We use cookies to measure ad performance and improve 21Pix. Privacy policy

21Pix
  • How it works
  • Features
  • Pricing
  • FAQ
  • Blog
  • Contact
    • English
    • Nederlands
    • Deutsch
    • Français

Privacy Policy

Last updated: 1 July 2026

In one paragraph: 21Pix is a disposable-camera app that prints your photos and ships them to you. To do that, we need your photos and your shipping address — and not much else. We collect anonymous, aggregate usage data to improve the app (which you can switch off), and — only with your consent — we measure how our own ads perform so we can reach more people like you. We don't sell your data, we never use your photos for advertising, and we delete your photos shortly after your prints leave our facility. Your memories are yours.

1. Who We Are

21Pix is operated by:

Groenewegen Solutions B.V. (trading as 21Pix)
Box A3821, Keurenplein 41
1069CD Amsterdam, Netherlands
KvK: 99311917  ·  VAT: NL8689.27.764.B.01
Contact: info@21pixapp.com

We are the data controller for the personal data described below, under Regulation (EU) 2016/679 (GDPR).

2. What We Collect and Why

2.1 Your photos

  • What: The 21 photos in each roll you order.
  • Why: To print them on photo paper and ship them to you.
  • Legal basis: Performance of a contract (GDPR Art. 6(1)(b)).
  • Retained: Until 48 hours after your order has shipped, then permanently deleted from our systems.

2.2 Shipping & contact details

  • What: Name, postal address, email address, optional phone number.
  • Why: To deliver your prints and email you order/shipping confirmations.
  • Legal basis: Performance of a contract.
  • Retained: 7 years, as required by Dutch tax law (art. 52 AWR).

2.3 Payment data

  • What: Order amount, transaction ID and payment status returned by Mollie. We never see or store your card number, IBAN, or PayPal credentials.
  • Why: To take payment and reconcile orders.
  • Legal basis: Performance of a contract; legitimate interest in fraud prevention (Art. 6(1)(f)).
  • Retained: 7 years (tax law).

2.4 Device data

  • Device-generated user ID: A random identifier created on your device the first time you launch the app. It lets us associate your rolls and orders without requiring an account. Not linked to your real identity.
  • Push notification token: If you allow notifications, we store an Apple (APNs) or Google (FCM) push token so we can tell you when your film is "developed" and when your order ships. You can revoke this anytime in your device settings.
  • Server logs: Like any web service, our server records request lines including IP address, briefly, for security and abuse prevention. Logs are rotated after 30 days. We don't use them to build a profile of you.

2.5 Anonymous usage analytics & ad measurement

  • Usage analytics: Aggregate, anonymous usage events — for example app opens, that a photo was taken (and its number within the roll), that a roll was completed, steps of the checkout (order started, payment started, completed or failed), and that an order was placed and its total value, plus standard website page views and which app-store button was tapped. We use Google Analytics 4 for this, via Firebase Analytics inside the apps. This carries no advertising identifier.
  • Website heatmaps & session replays: On our website only (never in the apps), we use Microsoft Clarity to see how pages are used — anonymized heatmaps and session replays of clicks, scrolls and mouse movement, with all text and form inputs automatically masked. It loads only after you accept the cookie banner and never sees your photos.
  • Ad performance measurement: So we can run ads that bring new people to 21Pix, we measure how our own campaigns on Meta (Facebook / Instagram) and Google perform — for example whether an ad led to an app install or an order. On iOS this uses Apple's SKAdNetwork, plus your device advertising identifier (IDFA) only if you allow it in Apple's App Tracking Transparency prompt. On Android, in the EEA we ask for your consent with an in-app prompt before using your advertising identifier (GAID); you can grant or withdraw it any time under About → Privacy. On the website, a Meta Pixel and Google tag load only after you accept the cookie banner. Your photos are never part of this.
  • What it is not: We do not build a profile of you from your photos, and your photos are never used for advertising. Order events carry only the order total and country — never your name, address, email or card details. We never sell your personal data.
  • Why: To understand, in aggregate, how 21Pix is used so we can improve it, and to measure and improve the ads that bring people to the app.
  • Legal basis: For usage analytics — on the website, your consent (GDPR Art. 6(1)(a)); in the apps, our legitimate interest in improving the product (Art. 6(1)(f)), on by default and switchable off under About → Privacy. For ad measurement that uses an advertising identifier — your consent (Art. 6(1)(a)), given through Apple's App Tracking Transparency prompt on iOS, an in-app consent prompt on Android in the EEA, or the website cookie banner; decline and we fall back to privacy-preserving aggregate measurement only.
  • Retained: 14 months, after which event-level analytics data is automatically deleted by Google. Ad-measurement data is retained per Meta's and Google's advertising data policies.

3. What We Don't Do

  • We never sell your personal data.
  • We never use your photos for advertising, profiling or AI training — they are used only to make your prints.
  • No profiling of you from your photos, and no ads are shown inside the app.
  • No location data.
  • No access to your photo library — the app only sees the frames you shoot in-app.

4. Who Else Touches Your Data

We print and pack your photos ourselves, in our own facility, so your images are not handed off to any external printing partner. The only third parties involved are:

ServiceRoleWhat they seeLocation
Mollie B.V. Payment processor Order amount and your payment details (which we never receive) Netherlands (EU)
Amazon Web Services Server hosting & storage Encrypted application data, in EU regions EU
Apple (APNs) iOS push notifications Push token and notification payload (order status) EU / US
Google (Firebase Cloud Messaging) Android push notifications Push token and notification payload (order status) EU / US
Google (Analytics 4 / Firebase Analytics) Anonymous usage analytics Aggregate app & website usage events — no advertising ID, no photos EU / US
Microsoft Clarity Website usage analytics (heatmaps & session replays) Anonymized on-site interactions — clicks, scrolls and mouse movement on our web pages, with text and form inputs masked; no photos, no cross-site tracking EU / US
Google Ads Ad conversion measurement That an order completed and its value, plus a one-way hashed (SHA-256) form of your email to match the ad click — never your raw email or card details EU / US
Meta Platforms Ireland App-install & ad measurement (Facebook / Instagram ads) Aggregate app & ad events (installs, key steps, purchases and value) and, only with your consent, your device advertising identifier — never your photos, raw email or card details EU / US
PostNL and partner carriers Shipping Name and shipping address EU

Apple and Google process push tokens under their own terms; transfers outside the EU rely on the European Commission's Standard Contractual Clauses. No other personal data is transferred outside the EU.

5. Data Retention Summary

DataKept untilWhy
Photos48 hours after shipmentReprints in case of carrier loss/damage
Order, shipping & payment records7 yearsDutch tax law (art. 52 AWR)
Push tokenUntil you disable notifications or uninstallSending order updates
Anonymous usage analytics14 monthsProduct improvement (auto-deleted by Google)
Website heatmaps & session replays (Microsoft Clarity)Rolling window set by MicrosoftUnderstanding website usability
Ad-measurement data (Meta, Google)Per Meta / Google advertising data policiesMeasuring & improving our ads
Server access logs30 daysSecurity & abuse prevention

6. Your Rights Under GDPR

You have the right to: access your data, correct it, delete it (subject to our legal retention obligations), restrict or object to processing, and receive it in a portable format. To exercise any of these rights, email info@21pixapp.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or the supervisory authority in your country of residence.

7. Children

21Pix is not intended for users under 16. We do not knowingly collect data from children under 16. If you believe we hold data about a child under 16, contact us and we'll delete it.

8. Security & Breach Notification

Data in transit is protected with TLS. Data at rest in AWS is encrypted. Access is limited to personnel who need it to operate the service. If a personal data breach occurs that is likely to result in a risk to your rights, we will notify the supervisory authority within 72 hours and, where required, notify affected users directly by email.

9. Changes & Contact

If we make material changes to this policy we will update the date at the top and, where appropriate, notify recent customers by email. Continued use of 21Pix after a change constitutes acceptance.

Privacy contact: info@21pixapp.com

21Pix

Get in touch

21Pix Box A3821, Keurenplein 41 1069CD Amsterdam The Netherlands
Email
info@21pixapp.com
KVK
99311917
VAT
NL8689.27.764.B.01
  • Privacy Policy
  • Terms of Service
  • Support

© 2026 21Pix. All rights reserved.