← Back to the app
Privacy Policy
Effective date: March 22, 2026
1. Data Controller
Image To Grid is operated by Ariel Eijo, an individual based in Spain.
Contact: contact@imagetogrid.com
2. What we process
- Images you upload: processed to generate the requested color-coded grid output.
- Technical data: IP address, timestamps, user agent, and request metadata for security and rate limiting.
- Rate-limit and abuse-prevention counters: your IP address is stored in our database alongside a request count and expiry timestamp to enforce per-IP upload limits and detect abuse. These records are automatically deleted when the window expires (between 15 minutes and 30 days depending on the counter).
- Country derived from IP address: when you download or print a grid, your approximate country is resolved from your IP address using a local GeoIP database (no third-party lookup is performed). The raw IP is not stored; only the derived country code is retained as part of the aggregated usage record.
- Usage events (aggregated): downloads/prints, palette size, grid size, grid format, timing and file-size metrics, and the derived country. Retained up to 365 days.
- Human-verification cookies: to distinguish human users from bots, the Service sets two first-party cookies when human verification is enabled:
ipx_browser (a randomly generated browser identifier, retained for 180 days) and ipx_human (a short-lived pass issued after a successful challenge, valid for 24 hours). Both cookies are HMAC-signed and contain no personal information beyond the identifier. They are used solely for abuse prevention and are not used for tracking or advertising.
- Analytics cookies (if enabled): used for traffic measurement.
3. How we use information
- Provide the Service (process images and return results).
- Protect the Service (rate limiting, abuse prevention, security monitoring).
- Measure performance and feature usage to improve reliability and usability.
4. Legal basis (GDPR)
- Contract: to process your image and deliver the output.
- Legitimate interest: to secure and maintain the Service.
- Consent: for non-essential analytics cookies where required.
5. Storage and retention
- Uploaded images: processed in memory and not permanently stored.
- Security logs: retained up to 365 days.
- Aggregated usage data: retained up to 365 days.
6. Third-party processors
We do not sell your personal information.
- Cloudflare Turnstile — when a human-verification challenge is presented, your IP address and certain browser signals are sent to Cloudflare to verify you are human. Cloudflare acts as a data processor under its own privacy policy: cloudflare.com/privacypolicy. No challenge is issued to first-time or infrequent users.
- Google Analytics — if enabled, analytics data (page views, device/browser information, approximate location, interactions) may be shared with Google. Where required by law, analytics cookies are enabled only after consent. Google may process data outside the European Economic Area under appropriate safeguards.
7. Security
Reasonable technical measures are applied to protect the Service.
However, no method of transmission or storage is 100% secure.
8. Your rights
Depending on your location, you may have rights to access, correct, delete, or restrict processing
of your personal data. To exercise your rights, contact:
contact@imagetogrid.com
9. Changes
This Privacy Policy may be updated from time to time.
The effective date above indicates the latest revision.
© 2026 Image To Grid