Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Pxxl App is a Brazilian hosted ecommerce and sales page platform used by creators, infoproducers and SMBs to publish online stores, checkout flows and one page sales funnels. It hosts customer data in Brazil and integrates with Meta, Google and TikTok ad pixels by default. For European merchants, GDPR compliance focuses on the EU to Brazil transfer, consent for advertising pixels and a clear cookie configuration on the storefront.
Pxxl App is a hosted Brazilian ecommerce and sales page platform that lets creators, infoproducers and small merchants build online stores, single page sales funnels and digital download flows without dedicated development. It bundles checkout, payment, customer database and built in advertising integrations into a single SaaS dashboard.
Pxxl App stores customer profile data (name, email, billing address, phone), order history, product preferences, payment metadata (tokenised, not raw card data), session and cart cookies, and visit analytics. It can additionally inject Meta Pixel, Google Tag, GA4 and TikTok Pixel scripts on the storefront when the merchant enables advertising integrations.
Strictly necessary cookies for the cart and checkout can be set without consent under Article 5(3) ePrivacy. Advertising pixels and analytics integrations require granular, prior consent. The merchant remains the controller for the customer relationship and must publish a complete privacy policy mentioning Pxxl App as a processor.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Brazil has its own data protection law (LGPD) but does not have a formal EU adequacy decision. Transfers from the EU to Brazil therefore require Standard Contractual Clauses with Pxxl App and a Transfer Impact Assessment. The LGPD is conceptually close to the GDPR which generally simplifies the TIA.
Sign the Pxxl App data processing agreement and SCCs, configure the storefront to load advertising pixels only after consent, document the EU to Brazil transfer in your records, mention Pxxl App and any third party pixels in your privacy policy, define a customer data retention period, and run a DPIA if you operate at scale or sell to special categories.
Websites using Pxxl App must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended when Pxxl App is deployed at scale by European merchants. The combination of customer profile storage in Brazil, integrated advertising pixels and order data containing payment context creates a profile that benefits from formal risk assessment.
Sample consent text
This online store runs on Pxxl App. Pxxl App stores customer and order data on servers located in Brazil. With your consent, the store also loads Meta, Google or TikTok advertising pixels. Strictly necessary cookies (cart, session) are always active. You can withdraw consent at any time.
Third-party domains contacted
pxxl.com.brapp.pxxl.com.brcdn.pxxl.com.brcheckout.pxxl.com.brCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| pxxl_session | first_party | session | Maintains the visitor session and authenticates checkout requests |
| pxxl_cart | first_party | 14 days | Stores the shopping cart identifier so items persist between visits |
| pxxl_csrf | first_party | session | Protects checkout forms against cross site request forgery |
| pxxl_visitor | first_party | 1 year | Identifies returning visitors for storefront analytics, requires consent |
Pxxl App uses cookies for user preferences — inform visitors with a consent banner.
By default Pxxl App sets a session cookie, a cart cookie and a CSRF cookie that qualify as strictly necessary. When the merchant enables advertising, additional cookies from Meta, Google or TikTok pixels are set, which require consent.
Yes for advertising pixels, analytics integrations and marketing cookies. No for the strictly necessary cart and checkout cookies. Use a CMP that gates the advertising pixels until consent is captured.
Contract performance for processing orders and customer accounts. Consent for advertising pixels and analytics. Legitimate interest can apply to fraud prevention with a documented LIA.
Yes. Customer and order data is hosted in Brazil. Brazil has the LGPD but no formal EU adequacy decision, so SCCs and a Transfer Impact Assessment are required.
A DPIA is recommended for European merchants operating at scale, particularly when integrating advertising pixels with cross border data flows. For small storefronts a documented risk assessment is generally sufficient.
Sign DPAs and SCCs, deploy a CMP, gate advertising pixels and analytics behind consent, document the Brazil transfer in your records, name Pxxl App as processor and the pixel vendors as separate or joint controllers, define a customer retention period.
Yes: Shopify (with EU residency configurations), PrestaShop (self hosted in the EU), WooCommerce on EU hosting, Lightspeed (Netherlands) and Centra (Sweden). EU based platforms simplify the transfer compliance position.
State that the storefront runs on Pxxl App (Brazil), that customer and order data is hosted in Brazil under SCCs, list any advertising pixels (Meta, Google, TikTok) with their data flows, and link to the Pxxl App and pixel vendor privacy policies.