Privacy Policy
Last updated: 2026-04-11
Summary
OpenImages is a privacy-first suite of browser-based image tools. Your images are processed entirely in your browser using JavaScript and WebAssembly — files are never uploaded to any server. This page explains how we handle the limited data that does reach third parties.
Image data
- All image processing is client-side. When you select or drop an image, it is read by your browser via the File API, processed locally by our JavaScript / WebAssembly code, and offered back to you as a download or preview.
- No images are uploaded to any server. We have no server-side processing, no storage buckets, and no database. The files exist only in your browser's memory and are garbage-collected when you close the tab.
- No metadata exfiltration. When a tool reads EXIF or other metadata from your images, that data stays in your browser. We do not log it, transmit it, or share it.
Analytics and advertising
OpenImages uses the following third-party services that may collect usage data:
- Google AdSense (ca-pub-8761907366448308) — displays contextual advertising. AdSense may use cookies to personalize ads based on your browsing history across sites. Consent is managed via Google Funding Choices (IAB TCF v2.2) for EEA/UK/CH users and CCPA signals for California users.
Google Ads privacy policy - Cloudflare — hosts the site via Cloudflare Pages. Cloudflare collects basic request logs (IP address, user agent, response time) for security and performance. These logs are processed under Cloudflare's data processing agreement and are not shared with us beyond aggregate analytics.
Cloudflare privacy policy
Third-party vendors, including Google, use cookies to serve ads based on a user's prior visits to this website or other websites. Google's use of advertising cookies enables it and its partners to serve ads to users based on their visit to this site and/or other sites on the Internet. Users may opt out of personalized advertising by visiting Google Ads Settings. Alternatively, users can opt out of a third-party vendor's use of cookies for personalized advertising by visiting www.aboutads.info.
Named processors and international transfers
The third parties listed below process limited data on our behalf. All US-based processors are certified under the EU-US Data Privacy Framework (DPF), the lawful transfer mechanism since July 2023.
| Processor | Purpose | Legal basis | Retention | Transfer |
|---|---|---|---|---|
| Google LLC (Google AdSense, USA) | Display advertising | Consent (GDPR Art. 6(1)(a)) | Up to 13 months (Google default) | DPF |
| Google LLC (Funding Choices CMP, USA) | Cookie consent management (TCF v2.2) | Legal obligation (ePrivacy) | Session | DPF |
| Google LLC (Google Analytics 4, USA) | Aggregate audience measurement (IP-anonymised) | Consent in EU/EEA/UK; legitimate interest elsewhere | 14 months | DPF |
| Cloudflare, Inc. (USA, EU edge) | Hosting, CDN, security, anonymous request metrics | Legitimate interest (GDPR Art. 6(1)(f)) | Aggregate logs, ≤30 days | DPF + EU DPA |
| Formspree.io (USA) | Footer feedback form submissions (only when you submit) | Consent (GDPR Art. 6(1)(a)) | Per Formspree policy | DPF |
Right to object (GDPR Art. 21): you may object to any processing based on legitimate interest at any time by contacting us via the footer form. Right to withdraw consent (GDPR Art. 7(3)): you may withdraw consent at any time via the cookie banner (it reappears when you clear localStorage for this site). Withdrawal does not affect lawfulness of processing prior to withdrawal.
Cookies
OpenImages itself does not set any first-party cookies. The third-party services above may set cookies as described in their policies. You can decline non-essential cookies via the consent banner shown in regulated regions (EEA, UK, California) on first visit.
Local browser storage (localStorage) is used only to remember your theme preference (light/dark). This data never leaves your device and is not shared with any third party.
Your rights (GDPR / CCPA)
Because we do not collect personal data directly, most GDPR and CCPA rights are handled through the third-party services listed above. For Google Ads personalization, you can opt out or adjust preferences:
- Google My Ad Center — manage ad personalization across Google services
- aboutads.info Opt-out — DAA consumer opt-out for targeted advertising
- YourOnlineChoices — European opt-out page for advertising cookies
Contact
OpenImages is an open, privacy-first project maintained by an independent developer. For questions about this policy, use the feedback option in the footer or file an issue on the project.
Changes to this policy
We may update this Privacy Policy to reflect changes in legal requirements or third-party services. The "Last updated" date at the top of this page always reflects the latest revision.