Privacy & data handling

How ImageTrace handles your photos

ImageTrace is built for photographers who care about where their work goes, so we are deliberate about what happens to the images you upload. Everything below is how the product actually works today.

Where your data lives

ImageTrace is hosted in the European Union and operates under the GDPR. Your account data and images are processed and stored on EU-based infrastructure.

What happens to a photo you scan

When you start a scan, your photo is uploaded over an encrypted (HTTPS) connection to our EU servers, where it is processed so we can search the web for copies. For a one-off scan, the uploaded image is deleted as soon as you archive it. If you leave it untouched, we archive it automatically after 7 days of inactivity and delete it then. You keep the list of URLs where it was found, but the file itself is no longer kept. Images you monitor are the exception (see below).

Images you monitor or keep as evidence

If you turn a photo into a recurring monitor, or save a match as evidence for a report, that image is stored encrypted at rest for as long as you keep it, and removed when you delete the monitor or the case. You stay in control of what we retain.

Your rights under the GDPR

You can request access to, export of, or deletion of your personal data at any time. Deleting your account removes your images and personal data, subject to any legal retention we are required to keep (e.g. invoicing records). To exercise any right, email [email protected].

Payments

Payments are handled by a PCI-DSS compliant payment provider. ImageTrace never sees or stores your full card details.

Questions

Anything unclear about how we treat your images or data? Email [email protected]. The full terms are in our Terms & Conditions.