Legal

Privacy Policy

Last updated: 2026-05-17

How ImageResized handles your personal data when you use our website and image tools, including your rights under GDPR and Portuguese law.

1. Who is responsible for your data?

The data controller for ImageResized (https://imageresized.com) is Hugo Rafael Jácome Antunes, an individual based in Portugal (personal project, not a registered company).

Contact for privacy matters: hugojantunes2004@gmail.com.

2. Scope

This Privacy Policy explains how we collect and use personal data when you visit our website, create an account, or use our image processing tool. It applies to visitors worldwide. If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and applicable national law (including Portugal's Law 58/2019) apply.

3. Personal data we process

  • Account data: email address, authentication identifiers, profile information (e.g. display name, avatar if you upload one), and sign-in method (email or social login via Supabase Auth).
  • Usage data: information about how you use the service (e.g. trial usage limits, session data) to provide the tool and prevent abuse.
  • Payment and billing data: plan selected, transaction identifiers, payment status, and billing history. Card details are processed by our payment provider; we do not store your full card number.
  • Images you upload: files you submit for conversion or editing. These are transmitted to our servers for processing and are not used for advertising or sold to third parties.
  • Technical data: IP address, browser type, device information, and logs necessary for security and operation.
  • Cookie and similar technologies: as described in our Cookie Policy.

4. Purposes and legal bases (GDPR)

  • Provide the service (account, image processing, downloads) — performance of a contract (Art. 6(1)(b) GDPR) or steps prior to entering a contract.
  • Security, fraud prevention, and service integrity — legitimate interests (Art. 6(1)(f)), balanced against your rights.
  • Analytics (Google Analytics) — your consent (Art. 6(1)(a)); you can withdraw consent at any time via cookie preferences.
  • Payments and subscriptions — performance of a contract (Art. 6(1)(b)) and legal obligations (Art. 6(1)(c)) for tax and accounting where applicable.
  • Legal obligations — where required by law (Art. 6(1)(c)).
  • Communications you request (e.g. support email) — legitimate interests or contract.

5. Image processing

When you use the converter, images are uploaded from your browser to our application server, processed with our image pipeline (including Sharp), and returned to you for download. Processing is generally transient: we do not use your images to train AI models or for marketing. Avoid uploading images that contain special categories of personal data (e.g. health, biometric, or children's data) unless you have a lawful basis to do so.

Temporary handoff storage in your browser (e.g. IndexedDB) may be used so you can navigate to the tool with selected files; this stays on your device until consumed or cleared.

6. Recipients and processors

We use trusted service providers who process data on our instructions, including:

  • Supabase — authentication, database, and related infrastructure (may process data in the EU and/or other countries with appropriate safeguards).
  • Hosting providerSupabase (database, authentication) and the application hosting provider where this site is deployed.
  • Google Analytics — only if you accept analytics cookies; Google Ireland Ltd. / Google LLC.
  • Payment provider (e.g. Stripe) — to process subscriptions and one-off payments securely.
  • Web3Forms — to deliver messages sent through our contact form.
  • OAuth providers (e.g. Google, Facebook) — if you choose social login, subject to their policies.

We do not sell your personal data.

7. International transfers

If personal data is transferred outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions, or other mechanisms permitted under GDPR Chapter V.

8. How long we keep data

  • Account data: for as long as your account exists and as needed thereafter for legal claims or obligations.
  • Images on servers: processed for the duration of the request; we do not retain uploaded source files for long-term storage as part of the conversion flow.
  • Logs: typically limited retention for security and troubleshooting.
  • Analytics: according to Google Analytics settings and your consent status.
  • Billing records: as required for accounting, tax, and dispute resolution (typically several years under applicable law).

9. Your rights

Depending on applicable law, you may have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent (without affecting prior processing)
  • Lodge a complaint with a supervisory authority

In Portugal, the supervisory authority is the CNPD (Comissão Nacional de Proteção de Dados) — www.cnpd.pt. EEA users may also contact their local data protection authority.

To exercise your rights, email hugojantunes2004@gmail.com. We may need to verify your identity.

10. Children

ImageResized is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will delete it.

11. Security

We implement technical and organisational measures appropriate to the risk (encryption in transit, access controls, secure authentication). No method of transmission over the Internet is 100% secure.

12. Changes

We may update this policy. The "Last updated" date will change. Material changes may be notified on the site or by email where appropriate.

These documents are provided in English for international users. Where EU law applies (including Portugal), you retain the rights described above. For questions, use the contact form on the home page.