Privacy Policy
We believe in transparency. Here's exactly what we collect, why, and how we protect your data.
Last updated: February 15, 2026
The Short Version
We don't store your files. Files are processed in memory and immediately discarded. We collect minimal data to operate the service — no advertising trackers, no selling your information, no hidden data collection.
What We Collect
Information You Provide
Email address — When you create an account or contact us
Payment information — Processed securely by Stripe — we never store full card details
Feedback and correspondence — When you contact support
Information Automatically Collected
Usage data — Pages visited, features used, compression settings
Device information — Browser type, operating system, screen resolution
IP address — Used for rate limiting and security
Cookies — Essential for session management and preferences
Information We Do NOT Collect
Your images — Files are processed in memory and immediately discarded. We never store or retain your files on our servers
Image metadata — EXIF data is stripped during compression for privacy. We never extract or store it
Third-party tracking — No Facebook Pixel, Google Analytics, or similar advertising trackers
How We Use Your Information
Provide the service
Process compressions, manage your account
Improve the product
Analyze usage patterns to enhance features
Security
Detect and prevent abuse, rate limiting
Communication
Send service updates (with opt-out)
Billing
Process payments and manage subscriptions
Legal Basis for Processing
Under the GDPR, we process your data based on the following legal grounds:
| Processing Purpose | Legal Basis |
|---|---|
| Account creation & management | Contract performance (Art. 6(1)(b)) |
| Payment processing | Contract performance (Art. 6(1)(b)) |
| File compression | Contract performance (Art. 6(1)(b)) |
| Security & rate limiting | Legitimate interest (Art. 6(1)(f)) |
| Usage analytics (Cloudflare) | Legitimate interest (Art. 6(1)(f)) |
| Service communications | Legitimate interest (Art. 6(1)(f)) |
| Optional marketing emails | Consent (Art. 6(1)(a)) |
Data Retention
We retain your data only as long as necessary for the purposes described:
| Data Type | Retention Period |
|---|---|
| Account email | Until account deletion or 12 months of inactivity |
| Payment records | 7 years (tax/legal requirements) |
| Usage data | 90 days |
| IP addresses (hashed) | 30 days |
| Support correspondence | 2 years after resolution |
| Session cookies | 1 year or until rejected |
Data Storage & Security
All data is stored on secure servers in the United States
We use industry-standard encryption (TLS 1.3) for all data transmission
Database connections are encrypted and access-controlled
We follow security best practices and regularly review our code for vulnerabilities
International Data Transfers
Your data is stored and processed in the United States
Our third-party providers (Stripe, Vercel, Cloudflare) maintain their own data transfer mechanisms compliant with applicable laws
We rely on the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs) for transfers of personal data from the EEA to the US
By using our Service, you acknowledge that your data may be transferred to and processed in the United States
Data Breach Notification
In the event of a data breach affecting your personal information, we will notify affected users without undue delay
Where required by GDPR, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach
Notifications will include the nature of the breach, likely consequences, and measures taken to address it
To report a suspected data breach, contact: privacy@sizesnap.io
Third-Party Services
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Stripe | Payment processing | Email, payment tokens | View policy |
| Vercel | Hosting & CDN | IP addresses, usage data | View policy |
| Cloudflare | Privacy-focused web analytics | Aggregated page views (no personal identifiers) | View policy |
All third parties are GDPR-compliant and bound by data processing agreements.
Your Rights
Depending on your location, you may have the right to:
Access
Request a copy of your data
Correction
Update inaccurate information
Deletion
Request account and data deletion
Portability
Export your data
Objection
Opt out of certain data uses
Complaint
Lodge a complaint with your local data protection authority
To exercise these rights, email: privacy@sizesnap.io
Cookies
We use essential cookies only:
Session cookie — Maintains your login state
Preference cookie — Remembers your settings (quality, format)
CSRF token — Security for form submissions
No marketing or tracking cookies are used.
Children's Privacy
SizeSnap is not intended for users under 13. No account registration is required for basic use, and we do not knowingly collect identifying information from children.
California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
Right to know what personal information we collect, use, and disclose
Right to request deletion of your personal information
Right to opt out of the sale of personal information
Right to non-discrimination for exercising your privacy rights
We do not sell personal information. In the preceding 12 months, we have collected identifiers (email, IP address), commercial information (purchase history), and internet activity information (usage data). These are collected directly from you and from automatic collection during your use of the Service. We use this information for the business purposes described in this policy.
Changes to This Policy
We may update this policy periodically. Changes will be posted here with an updated date. Significant changes will be notified via email.
Contact Us
Also see our Terms of Service and Security page
By using SizeSnap, you agree to this Privacy Policy.