DOC_REF // PRIV-2026-V1

Privacy Policy

Last updated: March 22, 2026. The short version: your images never reach us, we collect minimal website analytics, and we do not sell anything about you to anyone. The long version is below. We wrote it so a normal person can actually read and understand it.
THE ACTUALLY SHORT VERSION
Do we see your images?
No. They process locally in your browser. We never receive them.
Do we store your files?
No. Nothing is uploaded. Nothing is stored. Nothing to delete.
Do we sell your data?
No. We do not sell, rent, or trade any information about you.
Do we use cookies?
Yes, minimal ones. Analytics and site function. Not advertising.
Do we collect personal info?
No account required. No name, no email, no personal data collected.
What do we collect?
Anonymous page view analytics. That's basically it.
SECTIONS
1. Who We Are2. Your Images (Read This)3. What We Actually Collect4. Why We Collect It5. Cookies6. Who Sees Your Data7. How Long We Keep It8. Your Rights9. Children10. Third-Party Services11. Security12. GDPR and CCPA13. Policy Changes14. Contact

1. Who We Are§ 1.0

FreeImageTools.org is an independent website that provides free, browser-based image processing tools. The site is operated by its owner and does not belong to a corporation, VC-backed startup, or advertising company.

There is no company account signup. No shareholder meeting where your data gets discussed. Just a website with tools that respect your privacy because that is how the site was built, not because of a legal requirement.

For any data-related questions, contact us at privacy@freeimagetools.org.

/// HUMAN TRANSLATION

We're an independent site. Not Google. Not Adobe. Not a subsidiary of anyone. One site, 25 tools, no investor pressure to monetize your data.

2. Your Images — Read This Part§ 2.0

This is the most important section. Read it.

When you use any tool on FreeImageTools, your image file is loaded into your browser's memory from your local device. Our JavaScript code processes it there, on your machine, using your CPU and your RAM. The processed output is generated in your browser and offered as a download.

At no point does your image file travel over the internet to our servers. We do not have a server-side image processing pipeline. We do not receive uploads. We do not store files. We do not have a database of processed images.

This is not a marketing claim. It is an architectural fact. You can verify it yourself by opening your browser's developer tools, going to the Network tab, and watching what requests are made when you process an image. You will see no upload of your file.

What this means practically:

  • We cannot see your images. Not even if we wanted to.
  • We cannot recover a file you forgot to download. It was never on our side.
  • No one can compel us to produce your images in a legal proceeding, because we do not have them.
  • Your GDPR / CCPA rights around image data are not implicated here, because we do not process that data at all.
  • Processing a confidential document or sensitive photo here carries no data exposure risk on our side. The risk, if any, is on your device.
/// HUMAN TRANSLATION

Your photos never leave your computer. This is the main thing. Compress your boss's confidential presentation screenshots, your own medical images, photos you'd rather not have on a random company's server. All fine here. We literally cannot see any of it. The processing is happening in your browser tabs.

3. What We Actually Collect§ 3.0

Since we do not have user accounts and do not receive your images, our data collection is minimal. Here is what we do collect.

Website Analytics
What: Page views, which tool pages are visited, approximate country, device type (desktop vs mobile), browser type, referral source (where you came from)
Why: To understand how many people use the site, which tools are popular, and where to focus improvements. This data is processed in aggregate. We cannot identify individual visitors from it.
Kept for: Up to 14 months, then deleted
Technical Data
What: IP address (anonymized), browser version, operating system, screen resolution
Why: For server logs, security monitoring, and debugging issues. Standard for any website.
Kept for: 90 days in server logs, then deleted
Cookies
What: Session cookies, preference cookies (dark mode setting), analytics cookies
Why: See Section 5 for the full breakdown. Short version: we use minimal cookies and none of them are advertising cookies.
Kept for: Session cookies expire when you close the tab. Others last 30 days to 1 year.
Feedback Submissions
What: If you use the feedback form on the homepage, we receive the text you typed
Why: To read bug reports, feature suggestions, and messages from users. We need to receive this to respond to it.
Kept for: Until acted upon, then deleted. We do not build profiles from feedback.
/// HUMAN TRANSLATION

We collect anonymous analytics about which pages people visit, some technical data for server logs, cookies (minimal ones), and the text of feedback form submissions. That's the complete list. We do not collect your name, email, address, payment info, or anything personal because we never ask for it.

4. Why We Collect It§ 4.0

Analytics data helps us understand whether the site is working. If the compress tool page has a 95% bounce rate and nobody downloads anything, something is wrong and we should fix it. If color palette is getting 10x the traffic we expected, maybe we should write more content about it. That's the use case.

Server logs exist because that is what servers do. They record requests so that when something breaks we can figure out why. After 90 days the logs are gone.

Feedback form data exists to read it and respond to it. We don't run it through a CRM. We don't build profiles. Someone sends a bug report, we read it, we fix the bug.

We do not use your data for advertising. We do not create behavioral profiles. We do not run retargeting campaigns. We do not sell anything.

5. Cookies§ 5.0

We use cookies. Here is exactly what each one does.

Session Cookie
ESSENTIAL
Keeps your browser session working while you use the site. Remembers your dark/light mode preference within the current visit.
Opt out: No — the site doesn't work without it  |  Expires: When you close the browser tab
Preference Cookie
FUNCTIONAL
Remembers your dark mode or light mode choice across visits. Without it, you'd have to toggle it every time you come back.
Opt out: Yes — you'll just lose the saved preference  |  Expires: 1 year
Analytics Cookie
ANALYTICS
Counts page views and tracks which tools people use. The data is anonymized and aggregated. We use a privacy-focused analytics tool that does not build individual user profiles.
Opt out: Yes — use the cookie preference panel in the footer  |  Expires: 30 days

We do not use advertising cookies, tracking pixels, or any third-party ad network cookies. There is no Facebook Pixel. No Google Ads remarketing tag. No affiliate tracking cookie. You will not see ads for image tools following you around the internet after visiting this site.

/// HUMAN TRANSLATION

Three cookies. One keeps the site working, one remembers your dark mode setting, one counts page views. You can turn off the last two. None of them are spying on you for ad targeting. We don't run ads.

6. Who Sees Your Data§ 6.0

This is the sharing question. Here is the complete list of who sees what.

Our Hosting Provider
Sees: Server logs, technical data
Why: The servers that serve the website are hosted somewhere. They process requests which include your IP address.
Contractually bound: Yes — data processing agreement in place
Our CDN Provider
Sees: Requests for static assets (scripts, fonts, the background removal model)
Why: Content delivery networks serve our static files faster globally. Your image files are not static assets and never pass through the CDN.
Contractually bound: Yes — standard CDN data processing terms
Our Analytics Provider
Sees: Anonymized page view data, device type, approximate country
Why: To count traffic and understand usage patterns. We use a privacy-focused analytics service that does not sell data and processes it anonymously.
Contractually bound: Yes — privacy-first analytics, no personal data sharing
Law Enforcement
Sees: Server logs if legally required by valid court order or legal process
Why: If we receive a valid legal order compelling disclosure, we comply with the law. We would push back on overreaching requests.
Contractually bound: N/A — legal requirement
// WE DO NOT SELL YOUR DATA

We do not sell, rent, trade, or give away any data about you to advertisers, data brokers, marketing companies, or any other third party for commercial purposes. There is no business model here that involves monetizing your information. The site is funded by unobtrusive display ads, not by data sales.

7. How Long We Keep It§ 7.0

We keep data for as short a time as makes sense for the purpose it was collected.

Server logs
90 days
Debugging and security incident investigation
Analytics data
14 months
Standard analytics retention, then deleted or aggregated into anonymous summaries
Preference cookies
1 year
So you don't have to reset dark mode every time you visit
Feedback submissions
Until resolved
We read them, act on them, then delete them
/// HUMAN TRANSLATION

Nothing we collect sticks around longer than it needs to. Server logs gone in 90 days. Analytics gone in 14 months. Feedback gone after we deal with it. We're not building a historical archive of who visited what page when.

8. Your Rights§ 8.0

Even with minimal data collection, you still have rights over what little data we do hold.

Right to Know
You can ask what data we hold about you. Given we don't collect personal information and anonymize analytics, the answer is usually 'very little, and here's the breakdown.'
Right to Delete
You can ask us to delete what we have. Since it's mostly anonymous analytics, there may not be anything identifiable to delete. We will tell you honestly.
Right to Object
You can object to our analytics data collection by opting out of analytics cookies. Use the cookie preferences panel in the footer.
Right to Portability
If we somehow hold data about you in an identifiable form (like a feedback submission), you can ask for a copy of it.
Right to Correct
If you've submitted feedback with incorrect information, let us know and we'll update or delete it.
Right to Complain
If you think we're mishandling your data, you can complain to your local data protection authority. EU users go to their national DPA. UK users go to the ICO at ico.org.uk.

To exercise any of these rights, email privacy@freeimagetools.org. We will respond within 30 days. Because we collect so little personal data, most requests are straightforward to fulfill.

/// HUMAN TRANSLATION

You have the right to know, delete, and control your data. The slightly funny thing is that we collect so little about you that most data rights requests resolve in about two sentences. But the rights are real and we will honor them.

9. Children§ 9.0

FreeImageTools is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect any personal information from children. Since we don't collect personal information from anyone, this is largely academic.

If you are a parent and you think your child has used this site and somehow submitted personal information, contact us at privacy@freeimagetools.org and we will address it.

10. Third-Party Services§ 10.0

Some components of FreeImageTools use third-party libraries. The background removal tool downloads its AI model from a CDN. Our site loads fonts from Google Fonts. Analytics is handled by a third-party analytics service.

These third parties handle only technical data, not your image files. Our blog may link to external sites. Once you leave FreeImageTools and land on another site, their privacy policy applies. We are not responsible for third-party privacy practices.

The open-source libraries powering our tools (browser-image-compression, heic2any, jsPDF, react-easy-crop, react-dropzone, @imgly/background-removal, and others) run locally in your browser and have no server-side data collection of their own in our implementation.

11. Security§ 11.0

The best security for image data on our platform is the fact that we never receive it. There is no image database to breach because there is no image database.

For the data we do handle (server logs, analytics, feedback), we use standard security measures: encrypted connections (HTTPS everywhere), access controls on server infrastructure, and reputable hosting and service providers.

If you discover a security vulnerability in our site, please report it to security@freeimagetools.org before disclosing it publicly. We will acknowledge your report within 48 hours and work to fix real vulnerabilities promptly.

/// HUMAN TRANSLATION

Your images are safe because they never leave your device in the first place. That's the strongest possible security guarantee. For everything else we handle, we use standard web security practices. And if you find a bug, please tell us before tweeting about it.

12. GDPR and CCPA§ 12.0

If you are in the EU or UK, GDPR applies to personal data we process. Since we don't collect personal data in any traditional sense (no name, no email, no account), most GDPR obligations around consent and data subject rights operate in a simplified way here. The analytics data we collect is anonymized and therefore falls outside GDPR's scope in most interpretations. Our cookie consent mechanism covers the areas where consent is required.

If you are a California resident, CCPA gives you additional rights. We do not sell personal information (CCPA Section 1798.100). We do not discriminate against users who exercise privacy rights. To submit a CCPA request, email privacy@freeimagetools.org with "California Privacy Request" in the subject line.

If your jurisdiction has specific data protection laws we have not mentioned here, email us. We will tell you honestly how our practices relate to those laws. Our general approach is that we collect the minimum necessary data and respect user rights. That aligns with most privacy regulations worldwide.

13. Policy Changes§ 13.0

We can update this policy when our practices change. We will update the "Last updated" date at the top. For significant changes, we will post a notice on the site.

Since there is no account system, we cannot email you directly about policy changes. Check the date at the top if you want to know whether the policy has changed since you last read it. We keep previous versions archived and will share them on request.

14. Contact§ 14.0

Privacy questions get real answers here. Here is who to contact.

PRIVACY QUESTIONS
privacy@freeimagetools.org
Any question about this policy or how we handle data. Response within 5 business days.
DATA RIGHTS REQUESTS
privacy@freeimagetools.org
Access, deletion, correction requests. Include 'Data Rights Request' in the subject line.
SECURITY CONCERNS
security@freeimagetools.org
Vulnerabilities, suspicious activity. We read this one fast.
EVERYTHING ELSE
hello@freeimagetools.org
General questions, feedback, tool suggestions. We're friendly.
[END OF PRIVACY POLICY]
FreeImageTools.org — Version PRIV-2026-V1 — Effective March 22, 2026