Privacy Policy
Last updated: 28 May 2026
Short version
- Your image files never leave your browser. We have no way to see, store, or transmit them.
- We use Google Analytics to count visits and measure which tools get used. No personal information is sent to Google, no image data is sent.
- If you buy MiniPx Pro, Paddle handles your payment. They see your name, email, and country (for VAT/tax). We see only that a payment occurred.
- We do not sell, share, or use your data for advertising. Ever.
1. Who we are
MiniPx (minipx.com) is operated by Gaurav Bhowmick, an individual sole proprietor based in India. For any privacy question, write to contact@minipx.com.
2. Your image files
This is the most important thing in the document. Your image files never leave your browser. When you drop an image into MiniPx, it is read, processed, and re-encoded entirely by JavaScript running on your device. The compressed output appears in your browser memory and is downloaded directly to your computer. At no point is the image data transmitted to our servers, to Netlify, to Google, to Paddle, or to anyone else.
You can verify this yourself: open browser DevTools, switch to the Network tab, drop in an image, watch the compression run. No image data is transmitted. The source code for the compression engine is published on GitHub for further inspection.
3. What we do collect: anonymous analytics
We use Google Analytics 4 (property ID G-CPKR150KT7) to understand traffic patterns and feature usage. The data sent to Google is anonymous and aggregated. It includes:
- Page views, scroll depth, and time on page (bucketed: 10s / 30s / 60s / 3min / 10min).
- Approximate location at country and city level (derived from IP, which Google anonymizes before logging).
- Coarse device class (mobile / tablet / desktop), viewport size, network connection class (4G / wifi when the browser exposes it), and your top language preference.
- Traffic source attribution: the referring website’s hostname only (never the full URL or query string), plus any UTM campaign parameters present in the link you clicked.
- First-touch attribution: the first time we ever saw your device, we record the original referrer and UTM in your browser’s localStorage. We send this back with later events so we can answer questions like "where did this user originally come from?" without re-identifying you.
- A random per-tab session ID (regenerated whenever you open a new tab) so events from the same browsing session can be grouped. Not linked to any identity.
- Outbound link clicks: domain only (e.g. "github.com"), never the full destination URL.
- Compression-related event metadata: file extension, input and output sizes in KB, compression ratio, format chosen, mode used. We do not send filenames or file contents.
- Interactive tool events: slider changes, toggle changes, preset selections, Pro upgrade prompts, errors classified into safe categories. None include file content or personal data.
- Pro feature interaction (visible to us only as anonymous counts): which Pro features are explored (panel expanded), which controls are touched (watermark anchor, opacity, scale, codec settings, responsive sizes, multi-format selections, saved presets, platform presets, rename templates), which Pro tier prompts you see, and which upgrade nudges convert to a /pricing/ visit.
- Pro funnel telemetry: pricing-page views, plan-card impressions, plan-CTA clicks, Paddle checkout open/close/complete/error (no card data ever seen by us — Paddle handles that), activation success/error, and a composite "Pro engagement score" (0–10) per session summarising how deep into the upgrade funnel a session reached.
- Account-page churn signals (Pro users only): manage-subscription / cancel-subscription / upgrade-to-annual / device-removal clicks. We use these to measure where Pro users get stuck or churn. We never see your billing email, card, or any Paddle PII through these events.
We use this data to understand which tools are popular, which need work, where users get stuck, and which traffic sources convert. We never tie this data to a person or attempt to re-identify visitors. Google’s own privacy policy and your control over Google’s tracking apply: see policies.google.com/privacy and Google’s opt-out browser add-on.
4. What we do collect: payments (Pro only)
If you purchase MiniPx Pro, the payment is processed by Paddle.com Market Ltd. Paddle is the merchant of record. They collect what is necessary to complete the transaction and handle tax compliance:
- Your name and billing email.
- Your billing country (for VAT, GST, or sales tax).
- Card details (which Paddle never shares with us).
- Your purchase amount and the product purchased.
Paddle stores this data under their own privacy policy: paddle.com/legal/privacy. From Paddle we receive only a webhook notification that the purchase occurred, with your customer ID hashed before we log it. We do not store your name, email, or card information on our servers.
Your Pro license itself (the Paddle transaction or subscription ID) is stored in your browser's localStorage on the device where you activated it. You can clear it at any time from the account page.
5. Cookies and local storage
We use a small number of cookies and localStorage / sessionStorage items, all first-party (set by your browser, scoped to minipx.com only):
- Google Analytics cookies (_ga, _gid, _ga_…) for traffic analysis.
- localStorage "minipx_pro_license" — your Pro license (transaction/subscription ID, plan, expiry, last validation timestamp). Only set if you purchase Pro.
- localStorage "minipx_saved_presets" — your saved tool settings if you use the Pro Saved Presets feature. Plain JSON, sits only on your device.
- localStorage "minipx_theme" — your dark/light mode preference.
- localStorage "minipx_device_fp" — a random UUID used to bind your Pro license to this device (anti-piracy). Not used for analytics or tracking. Created on every visit, Pro or not.
- localStorage "minipx_first_touch" — your first-ever traffic source (referrer, UTM campaign, landing page, timestamp). Used to answer "where did this user originally come from?" in our analytics, without ever identifying you personally.
- sessionStorage "minipx_session" — a random per-tab session ID + last-touch attribution. Cleared when you close the tab.
- sessionStorage "minipx_pro_score" / "minipx_pro_score_meta" / "minipx_pro_score_emitted" — composite Pro engagement score (0–10) and metadata for this tab session only. Lets us emit one summary event per session rather than dozens of individual events. Cleared when you close the tab.
- sessionStorage "minipx_session_start_fired" / "minipx_pro_first_use_pending" — one-shot flags that gate "fire only once per session" events. No identifying information.
No advertising cookies. No cross-site tracking pixels. No session replay tools. No fingerprinting.
6. Server logs
The site is hosted on Netlify. Netlify keeps standard server logs of HTTP requests (IP address, user agent, requested path, response code, timestamp) for security and abuse prevention. These logs are not sold or shared and are rotated regularly. See netlify.com/privacy for their data handling.
7. Your rights under GDPR and the India DPDP Act
You have the right to:
- Know what data we hold about you (in practice: very little, see above).
- Request a copy of your data.
- Ask us to correct or delete your data.
- Withdraw any consent for analytics (we will respect Global Privacy Control / Do Not Track signals where supported).
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, email contact@minipx.com. For Pro purchases, you can also exercise these rights through Paddle directly.
8. International transfers
Google Analytics processes data in the United States. Paddle processes payment data in the United Kingdom, the United States, and the European Union. Netlify hosts the site from a global CDN. All three are covered by standard contractual clauses or equivalent transfer mechanisms.
9. Children
MiniPx is a general-purpose utility, not a service targeted at children. We do not knowingly collect data from anyone under 13 (or under 16 in the EU). If you believe a child has provided us with data, write to contact@minipx.com and we will delete it.
10. Changes to this policy
We update this policy when our practices change. When we do, we update the "Last updated" date at the top. For material changes, we will surface a site-wide notice for two weeks.
11. Contact
For any privacy question, write to contact@minipx.com. We aim to respond within 7 days.