Privacy Policy

This Privacy Policy describes how FastImageTools ("we", "us", or "our") collects, uses, and protects information when you use fastimagetools.com (the "Service").

1. Data Controller

FastImageTools is operated by a private individual based in California, United States, acting as the Data Controller under applicable data-protection laws (including GDPR and CCPA/CPRA).

For any privacy-related inquiries or data-subject requests, please contact:

privacy@fastimagetools.com

2. Overview

FastImageTools is designed as a privacy-first, local-first service. Where possible, image processing occurs entirely in your browser and files do not leave your device.

We collect only the minimum information necessary to operate and improve the Service.

3. Information We Do Not Collect

We do not:

• permanently store uploaded images or files beyond the stated retention windows;
• sell, rent, or share personal data with third parties for their own marketing purposes.

4. Image and File Processing

4.1 Local Processing (Default)

By default, files are processed locally in your browser using client-side technologies (WebAssembly). In these cases, files never leave your device and we have no access to them.

4.2 Remote Processing

Certain features may require server-side processing due to technical limitations (e.g., large files, advanced formats, AI-powered features, or premium operations).

When remote processing is used:

• you are informed in the interface that remote processing will occur;
• files are uploaded temporarily to secure, encrypted object storage;
• files are accessible only via time-limited, signed URLs;
• files are automatically deleted after processing (see Section 5 for retention details);
• files are not used for analytics, training, or marketing purposes.

5. File Retention

• Input files: automatically deleted within 24 hours of upload.
• Output files: automatically deleted within 72 hours of creation.
• Images processed locally are never stored by us.

Limited technical metadata (e.g., file size, format, processing duration) may be retained longer for security, fraud prevention, and debugging purposes. File contents are not retained beyond the stated retention windows.

6. Information We Collect Automatically

We may collect limited, non-identifying technical information, including:

• IP address (in anonymized or truncated form);
• browser type and version;
• operating system;
• referring URL;
• basic usage events (e.g., tool opened, job completed).

This information is used solely for:

• service reliability and performance monitoring;
• abuse prevention;
• aggregated analytics.

7. Cookies

FastImageTools uses the following categories of cookies and similar technologies:

7.1 Essential Cookies

Required for the Service to function (e.g., session management, CSRF protection, locale preferences). These cannot be disabled.

7.2 Analytics Cookies

Used to understand how visitors interact with the Service (e.g., Google Analytics). These collect aggregated, anonymized data such as page views and feature usage.

7.3 Advertising Cookies

Third-party advertising partners (including Google AdSense) may set cookies to display ads based on your visits to this and other websites. You may opt out of personalized advertising by visiting: Google Ad Settings.

7.4 Consent Management

We are implementing a cookie consent banner to give you granular control over non-essential cookies. Until the consent banner is fully deployed, you may manage cookies through your browser settings.

8. Analytics

We use Google Analytics 4 (GA4) to collect aggregated, anonymized usage data.

Google Analytics may process:

• page views and navigation patterns;
• feature usage events;
• approximate geographic location (country/region level);
• IP address (processed by Google; we enable IP anonymization where available).

Data collected through Google Analytics is used solely for understanding Service usage and improving the user experience. For more information, see the Google Privacy Policy.

9. Advertising

FastImageTools may display advertisements provided by Google AdSense.

• Google AdSense may use third-party cookies to serve ads based on your browsing history.
• Personalized ads may be displayed based on your interests as determined by Google.
• You may opt out of personalized advertising at any time via Google Ad Settings.

For details on how Google collects and uses data, see the Google Privacy Policy.

10. Payments & Stripe

Payment processing for premium features is handled by Stripe, Inc., an independent third-party payment processor.

• We do not store full credit-card numbers, CVVs, or bank-account details on our servers.
• Payment information is collected and processed directly by Stripe, which acts as an independent data controller for payment data.
• We may receive limited information from Stripe (e.g., last four digits of your card, billing country, transaction status) to manage your subscription.

For information on how Stripe handles your data, see the Stripe Privacy Policy.

11. Accounts & Stored Data

When you create an account, we may collect and store:

• email address;
• authentication data from OAuth providers (e.g., Google, GitHub), such as display name and avatar;
• billing information (managed through Stripe — see Section 10);
• subscription history and plan details;
• job history (processing records, settings used, timestamps).

Account data is retained while your account is active. You may request deletion of your account and associated data at any time by contacting privacy@fastimagetools.com.

12. Third-Party Services

We may use trusted third-party services for:

• website hosting and deployment;
• content delivery (CDN);
• object storage (file uploads for remote processing);
• error monitoring;
• analytics (Google Analytics — see Section 8);
• advertising (Google AdSense — see Section 9);
• payment processing (Stripe — see Section 10).

These providers process data only on our behalf and under contractual confidentiality obligations, unless they act as independent data controllers (e.g., Stripe for payment data, Google for advertising).

13. Open Source Software

The Service uses open-source components. Their licenses and notices are documented in our Legal & Open Source Notices page.

Nothing in this Privacy Policy limits your rights under applicable open-source licenses.

14. Your Rights (GDPR & CCPA)

14.1 GDPR Rights (EU/EEA/UK/Swiss Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following rights apply under the General Data Protection Regulation (GDPR):

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate personal data.
• Right to erasure — request deletion of your personal data.
• Right to restrict processing — request that we limit how we use your data.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests.
• Right to withdraw consent — withdraw consent at any time where processing is based on consent.
• Right to lodge a complaint — file a complaint with your local data protection authority.

14.2 Legal Basis for Processing (GDPR)

We process limited personal data based on:

• Legitimate interests — service reliability, security, abuse prevention, analytics;
• Consent — where required for non-essential cookies or analytics;
• Contract performance — to provide services you have requested (e.g., paid subscriptions).

14.3 CCPA/CPRA Rights (California Users)

If you are a California resident, the following rights apply under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know — request disclosure of the categories and specific pieces of personal information collected.
• Right to delete — request deletion of your personal information.
• Right to correct — request correction of inaccurate personal information.
• Right to opt-out of sale — we do not sell personal information as defined under CCPA/CPRA.
• Right to non-discrimination — exercising your rights will not result in discriminatory treatment.

14.4 Categories of Personal Information (CCPA)

We may collect the following categories of personal information:

• identifiers (e.g., IP address, email address);
• internet activity information (e.g., browser type, usage events);
• commercial information (e.g., subscription history), if you have an account.

14.5 How to Submit Requests

Requests to exercise any of the above rights may be submitted via email to: privacy@fastimagetools.com

We will respond to verified requests within the timeframes required by applicable law (generally within 30 days for GDPR and 45 days for CCPA).

For advertising-related preferences, you may also manage your settings via Google Ad Settings.

15. International Data Transfers

FastImageTools is operated from the United States. If you access the Service from outside the United States (including the EU/EEA), your data may be transferred to and processed in the United States.

Where personal data is transferred outside the EEA, we rely on appropriate safeguards as required by GDPR, including standard contractual clauses where applicable.

16. Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit — all data is transmitted over HTTPS/TLS.
• Signed URLs — server-processed files are accessed only via time-limited, cryptographically signed URLs.
• Access controls — server infrastructure uses role-based access and least-privilege principles.
• Limited retention — files and logs are automatically deleted per the retention schedule in Section 5.
• Local-first architecture — the default local processing model means most files never leave your device.

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

17. Do Not Track

The Service does not currently respond to "Do Not Track" (DNT) browser signals. There is no uniform standard for how online services should respond to DNT signals. You may manage tracking preferences via your browser settings or through the opt-out mechanisms described in Sections 7, 8, and 9.

18. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact privacy@fastimagetools.com and we will promptly delete it.

19. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

20. Contact

If you have any questions or concerns about this Privacy Policy, please contact:

• Privacy inquiries & data requests: privacy@fastimagetools.com
• General legal inquiries: legal@fastimagetools.com