Your privacy is our priority. This policy, reviewed on April 1, 2026, explains how our browser-first approach keeps creatives safe for monetization reviews, accessibility audits, and day-to-day publishing.
ImageTools replaces legacy upload workflows with deterministic, in-browser processing. Creative directors, policy reviewers, and accessibility auditors can all cite this section to demonstrate that sensitive assets never leave the device. Every statement below is part of our published privacy narrative.
42K+
Local sessions / day
Average browser-only edits completed without uploading a single byte.
0s
Server retention
Assets disappear instantly because they never leave volatile browser memory.
24h
Privacy inbox SLA
Maximum acknowledgement window for any rights or deletion request.
These principles guide every release, from experimental AI resizers to enterprise PDF redaction workflows.
WebAssembly pipelines, service workers, and in-browser GPU acceleration handle every conversion. The interface never mounts a file uploader, so there is no accidental cloud drift.
We publish internal playbooks describing how we triage incidents, how we select subprocessors, and how we test consent flows.
Automation enforces the guardrails, while a dedicated privacy desk handles nuance. The combination keeps enforcement consistent without feeling robotic.
All image editing happens in your browser
Your images never leave your device
Temporary data cleared after each session
Anonymous usage data only
Privacy is not just a policy—it is a collection of layered controls spanning infrastructure, runtime, and people.
HSTS, TLS 1.3, and automatic certificate rotation protect every UI request. Even though image data stays local, the shell experience still adopts enterprise-grade transport.
Subresource Integrity (SRI) hashes guarantee that the WASM bundles you load are exactly the ones we published.
Content Security Policy (CSP) blocks inline scripts, disallows eval, and pins WebAssembly origins. Sandboxed iframes isolate high-risk modules like OCR or PDF parsing.
Global error boundaries scrub stack traces before they reach any optional analytics target.
Two-person reviews apply to every dependency bump. Secrets never enter the repo, and build agents run on short-lived tokens.
Annual SOC 2 and ISO 27001 mappings are stored in a reviewer packet you can request from privacy@freeimagesresizer.com.
Choose the path that matches your request. Every workflow is lightweight, fully documented, and handled by a trained privacy specialist.
Request logs or correspondence history by emailing privacy@freeimagesresizer.com from the same contact address. We confirm scope, share an encrypted bundle, and delete the package after 7 days.
Ideal when you need documentation for partner due diligence or regulator follow-ups.
Because images never hit our servers, deletion usually applies to metadata such as support messages. We confirm completion with a timestamp and include our verification steps.
Great for agency offboarding or if you want to pause analytics entirely.
If you are an agency or legal representative, send a signed letter plus the requester’s authorization token. We keep the flow lightweight while honoring regional regulations.
Useful for GDPR Art. 80 representation, CCPA agent requests, or compliance audits.
Teams that need DPAs or bespoke clauses can leverage our pre-reviewed template. It documents local processing, subprocessors, and incident notification timelines.
Contact sales@imagetools.app to kick off review; most agreements finalize within five business days.
Use these pillars to brief legal teams, agency partners, or Google AdSense reviewers on how ImageTools handles data.
Local processing, zero retention, and consent-aware UX patterns across every tool.
Clear controls for access, deletion, and opt-outs without legal jargon.
Share these answers with reviewers or users who want deeper clarity about our privacy posture.
No. We rely on on-device heuristics and user reports. If we must investigate abuse, we ask the submitting user to share redacted proof voluntarily.
Essential functionality remains available. Analytics events will not fire, but site performance remains optimal.
Our Terms prohibit processing unlawful or sensitive personal data. Reports are escalated to the compliance inbox and acted on within 24 hours.
Every vendor undergoes an intake checklist covering data residency, encryption posture, SOC 2 status, and incident-report SLAs. We store the answers in a reviewer packet and publish summaries in our transparency changelog.
Yes. The PWA install mode caches the full application shell so you can operate without an internet connection after the first load. All privacy promises remain intact because everything is still executed locally.
Questions about privacy?
At Image Tools, we believe your privacy is a fundamental right. That's why we've built our platform with privacy-first principles. Unlike many online services, we process your images locally in your browser - they never leave your device. This approach ensures maximum privacy and security for all your image editing needs.
The policy is shaped by three commitments: be understandable, be inspectable, and be adaptive. We avoid legal jargon, publish change logs for reviewers, and ship rapid improvements whenever new regulations or partner requirements emerge.
We prioritize your privacy and collect minimal data necessary to provide our services:
• Image Data: Processed entirely in your browser - never sent to our servers • Technical Information: Browser type, device info, and anonymized usage analytics • Contact Data: Only when you explicitly reach out to us via contact forms
All image processing happens locally in your browser, ensuring your files never leave your device.
Your data is used solely to enhance your experience:
• Service Operation: To provide and maintain our image processing tools • User Experience: Analyze usage patterns to improve functionality • Customer Support: Respond to your inquiries and feedback • Security: Protect our platform and prevent misuse
We never sell your data or use it for advertising purposes.
We employ industry-best practices for data security by leveraging modern web technologies:
• Client-Side Processing: Our tools utilize JavaScript and WebAssembly (WASM) to process image data directly on your CPU/GPU. • Memory Isolation: Images are stored in your browser's RAM as temporary Blobs or typed arrays. They are never committed to persistent storage on any server. • End-to-End Privacy: Because the bitstream conversion happens within your browser's sandbox environment, no unencrypted image data ever crosses the network. • Automatic Cleanup: All temporary memory pointers are garbage-collected and cleared immediately when you finish a task or close the application tab.
Our architecture is strictly "Serverless" regarding your personal media, providing 100% privacy by design.
We use minimal third-party services to enhance functionality:
• Google Analytics: Anonymous usage statistics (you can opt-out) • EmailJS: Secure contact form processing • Vercel: Secure hosting with enterprise-grade security
All third-party providers are vetted for privacy compliance and data protection.
You have complete control over your data:
• Right to Access: Request information about your personal data • Right to Delete: Ask us to remove any stored information • Right to Opt-Out: Disable analytics and non-essential tracking • Data Portability: Request your data in a readable format
Contact us anytime to exercise these rights.
Understanding this flow helps creators and compliance teams explain why ImageTools qualifies as a local-processing solution. Each stage below includes an internal control that we test weekly.
Files remain inside the browser’s sandbox.
We transform uploads into memory-based blobs and never touch disk or remote caches.
WebAssembly accelerators run deterministically.
Whether you resize, compress, or convert PDFs, every operation stays on your CPU/GPU.
Results stream directly to the download pipeline.
We hash the result, compare it to the intended transformation, and make it available for instant download.
Memory gets cleared automatically.
Optional analytics only record success/failure counts with randomized identifiers.
We're committed to transparency and happy to answer any questions about our privacy practices.