Privacy
Riducly processes standard image compression locally in your browser and uses a backend for account, security and support features. Server-side compression is used only when that optional feature is enabled and selected. Last updated: 11 July 2026.
Controller and scope
This policy applies to the Riducly web application and its account services.
- Controller: [NOT CONFIGURED]
- Registered address: [NOT CONFIGURED]
- Privacy contact: [NOT CONFIGURED]
Data we process
The exact data depends on how you use the service. Anonymous visitors mainly use a local, browser-based compressor, while account features require server-side processing.
- Compression inputs and outputs normally stay on your device during the standard in-browser flow.
- When server compression is enabled and selected, the image is uploaded for transient processing and the service returns the compressed output without intentionally persisting the file.
- Account data may include name, email address, password hash, profile image, plan, login timestamps, ban status and related security records.
- Transactional email flows may process your email address, verification tokens and password-reset tokens.
- Support and product-quality data may include feedback ratings, optional comments, locale, app version and, when signed in, your internal user ID.
- Security and abuse-prevention data includes HMAC-pseudonymized rate-limit keys and limited technical request metadata; raw IP addresses, emails and user IDs are not stored in rate-limit keys.
Purposes and legal bases
The service processes data to perform requested services, protect the platform, remember local choices and meet applicable obligations.
- Provide the service requested by the user, including account access, email verification, password reset and account deletion.
- Protect the service and users through authentication, session management, rate limiting and anti-abuse controls.
- Store interface and privacy preferences in the browser so the app remembers your choices.
- Maintain service quality through operational feedback voluntarily submitted by users.
- Comply with legal obligations and respond to lawful requests where applicable.
Recipients and processors
Riducly is designed to minimize third-party exposure. At the moment, the codebase supports the following categories of recipients or infrastructure providers.
- Hosting and server infrastructure providers used to run the application and database.
- SMTP/email delivery providers used for verification and password-reset messages.
- Google, only if Google sign-in is enabled by configuration.
- Stripe, only if premium billing is enabled in the future.
Retention and user rights
The application applies the following technical retention limits; statutory records held by payment or infrastructure providers may follow their own legal obligations.
- Local browser preferences remain on the device until the user clears them or changes them.
- Account records remain until the account is deleted; account deletion removes associated usage, identified feedback, authentication accounts and tokens.
- Verification and password-reset tokens expire within 24 hours; pending email changes expire after 24 hours. Expired session and rate-limit records are removed by a daily cleanup job.
- A daily cleanup deletes feedback older than 365 days and monthly usage records older than 24 months by default, with equal or shorter configurable thresholds.
- Requests for access, rectification, erasure, restriction, objection or portability can be sent to [NOT CONFIGURED].