GDPR · CCPA · 1-hour upload retention · Italian D.Lgs. 196/2003.

Privacy Policy

Last updated: May 2026 · Data Controller: Giovanni Picaro, Operator (Italy)

This Privacy Policy describes how iloveimg.online (iloveimg.online) collects, uses, and protects personal data. Read alongside Data Handling, which covers the image-upload data flow specifically. Applicable frameworks: EU GDPR; Italian D.Lgs. 196/2003 as amended; UK GDPR / Data Protection Act 2018; CCPA / CPRA; COPPA for any minor users.

1. Data controller

Giovanni Picaro is the data controller. Contact: privacy [at] iloveimg [punto] online.

2. What data is collected

Image uploads

Files uploaded for conversion. Per Data Handling:

  • Files transmitted via HTTPS / TLS.
  • Processed in memory or scratch directories on the conversion server.
  • Auto-deleted within one hour — sooner upon successful download.
  • Not analysed for content, not viewed by humans, not used to train AI.
  • Not retained beyond the conversion window.

Automatically collected via Site visit

  • Server access logs: IP, browser user agent, requested URL, referrer, timestamp, HTTP response code. Retained 30 days.
  • Cookies and similar technologies: see Cookie Policy.
  • Approximate geolocation derived from IP (country/region level).

Voluntarily provided

  • Email correspondence with the operator at the four public addresses (info / dmca / privacy / abuse).

Not collected

  • Real names, postal addresses, phone numbers, dates of birth, government IDs.
  • Sensitive-category data under GDPR Art. 9 (uploaded image content is processed transiently for conversion only; not retained or analysed).
  • Account data — the Site does not currently require or offer user accounts.

3. Legal bases for processing (GDPR Art. 6)

  • Contract / pre-contract (Art. 6(1)(b)) for performing the requested conversion service.
  • Consent (Art. 6(1)(a)) for advertising cookies.
  • Legitimate interests (Art. 6(1)(f)) for security logging, strictly-necessary cookies, fraud prevention.
  • Legal obligation (Art. 6(1)(c)) for retention required by applicable law (e.g., DMCA logs, abuse-investigation correspondence).

4. Service providers

  • Hosting: Hosting.com (current hosting infrastructure).
  • CDN / DDoS protection / TLS: Cloudflare.
  • Advertising: Google AdSense (ACTIVE; pub-8857722445444177).
  • Analytics where deployed, configured for IP-anonymization.
  • Email: mailbox hosting through the hosting provider.
  • Consent management: Funding Choices CMP (Google's CMP) for AdSense GDPR consent.

Each service provider operates under its own privacy framework. Cross-border transfers governed by Standard Contractual Clauses (SCCs) where applicable.

5. AdSense data flow

With AdSense active on the Site:

  • AdSense places cookies on the user's browser per Cookie Policy.
  • AdSense receives the page URL, user agent, IP, and (with consent) cookie identifiers for ad selection.
  • AdSense's data handling is governed by Google's policies, not ours.
  • For EU users, consent for personalised advertising is obtained via Funding Choices CMP before personalised cookies are set.
  • Non-consent users see non-personalised ads (still served by AdSense).
  • AdSense category exclusions block gambling, adult, scam-product, predatory financial, malware-adjacent advertisers.

6. Cookies

Categories: strictly necessary (Site function), advertising (AdSense, with consent), analytics (where deployed, with consent). Detailed inventory on Cookie Policy.

7. User rights

Under GDPR (Italian / EU users)

  • Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17), Restriction (Art. 18), Portability (Art. 20), Objection (Art. 21), Withdraw consent (Art. 7(3)).
  • Lodge a complaint with a supervisory authority — in Italy, Garante (gpdp.it).

Note: most "personal data" we hold is incidental (server logs, cookie identifiers, correspondence). Image content is auto-deleted within an hour and not associated with personally-identifying data — rights requests for image content are essentially not actionable because we don't retain it.

Under CCPA / CPRA (California residents)

  • Right to know, delete, correct, opt out of sale and sharing, limit sensitive PI, non-discrimination.
  • Site honours Global Privacy Control (GPC) signal where transmitted.
  • Site does not "sell" personal information for monetary consideration.

8. How to exercise rights

Email privacy [at] iloveimg [punto] online. Response within 30 days under GDPR Art. 12(3).

9. Data retention

  • Image uploads & converted output: ≤ 1 hour (auto-deleted).
  • Server access logs: 30 days.
  • Email correspondence: 24-36 months for general; longer for legal / DMCA matters.
  • Advertising cookies: per their declared expiry (see Cookie Policy).
  • Aggregate analytics (conversion-pair counts): retained without personal-data linkage.

10. Children

Site primary audience is adults using image-conversion utilities. Minor use is incidental; same privacy framework applies. The Site does not knowingly collect personal information from users under 13 (US COPPA) or under 16 (EU GDPR Art. 8 conservative threshold). Parental concerns: privacy [at] iloveimg [punto] online.

11. Security

Reasonable technical and organisational measures: HTTPS / TLS sitewide; input file scanning for known-malicious patterns; CSRF protection; access controls on backend; periodic security review of conversion-library dependencies; backup procedures (excluding the temporary file directory).

12. Cross-border data transfers

Service providers may operate globally. Cloudflare, Google AdSense, hosting infrastructure may process data across multiple regions. SCCs apply where data leaves the EEA/UK/Italy.

13. Updates

Material changes are reflected in updates with an updated "Last updated" date. Material changes affecting consent or rights will be communicated through Site notice.

Related pages: Data Handling · Cookie Policy · Terms of Service · Contact Us · About Us

Application offline!

Your experience on this site will improve by allowing cookies