Last updated May 2026

Privacy policy

The short version: we don't keep your photos, we don't track you to advertisers, we don't run any ML on what you upload. The long version follows.

The short version: your images are deleted within an hour. No account, no profile, no photo gallery. We use exactly enough cloud services to make the editor work.

1. What we collect

When you use the editor we touch three classes of data:

  • The images you upload. Stored on Amazon S3 in a private bucket for up to one hour, then auto-deleted by the bucket's lifecycle policy.
  • The detection regions and blur settings. Held in your browser, sent to the API only as part of a single export request, never persisted server-side.
  • Standard request metadata — IP address, user agent, request path — held in CloudWatch and WAF logs for up to 24 hours, used only for abuse prevention.

We do not currently use any analytics product on the editor page. The marketing pages may use a privacy-respecting analytics tool (Plausible or similar) that does not set cookies or track individuals.

2. What we don't collect

  • Names, emails, or any account profile (there are no accounts).
  • Payment information (until a paid tier exists; that policy will be added then).
  • Cross-site browsing data, ad-targeting cookies, fingerprints.
  • Persistent identifiers about who uploaded what.

3. How long we keep things

  • Uploaded images: ≤ 1 hour, then deleted by S3 lifecycle policy.
  • Exported images: ≤ 1 hour, same mechanism.
  • Request logs (CloudWatch / WAF): 24 hours.
  • Detection regions: never persisted server-side. They live in your browser tab only.

4. Who we share data with

To do its job, the editor sends each uploaded image to one or more vision-API providers for detection. We currently use:

  • Amazon Web Services (S3, Rekognition, Lambda, CloudFront, WAF) — for storage, face detection, and infrastructure.
  • Google Cloud Vision API — for license plate detection (Object Localization) and document text OCR.

Both providers have data-usage terms that prohibit retaining your image content for training purposes. We do not share data with advertising networks, data brokers, or analytics SDKs.

5. Cookies

The editor itself does not set tracking cookies. We use a single SameSite=Lax cookie for CSRF protection on the marketing site forms, when those exist. Browser-side preferences (color scheme) are stored in localStorage only.

6. Your rights

Because we hold essentially no data about individuals, most data-subject rights are automatic — your data is already gone within an hour. If you uploaded something and want it deleted before the auto-expiry, use the contact form on the About page; we can purge a specific S3 prefix if you can give us the rough timestamp.

EU/UK residents: under GDPR, we act as a data controller for the limited request metadata noted above, and a processor for the image bytes during the brief window we hold them. Our retention windows are below most regulatory thresholds because we actively delete.

7. Security

  • HTTPS everywhere; HSTS preload.
  • S3 buckets have Public Access fully blocked. The only read paths are short-lived (~15 min) presigned URLs.
  • SSE-S3 server-side encryption on all stored objects.
  • API requires an HMAC-signed request from the BFF; direct browser calls are 403'd.
  • AWS WAF in front for rate-limiting and bot defense.

8. Changes

If we change this policy in a way that meaningfully affects users, the change will be announced on the home page and the "Last updated" date above will reflect it. We won't retroactively make our retention windows worse.

9. Contact

Privacy questions can be sent via the contact form on the About page.