Privacy Policy

Scope of this policy

This Privacy Policy applies to the hosted Imagor Cloud service, including account access, organization and space collaboration, image management, editing workflows, hosted storage features, invite and verification flows, API access, custom domains, and related support, billing, and security operations.

It does not automatically apply to self-hosted deployments of the open-source software operated entirely by third parties, where the deployer acts as the controller or operator of that environment. It also does not govern third-party websites, storage services, or payment pages that you access separately from the service.

Information we collect

We collect account and identity data such as your name, email address, avatar or profile image, organization membership, role, authentication provider details, and sign-in state when you create an account, sign in with Google, or accept an invitation.

We collect workspace and content data that you or your organization choose to store or manage through the service, including images, folders, templates, metadata, editing configurations, storage settings, custom domain settings, sharing settings, organization records, and space membership data.

We collect transaction and operational data such as IP addresses, browser and device details, request logs, session identifiers, invite or verification events, upload and processing activity, quota and usage measurements, API key activity, and support or billing records needed to run, secure, and improve the service.

Information from Google and other providers

If you sign in with Google, we receive information made available by Google for authentication and account setup, which may include your name, email address, profile image, and provider-specific account identifiers. We use this information to authenticate you, provision your account, associate you with invitations or organizations, and maintain account security.

We do not use Google user data for unrelated advertising purposes, we do not sell Google user data, and we do not use Google user data to train generalized advertising or profiling systems. We use Google-provided account information only for the operation, security, and improvement of the service and related support, billing, and compliance workflows.

Where Google user data is involved, we do not transfer that data to third parties except as necessary to provide or secure the service, comply with applicable law, or protect against fraud, abuse, or security incidents.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

How we use information

We use information to provide and operate the service, authenticate users, create and manage organizations and spaces, process uploads, render previews, deliver transformed images, enable collaboration, enforce permissions, and support hosted storage and bring-your-own-bucket workflows.

We also use information to send service-related communications such as verification emails, invite emails, security notices, usage and billing communications, and support responses. We may use operational data to monitor reliability, prevent abuse, investigate misuse, enforce quotas and plan entitlements, protect our infrastructure and providers, and improve performance and user experience.

Legal bases for processing

Depending on your location, our legal bases for processing personal data may include performing our contract with you or your organization, complying with legal obligations, pursuing our legitimate interests in operating and securing the service, and your consent where required by applicable law.

Where we rely on consent, you may withdraw that consent at any time, although this will not affect processing that took place before withdrawal and may limit some service functionality.

How information is shared

We do not sell personal information. We may share information with service providers and infrastructure partners that help us operate Imagor Cloud, such as cloud hosting, storage, content delivery, DNS, authentication, email delivery, payment processing, observability, security, and support providers, but only as needed to provide and operate the service.

Information may also be shared within your organization according to the permissions and administration model of the service. Organization owners and administrators may be able to view and manage account, membership, workspace, billing, and content-related information associated with their organization.

We may disclose information if required by law, regulation, legal process, or governmental request, or when reasonably necessary to protect the rights, safety, security, integrity, or operations of the service, our users, or the public, including in connection with fraud prevention, abuse response, or a merger, acquisition, or business transfer.

Cookies, sessions, and similar technologies

Imagor Cloud may use cookies, local storage, session storage, and similar technologies to maintain sign-in state, complete OAuth and invite flows, remember interface preferences such as theme or language, protect the service, and support normal product functionality.

These technologies may also be used for reliability, diagnostics, and abuse prevention. We do not currently use third-party marketing analytics cookies on the hosted service or marketing site.

You can control some browser storage behavior through your browser settings, but disabling required cookies or storage may affect service functionality.

Data retention and security

We retain information for as long as needed to provide the service, maintain account and workspace continuity, enforce our agreements, comply with legal obligations, resolve disputes, support billing and audit requirements, and protect the security and integrity of the platform. Retention periods may vary by data type, account state, and operational need.

We use reasonable administrative, technical, and organizational measures to protect information, including access controls, authentication safeguards, logging, infrastructure protections, and provider security measures. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

If we become aware of a security incident affecting personal data, we will take steps we consider appropriate under the circumstances, including notifications where required by applicable law.

International data transfers

Imagor Cloud and its service providers may process or store information in countries other than your own. Where applicable law requires it, we will use appropriate safeguards for cross-border transfers of personal data.

Children

Imagor Cloud is not directed at children under the age of 13, or under 16 where applicable under local law. We do not knowingly collect personal information from children below these ages. If you believe a child has provided us with personal information, contact us at privacy@imagor.net and we will take steps to delete it.

Your choices and requests

You may update some account information from within the service. Depending on your role and the organization settings, you may also manage workspace members, invites, storage settings, and content. If your account is managed by an organization, some requests may need to be routed through that organization or its administrators.

Subject to applicable law, you may request access, correction, deletion, export, restriction, or objection in relation to certain personal data, and you may appeal or complain to an applicable supervisory authority where available. These rights may be limited by legal, billing, security, fraud-prevention, and operational retention requirements.

You may also request account closure and deletion of personal data associated with your account, subject to retention and organization-administration constraints. We will respond to verifiable privacy requests within a reasonable period and, where practicable, within 30 days.

Contact us

For privacy questions, requests, or Google user data inquiries, contact privacy@imagor.net.