Last updated: 05.10.2018
ShortPixel belongs to ID SCOUT SRL
, here collectively called the "Company". The Company respects your privacy rights and recognizes the importance of protecting the Personal Information (as defined below) provided by you to us.
General Data Protection Regulation (GDPR)
The GDPR law
is the European law that regulates the privacy rights of users from the European Economic Area (EEA)
. Our Declaration of Conformity can be found here
GDPR’s main principle is that users own their personal data, and the companies have the obligation to make the right steps to facilitate the users’ rights:
- to know what personal data companies collect, how they store this info and for how long
- to know if the personal data is shared with third parties
- to get the personal data (data portability)
- to delete the personal data
- to correct the personal data
Terms used in this document: We, users, third parties.
- ShortPixel is the provider of the service, referred sometimes as we.
- By users we understand all the users of our tools and service, and also, the visitors of our site that compresses images through our online image compressor.
- Visitors are those who browse the web pages of ShortPixel. The logged in visitors are users of our service because they previously signed-up for a ShortPixel account.
- Customers are the users that purchased paid plans.
- Third parties are other companies and the services they provide us.
1. What personal data we collect and how we collect it
From the users of our WordPress plugin and from those who use our API tools
, we directly collect the following data: IPs, emails (from the users that sign-up for our service using the WP plugin), user’s API key, number of images and PDF files, names of images and PDF files, WordPress CMS version, PHP version, optimization details (date, file size, size improvement percent).
We use a feature called Beacons
for helping the users of our ShortPixel plugin for WordPress
. This feature is made by HelpScout
, a third party service we use for customer support. Through this feature we gather the following personal data: IPs, API key, WordPress CMS version. The feature delivers help articles and a contact us form.
We also added the Beacon feature to our site (ShortPixel.com and sub-domains). It collects: page visits, IP, browser, consulted help articles. This info helps us understand the issues of our users.
From the unlogged visitors of our site http://shortpixel.com
, we collect the following data: IPs, location, browser type, visited pages.
When the visitors of our site sign-up
for a ShortPixel account, we collect their emails and store the new generated API keys.
When images are optimized via our online compressor
, we store them for two hours, together with the optimization details. After that, we delete the images, but we keep the info for 40 days.
We also keep the personal data used in the financial transactions. The invoice details as payment email, amount of money, name of the customer, company, and payment system, are not completely under the GDPR law, but due to the fiscal policy we need to store them for 10 years. Our customers cannot ask us to delete the payment details as we don’t have the right to do so.
2. What we do with the collected personal data
In order to help our customers we need to use their personal data:
- Personal data needed for user identification: the email address used for registration, the API key, IP.
- Personal data needed for debugging reasons: the domain from where the images are, optimization parameters (file name and size, the time of the optimization).
- Personal data needed to communicate with the clients that need assistance: their email addresses.
Running the service
For the proper running of our image optimization service we keep: IPs, country of origin, API key, Browser, number of images and PDF files, the names of the images and PDF files, the URLs of the images and PDF files, URIs (domains), PHP version. We need this info to connect our servers to our clients’ servers, where the images needing compression are hosted. The info is also needed for maintenance and for building appropriate tools for our clients.
We send newsletters to our users about deals and promotions. Our marketing campaigns could promote other services as well, if we believe that they are compatible with our service, and that they could be useful for our users. We try to keep these types of messages at a maximum of two emails per user/ each month.
3. How long do we keep your personal data?
The details of the files processed by our service (names, URLs, optimization parameters, file size, processing date) are stored for 40 days. Each user can access these records from their ShortPixel account, and they can also download a spreadsheet document called an optimization report.
IPs, email addresses, API keys, and usage data are stored indefinitely. Users have the right to ask us to delete their private data, even if this could mean the termination of the service we provide them due to technical reasons.
4. What do we share, with whom, and under what conditions?
Our users’ data is shared with third parties that help us run the service. Please check below a list of the services that have full or partial access to our users’ data, and their privacy and data policies.
We will tell our users if we intend to share their info with other third parties.
We don’t sell personal data.
5. Important rights of our users regarding the personal data
: You own your data. Please contact us if you want to receive the information we store about you and about your history with our service.
Personal data deletion and account removal
: Users that want their personal data to be deleted can send a request at help at shortpixel.com
, specifying if they want the deletion of all their personal information or just a partial removal. Furthermore, the users can request that their data won’t be handed over or used in some of the ways mentioned in this document. The deletion of personal information can lead to the termination of the service we provide due to technical reasons.
Please contact us
if you wish to have your personal data removed or if you wish to terminate your account.
Personal data errors
: You have the right to correct your personal data. Use our contact form
or write us at help at shortpixel.com
if you want to correct your data.
The right to fill a complaint
: For us, your personal data is important, and we try to take all the necessary steps to protect your personal data and to respect your rights. You have the right to fill a complaint at the National Authority for the Supervision of Personal Data Processing (Romanian: Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal), also known as ANSPDCP
6. Third parties that have access to your personal data
Help Scout - helpscout.net
This is a customer and ticketing service. It helps us manage and track the complaints of our clients. Help Scout has access to the following personal data: IPs, API key, WordPress CMS version. The feature delivers help articles and a contact us form.
The Help Scout company declared its compliance with GDPR, the EU law regarding the personal data protection. Read more about this here:
Help Scout promises to securely store the personal data needed for running their service and they will not use the personal data for other purposes.
Quriobot - Quriobot.com
Quribot built and maintains a chatbot tool that we are using to offer customer support to our users. Via this tool we collect the following personal data from our users: Email address, Name, API key, website URL.
Please read here about Quriobot efforts to be GDPR complaint here.
HotJar - hotjar.com
We are using these Hotjar's features: heatmaps, feedback pools, and surveys. They are helping us to better understand how visitors interact with our sites (shortpixel.com and shortpixel.ai), and also to improve our service and documentation. The data we collect from Hotjar: IP, duration of the visit, website activity, feedback from the users. We don't collect email addresses or names using Hotjar.
Hotjar completed several steps to be GDPR complaint:
Please read here about HotJar efforts to be GDPR complaint here.
StackPath - Stackpath.com
StackPack offers CDN, WAF, DNS and Monitoring services. We are using StackPack as a component of our image Content Delivery Network service. The details we collect and keep are the processed images and their URLs. The images are stored for 30 days and they are deleted afterwards.
StackPack is GDPR compliant, and its GDPR document can be found here.
SendGrid - sendgrid.com
SendGrid is a customer communication platform for transactional and marketing emails. We use this service for our transactional and marketing campaigns. SendGrid has access to our users’ email addresses, and it’s taking all the necessary steps to comply with the General Data Protection Regulation.
SendGrid is documenting their process towards the GDPR compliance in this document. We strongly recommend you read it:
Zoho - zoho.com
Zoho is an email service provider. Our business emails associated with shortpixel.com are stored and sent using this service. Zoho can access all the personal data our users share with us via email communication.
What Zoho does in order to comply with the GDPR law is documented here:
Hetzner - hezner.de
Hetzner is the hosting company from where we rent our servers. Basically, these servers are our service’s engines. They run the image optimization algorithms, compressing the images of our users.
Hetzner is a German company and it offers a detailed documentation regarding the compliance with the General Data Protection Regulation:
PayPal - paypal.com
PayPal is an electronic payment service. We don’t keep any Credit Card data, and we don’t have access to the PayPal accounts of our users.
As we mentioned above, we keep the payment details as we are obligated by the fiscal law.
Paddle - paddle.com
Our card order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our card orders. Paddle provides all customer service inquiries and handles returns
Learn more about Paddle and GDPR here
As previously mentioned, we are required to keep the financial records of all our transactions.
Wordpress - wordpress.org
WordPress.org is the foundation that manages the WordPress content management system, WordPress themes, WordPress plugins. WordPress is used by many of our users to develop and run websites. Our WordPress plugin is a piece of software that connects the sites built with WordPress to our servers, where we optimize the images of our users.
WordPress aggregates data about the active plugin installs and about the total number of downloads.
WordPress.org is developing a tool to help plugin creators (like us) to comply with the GDPR law. This tool is not ready as we speak. We will implement it as soon as it becomes available to the general public.
Here you can read more about WordPress’ efforts to align with GDPR guidelines:
WebHostFace.com LLC - webhostface.com
WebHostFace is a hosting company. We use their service for hosting our blog (blog.shortpixel.com).
WebHostFace can only access the following types of personal data of our blog’s visitors: IPs, time and duration of visit, location, browser and Operating System, pages visited.
The personal data of the users of our service are not disclosed to WebHostFace.
Disqus - disqus.com
Disqus is a blogging comment hosting service. The visitors of our blog (http://blog.shortpixel.com
) can comment on our articles using the Disqus platform. Here is the Discus’s position on GDPR:
Google Analytics - analytics.google.com
We use the Google Analytics service to obtain statistics about our site’s visitor number, origin and behaviour. We took the necessary steps to ensure that the information we gather through Google Analytics is anonymized and that we cannot identify a particular visitor.
We use Wistia
Wistia - GDPR compliance document:
We are sure that Wistia and Youtube don’t access the information pertinent to your relation with ShortPixel, like registered user email, API key, payment details, number and names of the optimized images.
Promotions, Contests and Sweepstakes
If you wish to subscribe to the Company's newsletter(s), we will use your name and e-mail address to send the newsletters to you.
Other Information Collected
Some information may be collected automatically every time you visit the Company's web sites, such as cookies and computer information. In addition, information may be collected from other independent, third-party sources. We also collect information about which pages you visit within this site. This site visitation data is identified only by a unique URL.
The Company uses both session ID cookies and persistent cookies as part of its interaction with your browser. A cookie is an alphanumeric identifier (a file) that the Company's web sites transfer to your computer's hard drive through a web browser to enable its systems to recognize your browser for record-keeping purposes. A session ID cookie expires when you close your browser, while a persistent cookie remains on your hard drive for an extended period of time.
We use session ID cookies to make it easier for you to navigate our web sites. We use persistent cookies to identify and track which sections of its web site you most often visit. We also use persistent cookies in areas of its web site where you must register, and where you are able to customize the information you see, so that you don't have to enter your preferences more than once.
The Company uses Google Analytics, an ad tracking technology that is provided by Google. For more information about Google Analytics, please visit https://www.google.com/analytics/
As it is true of most web sites, the Company gathers certain information automatically and stores it in log files. This information includes internet protocol (IP) addresses, browser type, internet services provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. The Company uses this information to analyze trends, to screen for fraud, to administer the Company's sites, to track users' movements around the web sites and to gather demographic information about the Company's user base as a whole.
Clear Gifs (Web Beacons/Web Bugs)
The Company employs a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that helps it better manage content on its web sites by informing the Company what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users. In contrast to cookies, which are stored on a user's computer hard drive, clear gifs are embedded invisibly on web pages and are about the size of the period at the end of this sentence.
Information from Third Party Sources
To improve services and enhance personalization, the Company may periodically obtain information about you from other independent third party sources and add it to our account information.
For example, when you visit a site on which the Company advertises, and click through such advertisement, the Company may place cookies on your computer.
Use of Information
Verification, Billing, and Order Status
The Company collects Personal Information to verify the accuracy of your name, billing address, shipping address, credit card number, and credit card expiration date provided, to screen for fraud, to bill you for the products and services purchased and to pay you for the products and services sold. The Company uses your e-mail address(es) to contact you regarding the status of your order when necessary and to send you a Receipt Purchase/Sale Confirmation and Order Shipping Notification.
Special Offers and Updates
The Company collects information about which sections of its web site you visit most often, so that it can send you our newsletter and the information about the offers, promotions, contests, and sweepstakes which may interest you.
Accordingly, the Company will occasionally send you information on products, services, special deals, promotions and sweepstakes.
The Company may, but is not obligated, to send you strictly service-related announcements on rare occasions, when it is necessary to do so. For example, if our service is temporarily suspended for maintenance, we might send you an e-mail. Generally, you may not opt-out of these communications since they are not promotional in nature. If you do not wish to receive them, you may have the option to deactivate your account.
We also collect information for research purposes and to provide anonymous reporting for internal and external clients. The Company uses the information collected for its own internal marketing and demographic studies, to improve customer service and product offerings.
We will communicate with you in response to your inquiries, to provide the products and services you request, and to manage your account. We will communicate with you by e-mail, live chat or telephone, in accordance with your wishes.
The Company stores information that it collects through cookies, log files, and third party sources, to create a profile of your preferences, in order to improve the content of the Company's web site for you.
Information Sharing and Disclosure
The Company does not sell or rent any of the information collected to third parties for any purposes, but it shares information with third parties as described below.
The Company discloses the information collected to external service providers, necessary to facilitate the following outsourced operations: address verification, credit card processing, fraud screening and order shipping.
Compliance with Legal Authorities
As required by law, and to enforce customers' or the Company's legal rights, and to comply with local, state, federal and international law, the Company may disclose information to law enforcement agencies.
Choice and Opt-Out
If you no longer wish to receive the Company's promotional communications, you may "opt-out" of receiving them by following the instructions included in each communication.
Links to Other Web Sites
Storage and Security of Personal Information
The Company stores the information it collects on computers located in a controlled, secure facility, protected from physical or electronic unauthorized access, use, or disclosure.
The Company protects the privacy and integrity of the information it collects by employing appropriate administrative protocols, technical safeguards, and physical security controls, designed to limit access, detect and prevent the unauthorized access, improper disclosure, alteration, or destruction of the information under its control. The Company transmits the information used by its external service providers for the specific outsourced operations listed above, across public and private networks via recognized encryption technologies, such as by using Secure Sockets Layer (SSL) software, which encrypts the information you input.
Although the Company follows the procedures set forth above to protect the Personal Information submitted to the Company, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Thus, while the Company strives to use commercially acceptable means to protect your Personal Information, the Company cannot guarantee its absolute security.
If you have any questions about the Company's security on its web sites, please feel free to contact us using the contact page on the site.
The Company has a ZERO TOLERANCE policy for Internet fraud or any attempt to access or acquire customer or other information on its web sites via illegal or surreptitious means. The Company works with local, national, and international fraud investigation agencies and employs a variety of electronic and other means to discourage, detect, and intercept fraudulent activities. The Company aggressively prosecutes, to the fullest extent of the law, those perpetrators apprehended conducting fraudulent activities on its web site.
The Agencies with which the Company cooperates are: state and local police authorities, the United States Federal Bureau of Investigation, US and International Customs Agencies, and Interpol.
Personal Information collected by the Company may be stored and processed in the United States or any other country in which the Company or its affiliates, subsidiaries or agents maintain facilities, and by using the Company's web sites, you consent to any such transfer of Personal Information outside of your country.
The Company's sites are not intended for or directed to persons under the age of 16. The Company does not buy or sell products or services from or to children. Any person who provides their information to the Company through the Company's web sites attests that they are 16 years of age or older.
Changes to this Statement
You may contact the Company by using the contact
form on the site.