Privacy Policy
Last updated July 14, 2026.
This Privacy Policy explains what information WebWizard Tools (“WebWizard Tools”, “we”, “us”) collects when you use our website and image tools (the “Service”), how we use it, and the rights you have over it. We’ve tried to keep it plain and honest. The single most important point is below.
1. Who we are
The Service is operated by WebWizard Co.. For data-protection questions you can reach us at no-reply@webwizardco.com. For the purposes of the EU/UK GDPR, WebWizard Co. is the data controller for the limited account data described below.
2. Your images
When you remove a background, upscale, or compress an image, the work happens locally in your browser. Your file is loaded into your browser’s memory, processed by an on-device model or the browser’s own canvas, and the result is offered to you as a download. At no point is the image sent to us or to any third party. Because we never receive your images, we cannot access, recover, or disclose them — not to anyone, including law enforcement.
3. Information we collect
We collect only what we need to run accounts and apply plan limits:
- Account data — your name, email address, and a securely hashed password (we never store passwords in readable form). If you sign in with Google, we receive your name, email, and Google account identifier from Google instead of a password.
- Plan & usage data — your current plan, and a record of each tool job you run (the tool, the time, your IP address and approximate location) so we can enforce free/paid limits, keep the service secure, and prevent abuse and fraud. We store this metadata, never the images themselves.
- Email-verification & password-reset tokens — short-lived, single-use codes tied to your account.
- Technical data — basic server logs (IP address, browser type, pages requested, time) generated automatically by our hosting for security and to keep the Service running. We also keep a short-lived count of requests per IP for rate-limiting and abuse prevention.
- Analytics — to understand how the site is used we run two things. First, our own privacy-friendly page-view counter that uses no cookies and does not store your raw IP (visitors are counted by a one-way hash; approximate location — country, region and city — is derived once per visit via the geolocation service ip-api.com). Second, Google Analytics 4, which loads only after you accept cookies on our banner; if you decline, no Google analytics cookies are set. We don't use these for third-party advertising.
- Payment data (if/when you subscribe) — payments are handled by a third-party payment provider. We receive a record that a payment succeeded and your plan; we do not receive or store your full card number.
4. How we use information
- To create and maintain your account and keep you signed in.
- To apply your plan’s monthly limits and show your usage.
- To send account-related email — verification, password resets, and important service notices.
- To secure the Service, prevent abuse, and debug problems.
- To process subscription payments and provide support.
We do not sell your personal data, and we do not use it for third-party advertising or profiling.
5. Legal bases for processing (EU/UK users)
Where the GDPR applies, we rely on: performance of a contract (to provide the account and tools you signed up for); legitimate interests (to secure the Service, prevent abuse, and improve it); consent (where required, e.g. optional communications — which you may withdraw at any time); and legal obligation (to keep certain records where law requires).
6. Who we share data with
We share the limited account data above only with service providers who help us run the Service, and only as needed:
- Hosting provider — stores our database and serves the website.
- Email provider — delivers verification and password-reset messages.
- Google — only if you choose “Sign in with Google” (subject to Google’s privacy policy).
- Payment provider — only if you subscribe, to process the payment.
These providers act as our processors under appropriate agreements. We may also disclose data if required by law, or to protect our rights, users, or the public — but note we have no access to your images and so cannot produce them.
7. Cookies
We use one essential session cookie to keep you signed in — it's strictly necessary and doesn't require consent. We also use analytics cookies (Google Analytics 4), but only if you accept them on the cookie banner shown on your first visit. Using Google Consent Mode, no analytics cookies are set until you consent, and you can decline with one click. We do not use advertising cookies.
8. Data retention
We keep your account data for as long as your account is active. If you delete your account (or ask us to), we delete your personal data within a reasonable period, except where we must retain limited records to comply with law or resolve disputes. Server and rate-limit logs are kept only for a short period. Verification and reset tokens expire quickly and are single-use.
9. International transfers
Our providers may process data in countries other than yours. Where personal data is transferred internationally, we rely on appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) where required by law.
10. Your rights
Depending on where you live, you may have the right to:
- access the personal data we hold about you;
- correct inaccurate data;
- delete your data (“right to be forgotten”);
- restrict or object to certain processing;
- receive your data in a portable format;
- withdraw consent where processing is based on consent.
You can exercise most of these from your account, or by emailing no-reply@webwizardco.com. EU/UK users may also lodge a complaint with their local data-protection authority. California residents have rights under the CCPA/CPRA, including the right to know and delete personal information and not to be discriminated against for exercising them; we do not “sell” or “share” personal information as those terms are defined under California law.
11. Security
We protect account data with industry-standard measures: HTTPS/TLS in transit, hashed passwords (bcrypt), prepared database statements, CSRF protection, and rate limiting. No method of transmission or storage is 100% secure, but processing your images on-device removes the single biggest risk — your images never leave your machine.
12. Children
The Service is not directed to children under 13 (or the minimum age in your country), and we do not knowingly collect their data. If you believe a child has given us data, contact us and we’ll delete it.
13. Changes to this policy
We may update this policy from time to time. We’ll change the “Last updated” date above, and for material changes we’ll take reasonable steps to notify you. Continued use of the Service after an update means you accept the revised policy.
14. Contact
Questions about your privacy or this policy? Email no-reply@webwizardco.com.