Back to home

Privacy Policy

Last updated: January 2026

1. Data Controller

The data controller for your personal data is:

5249 s. r. o.
IČO: 54227305
DIČ: 2121604199
IČ DPH: SK2121604199
Blumentálska 7881/23
811 07 Bratislava, Slovakia
Email: privacy@isquish.dev

2. Data We Collect

Account Information

  • Email address (for account creation and communication)
  • Password (hashed, never stored in plain text)
  • Subscription tier and payment status

Usage Data

  • Number of images compressed
  • Bytes saved through compression
  • API usage statistics

Payment Data

  • Stripe customer ID (we do NOT store credit card numbers)
  • Payment history via Stripe

Images

Important: Images uploaded for compression are processed in memory and immediately deleted after processing. We do NOT permanently store your images unless you explicitly use our CDN feature, in which case images are stored temporarily according to your subscription tier (24 hours to unlimited).

3. How We Use Your Data

  • To provide and maintain our service
  • To process payments and manage subscriptions
  • To send service-related communications
  • To enforce our terms of service
  • To improve our service

4. Legal Basis for Processing (GDPR)

  • Contract: Processing necessary for the service you requested
  • Legitimate Interest: Service improvement and security
  • Legal Obligation: Tax and accounting requirements
  • Consent: Marketing communications (if you opt-in)

5. Data Sharing

We share data only with:

  • Stripe: Payment processing
  • Supabase: Database hosting (EU region)
  • Vercel: Website hosting
  • Railway: API hosting

We do NOT sell your personal data to third parties.

6. Data Retention

  • Account data: Until you delete your account
  • Usage statistics: 12 months
  • CDN images: According to your tier (24h to unlimited)
  • Payment records: As required by law (typically 7 years)

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to certain types of processing
  • Restriction: Request limitation of processing

To exercise these rights, contact us at privacy@isquish.dev

8. Cookies

We use minimal cookies:

  • Authentication token: To keep you logged in (essential)
  • Preferences: To remember your settings (essential)

We do NOT use tracking or advertising cookies.

9. Security

We protect your data with:

  • HTTPS encryption for all connections
  • Hashed passwords (bcrypt)
  • Secure API key generation and storage
  • Regular security updates

10. International Transfers

Your data may be processed in the EU and US (via our hosting providers). All transfers comply with GDPR requirements using appropriate safeguards.

11. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this policy occasionally. We will notify you of significant changes via email or a notice on our website.

13. Contact & Complaints

For privacy questions or to exercise your rights:
Email: privacy@isquish.dev

You also have the right to lodge a complaint with your local data protection authority. In Slovakia, this is the Office for Personal Data Protection (Úrad na ochranu osobných údajov).