Fixitfy
Home

Privacy Policy

What we collect, why, who sees it, and how to delete it. Written in English, not legalese.

Last updated: May 9, 2026

The short version

We collect the minimum needed to run an image host: your Google email + name when you sign in, the images you upload, basic abuse-prevention logs. We don't sell anything to advertisers. You can delete your account and all your uploads from your dashboard.

What we collect

If you only view images

Standard server access logs (IP, user-agent, requested path) for 30 days, used only for abuse prevention and aggregated traffic stats. No cookies, no tracking.

If you sign in with Google

  • Email address — to identify your account and send abuse notices if needed.
  • Display name & avatar URL — shown on your dashboard, never shown to other users without your action.
  • Google user ID — used internally to link sessions to your account.

We do not request access to your contacts, calendar, files, or any other Google data.

If you upload images

  • The image bytes themselves (stored on our server & CDN).
  • Upload timestamp, file size, dimensions, format.
  • Your account ID linking the upload to you.
  • IP address of the upload — kept 90 days for abuse forensics, then deleted.
  • EXIF metadata is stripped from all uploads before storage — GPS, camera serial, timestamps, all gone. The original file is not retained.

If you generate an API key

We store the key (hashed), its label, scopes, rate limits, last-used timestamp, and the IP of each successful request for 30 days.

What we do with it

  • Serve your images to people who request them.
  • Show you a list of your uploads in the dashboard.
  • Detect and stop abuse (spam, mass-uploads, illegal content).
  • Aggregate stats for the homepage counter (no personal data exposed).

We do not use your data for advertising, do not sell it to third parties, and do not train machine-learning models on your uploads.

Who else sees it

  • Cloudflare (our CDN) — sees the bytes of public images they cache and serve. Cloudflare's privacy policy applies to their handling.
  • Google (OAuth provider) — sees that you signed into our app and what scope you granted (email + profile). Google's privacy policy applies.
  • Hosting provider (hosting.com.tr / Hetzner) — physically holds the storage drives and runs our servers.
  • Law enforcement when legally compelled, or proactively for severe violations (e.g. CSAM).

How long we keep it

  • Uploaded images: until you delete them, or until your account is closed.
  • Account record: until you ask us to delete it.
  • Server access logs: 30 days, then automatically purged.
  • Abuse forensics IP logs: 90 days.

Your rights (GDPR & KVKK)

If you're in the EU, EEA, UK, or Türkiye, you have the right to:

  • Access — request a copy of everything we have on you.
  • Rectification — fix anything inaccurate.
  • Erasure — delete your account and all data; one-click in the dashboard or by email.
  • Object — to processing for any reason.
  • Portability — get your uploads as a ZIP.

Email fixitfy@gmail.com for any of these and we'll respond within 30 days.

Cookies

We use one cookie: an HttpOnly session cookie (or signed JWT) to keep you logged in. No tracking cookies, no advertising cookies, no third-party analytics.

Children

Fixitfy Upload is not directed at children under 13. We don't knowingly collect data from children — if you are a parent and believe we have, email us and we'll delete it.

Changes

We'll bump the "Last updated" date when this policy changes and notify signed-in users of substantive changes via the dashboard.