Privacy
Riducly processes most image compression locally in your browser, but the service also uses a backend for account, security and support features. Replace the placeholders below with your final controller and contact details before publishing this policy.
Controller and scope
This policy applies to Riducly and should be completed with the final identity of the data controller before production use.
- Controller: [INSERT LEGAL ENTITY / INDIVIDUAL NAME]
- Registered address: [INSERT REGISTERED ADDRESS]
- Privacy contact: [INSERT PRIVACY EMAIL]
- DPO or representative, if required: [INSERT DETAILS OR REMOVE THIS LINE]
Data we process
The exact data depends on how you use the service. Anonymous visitors mainly use a local, browser-based compressor, while account features require server-side processing.
- Compression inputs and outputs normally stay on your device during the standard in-browser flow.
- Account data may include name, email address, password hash, profile image, plan, login timestamps, ban status and related security records.
- Transactional email flows may process your email address, verification tokens and password-reset tokens.
- Support and product-quality data may include feedback ratings, optional comments, locale, app version and, when signed in, your internal user ID.
- Security and abuse-prevention data may include IP-derived rate-limit keys and technical request metadata.
Purposes and legal bases
You should validate the final legal bases with your legal advisor, but the current implementation is structured around the following purposes.
- Provide the service requested by the user, including account access, email verification, password reset and account deletion.
- Protect the service and users through authentication, session management, rate limiting and anti-abuse controls.
- Store interface and privacy preferences in the browser so the app remembers your choices.
- Maintain service quality through operational feedback voluntarily submitted by users.
- Comply with legal obligations and respond to lawful requests where applicable.
Recipients and processors
Riducly is designed to minimize third-party exposure. At the moment, the codebase supports the following categories of recipients or infrastructure providers.
- Hosting and server infrastructure providers used to run the application and database.
- SMTP/email delivery providers used for verification and password-reset messages.
- Google, only if Google sign-in is enabled by configuration.
- Stripe, only if premium billing is enabled in the future.
Retention and user rights
Retention periods should be finalized before production. Until then, use this policy as an implementation-ready draft and replace the placeholders below with final retention and rights-handling details.
- Local browser preferences remain on the device until the user clears them or changes them.
- Account and related operational records remain in the database until the account is deleted or the retention period expires.
- Feedback, rate-limit and security records should be retained only for the period strictly necessary to operate and protect the service.
- You should provide a clear process for access, rectification, erasure, restriction, objection and portability requests at [INSERT PRIVACY EMAIL].