Privacy Policy — ImgLab Pro

Short version: Your images are processed 100% locally in your browser and never sent to our servers. We only store account information (email, hashed password, payment status) when you create an account.

1. Who we are

ImgLab Pro ("we", "us", "our") operates the website imglab.pro and the ImgLab image processing application. This Privacy Policy explains how we collect, use, and protect your information.

2. Your images — the most important part

We never receive, store, or process your images. All image conversion, compression, resizing, and other processing happens entirely inside your browser using JavaScript and the HTML5 Canvas API. Your images are never uploaded to any server operated by us or any third party.

This is a fundamental design principle of ImgLab, not just a policy. The technology itself makes server-side image access impossible.

3. Information we collect

3.1 Account information (optional)

If you create a Pro account, we collect:

Email address — for login and payment confirmation
Password — stored as a bcrypt hash (we cannot see your actual password)
Payment status — whether your account has Pro access

3.2 Payment information

Payments are processed by PayPal. We do not receive or store your credit card number, bank account, or any full payment details. We only store:

PayPal Order ID (a reference number)
Payment amount and currency
Payment date and status

Please review PayPal's Privacy Policy for how they handle your payment data.

3.3 Server logs

Our web server automatically records standard access logs, which may include your IP address, browser type, referring URL, and the time of your request. These are kept for up to 30 days for security purposes and then deleted.

3.4 Local storage

The app stores your session token and user preferences (theme, etc.) in your browser's localStorage. This data stays on your device and is never sent to us except as an authentication token during API calls.

4. How we use your information

To verify your login and maintain your session
To confirm your Pro subscription status
To send you payment confirmation emails
To respond to your support requests
To maintain the security of our service

We do not use your data for advertising, analytics tracking, or sell it to any third parties.

5. Data sharing

We do not sell, trade, or share your personal data with third parties, except:

PayPal — for payment processing
Our hosting provider — who stores the database on our behalf, under contractual data protection obligations
Legal requirements — if required by law or court order

6. Data retention

We retain your account data for as long as your account is active. If you request account deletion, we will delete your email, password hash, and payment records within 30 days. Server logs are deleted after 30 days automatically.

7. Your rights

You have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your account and associated data
Object to processing of your data
Data portability (receive your data in a machine-readable format)

To exercise any of these rights, contact us at our contact page.

8. Cookies

ImgLab does not use tracking cookies. We use localStorage (not cookies) for your session token and preferences. No advertising or analytics cookies are set.

9. Security

We protect your data using industry-standard practices:

HTTPS encryption for all connections
bcrypt password hashing (cost factor 12)
Secure, random session tokens
Session expiration after 30 days of inactivity
SQL injection protection via prepared statements

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify registered users by email of any material changes. The "Last updated" date at the top of this page will always reflect the most recent revision.

11. Contact

For privacy-related questions or requests, contact us via our contact page.