Privacy Policy

Our Approach to Privacy

We built Shrink.fast with privacy as a core principle. We collect only the data we need to provide our service, and we delete your images automatically after processing. This policy explains what we collect, how we use it, and your rights under GDPR.

Information We Collect

Account Information

When you create an account, we collect your email address and name. If you sign in with Google, we receive your email and name from your Google account. We use Better Auth for authentication, which stores session information securely.

Images You Upload

When you use our compression service, we temporarily store your images on our servers to process them. Guest users' images are deleted after 1 hour. Registered users' images are deleted after 24 hours. We never access or view your images beyond what is necessary for compression.

Analytics Data

We use Swetrix, a privacy-focused analytics tool. We do not use cookies for tracking. All data is collected anonymously. We don't use persistent, cross-device tracking, and don't use your data for any other purposes. We also collect anonymous compression metrics to improve our service, but this data cannot be linked to any individual user.

Payment Information

We use Polar.sh to process payments. We do not store your payment details on our servers. Polar handles all payment processing and stores your billing information according to their privacy policy.

Cookies and Storage

We use HTTP-only cookies and browser storage solely for authentication purposes (keeping you logged in). These are "strictly necessary" for the service to function and cannot be disabled. We do not use any tracking cookies or third-party advertising cookies.

Legal Basis for Processing

Under GDPR, we process your data based on the following legal grounds:

• Contractual Necessity: Processing your email, images, and authentication data is necessary to provide the image compression service you requested.
• Legitimate Interest: We use anonymous analytics (Swetrix) and compression metrics to improve our service. This data cannot identify you personally.
• Consent: If we ever send marketing communications, we will only do so with your explicit consent, which you can withdraw at any time.

How We Use Your Information

• To provide and maintain the image compression service
• To manage your account and authentication
• To process payments and manage your credits
• To communicate with you about your account or service updates
• To improve our service through anonymous analytics

Data Retention

Your images are automatically deleted after processing: 1 hour for guest users and 24 hours for registered users. Account information is retained as long as your account is active. You can request deletion of your account and associated data at any time by contacting us.

International Data Transfers

Your data is primarily stored and processed within the European Union. However, some of our third-party services may transfer data outside the EU/EEA:

• Google OAuth: Data may be processed in the United States. Google participates in the EU-US Data Privacy Framework and uses Standard Contractual Clauses for data protection.
• Polar.sh: Payment data may be processed outside the EU. Polar uses Standard Contractual Clauses to ensure GDPR-compliant data transfers.

In all cases, we ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.

Third-Party Services

We use the following third-party services:

• Google OAuth: For authentication (only if you choose to sign in with Google)
• Polar.sh: For payment processing
• Swetrix: For privacy-focused, cookie-less analytics

Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects concerning you or significantly affects you.

Your Rights Under GDPR

If you are in the European Union, you have the following rights:

• Right to access your personal data
• Right to correct inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

To exercise these rights, contact us at the email below.

Right of Withdrawal (Ångerrätt)

Under EU consumer protection law, you have a 14-day right to withdraw from the purchase of digital services. However, by purchasing and immediately using credits, you expressly consent to the service being performed and acknowledge that you lose your right of withdrawal once the credits are consumed. If you have not used any purchased credits within the 14-day period, you may request a refund by contacting us.

Security

We take reasonable measures to protect your data, including encryption in transit and at rest. However, no internet transmission is completely secure. We recommend against uploading sensitive or confidential images.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the effective date.