ImgGo
Go BackSign In

Privacy Policy

Last updated: November 2, 2025 • Effective: November 2, 2025

ImgGo ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Data Controller

ImgGo is the data controller responsible for your personal data. For data protection inquiries, contact us at support@img-go.com.

2. Information We Collect

Account Information

  • Email address (used for authentication and communications)
  • Name (optional)
  • Password (hashed and encrypted; never stored in plain text)
  • Account creation and last login timestamps

User Content

  • Images you upload for processing
  • Patterns you create (schemas, instructions)
  • Generated manifests (structured outputs)
  • API keys and webhook configurations

Usage Data

  • API requests (timestamps, endpoints, response times)
  • Job processing logs (success/failure status, error messages)
  • IP addresses and user agents (for security and rate limiting)
  • Usage statistics (request counts, quotas)

Payment Information

  • Payment details are processed and stored by Paddle (our payment processor)
  • We store Paddle customer IDs and subscription IDs
  • We do not store credit card numbers or sensitive payment details

3. How We Use Your Information

We use collected data to:

  • Provide, maintain, and improve the Service
  • Process images using AI models and generate structured outputs
  • Authenticate and authorize your access
  • Send transactional emails (job completions, account changes, billing)
  • Monitor usage and enforce plan limits
  • Detect and prevent fraud, abuse, and security threats
  • Comply with legal obligations
  • Analyze usage patterns to improve our platform (aggregated, anonymized data)

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: To provide the Service you signed up for
  • Consent: For marketing communications (where required)
  • Legitimate Interests: Fraud prevention, security, service improvements
  • Legal Obligations: Compliance with applicable laws and regulations

5. Third-Party Services and Data Sharing

We share data with trusted third-party service providers:

Supabase (Infrastructure)

We use Supabase for authentication, database, and file storage. Data is hosted in secure, encrypted cloud infrastructure.

OpenAI (Image Processing)

Images are sent to OpenAI's Vision API for analysis. Per OpenAI's data retention policy, API inputs and outputs are retained for up to 30 days for abuse monitoring, then deleted (unless zero data retention is configured). See OpenAI's policies.

Paddle (Payments)

Payment processing is handled by Paddle. We do not store your full credit card details. See Paddle's Privacy Policy.

Image Processing and Deletion: When you upload images for processing, they are temporarily stored to perform the analysis. After processing completes and the manifest is generated, we immediately delete your uploaded images from our storage. Images processed by OpenAI are retained by them for up to 30 days per their abuse monitoring policy.

We do not sell your data to third parties. We only share data as necessary to provide the Service or as required by law.

6. Data Retention

  • Account Data: Retained while your account is active. When you delete your account, we implement a 30-day soft delete grace period during which you can reactivate by signing in. After 30 days, your personal information is permanently anonymized for GDPR compliance (email, name, and other PII are replaced with anonymized placeholders). For immediate permanent deletion without the grace period, contact us at contact@img-go.com.
  • Uploaded Images: Immediately deleted from our storage after processing completes and the manifest is generated. Images are retained by OpenAI for up to 30 days for abuse monitoring per their data retention policy. You can request zero data retention (ZDR) for eligible use cases.
  • Generated Manifests: Retained permanently unless you delete them. You can export or delete your data at any time.
  • Logs and Analytics: Aggregated usage data retained for up to 2 years for service improvement and security purposes. After account anonymization, all logs are disassociated from your identity.

7. Your Privacy Rights

Under GDPR and other data protection laws, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Revoke consent for processing (where consent is the legal basis)

To exercise these rights, contact us at support@img-go.com. We will respond within 30 days.

8. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place, including adherence to the EU-US Data Privacy Framework and standard contractual clauses approved by the European Commission.

9. Cookies and Tracking

We use essential cookies for authentication and session management (Supabase auth cookies). We do not use third-party advertising or tracking cookies. You can manage cookies through your browser settings.

10. Data Security

We implement industry-standard security measures:

  • Encryption in transit (TLS/SSL) and at rest
  • Row-level security (RLS) in our database
  • API key hashing (SHA-256)
  • Webhook signature verification (HMAC-SHA256)
  • Regular security audits and updates

However, no system is 100% secure. In the event of a data breach affecting your personal data, we will notify you within 72 hours as required by GDPR.

11. Children's Privacy

The Service is not intended for users under 18. We do not knowingly collect data from children. If you believe we have collected data from a minor, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or Service notification. Your continued use after changes constitutes acceptance.

Contact Us

For privacy concerns, data requests, or GDPR inquiries, contact us at support@img-go.com

ImgGo – AI Image Processing API | Convert Images to JSON, CSV & Structured Data