ImageClaim
Sign inStart free trial
Legal

Privacy Policy

This Privacy Policy explains what personal data ImageClaim collects, why we collect it, how we use it, and your rights in relation to it. We are committed to protecting your privacy.

Effective: 1 May 2026Last updated: 1 May 2026
Terms of ServicePrivacy PolicyCookie PolicyAcceptable UseDisclaimer
ImageClaim takes your privacy seriously. We collect only the data necessary to provide the Service. We do not sell your personal data to third parties. Your uploaded images are used solely to perform Scans on your behalf.

1. Data Controller

[COMPANY NAME] ("[COMPANY NUMBER]"), registered at [REGISTERED ADDRESS], is the data controller responsible for your personal data collected through the ImageClaim platform.

For all data protection enquiries, please contact our Data Protection Lead at: privacy@imageclaim.io

UK users: ImageClaim is registered with the Information Commissioner's Office (ICO) under registration number [ICO REGISTRATION NUMBER].

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name;
  • Email address;
  • Password (stored in hashed form using bcrypt — we cannot access your plaintext password);
  • Account creation date and IP address;
  • Profile preferences and settings.

2.2 Uploaded Images and Metadata

When you upload images to the Service, we collect and process:

  • Image files (JPEG, PNG, TIFF, RAW, WebP and other supported formats);
  • Image metadata (EXIF data including creation date, camera model, geolocation if present);
  • File name, size, and upload timestamp;
  • Image fingerprints and perceptual hashes used for matching.

We remove or mask EXIF geolocation data before transmitting images to third-party scan APIs.

2.3 Scan Results and Match Data

We collect and store:

  • URLs and domain names of websites where matches are identified;
  • Screenshot thumbnails of match locations (where technically available);
  • Match confidence scores;
  • Date and time of each Scan;
  • Actions taken on matches (e.g. C&D letter sent, DMCA notice issued).

2.4 Payment Information

Payment processing is handled by Stripe. We do not store your full card number, CVV, or expiry date. We retain:

  • Stripe customer ID and payment method token;
  • Billing address;
  • Payment history (amounts, dates, plan type);
  • Invoice records.

2.5 Usage and Technical Data

We automatically collect certain technical information when you use the Service:

  • IP address and approximate geographic location (country, city);
  • Browser type and version, operating system;
  • Device identifiers;
  • Pages visited, features used, and time spent;
  • Referring URLs;
  • Error logs and performance data.

2.6 Communications

If you contact us by email or through the Service, we retain records of that correspondence, including your email address, the content of your messages, and our responses.

3. How We Use Your Data

We use the data we collect for the following purposes:

Account Management
Creating and maintaining your account; authenticating your identity; sending account-related communications.
Service Delivery
Processing uploaded images; running Scans; delivering Match results to your dashboard; generating template documents.
Billing
Processing Subscription payments; managing Trial Periods; sending invoices and receipts; managing renewals and cancellations.
Trial Reminders
Sending automated reminder emails at day 5 of your Trial Period, and upon upcoming billing events.
Service Improvement
Analysing usage patterns (using anonymised data) to improve the Service; fixing bugs; developing new features.
Security
Detecting and preventing fraud, abuse, and unauthorised access; monitoring for security threats.
Legal Compliance
Complying with applicable laws; responding to legal requests; enforcing our Terms of Service.
Marketing (opt-in)
Sending newsletters and product updates, if you have opted in. You may withdraw consent at any time.

4. Image Processing and Storage

4.1 How Images Are Processed

When you upload an image to the Service, it is securely stored on our cloud infrastructure. During a Scan, the image (or a perceptual hash derived from it) is submitted to one or more third-party visual search APIs (Google Vision API and/or TinEye) to identify potential matches across the internet. We remove or mask personal metadata (including geolocation data) before transmission.

4.2 Storage Location

Your images are stored on cloud servers located in the European Economic Area (EEA) or United Kingdom by default. If you are a US-based user, you may be offered the option of US-based storage. See Section 8 for information on international transfers.

4.3 Image Deletion

You may delete individual images from your account at any time through the Service. Deleted images are removed from active storage within 24 hours and from backup systems within 30 days. Following account deletion, all images are deleted from active storage within 30 days and from all backup systems within 90 days.

4.4 No Training on Your Images

ImageClaim does not use your uploaded images to train machine learning models or AI systems. Your images are processed solely for the purpose of performing Scans on your behalf.

6. Data Sharing

6.1 We Do Not Sell Your Data

ImageClaim does not sell, rent, or trade your personal data to third parties for their marketing or commercial purposes.

6.2 Service Providers

We share your data with trusted third-party service providers acting as data processors on our behalf, including:

  • Cloud infrastructure providers (storage and compute);
  • Payment processors (Stripe);
  • Email delivery services (Resend);
  • Visual search API providers (Google Vision API, TinEye);
  • Analytics providers (see Cookies section).

All service providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

6.3 Legal Requirements

We may disclose your data to law enforcement, regulatory authorities, or courts where required to do so by law, or where necessary to protect the rights, property, or safety of ImageClaim, our users, or the public.

6.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of ImageClaim's business, your data may be transferred to the acquiring entity. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

6.5 Referred Law Firms

If you choose to be referred to a third-party law firm, we will share only the information necessary to facilitate that referral (typically your contact details and a brief summary of your matter) with your explicit consent. Such sharing is governed by the privacy practices of the relevant law firm.

7. Third-Party Services

The following third-party services process your data as part of providing the Service:

Google Vision API
Processes images for web detection and visual matching. Google may retain API request data in accordance with its API Terms of Service. Images submitted to Google Vision API are not used to train Google's models. See: cloud.google.com/terms/privacy
TinEye
Processes images for reverse image search. TinEye indexes images for its reverse image search database. See: tineye.com/privacy
Stripe
Processes payment card data. Stripe is a PCI-DSS Level 1 certified payment processor. See: stripe.com/privacy
Resend
Delivers transactional and marketing emails. Resend processes your email address and email content. See: resend.com/legal/privacy-policy

We encourage you to review the privacy policies of these third-party providers. ImageClaim is not responsible for the data practices of third-party services.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the United Kingdom and European Economic Area, including the United States, where our third-party service providers operate. Where such transfers occur, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or the UK International Data Transfer Agreement (IDTA), as applicable;
  • The EU-US and UK-US Data Privacy Framework (where applicable);
  • Binding Corporate Rules or other approved transfer mechanisms.

You may request a copy of the safeguards applicable to your data by contacting privacy@imageclaim.io.

9. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfil the purposes described in this Policy, or as required by law. Our standard retention periods are:

Account data
Retained for the duration of your account and for 2 years after account deletion (for fraud prevention and legal compliance purposes).
Uploaded images
Retained until you delete them or your account is deleted. Removed from active storage within 30 days of deletion; from backups within 90 days.
Scan results
Retained for the duration of your account and for 12 months after account deletion.
Payment records
Retained for 7 years from the date of the transaction for tax and accounting compliance.
Email correspondence
Retained for up to 3 years from the date of last correspondence.
Legal records
Retained for the period required by applicable law, which may exceed the periods above.

10. Your Rights Under GDPR and UK GDPR

If you are located in the United Kingdom or European Union, you have the following rights in relation to your personal data:

  • Right of Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your personal data, subject to certain exceptions (e.g. where we are required by law to retain it).
  • Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
  • Right to Object: You have the right to object to processing of your personal data based on our legitimate interests, including for direct marketing purposes.
  • Rights in Relation to Automated Decision-Making: You have the right not to be subject to a decision made solely on the basis of automated processing, including profiling, where that decision produces legal or similarly significant effects on you.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at privacy@imageclaim.io. We will respond to your request within thirty (30) days. We may ask you to verify your identity before fulfilling a request.

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the relevant supervisory authority:

  • UK: Information Commissioner's Office (ICO) — ico.org.uk
  • EU: Your national data protection authority (see edpb.europa.eu/about-edpb/about-edpb/members_en for a list).

11. Your Rights Under the CCPA (California Residents)

This section applies to residents of the State of California under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

California residents have the following rights regarding their personal information:

  • Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, our business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of personal information we have collected about you, subject to certain exceptions.
  • Right to Correct: You have the right to request correction of inaccurate personal information.
  • Right to Opt Out of Sale or Sharing: ImageClaim does not sell or share personal information for cross-context behavioural advertising. We will update this Policy if our practices change.
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to that which is necessary to provide the Service.
  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights.

To exercise any CCPA rights, contact us at privacy@imageclaim.io or by post at [REGISTERED ADDRESS]. We will verify your identity before processing your request. We do not currently facilitate requests via an authorised agent but may do so in future.

For CCPA purposes, we have collected the following categories of personal information in the twelve months prior to the effective date of this Policy: identifiers (name, email, IP address); commercial information (payment and transaction records); internet activity information (usage data); visual information (uploaded photographs).

12. Cookies

We use cookies and similar tracking technologies. For detailed information about our use of cookies, the types of cookies we use, and how to manage them, please see our Cookie Policy.

In summary, we use:

  • Strictly necessary cookies — required for the Service to function (authentication, session management). Cannot be disabled.
  • Functional cookies — remember your preferences and settings.
  • Analytics cookies — help us understand how the Service is used (with your consent).
  • Marketing cookies — used for targeted advertising (with your consent, where applicable).

13. Data Security

ImageClaim implements industry-standard technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit using TLS 1.2 or higher;
  • Encryption of sensitive data at rest using AES-256;
  • Hashed and salted password storage (bcrypt);
  • Payment Card Industry Data Security Standard (PCI-DSS) compliance via Stripe;
  • Role-based access controls limiting employee access to personal data;
  • Regular security audits and penetration testing;
  • Incident response procedures and breach notification processes.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with applicable law (within 72 hours for GDPR/UK GDPR purposes where required).

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

14. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe that your child has provided personal data to us, please contact us at privacy@imageclaim.io and we will delete such information promptly.

15. Contact and Data Requests

For all privacy-related enquiries, subject access requests, and data deletion requests:

Data Controller
[COMPANY NAME]
Address
[REGISTERED ADDRESS]
Email
privacy@imageclaim.io
Response time
We aim to respond to all requests within 30 days. Complex requests may take up to 3 months.

This Privacy Policy may be updated from time to time. We will notify you of material changes by email and by posting a notice within the Service. The effective date at the top of this Policy reflects the date of the most recent update.