Privacy

We collect the absolute minimum necessary to operate the service:

• Anonymous usage metrics — Google Analytics collects anonymised, aggregated data such as page views, session duration, and geographic region. This data cannot identify you individually.
• Standard server logs — Our hosting provider (Cloudflare Pages) automatically records IP addresses, browser types, and requested URLs for security and operational purposes. Log retention follows Cloudflare's standard policy (typically 30 days).
• Theme preference — Your dark/light theme choice is saved to your browser's localStorage under the key "pixelzip-theme". This data never leaves your device.

PixelZip is architecturally incapable of collecting your images. There is no upload endpoint. The following data is never collected:

• Image files or their contents
• Thumbnails or previews of your images
• File names or metadata (EXIF, GPS coordinates, camera model)
• Personal identifiers such as name, email, or account details
• Browsing history outside of pixelzip.app
• Financial or payment information

When you compress an image with PixelZip, the entire pipeline runs inside your own browser:

1. File read — your browser reads the image from disk into memory.
2. In-memory encryption — the raw bytes are encrypted with AES-GCM 256-bit using an ephemeral, non-exportable key via the Web Crypto API. The key never leaves the JavaScript call stack.
3. Decryption & compression — bytes are decrypted immediately and passed to the WebAssembly compression engine (mozjpeg, oxipng, or libwebp compiled to WASM).
4. Result delivered — the compressed image is made available as a local blob URL for download. It is automatically revoked from memory after 10 minutes, or immediately when you upload a new image or leave the page.

At no point is any image data transmitted over the network. You can verify this by opening your browser's Network tab in DevTools and observing zero image-related network requests during compression.

PixelZip uses Google Analytics to understand how the product is used. Analytics data is anonymous and aggregated — it contains no image content and cannot identify you personally.

Google Analytics sets cookies to distinguish unique visitors. These cookies are governed by Google's Privacy Policy.

You can opt out of Google Analytics tracking at any time using the Google Analytics Opt-out Browser Add-on, or by enabling "Do Not Track" in your browser settings.

Google AdSense may serve ads on PixelZip. AdSense uses cookies to serve personalised ads based on your browsing history. You can manage ad personalisation at adssettings.google.com.

If you are located in the European Economic Area (EEA), the UK, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access — You may request a copy of any personal data we hold about you.
• Right to rectification — You may request that inaccurate personal data be corrected.
• Right to erasure — You may request deletion of your personal data (the "right to be forgotten"). Since we hold no image data, this primarily applies to analytics identifiers.
• Right to restriction of processing — You may request that we limit how we process your personal data.
• Right to data portability — You may request a machine-readable copy of personal data you have provided.
• Right to object — You may object to processing of your personal data based on legitimate interests or for direct marketing.
• Right to withdraw consent — Where processing is based on consent (e.g. analytics cookies), you may withdraw consent at any time.

To exercise any of these rights, please contact us using the email address in Section 6. We will respond within 30 days.

For privacy-related questions, data requests, or GDPR enquiries, please contact:

You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been infringed.