Pixelpipe is early-stage. Use the latest GitHub release or rolling release unless you are testing a specific commit.

Pixelpipe can store a PixelDrain API key for quota display and rclone remote setup.

The key is encrypted with Windows DPAPI for the current Windows user before it is written to Pixelpipe's settings file:

%APPDATA%\Pixelpipe\settings.json

Do not post this file publicly. Even though the key value is DPAPI-protected, it is still account-related data.

Logs are stored here:

%LOCALAPPDATA%\Pixelpipe\logs\

Pixelpipe avoids intentionally writing raw API keys to logs. When reporting bugs, review logs before posting them publicly.

Pixelpipe should run as a normal user. Running as Administrator can make mounted drives invisible to normal File Explorer and can complicate process cleanup.

The app manifest requests asInvoker, not admin elevation.

Open a private security advisory on GitHub if available, or open an issue with minimal sensitive detail and request a private contact path.