Privacy Policy

Last updated: September 9, 2025

1. Introduction

namethispic (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SEO image renaming service at www.namethispic.com (the “Service”).

We comply with the General Data Protection Regulation (GDPR) for users in the European Economic Area, the California Consumer Privacy Act (CCPA/CPRA) for California residents, and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and password when you create an account
  • OAuth Information: Profile information from Google or GitHub if you sign in using OAuth
  • Payment Information: Processed securely through Stripe (we do not store credit card details)
  • Processing Preferences: Keywords and language preferences for image processing

Privacy-First Design

Images you upload are processed in real-time memory only. We do NOT store your images on our servers. Once you download your renamed image or leave the page, no copy of your image remains in our system.

2.2 Information Automatically Collected

  • Usage Data: Pages visited, features used, upload frequency
  • Device Information: Browser type, operating system, screen resolution
  • IP Address: For security, rate limiting, and geographic location (country level)
  • Cookies: Session cookies for authentication and preferences

2.3 Real-Time Processing Data

During your active session, we temporarily process:

  • Image analysis results from AI models (processed in-memory, not stored)
  • Generated SEO-optimized filenames (available only during your session)
  • Processing metadata (discarded after download)

Note: This data exists only in temporary memory during processing and is not written to any database or permanent storage.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Provide and maintain our Service
  • Process your images in real-time and generate SEO-optimized filenames
  • Provide immediate download of renamed images without storage
  • Manage your account and authenticate your identity
  • Process payments and manage subscriptions
  • Send service-related notifications and updates
  • Respond to your requests and provide customer support
  • Monitor and analyze usage patterns to improve our Service
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

Important: Your images are used solely for real-time processing to generate optimized filenames. They are not used for training AI models, marketing, or any other purpose.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your personal data based on:

  • Contract Performance: To provide the Service you requested
  • Legitimate Interests: To improve our Service, ensure security, and prevent fraud
  • Consent: For marketing communications (which you can opt-out of at any time)
  • Legal Obligations: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information in the following situations:

5.1 Service Providers

  • OpenRouter/AI Providers: For real-time image analysis (images are processed in-memory, never stored by us or AI providers)
  • Stripe: For payment processing (no image data shared)
  • PostgreSQL/Supabase: For account and subscription data only (no image storage)
  • Vercel: For hosting and content delivery (no image storage)

Privacy Note: Your images are sent to AI providers for analysis but are immediately processed and discarded. Neither we nor the AI providers retain copies of your images.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.

6. Data Retention

Minimal Data Retention Policy: We follow a privacy-first approach. Images are NEVER stored on our servers - they are processed in-memory and immediately discarded.

We retain only essential data:

  • Account Information: Until account deletion plus 30 days for recovery
  • Images: Never stored - processed in-memory only
  • Processing Results: Available only during your active session
  • Usage Statistics: Aggregated monthly counts only (no image data)
  • Security Logs: 30 days for security monitoring (no image content)
  • Transaction Records: Basic records (date, amount, invoice) for accounting purposes - typically 3 years
  • Demo Usage: IP-based counters reset every 24 hours

This means once you close your browser or navigate away, no trace of your images remains in our system.

7. Your Rights

7.1 GDPR Rights (European Users)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit processing of your data
  • Objection: Object to certain types of processing
  • Withdraw Consent: Withdraw consent at any time

7.2 CCPA Rights (California Residents)

  • Know: Request information about data collection and use
  • Delete: Request deletion of personal information
  • Opt-Out: Opt-out of the sale of personal information (we do not sell data)
  • Correct: Request correction of inaccurate information
  • Limit Use: Limit use of sensitive personal information
  • Non-Discrimination: Not be discriminated against for exercising your rights

To exercise these rights, please contact us at cameron@namethispic.com or through your account settings.

8. Data Security

Privacy-by-Design Security: Our stateless architecture means your images never touch our databases or file systems. This eliminates entire categories of security risks like data breaches or unauthorized access to stored images.

We implement comprehensive security measures:

  • Stateless Processing: Images processed in-memory only, eliminating storage vulnerabilities
  • Encryption: All data encrypted in transit (HTTPS/TLS)
  • Authentication: Secure authentication with bcrypt password hashing
  • Input Validation: Rigorous file validation and malware scanning before processing
  • Rate Limiting: Protection against abuse and DDoS attacks
  • Access Controls: Strict authentication for all user operations
  • Security Monitoring: Real-time threat detection and logging
  • Minimal Data: We can't lose what we don't store

While we strive to protect your information, no method of transmission over the Internet is 100% secure. However, our no-storage approach significantly reduces privacy risks.

9. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Your explicit consent where required

11. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for authentication and core functionality
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand how users interact with our Service

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

12. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date. For significant changes, we will provide additional notice via email or through the Service.

14. Contact Information

For questions about this Privacy Policy or to exercise your rights, please contact us:

  • Email: cameron@namethispic.com
  • Website: www.namethispic.com

EU Representative

For GDPR matters, EU residents may contact our EU representative at: eu-rep@namethispic.com

Supervisory Authority

EU residents have the right to lodge a complaint with their local supervisory authority if they believe their rights under GDPR have been violated.

15. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). This section supplements our Privacy Policy with information required by the CCPA/CPRA.

Categories of Personal Information Collected

In the past 12 months, we have collected the following categories:

  • Identifiers (name, email, IP address)
  • Internet activity (usage data, interactions with Service)
  • Visual information (uploaded images)
  • Commercial information (subscription history)
  • Inferences (user preferences based on usage)

Sale of Personal Information

We do not sell, rent, or share your personal information for monetary or other valuable consideration as defined under the CCPA.

Shine the Light Law

California Civil Code Section 1798.83 permits users who are California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for direct marketing.