Security at TinyJPG

Our Commitment

At TinyJPG, security is a top priority. We understand that you trust us with your images and data, and we take that responsibility seriously. Our team is dedicated to ensuring that our systems are secure, reliable, and protect your privacy at all times.

This page outlines the measures we take to protect your data and maintain the security of our platform.

Data Protection

We implement multiple layers of security to protect your images and personal information:

  • Encryption: All data transmission between your browser and our servers is encrypted using industry-standard TLS/SSL protocols.
  • Secure Storage: Your images are stored securely during processing and are automatically deleted after the retention period (24 hours for free accounts, configurable for premium accounts).
  • Access Controls: We enforce strict access controls within our organization. Only authorized personnel have access to systems that process or store user data.
  • Regular Audits: We conduct regular security audits and vulnerability assessments to identify and address potential security issues.

Account Security

We offer several features to help you secure your TinyJPG account:

  • Strong Password Requirements: We enforce strong password requirements to protect against brute force attacks.
  • Secure Authentication: Our authentication system is designed to protect against common attack vectors.
  • Session Management: We implement secure session handling and automatic timeouts for inactive sessions.
  • Account Activity Monitoring: We monitor account activity for suspicious behavior and will alert you of any unusual activity.

We recommend that you create a unique, strong password for your TinyJPG account and never share your credentials with others.

Infrastructure Security

Our infrastructure is built with security in mind:

  • Secure Cloud Infrastructure: We use industry-leading cloud providers with robust security measures.
  • Network Security: Our networks are protected by firewalls, intrusion detection systems, and regular security scanning.
  • Vulnerability Management: We maintain a comprehensive vulnerability management program, including regular patching and updates.
  • Disaster Recovery: We have backup and disaster recovery procedures in place to ensure service continuity.

Compliance

We adhere to industry standards and best practices for security and privacy:

  • GDPR Compliance: We comply with the European Union's General Data Protection Regulation.
  • Privacy Policy: Our detailed Privacy Policy outlines how we collect, use, and protect your personal information.
  • Data Processing Agreements: We offer data processing agreements for business customers where required.

Reporting Security Issues

We appreciate the work of security researchers and the community in helping us maintain a secure platform. If you believe you've found a security vulnerability in our service, we encourage you to report it to us:

  1. Send an email to [email protected] with details of the vulnerability.
  2. Include steps to reproduce the issue and any proof-of-concept code if applicable.
  3. Allow us reasonable time to investigate and address the issue before disclosing it publicly.

We take all security reports seriously and will respond as quickly as possible to address any valid concerns.