the Netherlands.

02 — What data we collect

We try to collect as little as possible. The data we do process falls into three groups:

  • Contact details you give us. When you fill in the contact form or write to us directly, you share your name, email, company (optional), budget bracket, the discipline you need, and the message you write.
  • Technical data necessary to deliver the site. When your browser requests a page, our hosting provider (Vercel) logs the request — including your IP address, user agent, and the URL — for security and performance. These logs are retained for a short period and are not used for tracking.
  • Your stored preferences. We keep your cookie choice and your language preference in your browser's localStorage. These never leave your device.

03 — Why we process it (legal basis)

We rely on the following legal bases under Art. 6(1) GDPR:

  • Performance of a contract (or pre-contractual steps) — when you contact us about a project, we use your message to reply and to scope the work.
  • Legitimate interest — to keep the site secure, to detect abuse, and to serve embedded video (with Do Not Track) so you can see our work.
  • Consent — for any future analytics or marketing scripts. No such scripts are loaded today; if we add any, they will only run after you opt in.
  • Legal obligation — to keep records that tax, finance or commercial law requires us to keep.

04 — Who we share it with (processors)

We only share data with the providers we actually need to run the site and reply to you. None of them sell or repurpose the data.

  • Sanity (sanity.io) — Norwegian content platform, used to store and serve site content. Server within the EEA. No cookies set on visitors.
  • Vercel — US hosting provider. Serves the site over a global CDN. EU-US Data Privacy Framework certified. Standard contractual clauses in place.
  • Vercel Web Analytics + Speed Insights (Vercel Inc.) — cookieless first-party measurement of page views, referrers, country, and Web Vitals (LCP / INP / CLS). No cookies, no cross-site identifier, no individual profiling. We rely on legitimate interest (Art. 6(1)(f) GDPR) to keep the site performant; you can object at any time by writing to us.
  • Vimeo — US video host. Embedded videos load with the Do Not Track parameter (dnt=1) which disables tracking cookies and analytics events. EU-US DPF certified.
  • Google Analytics 4 (Google LLC) — only after you opt in via the cookie banner. IP anonymisation on, Google Signals off, ad personalisation off. EU-US DPF certified. See our cookie policy for the full configuration.
  • Your email provider — when you write to roderick@pixelstreet.co, that message is delivered through standard email infrastructure (Google Workspace).
  • WhatsApp (Meta) — only if you actively click the WhatsApp link to start a chat with us. Their terms apply to that chat.

05 — Where the data goes

Most processing happens within the European Economic Area. Some processors (Vercel, Vimeo, Google) are based in the United States. For these transfers we rely on the EU-US Data Privacy Framework (DPF) and, where applicable, on the European Commission's Standard Contractual Clauses.

06 — How long we keep it

We keep your data only as long as we need it:

  • Project enquiries that did not lead to a project: up to 12 months.
  • Active client data: for the duration of the engagement plus the legally required retention period (typically 7 years for invoices and contracts under Dutch tax law).
  • Server logs at our hosting provider: a few weeks at most.
  • Your local preferences (cookie choice, language): until you clear them, or 12 months after they were set.

07 — Your rights

Under the GDPR you have the right to:

  • Access — ask which personal data we hold about you.
  • Rectification — correct data that is inaccurate or incomplete.
  • Erasure — ask us to delete your data, where the law allows it.
  • Restriction — ask us to pause processing while a question is resolved.
  • Portability — receive your data in a common machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — at any time, for any processing based on consent.

To exercise any of these rights, email roderick@pixelstreet.co. We respond within one month.

08 — Complaints

If you feel we are not handling your data correctly and we cannot resolve it together, you have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) — autoriteitpersoonsgegevens.nl.

09 — Children

This site is not directed at children. We do not knowingly collect data from anyone under 16. If you believe a child has shared data with us, please write to us and we will delete it.

10 — Changes to this policy

We bump the "last updated" date at the top whenever this policy materially changes. Significant changes are highlighted on the homepage for at least 30 days. For substantive changes that affect a prior cookie decision, we re-prompt for consent.

11 — Contact

Questions or requests: roderick@pixelstreet.co or by post to HXTN Studios B.V., Rotterdam, the Netherlands.