Legal
Privacy Policy
Last updated: June 6, 2026
OpusImg is built privacy-first: many tools run entirely in your browser and never upload your files. This policy explains what we collect, why, and the choices you have.
1. Who we are
OpusImg (“we”, “us”) provides browser-based and AI-assisted image tools as part of the Opus suite. This policy covers the OpusImg website, web app, and APIs. For privacy questions, contact privacy@opusimg.com.
2. Our privacy principles
- Client-side first. Many tools (compress, resize, convert, and more) process images entirely on your device. Those files are never uploaded to our servers — the UI labels these flows “Processed on your device.”
- Minimal retention. Free-tier files are deleted 24 hours after last access. Pro files are retained until you delete the project. Pro+ accounts can enable no-retention mode, which deletes server-side inputs and outputs immediately after delivery.
- No training on your data. We do not use your uploaded content to train machine-learning models.
- EXIF stripping. Export includes an EXIF-stripping toggle, on by default for social presets.
3. Information we collect
3.1 You provide
- Account details: email, name, and authentication credentials.
- Billing details, processed by our payment provider (we do not store card numbers).
- Images and documents you choose to upload for server-side or AI features.
- Support messages and feedback you send us.
3.2 Collected automatically
- Device, browser, and approximate location (from IP) for security and troubleshooting.
- Product usage events, only with your consent (see §6).
- Error and performance diagnostics (Sentry), used to keep the service reliable.
4. How we use information
- To provide, maintain, and secure the service.
- To process the images and jobs you submit.
- To handle billing, quotas, and account management.
- To improve features and fix bugs (analytics, where consented).
- To communicate service, security, and (with consent) marketing messages.
- To comply with legal obligations and enforce our Terms.
5. Legal bases (GDPR)
Where the GDPR applies, we rely on: contract (to deliver the service you sign up for), legitimate interests (security, fraud prevention, and essential error monitoring), consent (non-essential analytics and marketing), and legal obligation (e.g. tax records).
6. Cookies & tracking
We classify cookies and similar technologies into three groups. You control the non-essential ones via the banner, or any time through .
| Category | Examples | Default |
|---|---|---|
| Strictly necessary | Authentication, security, error monitoring (Sentry) | Always on |
| Product analytics | PostHog usage events | Off until you consent |
| Marketing & attribution | Plausible aggregate web analytics | Off until you consent |
PostHog and Plausible do not load until you opt in. We also honor your browser’s Global Privacy Control / Do Not Track signal.
7. Sharing & sub-processors
We do not sell your personal information. We share data with vetted service providers who process it on our behalf — including cloud hosting and storage, our payment processor, email delivery, error monitoring (Sentry), and (with consent) analytics (PostHog, Plausible). Each is bound by a data-processing agreement. We may disclose information if required by law or to protect rights and safety.
8. International transfers
Your data may be processed in countries other than your own. Where required, we use appropriate safeguards such as Standard Contractual Clauses.
9. Data retention
File retention follows §2. Account and billing records are kept for as long as your account is active and thereafter as required for legal and accounting purposes. You can delete files and your account at any time from your dashboard.
10. Your rights
Depending on where you live, you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object to processing or withdraw consent. California residents have rights under the CCPA/CPRA, including the right to know and delete, and the right to opt out of “sale” or “sharing” (we do not sell your data). To exercise any right, email privacy@opusimg.com. You may also lodge a complaint with your local data-protection authority.
11. Security
We use TLS in transit, scoped access controls, upload scanning, and continuous monitoring. No method of transmission or storage is perfectly secure, but we work to protect your data and will notify you of qualifying breaches as required by law.
12. Children
OpusImg is not directed to children under 16, and we do not knowingly collect their personal data.
13. Changes
We may update this policy; we will revise the “last updated” date and, for material changes, provide additional notice.
14. Contact
Questions? Email privacy@opusimg.com. See also our Terms of Service and, for Business+ customers, our Data Processing Agreement.