PRIVACY POLICY

Last Updated: 10/28/2025

Smart Png Ltd ("we", "us", or "our") operates the Smart Png website (https://www.smartpng.com/) (the "Service"). This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR), EU General Data Protection Regulation (EU GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and other applicable data protection laws.

1. Information We Collect

1.1 Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). This may include:

• Email address
• Name
• Payment information (processed by Stripe)
• IP address
• Usage data and analytics
• Information submitted through contact forms
• Device identifiers
• Browser information

1.2 User Content

We collect content you upload or create using our Service, including images and associated metadata.

1.3 Automatically Collected Information

We automatically collect certain information when you visit our Service, including:

• Device information (type, operating system, unique device identifiers)
• Browser type and version
• Pages visited and time spent
• Referring website addresses
• Click data and interaction information
• Log data (IP address, access times, pages viewed)

1.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies. See Section 14 for detailed information.

2. Legal Basis for Processing

For EEA/UK Users:
We process your personal data under the following legal bases:

• Contract: Processing necessary for the performance of our contract with you
• Legitimate Interests: Processing necessary for our legitimate business interests
• Consent: Where you have given explicit consent for specific processing activities
• Legal Obligation: Processing necessary to comply with legal obligations

For US Users:
We process your data with your consent and as necessary to provide our services to you.

3. How We Use Your Information

We use collected information for:

• Providing, maintaining, and improving our Service
• Processing transactions and managing subscriptions
• Personalizing user experience
• Sending administrative and promotional communications (with consent where required)
• Internal marketing within Smart Png only
• Security monitoring and fraud prevention
• Responding to your inquiries and support requests
• Analyzing usage patterns and trends
• Complying with legal obligations
• Enforcing our Terms and Conditions

4. Data Retention

4.1 User Content

• Content uploaded by registered users is retained for 30 days for service improvement purposes, then permanently deleted
• Content older than 30 days may be anonymized and retained for service improvement
• Anonymous uploads may be stripped of personal identifiers and retained indefinitely
• Upon user request, all content can be deleted or anonymized

4.2 System Logs

We maintain system logs on Azure and Supabase platforms for security and performance purposes. These logs, which may contain IP addresses and other personal data, are retained for one year and then permanently deleted.

4.3 Account Information

Account information is retained for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements.

5. Third-Party Services

We use the following third-party services that may collect and process your data:

• Google Analytics: For analyzing user behavior (EU-US DPF certified)
• Google Ads: For advertising and marketing (EU-US DPF certified)
• Google reCAPTCHA: For preventing spam and abuse (EU-US DPF certified)
• Stripe: For payment processing (EU-US and UK-US DPF certified)
• Cloudflare: For content delivery and security (EU-US and UK-US DPF certified)
• Microsoft Azure: For hosting website and content (servers in the US, EU-US and UK-US DPF certified)
• Supabase: For logging and data storage, for user authentication and management (servers in the US)
• Tally Forms: For contact form submissions (GDPR compliant)
• Mailgun: For transactional and marketing email delivery (servers located in EU, GDPR compliant))

Please review the privacy policies of these services to understand their data practices.

6. International Data Transfers

We continuously evaluate and may adjust our infrastructure to better serve our users and comply with evolving data protection regulations. This may include utilizing data centers in different geographic regions. Any such changes will maintain or enhance our current data protection standards.

6.1 Transfer to the United States

Your personal data is processed and stored on secure servers operated by our service providers. While our primary infrastructure is located in the United States, we may also utilize servers within the European Economic Area to optimize performance and comply with data protection requirements. Regardless of storage location, we maintain consistent security standards and data protection measures across all our infrastructure.

6.2 Safeguards for International Transfers

We implement appropriate safeguards for international data transfers:

For EEA Users:

• EU-US Data Privacy Framework (DPF) certified providers where applicable
• EU Standard Contractual Clauses (SCCs) with appropriate supplementary measures
• Transfer Impact Assessments (TIA) conducted for all transfers

For UK Users:

• UK-US Data Privacy Framework certified providers where applicable
• UK International Data Transfer Agreement (UK IDTA) or UK SCCs
• Transfer Risk Assessments conducted

6.3 Your Rights Regarding International Transfers

You have the right to:

• Request information about safeguards in place
• Lodge a complaint with your supervisory authority
• Request copies of data transfer agreements (with confidential information redacted)

7. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only:

• With service providers under appropriate data protection agreements
• To comply with legal obligations or valid legal processes
• To protect our rights, property, or safety
• With your explicit consent
• In connection with a merger, sale, or acquisition of all or a portion of our company

We will not share user content with external companies for their marketing purposes.

8. Your Privacy Rights

8.1 Rights for EEA/UK Users (GDPR)

• Right of Access
• Right to Rectification
• Right to Erasure ("Right to be Forgotten")
• Right to Restrict Processing
• Right to Data Portability
• Right to Object
• Right to Withdraw Consent
• Right not to be subject to automated decision-making

8.2 How to Exercise Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond within the timeframe required by applicable law (within 30 days for GDPR).

9. Do Not Track Signals

Our Service does not respond to Do Not Track (DNT) signals. However, some third-party services we use may honor DNT signals.

10. Marketing Communications

10.1 Opt-In/Opt-Out

• EU/UK users: We will only send marketing communications with your explicit consent
• US users: You may opt-out of marketing communications at any time
• All users can unsubscribe using the link in marketing emails or by contacting us

10.2 Transactional Communications

We may send you service-related emails regardless of your marketing preferences (e.g., account verification, payment confirmations, service updates).

11. Data Security

We implement appropriate technical and organizational measures including:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security assessments and penetration testing
• Access controls and multi-factor authentication
• Employee training on data protection
• Incident response procedures

However, no method of transmission over the Internet is 100% secure.

12. Sub-processors

13. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

14. Cookie Policy

14.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function
• Analytics Cookies: Help us understand how users interact with our Service
• Marketing Cookies: Used to track visitors across websites for advertising
• Preference Cookies: Remember your settings and preferences

14.2 Cookie Management

• EU/UK users will be presented with a cookie consent banner
• You can manage cookies through your browser settings
• Disabling certain cookies may limit Service functionality

14.3 Third-Party Cookies

Third-party services may set their own cookies. We do not control these cookies.

15. Additional Disclosures

You have the right to lodge a complaint with your local supervisory authority.

16. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending email notification for material changes
• Obtaining consent where required by law

17. Data Protection Contacts

Data Protection Representative:
Email: [email protected]
EU Representative: [If required, appoint an EU representative]

Supervisory Authorities:

• UK: Information Commissioner's Office (https://ico.org.uk/)
• EU: Your local data protection authority

18. Accessibility

This Privacy Policy is available in alternative formats upon request. Contact us at [email protected].

19. Contact Us

Smart Png Ltd
71-75 Shelton Street
Covent Garden, London
United Kingdom, WC2H 9JQ

Email: [email protected]
For privacy-specific inquiries: [email protected]
For DMCA notices: [email protected]