GDPR Compliance
Our commitment to protecting your privacy and compliance with EU data protection laws
Overview
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. At TinyJPG, we take the privacy and security of your data seriously, and we are committed to ensuring full compliance with the GDPR.
This page explains how we collect, process, and protect your personal data in accordance with the GDPR regulations, and outlines your rights regarding your personal information.
Our GDPR Commitment
TinyJPG is committed to ensuring the security and protection of the personal information that we process, and to providing a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles.
We are dedicated to safeguarding the personal information under our control and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the GDPR. Our preparation includes:
- Information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
- Implementation of new procedures to ensure that we can satisfy the rights of individuals under the GDPR, including how to respond to subject access requests and how to purge data when a request for erasure is made.
- Revision of privacy policies to comply with the GDPR, ensuring that all individuals whose data we process have been informed of why we need it, how it is used, the periods for which it is retained, and their rights in relation to it.
- Training of all staff to ensure awareness of the GDPR and its impact on our business operations.
Your Rights Under GDPR
Right to Access
You have the right to request a copy of the information that we hold about you. You can request access to all your personal data that we process.
Right to Rectification
You have the right to have your personal data corrected if it is inaccurate or incomplete. We will promptly correct any errors.
Right to Erasure
Also known as 'the right to be forgotten,' you can request the removal of your personal data when there is no compelling reason for its continued processing.
Right to Restriction
You have the right to restrict the processing of your personal data in certain circumstances, such as when you contest its accuracy.
Right to Portability
You have the right to obtain and reuse your personal data for your own purposes across different services in a safe and secure way.
Right to Object
You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
How TinyJPG Uses Your Data
When using TinyJPG services, we need to collect certain information to provide our image optimization services. Here's how we use your data:
| Data Type | Purpose | Retention Period |
|---|---|---|
| Account Information (email, name) | To manage your account, provide customer support, and send important notifications | Until account deletion or upon request |
| Image Files | To perform image optimization services | Temporarily during processing, deleted within 24 hours |
| Payment Information | To process subscription payments and provide premium services | As required for accounting purposes and legal obligations |
| Usage Data | To improve our services and provide statistics on your usage | Up to 24 months in anonymized form |
Data Security Measures
We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Our security measures include:
- All data transfers are encrypted using HTTPS/TLS
- Secure storage of personal data with encryption at rest
- Regular security assessments and penetration testing
- Strict access controls and authentication mechanisms for our staff
- Regular backups to prevent data loss
- Staff training on data protection and security best practices
How to Exercise Your Rights
To exercise any of your rights under the GDPR or to ask questions about our data protection practices, you can:
- Email our Data Protection Officer at [email protected]
- Submit a request through our Contact Form
- Write to us at: TinyJPG Data Protection, 123 Main Street, Suite 100, Anytown, AN 12345
We aim to respond to all legitimate requests within one month. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In such cases, we will notify you and keep you updated.
Updates to Our GDPR Policy
We may update this GDPR page from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes to this policy via email or through a notice on our website.
For more comprehensive information about how we collect, use, and protect your data, please refer to our complete Privacy Policy.
Last Updated: June 29, 2025
Contact Us About Data Protection