Privacy Policy

How we handle your data and privacy

Last Updated: October 18, 2025

1. Introduction

ImageToExel ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

This policy complies with GDPR (EU), CCPA (California), and other applicable privacy regulations.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, full name, password (encrypted)
  • Payment Information: Processed by Lemon Squeezy (we do not store credit card details)
  • Profile Information: Optional avatar and display name

2.2 Authentication Data

  • Google OAuth: If you sign in with Google, we receive your email, name, and profile picture from Google
  • Email Verification: Verification tokens for email-based registration

2.3 Usage Information

  • Image Processing: We temporarily process uploaded images but delete them immediately after conversion
  • Usage Metrics: Number of images processed, processing timestamps, subscription tier
  • Analytics: Anonymized page views only (no personal identifiers)

2.4 Automatically Collected Information

  • Technical Data: IP address, browser type, device information, operating system
  • Cookies: Essential cookies for authentication and service functionality

3. How We Use Your Information

We use your information to:

  • Provide the Service: Process images, manage your account, handle subscriptions
  • Communicate: Send transactional emails (receipts, password resets, subscription updates)
  • Marketing: Send promotional emails (you can opt out anytime)
  • Improve the Service: Analyze anonymized usage patterns to enhance features
  • Ensure Security: Detect fraud, prevent abuse, enforce our Terms of Service
  • Legal Compliance: Comply with legal obligations and respond to lawful requests

4. Legal Basis for Processing (GDPR)

We process your data based on:

  • Contract Performance: To provide the Service you've subscribed to
  • Consent: For marketing communications (you may withdraw consent anytime)
  • Legitimate Interests: To improve our Service, prevent fraud, and ensure security
  • Legal Obligations: To comply with applicable laws

5. Data Sharing and Disclosure

5.1 Third-Party Services

We share limited data with:

  • Supabase: Database and authentication (data hosting)
  • Lemon Squeezy: Payment processing and subscription management
  • Google: OAuth authentication (if you choose Google sign-in)
  • AI API Providers: Temporary image processing (images deleted immediately after)
  • Analytics Provider: Anonymized page view data only

5.2 We Never Sell Your Data

We will NEVER sell, rent, or trade your personal information to third parties for marketing purposes.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority.

6. Your Uploaded Images

6.1 Temporary Processing

  • Images you upload are processed in real-time using AI technology
  • Images are automatically deleted immediately after conversion
  • We do not store, archive, backup, or retain your images beyond processing
  • No human reviews your uploaded images

6.2 No Image Storage

We do not maintain any database or storage system for uploaded images. Once conversion is complete, your images are permanently deleted from our servers.

7. Data Retention

  • Account Data: Retained while your account is active
  • After Account Deletion: Deleted within 30 days, except data we're required to retain by law
  • Usage Logs: Retained for 90 days for security and service improvement
  • Uploaded Images: Deleted immediately after processing (no retention)

8. Your Privacy Rights

8.1 GDPR Rights (EU Users)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restrict Processing: Limit how we use your data
  • Data Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Opt out of marketing communications anytime

8.2 CCPA Rights (California Users)

California residents have the right to:

  • Know what personal information we collect
  • Know whether we sell or disclose personal information (we don't sell)
  • Access your personal information
  • Request deletion of personal information
  • Opt out of data sales (not applicable, we don't sell data)
  • Non-discrimination for exercising your rights

8.3 Exercising Your Rights

To exercise any of these rights, contact us at: contact@imagetoexel.com

We will respond within 30 days (GDPR) or 45 days (CCPA).

9. Cookies and Tracking

9.1 Essential Cookies

We use essential cookies for:

  • Authentication and session management
  • Security and fraud prevention
  • Remembering your preferences

9.2 Analytics

We collect anonymized page view data only. No personal identifiers are tracked.

9.3 Cookie Control

You can control cookies through your browser settings, but disabling essential cookies may affect Service functionality.

10. Security

10.1 Security Measures

We implement industry-standard security measures:

  • Data encryption in transit (HTTPS/TLS)
  • Encrypted password storage
  • Secure authentication via Supabase
  • Regular security audits
  • Access controls and monitoring

10.2 No Guarantee

While we take reasonable precautions, no method of transmission over the internet is 100% secure. You use the Service at your own risk.

11. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately.

12. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure adequate safeguards are in place for such transfers in compliance with GDPR and other applicable laws.

13. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those websites. Please review their privacy policies.

14. Marketing Communications

14.1 Opt-In

We may send you promotional emails about new features, special offers, and updates.

14.2 Opt-Out

You can unsubscribe from marketing emails anytime by:

  • Clicking "unsubscribe" in any marketing email
  • Adjusting your account preferences
  • Contacting us at contact@imagetoexel.com

14.3 Transactional Emails

You cannot opt out of essential transactional emails (e.g., password resets, subscription confirmations) required for the Service.

15. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law within 72 hours of discovery.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

  • Email notification to registered users
  • Prominent notice on our website

Continued use of the Service after changes constitutes acceptance of the updated policy.

17. Contact Us

For privacy-related questions, concerns, or requests:

Email: contact@imagetoexel.com
Data Protection Inquiries: contact@imagetoexel.com

18. Jurisdiction-Specific Provisions

18.1 European Union (GDPR)

  • Data Controller: ImageToExel
  • Legal Basis: As described in Section 4
  • EU Representative: contact@imagetoexel.com
  • Right to lodge a complaint with your local supervisory authority

18.2 California (CCPA)

  • We do not sell personal information
  • Categories of data collected: As described in Section 2
  • Business purpose: As described in Section 3
  • Third parties: As described in Section 5

18.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate.