ImageWA

GDPR Compliance Statement

Last updated: October 5, 2025

For European Economic Area (EEA) Users:ImageWA is committed to complying with the General Data Protection Regulation (GDPR). This page outlines how we protect your data and the rights you have.

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a European Union law that came into effect on May 25, 2018, designed to protect the personal data and privacy of EU residents. GDPR gives individuals greater control over how their personal data is used.

Even if ImageWA may not operate within the EU, we still respect GDPR principles and provide strong data protection for all users (not just EU residents).

2. Data Controllers and Processors

2.1 Data Controller

ImageWA is the data controller of your personal data. This means we decide how and why your personal data is processed.

ImageWA - Image Web App

Data Protection Officer (DPO): dpo@imagewa.com

Privacy Inquiries: privacy@imagewa.com

Website: www.imagewa.com

2.2 Data Processors

We use third-party service providers to help us operate our services. These providers process your data on our behalf:

  • Vercel: Website hosting and infrastructure
  • Neon: Database services
  • Stripe: Payment processing
  • Google Analytics: Website analytics
  • Google AdSense: Advertising (free users only)

All data processors have signed Data Processing Agreements (DPA) ensuring they comply with GDPR standards.

3. Legal Basis for Processing

Under GDPR, we can only process your personal data under one of the following legal bases:

3.1 Consent

You have explicitly consented to us processing your personal data for a specific purpose.

Examples: Receiving marketing emails, using non-essential cookies

3.2 Contract Performance

Processing is necessary for the performance of a contract with you.

Examples: Processing your images, managing your account, processing payments

3.3 Legal Obligation

Processing is necessary to comply with a legal obligation we are subject to.

Examples: Tax records, responding to legal requests

3.4 Legitimate Interests

Processing is necessary for our or a third party's legitimate interests, unless your interests or fundamental rights and freedoms override those interests.

Examples: Fraud prevention, improving services, cybersecurity

4. Your GDPR Rights

Under GDPR, you have the following rights:

Right of Access (Article 15)

You have the right to know whether we are processing your personal data and obtain a copy of that data.

Right to Rectification (Article 16)

You have the right to correct inaccurate personal data and complete incomplete data.

Right to Erasure / "Right to be Forgotten" (Article 17)

In certain circumstances, you have the right to request that we delete your personal data.

Right to Restriction of Processing (Article 18)

You have the right to request that we restrict processing of your personal data.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object (Article 21)

You have the right to object to data processing based on legitimate interests or direct marketing.

Rights Related to Automated Decision-Making and Profiling (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling.

5. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

  • Email: privacy@imagewa.com
  • Subject Line: Include "GDPR Data Request"
  • Include: Your name, account email, and specific request

We will respond to your request within 30 days. If an extension is needed, we will notify you of the reason.

6. Data Protection Measures

We have implemented technical and organizational measures to protect your data:

  • Encryption in transit (TLS/SSL) and at rest
  • Regular security audits and vulnerability assessments
  • Access controls and principle of least privilege
  • Employee data protection training
  • Incident response plan
  • Regular data backups

7. Data Breach Notification

In the event of a data breach, we will:

  • Notify the relevant regulatory authority within 72 hours of discovery
  • Notify affected individuals if the breach is likely to result in high risk
  • Document details of the breach, impact, and remedial measures taken

8. International Data Transfers

Your data may be transferred to countries outside the European Economic Area (EEA). We ensure:

  • Use of Standard Contractual Clauses (SCC) approved by the EU Commission
  • Only work with service providers in countries with appropriate data protection safeguards
  • Regularly review compliance of international transfers

9. Complaints to Regulatory Authority

You have the right to lodge a complaint with a data protection regulatory authority. If you are in the EU, you can contact your country's regulator:

Find your country's data protection authority:
List of European Data Protection Board Members

10. Contact Us

If you have any questions about our GDPR compliance, please contact:

ImageWA - Image Web App

Data Protection Officer: dpo@imagewa.com

Privacy Inquiries: privacy@imagewa.com

Website: www.imagewa.com