Privacy Policy
SharpWebP ("we", "our", or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our image optimization service at sharpwebp.com (the "Service"). Please read this policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Name - Your display name for account identification.
- Email Address - Used for account authentication, notifications, and communication.
- Password - Stored securely using bcrypt hashing with a cost factor of 12. We never store passwords in plain text.
1.2 Uploaded Images
When you use our image optimization service, you upload images to our servers for processing. We want to be transparent about how these are handled:
- Images are uploaded to temporary server storage for processing only.
- Images are automatically deleted from our servers after processing is complete and the output has been made available for download.
- Temporary files are purged within 2 hours of upload, even if not downloaded.
- We do not retain, archive, or use your images for any purpose beyond the requested conversion.
- We do not use your images for machine learning training, analytics, or any secondary purpose.
1.3 Usage Data
We collect aggregated usage statistics to enforce plan limits and improve the Service:
- Number of images processed per day.
- Total bytes uploaded and output per day.
- Processing history (file names, sizes, quality modes, processing times).
- Compression ratios and quality scores (for service improvement).
1.4 Payment Information
Subscription payments are processed by Razorpay, a PCI-DSS compliant payment gateway. We do not store your credit card numbers, bank account details, or UPI credentials on our servers. We retain only:
- Razorpay customer and subscription identifiers.
- Payment transaction IDs and amounts.
- Subscription status and billing cycle information.
1.5 Automatically Collected Information
When you interact with our Service, we may automatically collect:
- IP Address - For security, rate limiting, and fraud prevention.
- Browser and Device Information - User agent string for session management.
- Session Data - To maintain your authenticated state.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery - To process your images, manage your account, and enforce usage limits per your subscription plan.
- Authentication and Security - To verify your identity, manage sessions, prevent unauthorized access, and detect abuse.
- Billing - To process subscription payments, manage plan upgrades and downgrades, and maintain billing records.
- Communication - To send transactional emails (account verification, password reset, billing receipts) and respond to support requests.
- Service Improvement - To analyze aggregated usage patterns and optimize our processing algorithms.
- Legal Compliance - To comply with applicable laws, regulations, and legal processes.
3. Cookie Usage
SharpWebP uses session cookies for essential functionality:
- Session Cookie - A server-side session identifier used to maintain your authenticated state. This cookie is strictly necessary for the Service to function and does not track you across other websites.
- CSRF Token - A security token stored in your session to prevent cross-site request forgery attacks.
We do not use advertising cookies, tracking pixels, or third-party cookies for behavioral targeting. If we integrate Google Analytics in the future, we will update this policy and provide appropriate disclosure.
4. Third-Party Services
We engage the following third-party services:
Razorpay (Payment Processing)
Razorpay processes all subscription payments. Your payment data is handled according to Razorpay's privacy policy and PCI-DSS standards. Visit razorpay.com/privacy for details.
Google Analytics (Planned)
We may integrate Google Analytics to understand site traffic and usage patterns. If implemented, we will use IP anonymization and refrain from collecting personally identifiable information through analytics. This policy will be updated accordingly.
We do not sell, rent, or share your personal information with any third parties for marketing purposes.
5. Data Retention
- Uploaded Images - Deleted automatically after processing, within a maximum of 2 hours of upload.
- Account Data - Retained for as long as your account is active. Upon account deletion, all personal data is removed within 30 days.
- Processing History - Retained for as long as your account is active to provide you with usage analytics.
- Payment Records - Retained for a minimum of 8 years as required by Indian tax regulations (Income Tax Act, 1961).
- Session Data - Automatically expired and purged after 24 hours of inactivity.
- Server Logs - Retained for 7 days for debugging and security monitoring.
6. Data Security
We implement industry-standard security measures to protect your information:
- Encryption in Transit - All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS).
- Password Hashing - Passwords are hashed using bcrypt with a cost factor of 12, making brute-force attacks computationally infeasible.
- CSRF Protection - All forms are protected against cross-site request forgery using cryptographic tokens.
- Rate Limiting - Login attempts and API requests are rate-limited to prevent brute-force and denial-of-service attacks.
- Input Validation - All user inputs are validated and sanitized to prevent injection attacks.
- Secure File Handling - Uploaded files are validated for type, size, and content before processing, and stored in non-executable directories.
7. Your Rights
You have the following rights regarding your personal data:
- Access - You can view all personal information associated with your account through your dashboard settings.
- Correction - You can update your name, email, and password through your account settings.
- Deletion - You can request complete deletion of your account and all associated data by contacting us at privacy@sharpwebp.com.
- Data Export - You can request a copy of your personal data in a machine-readable format.
- Objection - You can object to specific processing activities by contacting us.
- Withdrawal of Consent - Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
8. GDPR Compliance (European Union Users)
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):
- Legal Basis for Processing - We process your data on the basis of: (a) contractual necessity (to provide the Service), (b) legitimate interest (security and service improvement), and (c) consent (where explicitly provided).
- Data Portability - You may request your data in a structured, commonly used, machine-readable format.
- Right to Erasure - You may request that we delete your personal data, subject to legal retention requirements.
- Supervisory Authority - You have the right to lodge a complaint with your local data protection supervisory authority.
- International Transfers - Your data may be processed on servers located in India. By using the Service, you consent to the transfer of your data to India, where data protection laws may differ from those in your jurisdiction.
9. Indian IT Act 2000 Compliance
In compliance with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011:
- We implement reasonable security practices and procedures commensurate with the sensitivity of the information we handle.
- Sensitive personal data (passwords, payment information) is protected using encryption and secure hashing algorithms.
- We collect only the information necessary for providing the Service and do not collect sensitive personal data beyond what is required.
- We provide a mechanism for users to review, correct, and withdraw their information.
- In the event of a data breach affecting your personal information, we will notify you and the relevant authorities as required by law.
10. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Notify registered users via email for significant changes.
- Provide a summary of changes on this page.
Your continued use of the Service after any changes constitutes your acceptance of the updated policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@sharpwebp.com
Contact Form: sharpwebp.com/pages/contact.php
Grievance Officer: For complaints under the Indian IT Act, please email privacy@sharpwebp.com with "Grievance" in the subject line. We will acknowledge your complaint within 48 hours and resolve it within 30 days.