Skip to content
Image ReducerImage compressor & converter

Privacy Policy

Effective date: set on production go-live.
The short version
Your images are never our business. Compressing, converting, resizing, cropping, rotating, and flipping an image all happen inside your own browser. We never see, receive, or store the images you add — not even for a second on a server.
Nothing is "uploaded." You add or drop an image into the workspace; it’s decoded, transformed, and re-encoded entirely on your device, and the result downloads straight to your device too.
A privacy side effect worth knowing about: the output file you download has its metadata (including GPS location, if the original had any) removed, because of how the re-encoding process works — see §2.2.
No account, no server, no cap. There’s nothing to sign up for and nothing to lose access to.
Our analytics are privacy-friendly by design — no cookies, no consent popup. We run a self-hosted, cookieless analytics tool (Plausible); it sets no cookie, stores nothing on your device, and can’t identify you individually — never anything about your images (see §5).
No advertising, in this version or any planned one (see §7).
Questions, requests, or something feels off? See §13 for how to reach us.
1. Who we are
image-reducer.com is operated by ZIX DEV Inc, a Delaware corporation, 1111B S Governors Ave STE 40023, Dover, DE 19904, United States — the data controller for your personal data in connection with this website. Contact for privacy, data-subject requests, and legal notices: see §13.
If you’re in the European Economic Area or the United Kingdom, ZIX DEV Inc is the controller responsible for your personal data as described here.
2. Your images — private by design
Your images never leave your device. Adding an image, compressing it, converting it to a different format, cropping/rotating/flipping it, hitting an exact target file size, and building a ZIP of your results — every one of these runs entirely inside your browser, using the Canvas 2D APIs built into the browser itself. We never receive, see, or store the image you add, or the output you download.
This is built into the code, not just promised: a Content-Security-Policy restricting outbound network requests makes it technically impossible for the app to send a request carrying your image data anywhere except image-reducer.com itself and our own analytics endpoint (§5) — a single, enumerated, no-wildcard allow-list (independently non-objected to by our security reviewer before it could ship). No account or login exists. Close the tab or click "Clear all," and whatever you added is released from memory. This is verified automatically before every release with a zero-network-egress test suite.
2.2 Metadata (EXIF/GPS) removed from your output. When you compress or convert an image, the file you download has had its metadata removed — including, if the original had it, GPS location data. This isn’t a separate feature; it’s a natural side effect of re-encoding through the browser’s Canvas API. There is no metadata-preserve toggle in this version — every output is stripped, by design. This only affects the file you download; the original on your device is never modified. Your photo’s orientation is corrected, not lost: before we re-encode, we read and apply your original’s orientation so your downloaded image comes out right-side-up — a display-correctness step done entirely on your device, never transmitted or seen by us.
3. What we collect — and what we don’t
Your images (originals and outputs): No. Processed 100% locally in your browser; never transmitted or stored.
Image filenames or metadata: No. They stay on your device.
Accounts, names, emails, passwords: No. There are no accounts, sign-ups, or logins.
Usage analytics (Plausible, self-hosted): Yes — aggregate only; no consent needed (cookieless). Aggregate traffic and whether people successfully add, process, and download images (a bucketed/estimated size-reduction signal, never exact byte counts) and your approximate country/region (derived from your IP, never stored). Never anything about your images.
Advertising: No — not included in this version, and none planned.
Server / network logs: Yes — standard for any website. Our host, Cloudflare, automatically logs technical request data (at least your IP address and browser type). Not used to build a profile of you.
Cookies: No. Our analytics tool sets no cookie; there is no advertising to set one either.
Local storage (functional preferences): Yes — your theme (light/dark) and language choice (ir_theme, ir_lang). Stays on your device; never sent to us.
Special-category or children’s data: No. If you choose to add a sensitive image (e.g. an ID scan), it’s still processed only in your browser and never reaches us.
Payment data: Not applicable. Image Reducer is free.
4. Why we use this data — and our legal bases
Running the tool itself needs nothing personal from you. We keep the service secure and reliable using the IP address / browser type in access logs (legitimate interests). We remember your theme and language via local settings on your device only (never sent to us). We measure aggregate traffic and completion of the process-and-download flow via self-hosted Plausible (legitimate interests, GDPR Art. 6(1)(f)) — no consent gate applies, because Plausible is cookieless and stores/accesses nothing on your device.
If you’re in California (or a similar U.S. state): because our analytics tool is self-hosted (not shared with any third party) and there is no advertising, using it does not count as a "sale" or "share" of personal information under the CCPA/CPRA. We still describe the "Do Not Sell or Share" right, including Global Privacy Control (GPC), in §10 for completeness.
5. Analytics in detail
We run Plausible Analytics — a self-hosted, cookieless analytics tool — to see aggregate traffic and whether people complete the compress/convert/download flow. It loads automatically, for every visitor, from this site’s own page — not from a third-party server.
What it sends: the page path you visited, the referring site (if any), your approximate country/region (derived at our server from your IP address, which is never stored), and a tagged event such as "image processed" or "download completed" — plus a bucketed, estimated size-reduction signal (never the exact byte count of any file, to avoid any risk of it acting as a fingerprint). Nothing else.
What it never sends: your images, their filenames, their metadata, or anything derived from them. No cookies, no persistent identifier. It runs on ZIX DEV Inc’s own server (plausible.zixdev.com), not an outside analytics company — your data stays inside ZIX DEV Inc and is never sold, shared, or sent to Google or anyone else. Because it stores/accesses nothing on your device, no consent toggle is needed.
6. Cookies, local storage & your choices
We don’t use cookies, and we don’t expect to need a cookie-consent banner. The site itself sets no cookie; theme/language are localStorage only (never sent to us); analytics (Plausible) is cookieless and needs no permission; there is no advertising to consent to.
Nothing here needs a "Cookie preferences" control, because nothing on this page requires your permission to run. If that ever changes (for example, if we ever added advertising — not currently planned), we’d build the appropriate consent mechanism and update this policy before it went live.
7. Advertising
Image Reducer shows no ads, and no version of this product currently plans to — no Google AdSense, no other ad network, nothing built in, dormant or otherwise. This is a deliberate, binding product decision so the product can make the strongest possible zero-egress/zero-tracking claim.
If we ever add advertising in a future version, that would be a genuinely new feature — with its own product decision, architecture and security review, privacy assessment, and consent mechanism, built and independently reviewed before anything runs. This policy would be updated, and — where the law requires it — your consent asked for, before any ad ever loads. Our analytics tool is never used to serve or personalize ads.
8. Data retention
Your images (originals and outputs): not retained at all — only in your browser’s memory for your session, gone when you close the tab or click "Clear all." Local storage (theme/language): stays on your device until you clear your browser storage; we never see it. Analytics events (Plausible): aggregate statistics retained per our own dashboard configuration; the daily de-duplication hash is discarded within 24 hours. Server / edge logs (IP, browser type): kept by Cloudflare under its standard operational logging practices.
9. Sharing, subprocessors & international transfers
We don’t sell your data, and nothing in this product creates a "sale" or "share" under California law. Plausible Analytics is self-hosted on ZIX DEV Inc’s own server (plausible.zixdev.com) — not a third party, no subprocessor, no new vendor. Cloudflare (hosting) is the only third party that sees the technical logs in §3 in the normal course of serving the site — and, since your images never leave your browser, Cloudflare never sees them either.
Cross-border transfers: none for your images — they never leave your device. Cloudflare’s global network may process the technical logs outside your home country, including in the United States. Today, the only party handling any personal data for image-reducer.com is Cloudflare (hosting logs). No one else.
10. Your privacy rights
Depending on where you live, you may have the right to know/access, correct, delete, restrict or object, and port your personal data. A note specific to this product: there is essentially nothing of the above to "hold" on our side — we have no server-side copy of your images at all, and the only thing stored on your device is a non-personal theme/language setting. If you ask us to access, delete, or correct something, the honest answer is almost always: we don’t have anything to look up, because we never received it.
California (CCPA/CPRA): the rights above, plus the right to opt out of "sale" or "share." Nothing in this product currently qualifies as a "sale" or "share," but we honor your browser’s Global Privacy Control (GPC) signal automatically. Other U.S. states: a comparable right to opt out of targeted advertising — not applicable today since there is no advertising.
How to use these rights: see §13 for how to reach us. How fast we respond: within 30 days (GDPR) or 45 days (CCPA/CPRA), whichever applies. If you’re in the EEA or UK, you can complain to your local data protection authority — though we’d appreciate the chance to make it right first.
11. Children’s privacy
image-reducer.com isn’t directed at children, and we don’t knowingly collect personal data from anyone under 13 (or the relevant age where you live). There is no account, and your images are processed only in your browser. If you believe a child has given us personal information, contact us (§13) and we’ll address it.
12. Changes to this policy
We’ll update this policy as our practices change. We’ll post the revised version here with a new effective date, and for material changes (like adding advertising or any new tracking), we’ll give clear notice and, where the law requires it, ask for your consent again before the change takes effect.
13. Contact us
ZIX DEV Inc, 1111B S Governors Ave STE 40023, Dover, DE 19904, United States. Email: .