Privacy Policy

Last updated: 06.11.2019

ShortPixel belongs to ID SCOUT SRL, here collectively called the "Company". The Company respects your privacy rights and recognizes the importance of protecting the Personal Information (as defined below) provided by you to us. This Privacy Policy describes how the Company collects, stores, and uses the Personal Information you provide to us through the Company's web sites and through telephone or e-mail communications you may have with us. This Privacy Policy also describes the choices available to you regarding the Company's use of the Personal Information you provide to us, and the actions you can take to access this information and request the correction or deletion of such personal information.


By using the Company's web sites, you acknowledge that you have read this Privacy Policy and that you consent to the practices described herein with respect to the Company's collection, use and disclosure of the Personal Information provided by you to us. This is the Company's entire and exclusive Privacy Policy and it supersedes any earlier version. We reserve the right to change this Privacy Policy in accordance with the terms herein at any time, which is why we encourage you to visit this page often, review this Privacy Policy frequently, and remain informed about any changes to it.
If, after review, you still have questions about any portion of this Privacy Policy, please contact the Company using the contact information provided at the bottom of this Privacy Policy.


General Data Protection Regulation (GDPR)

The GDPR law is the European law that regulates the privacy rights of users from the European Economic Area (EEA). Our Declaration of Conformity can be found here.

GDPR’s main principle is that users own their personal data, and the companies have the obligation to make the right steps to facilitate the users’ rights:
  • to know what personal data companies collect, how they store this info and for how long
  • to know if the personal data is shared with third parties
  • to get the personal data (data portability)
  • to delete the personal data
  • to correct the personal data

Terms used in this document: We, users, third parties.

  • ShortPixel is the provider of the service, referred sometimes as we.
  • By users we understand all the users of our tools and service, and also, the visitors of our site that compresses images through our online image compressor.
  • Visitors are those who browse the web pages of ShortPixel. The logged in visitors are users of our service because they previously signed-up for a ShortPixel account.
  • Customers are the users that purchased paid plans.
  • Third parties are other companies and the services they provide us.

1. What personal data we collect and how we collect it

From the users of our WordPress plugin and from those who use our API tools, we directly collect the following data: IPs, emails (from the users that sign-up for our service using the WP plugin), user’s API key, number of images and PDF files, names of images and PDF files, WordPress CMS version, PHP version, optimization details (date, file size, size improvement percent).

We use a feature called Beacons for helping the users of our ShortPixel plugin for WordPress. This feature is made by HelpScout, a third party service we use for customer support. Through this feature we gather the following personal data: IPs, API key, WordPress CMS version. The feature delivers help articles and a contact us form.

We also added the Beacon feature to our site ( and sub-domains). It collects: page visits, IP, browser, consulted help articles. This info helps us understand the issues of our users.

From the unlogged visitors of our site, we collect the following data: IPs, location, browser type, visited pages.

When the visitors of our site sign-up for a ShortPixel account, we collect their emails and store the new generated API keys.

When images are optimized via our online compressor, we store them for two hours, together with the optimization details. After that, we delete the images, but we keep the info for 30 days.

We also keep the personal data used in the financial transactions. The invoice details as payment email, amount of money, name of the customer, company, and payment system, are not completely under the GDPR law, but due to the fiscal policy we need to store them for 10 years. Our customers cannot ask us to delete the payment details as we don’t have the right to do so.

2. What we do with the collected personal data

Customer Support
In order to help our customers we need to use their personal data:
  • Personal data needed for user identification: the email address used for registration, the API key, IP.
  • Personal data needed for debugging reasons: the domain from where the images are, optimization parameters (file name and size, the time of the optimization).
  • Personal data needed to communicate with the clients that need assistance: their email addresses.

Running the service
For the proper running of our image optimization service we keep: IPs, country of origin, API key, Browser, number of images and PDF files, the names of the images and PDF files, the URLs of the images and PDF files, URIs (domains), PHP version. We need this info to connect our servers to our clients’ servers, where the images needing compression are hosted. The info is also needed for maintenance and for building appropriate tools for our clients.

Information campaigns
We send emails to inform our users about new features, service changes (including Terms and Conditions & Privacy Policy updates), interruptions of our service, possible errors or bugs. These messages are an important part of our communication with our users.

Marketing campaigns
We send newsletters to our users about deals and promotions. Our marketing campaigns could promote other services as well, if we believe that they are compatible with our service, and that they could be useful for our users. We try to keep these types of messages at a maximum of two emails per user/ each month.

3. How long do we keep your personal data?

The details of the files processed by our service (names, URLs, optimization parameters, file size, processing date) are stored for 30 days. Each user can access these records from their ShortPixel account, and they can also download a spreadsheet document called an optimization report.

IPs, email addresses, API keys, and usage data are stored indefinitely. Users have the right to ask us to delete their private data, even if this could mean the termination of the service we provide them due to technical reasons.

4. What do we share, with whom, and under what conditions?

Our users’ data is shared with third parties that help us run the service. Please check below a list of the services that have full or partial access to our users’ data, and their privacy and data policies.

We will tell our users if we intend to share their info with other third parties. We don’t sell personal data.

5. Important rights of our users regarding the personal data

Portability: You own your data. Please contact us if you want to receive the information we store about you and about your history with our service.

Personal data deletion and account removal: Users that want their personal data to be deleted can send a request at help at, specifying if they want the deletion of all their personal information or just a partial removal. Furthermore, the users can request that their data won’t be handed over or used in some of the ways mentioned in this document. The deletion of personal information can lead to the termination of the service we provide due to technical reasons.

Please contact us if you wish to have your personal data removed or if you wish to terminate your account.

Personal data errors: You have the right to correct your personal data. Use our contact form or write us at help at if you want to correct your data.

The right to fill a complaint: For us, your personal data is important, and we try to take all the necessary steps to protect your personal data and to respect your rights. You have the right to fill a complaint at the National Authority for the Supervision of Personal Data Processing (Romanian: Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal), also known as ANSPDCP.

6. Third parties that have access to your personal data

The image optimization process is done in the EU/Germany. Our servers are hosted at, which is the hosting company from where we rent them. Hetzner is a German company and it offers a detailed documentation regarding the compliance with the General Data Protection Regulation.

Help Scout -
This is a customer and ticketing service. It helps us manage and track the complaints of our clients. Help Scout has access to the following personal data: IPs, API key, WordPress CMS version. The feature delivers help articles and a contact us form.

The Help Scout company declared its compliance with GDPR, the EU law regarding the personal data protection. Read more about this here:

Help Scout promises to securely store the personal data needed for running their service and they will not use the personal data for other purposes.
We have an international customer service department; the members of the Support Team have access only to the email address of the customer who writes to our support department.

Quriobot -
Quribot built and maintains a chatbot tool that we are using to offer customer support to our users. Via this tool we collect the following personal data from our users: Email address, Name, API key, website URL.
Please read here about Quriobot efforts to be GDPR complaint here.

StackPath -
StackPack offers CDN, WAF, DNS and Monitoring services. We are using StackPack as a component of our image Content Delivery Network service. The details we collect and keep are the processed images and their URLs. The images are stored for 30 days and they are deleted afterwards.
StackPack is GDPR compliant, and its GDPR document can be found here.

SendGrid -
SendGrid is a customer communication platform for transactional and marketing emails. We use this service for our transactional and marketing campaigns. SendGrid has access to our users’ email addresses, and it’s taking all the necessary steps to comply with the General Data Protection Regulation.

SendGrid is documenting their process towards the GDPR compliance in this document. We strongly recommend you read it:

Zoho -
Zoho is an email service provider. Our business emails associated with are stored and sent using this service. Zoho can access all the personal data our users share with us via email communication.

What Zoho does in order to comply with the GDPR law is documented here: LLC -
WebHostFace is a hosting company. We use their service for hosting our blog (

WebHostFace can only access the following types of personal data of our blog’s visitors: IPs, time and duration of visit, location, browser and Operating System, pages visited.

The personal data of the users of our service are not disclosed to WebHostFace.

WebHostFace’s Privacy Policy states “All policies in regards to collecting and storing personal information are in compliance with The General Data Protection Regulation (GDPR) (EU)”

Disqus -
Disqus is a blogging comment hosting service. The visitors of our blog ( can comment on our articles using the Disqus platform. Here is the Discus’s position on GDPR:

Google Analytics -
We use the Google Analytics service to obtain statistics about our site’s visitor number, origin and behaviour. We took the necessary steps to ensure that the information we gather through Google Analytics is anonymized and that we cannot identify a particular visitor.

Other Information Collected

Some information may be collected automatically every time you visit the Company's web sites, such as cookies and computer information. In addition, information may be collected from other independent, third-party sources. We also collect information about which pages you visit within this site. This site visitation data is identified only by a unique URL.


The Company uses both session ID cookies and persistent cookies as part of its interaction with your browser. A cookie is an alphanumeric identifier (a file) that the Company's web sites transfer to your computer's hard drive through a web browser to enable its systems to recognize your browser for record-keeping purposes. A session ID cookie expires when you close your browser, while a persistent cookie remains on your hard drive for an extended period of time.

We use session ID cookies to make it easier for you to navigate our web sites. We use persistent cookies to identify and track which sections of its web site you most often visit. We also use persistent cookies in areas of its web site where you must register, and where you are able to customize the information you see, so that you don't have to enter your preferences more than once.

The Company uses Google Analytics, an ad tracking technology that is provided by Google. For more information about Google Analytics, please visit

By configuring the options in your browser, you may control how cookies are processed by your system. However, if you decline the use of cookies, you may not be able to use certain features on this site and you may be required to reenter the information necessary complete an order during new or interrupted browser sessions.

Some of the Company's business partners (e.g., advertisers) use cookies on the site. We have no access to or control over these cookies (see "Third Party Advertising" and "Third Party Cookies" below). Accordingly, this Privacy Policy covers the use of cookies by the Company only and does not cover the use of cookies by any advertisers.
Name Type Expiration Info
PHPSESSID Mandatory SESSION The PHPSESSID cookie is native to PHP and enables websites to store serialised state data. On the Action website it is used to establish a user session and to pass state data via a temporary cookie, which is commonly referred to as a session cookie. As the PHPSESSID cookie has no timed expiry, it disappears when the client is closed.
ShortPixel Mandatory SESSION Needed for load balancing.
Mandatory 30 days These cookies are needed for our referral system and properly tracking the affiliate earnings. It won't be fair to them to deactivate these cookies (because they won't be recorded and won't get their affiliate money) so we consider them mandatory.
ShortPixelCookieAccept Mandatory 10 years This cookie saves user cookie consent related preferences. If this cookie was not allowed then the cookie consent notice will display again every time the user visits the site again so we consider it mandatory for a painless experience on our site.
SP-OPT User preferences 24 hours User options related to online image optimization.
Anonymous statistics 2 years
1 minute
2h hours
More details: Google Analytics Cookie Usage on Websites
_hjid Anonymous statistics 1 year HotJar's user ID. From time to time activate HotJar in order to check how our users interact with specific parts of our website and based on these findings we improve the site. More details about HotJar's cookies here: Hotjar Cookies

Log Files

As it is true of most web sites, the Company gathers certain information automatically and stores it in log files. This information includes internet protocol (IP) addresses, browser type, internet services provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. The Company uses this information to analyze trends, to screen for fraud, to administer the Company's sites, to track users' movements around the web sites and to gather demographic information about the Company's user base as a whole.

Clear Gifs (Web Beacons/Web Bugs)

The Company employs a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that helps it better manage content on its web sites by informing the Company what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users. In contrast to cookies, which are stored on a user's computer hard drive, clear gifs are embedded invisibly on web pages and are about the size of the period at the end of this sentence. The Company uses clear gifs in its HTML-based e-mails to inform itself of which e-mails have been opened by you. This allows the Company to gauge the effectiveness of certain communications and the effectiveness of the Company's marketing campaigns. If you would like to opt-out of these e-mails, please see the "Choice and Opt-Out" section of this Privacy Policy.

Information from Third Party Sources
To improve services and enhance personalization, the Company may periodically obtain information about you from other independent third party sources and add it to our account information. For example, when you visit a site on which the Company advertises, and click through such advertisement, the Company may place cookies on your computer.

Use of Information

Verification, Billing, and Order Status

The Company collects Personal Information to verify the accuracy of your name, billing address, shipping address, credit card number, and credit card expiration date provided, to screen for fraud, to bill you for the products and services purchased and to pay you for the products and services sold. The Company uses your e-mail address(es) to contact you regarding the status of your order when necessary and to send you a Receipt Purchase/Sale Confirmation and Order Shipping Notification.

Special Offers and Updates

The Company collects information about which sections of its web site you visit most often, so that it can send you our newsletter and the information about the offers, promotions, contests, and sweepstakes which may interest you.

Accordingly, the Company will occasionally send you information on products, services, special deals, promotions and sweepstakes.

Service-related Announcements

The Company may, but is not obligated, to send you strictly service-related announcements on rare occasions, when it is necessary to do so. For example, if our service is temporarily suspended for maintenance, we might send you an e-mail. Generally, you may not opt-out of these communications since they are not promotional in nature. If you do not wish to receive them, you may have the option to deactivate your account.


We also collect information for research purposes and to provide anonymous reporting for internal and external clients. The Company uses the information collected for its own internal marketing and demographic studies, to improve customer service and product offerings.

Customer Service

We will communicate with you in response to your inquiries, to provide the products and services you request, and to manage your account. We will communicate with you by e-mail, live chat or telephone, in accordance with your wishes.


The Company stores information that it collects through cookies, log files, and third party sources, to create a profile of your preferences, in order to improve the content of the Company's web site for you.

Information Sharing and Disclosure

The Company does not sell or rent any of the information collected to third parties for any purposes, but it shares information with third parties as described below.

Service Providers

The Company discloses the information collected to external service providers, necessary to facilitate the following outsourced operations: address verification, credit card processing, fraud screening and order shipping.

Compliance with Legal Authorities

As required by law, and to enforce customers' or the Company's legal rights, and to comply with local, state, federal and international law, the Company may disclose information to law enforcement agencies.

Choice and Opt-Out

If you no longer wish to receive the Company's promotional communications, you may "opt-out" of receiving them by following the instructions included in each communication.

Links to Other Web Sites

There are several places throughout the Company's web sites that may link you to other web sites that do not operate under this Privacy Policy. When you click through these web sites, this Privacy Policy no longer applies. The Company recommends that you examine the privacy statements for all third party web sites, to understand their procedures for collecting, using, and disclosing your Personal Information.

Storage and Security of Personal Information

The Company stores the information it collects on computers located in a controlled, secure facility, protected from physical or electronic unauthorized access, use, or disclosure.


The Company protects the privacy and integrity of the information it collects by employing appropriate administrative protocols, technical safeguards, and physical security controls, designed to limit access, detect and prevent the unauthorized access, improper disclosure, alteration, or destruction of the information under its control. The Company transmits the information used by its external service providers for the specific outsourced operations listed above, across public and private networks via recognized encryption technologies, such as by using Secure Sockets Layer (SSL) software, which encrypts the information you input.

Although the Company follows the procedures set forth above to protect the Personal Information submitted to the Company, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Thus, while the Company strives to use commercially acceptable means to protect your Personal Information, the Company cannot guarantee its absolute security.

If you have any questions about the Company's security on its web sites, please feel free to contact us using the contact page on the site.

Internet Fraud

The Company has a ZERO TOLERANCE policy for Internet fraud or any attempt to access or acquire customer or other information on its web sites via illegal or surreptitious means. The Company works with local, national, and international fraud investigation agencies and employs a variety of electronic and other means to discourage, detect, and intercept fraudulent activities. The Company aggressively prosecutes, to the fullest extent of the law, those perpetrators apprehended conducting fraudulent activities on its web site.

The Agencies with which the Company cooperates are: state and local police authorities, the United States Federal Bureau of Investigation, US and International Customs Agencies, and Interpol.

International Transfer

Personal Information collected by the Company may be stored and processed in the United States or any other country in which the Company or its affiliates, subsidiaries or agents maintain facilities, and by using the Company's web sites, you consent to any such transfer of Personal Information outside of your country.


The Company's sites are not intended for or directed to persons under the age of 16. The Company does not buy or sell products or services from or to children. Any person who provides their information to the Company through the Company's web sites attests that they are 16 years of age or older.

Changes to this Statement

The Company will, from time-to-time, update this Privacy Policy, each time revising the last updated date at the top of the Privacy Policy and indicate the nature of the revisions within the statement. The Company will notify customers of material changes to this statement by e-mail or by placing prominent notice on its web site.

Contact Information

You may contact the Company by using the contact form on the site.