Privacy Policy

Effective Date - 4 Nov 2024

At ImageKit.io, your privacy is a priority. This policy is applicable to ImageKit Private Limited and its subsidiary, ImageKit Inc. (“we” or “us”), and explains how personal data is collected, processed, transferred, and protected when you use our website or one of our services.

1. Information we collect or you share with us

We collect the following types of personal data when you use our services:

  • Personal Information: Name, email, company, address, and contact details provided during registration or plan upgrade.
  • User Account Data: Login credentials, and account settings such as host names, bucket names, credentials, etc. of external cloud storages and servers you connect to our platform.
  • Media Content: Images, videos, and other digital assets that you upload or process through our platform.
  • Technical and Usage Data: Information related to your interaction with our services, including IP addresses, browser types, access time, device identifiers like hardware and OS version, pages viewed, and referral sources.
  • Publicly-available data: We may also gather information about you from publicly available sources or other third parties offering such data as permitted by law and combine it with the data we collect from you.
  • Cookies and Tracking Technologies: We and our service providers may use cookies, web beacons, and similar tracking technologies to collect information on user activity to improve our services and provide a personalized experience. We may also use session recordings to capture real-time browsing behavior.
  • Payment information: We rely on third-party payment processors to handle payment transactions. While we receive certain details related to the payment (e.g., your company name, payment amount, payment date, etc.), we do not process or store your credit card or payment method details directly.

2. How we use the information

We use your personal data for the following purposes:

  • Service Delivery: To provide and maintain our media processing and DAM services, including user authentication, media transformations, asset management, and data storage.
  • Billing and Payments: To use third-party services to process payments and manage billing.
  • Platform Personalization: To offer tailored services based on your preferences and usage patterns, improving your experience with our tools.
  • Security and Compliance: To maintain the security of our systems, detect and prevent fraud, and ensure compliance with legal obligations, including DPF principles.
  • Customer Support and Communications: To provide user support, answer questions, resolve issues, and send important service-related updates (e.g., feature changes, outages, and security alerts).
  • Marketing and Analytics: With your consent, we may send you promotional content, conduct surveys, or analyze usage trends to enhance product features and user satisfaction.

We commit to process Personal Information solely for the purposes described in this policy.

3. Sharing and Onward Transfer of Data

We remain responsible for ensuring compliance with the DPF principles, even when data is transferred outside the U.S.

We may share your personal data with:

  • Service Providers: Third-party vendors (e.g., hosting providers, payment processors, analytics platforms) strictly to help deliver our services.
  • Business Transfers: If ImageKit is involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction.
  • Legal Compliance and Protection: Where required by law or to protect our rights, we may share personal data with government authorities or legal entities.
  • Intra-company transfer: Where required for the delivery of our services or for one of the purposes mentioned for using the information.

All onward transfers of personal data are safeguarded by contracts and confidentiality agreements which ensure equivalent protection standards under the DPF.

4. Data Security

We implement a comprehensive set of security measures to protect personal data, including:

  • Encryption: Data is encrypted during transfer and at rest.
  • Access Controls: Role-based controls to limit access to authorized personnel.
  • Security Audits: Regular audits to identify and mitigate risks.
  • Incident Response Policies: Rapid detection and response to security incidents.
  • Product Features: Built-in security features that enhance data protection.

For more detailed information about our security practices, please visit ImageKit.io Security and Trust.

5. Data Retention

The duration for which we retain personal information is based on the purpose, business needs, and legal obligations. Payment transaction data, account access logs, and usage metrics may be kept for several years to comply with tax and legal requirements.

We retain your contact details for communication, but you can request deletion anytime, subject to legal obligations.

The content you upload to our service or processed via our service is deleted after account deletion. We will not be responsible for any backup or retention of your content.

If the data can be identified, we will either delete or anonymize it when it is no longer needed in an identifiable form, where reasonable.

6. Individual Rights

As part of our DPF compliance, individuals in the EU, UK, and Switzerland have specific rights regarding their personal data, including:

  • Access: You have the right to request access to the personal data we hold about you.
  • Correction: You may request that we correct any inaccurate or incomplete data.
  • Deletion: Under certain conditions, you can request the deletion of your personal data.
  • Objection or Restriction: You may object to or request restrictions or withdraw consent on certain data processing activities.
  • Portability: You have the right to receive your personal data in a structured, machine-readable format and to transmit it to another controller.
  • Complaint: You have the right to file a complaint with the data protection authority in your country of residence, place of work, or where a data privacy infringement is suspected.
  • Not be subject to automated decision making: You have the right not to be subject to decisions based solely on automated processing, including profiling, if those decisions have legal effects on you or similarly significant impacts.

You can exercise these rights by contacting us at the contact details given at the end of this Privacy Policy. We will respond to all legitimate requests within a reasonable timeframe.

7. DPF, Recourse Mechanism and Dispute Resolution

We are certified to the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-US Data Privacy Framework (collectively "DPF") for personal data that we receive from the EEA, UK, and Switzerland. We are committed to adhering to the DPF Principles for personal information covered by the Policy. More information about the DPF, including the list of certified organizations, can be found at https://www.dataprivacyframework.gov/.

We are subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”).

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, we pledge to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC), as applicable. This applies to unresolved complaints regarding our handling of personal information transferred under the EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF frameworks.

Additionally, you may choose to invoke the binding arbitration option under these frameworks, subject to the specific conditions outlined here.

When we share personal information received under the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF with a third party, their access, use, and disclosure of that information must also comply with our obligations under the Data Privacy Framework. We remain responsible under the framework for any failure by the third party to meet these obligations, unless we can prove that we were not responsible for the event that caused the damage.

Please be aware that we may be obligated to disclose your personal information in response to lawful requests from public authorities, including those made to comply with national security or law enforcement requirements.

8. Policy Modifications

We may update this Privacy Policy periodically. When changes are made, we will revise the "Effective Date" at the top of this document and, if necessary, provide additional notice (e.g., posting a statement on our homepage or sending an email notification). We encourage you to review this policy regularly to stay informed about how we protect your data and to understand the steps you can take to safeguard your privacy while using our services.

9. Contact Information

If you have any questions or concerns about this Privacy Policy or wish to exercise your rights, please contact us:

Email: admin@imagekit.io

Address: As published on https://imagekit.io/contact-us/